File name:

EAappInstaller.exe

Full analysis: https://app.any.run/tasks/e6d90c2b-9d6a-42ff-9a14-222e1fe0942f
Verdict: Malicious activity
Analysis date: February 16, 2025, 00:50:51
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
arch-exec
arch-doc
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

4667DDCF8576D4EE634A68CD33ACFCBA

SHA1:

DC2199ADBCCB123FC6446B15D563253F775DDB52

SHA256:

06A39C9421B5AD36D4A544141362A6776F2EC060462A79F1C91559F4C0B869CF

SSDEEP:

98304:eLbkHLWqniKHqvDk0mzfXCw/BdsqNkFZ8uMG51LbERlJVVECz5kneLyYruxtN66k:YZRuPP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • EAappInstaller.exe (PID: 5128)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)

    • Executing a file with an untrusted certificate

      • Setup.exe (PID: 8704)

    • Uses Task Scheduler to run other applications

      • powershell.exe (PID: 8556)

  • SUSPICIOUS

    • Starts itself from another location

      • EAappInstaller.exe (PID: 6392)
      • EAappInstaller.exe (PID: 6420)

    • Executable content was dropped or overwritten

      • EAappInstaller.exe (PID: 6392)
      • EAappInstaller.exe (PID: 6420)
      • EAappInstaller.exe (PID: 5128)
      • rundll32.exe (PID: 7436)
      • rundll32.exe (PID: 6180)
      • rundll32.exe (PID: 4804)
      • rundll32.exe (PID: 6220)
      • rundll32.exe (PID: 8064)
      • rundll32.exe (PID: 7356)
      • EABackgroundService.exe (PID: 3508)
      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • rundll32.exe (PID: 5036)
      • rundll32.exe (PID: 5680)
      • vc_redist-11.0.61030.x86.exe (PID: 7136)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)
      • vc_redist-12.0.40664.x86.exe (PID: 6836)
      • powershell.exe (PID: 8556)

    • Reads security settings of Internet Explorer

      • EAappInstaller.exe (PID: 6420)
      • ShellExperienceHost.exe (PID: 8328)
      • EABackgroundService.exe (PID: 3508)
      • EADesktop.exe (PID: 2220)

    • Checks Windows Trust Settings

      • EAappInstaller.exe (PID: 6420)
      • msiexec.exe (PID: 6712)
      • Setup.exe (PID: 8704)
      • EADesktop.exe (PID: 2220)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)

    • Searches for installed software

      • EAappInstaller.exe (PID: 6420)
      • dllhost.exe (PID: 5240)
      • EABackgroundService.exe (PID: 3508)
      • vc_redist-11.0.61030.x86.exe (PID: 7136)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 6836)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)

    • Reads Microsoft Outlook installation path

      • EAappInstaller.exe (PID: 6420)

    • Reads Internet Explorer settings

      • EAappInstaller.exe (PID: 6420)

    • Executes as Windows Service

      • VSSVC.exe (PID: 3608)
      • EABackgroundService.exe (PID: 3508)

    • Creates a software uninstall entry

      • EAappInstaller.exe (PID: 5128)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 6712)
      • EABackgroundService.exe (PID: 3508)
      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • vc_redist-11.0.61030.x86.exe (PID: 7136)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • msiexec.exe (PID: 6808)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)
      • vc_redist-12.0.40664.x86.exe (PID: 6836)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 6712)
      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6808)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 6712)

    • Reads the date of Windows installation

      • EABackgroundService.exe (PID: 3508)

    • Creates file in the systems drive root

      • vc_redist-10.0.40219.x86.exe (PID: 1220)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 7632)
      • cmd.exe (PID: 7956)

    • Starts POWERSHELL.EXE for commands execution

      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 7632)
      • cmd.exe (PID: 7956)

    • The process bypasses the loading of PowerShell profile settings

      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 7632)
      • cmd.exe (PID: 7956)

    • Application launched itself

      • cmd.exe (PID: 3564)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)
      • cmd.exe (PID: 7632)
      • cmd.exe (PID: 7956)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 7632)
      • powershell.exe (PID: 7388)
      • cmd.exe (PID: 7956)

    • Possibly malicious use of IEX has been detected

      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 7632)
      • cmd.exe (PID: 7956)

    • Detected use of alternative data streams (AltDS)

      • EADesktop.exe (PID: 2220)

    • Checks a user's role membership (POWERSHELL)

      • powershell.exe (PID: 7388)
      • powershell.exe (PID: 7304)
      • powershell.exe (PID: 8556)

    • Lists all scheduled tasks

      • schtasks.exe (PID: 5972)
      • schtasks.exe (PID: 4648)
      • schtasks.exe (PID: 7648)

    • Executing commands from a ".bat" file

      • powershell.exe (PID: 7388)

  • INFO

    • Checks supported languages

      • EAappInstaller.exe (PID: 6392)
      • EAappInstaller.exe (PID: 6420)
      • EAappInstaller.exe (PID: 5128)
      • identity_helper.exe (PID: 8100)
      • identity_helper.exe (PID: 8516)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6636)
      • msiexec.exe (PID: 3772)
      • ShellExperienceHost.exe (PID: 8328)
      • EABackgroundService.exe (PID: 3508)
      • OriginLegacyCLI.exe (PID: 7740)
      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • Setup.exe (PID: 8704)
      • EALauncher.exe (PID: 8244)
      • EADesktop.exe (PID: 2220)
      • EACefSubProcess.exe (PID: 6876)
      • EACefSubProcess.exe (PID: 8988)
      • EALocalHostSvc.exe (PID: 1344)
      • EACefSubProcess.exe (PID: 4360)
      • EACefSubProcess.exe (PID: 4120)
      • vc_redist-11.0.61030.x86.exe (PID: 7136)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • EACefSubProcess.exe (PID: 5076)
      • msiexec.exe (PID: 6808)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)
      • vc_redist-12.0.40664.x86.exe (PID: 6836)

    • Reads the machine GUID from the registry

      • EAappInstaller.exe (PID: 6420)
      • EAappInstaller.exe (PID: 5128)
      • msiexec.exe (PID: 6712)
      • EABackgroundService.exe (PID: 3508)
      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • Setup.exe (PID: 8704)
      • EADesktop.exe (PID: 2220)
      • EALocalHostSvc.exe (PID: 1344)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)

    • The sample compiled with english language support

      • EAappInstaller.exe (PID: 6392)
      • EAappInstaller.exe (PID: 6420)
      • msedge.exe (PID: 6628)
      • msedge.exe (PID: 4136)
      • EAappInstaller.exe (PID: 5128)
      • msiexec.exe (PID: 6712)
      • WinRAR.exe (PID: 2972)
      • EABackgroundService.exe (PID: 3508)
      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • vc_redist-11.0.61030.x86.exe (PID: 7136)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 6836)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)
      • msiexec.exe (PID: 6808)
      • powershell.exe (PID: 8556)

    • Create files in a temporary directory

      • EAappInstaller.exe (PID: 6392)
      • EAappInstaller.exe (PID: 6420)
      • EAappInstaller.exe (PID: 5128)
      • EADesktop.exe (PID: 2220)

    • Checks proxy server information

      • EAappInstaller.exe (PID: 6420)
      • EADesktop.exe (PID: 2220)
      • EALocalHostSvc.exe (PID: 1344)

    • Process checks whether UAC notifications are on

      • EAappInstaller.exe (PID: 6420)

    • Reads the computer name

      • EAappInstaller.exe (PID: 6420)
      • EAappInstaller.exe (PID: 5128)
      • identity_helper.exe (PID: 8100)
      • msiexec.exe (PID: 6636)
      • identity_helper.exe (PID: 8516)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 3772)
      • ShellExperienceHost.exe (PID: 8328)
      • EABackgroundService.exe (PID: 3508)
      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • Setup.exe (PID: 8704)
      • EALauncher.exe (PID: 8244)
      • EADesktop.exe (PID: 2220)
      • EACefSubProcess.exe (PID: 8988)
      • EACefSubProcess.exe (PID: 6876)
      • EALocalHostSvc.exe (PID: 1344)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-11.0.61030.x86.exe (PID: 7136)
      • msiexec.exe (PID: 6808)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)
      • vc_redist-12.0.40664.x86.exe (PID: 6836)

    • Process checks computer location settings

      • EAappInstaller.exe (PID: 6420)
      • EABackgroundService.exe (PID: 3508)
      • EADesktop.exe (PID: 2220)
      • EALocalHostSvc.exe (PID: 1344)
      • EACefSubProcess.exe (PID: 4360)
      • EACefSubProcess.exe (PID: 4120)

    • Creates files or folders in the user directory

      • EAappInstaller.exe (PID: 6420)
      • EALauncher.exe (PID: 8244)
      • EADesktop.exe (PID: 2220)
      • EALocalHostSvc.exe (PID: 1344)
      • EACefSubProcess.exe (PID: 6876)

    • Reads the software policy settings

      • EAappInstaller.exe (PID: 6420)
      • msiexec.exe (PID: 6712)
      • EABackgroundService.exe (PID: 3508)
      • Setup.exe (PID: 8704)
      • EADesktop.exe (PID: 2220)
      • EALocalHostSvc.exe (PID: 1344)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)

    • Manual execution by a user

      • msedge.exe (PID: 4136)
      • WinRAR.exe (PID: 2972)
      • EADesktop.exe (PID: 2220)
      • cmd.exe (PID: 3564)
      • cmd.exe (PID: 7956)

    • Application launched itself

      • msedge.exe (PID: 4136)
      • msedge.exe (PID: 8992)

    • Manages system restore points

      • SrTasks.exe (PID: 8632)

    • Reads Environment values

      • identity_helper.exe (PID: 8100)
      • identity_helper.exe (PID: 8516)
      • EADesktop.exe (PID: 2220)

    • Creates files in the program directory

      • EAappInstaller.exe (PID: 5128)
      • rundll32.exe (PID: 7356)
      • EABackgroundService.exe (PID: 3508)
      • Setup.exe (PID: 8704)
      • rundll32.exe (PID: 5036)
      • vc_redist-11.0.61030.x86.exe (PID: 7136)
      • vc_redist-11.0.61030.x86.exe (PID: 7960)
      • vc_redist-12.0.40664.x86.exe (PID: 6836)
      • vc_redist-12.0.40664.x86.exe (PID: 1868)
      • powershell.exe (PID: 8556)

    • Executable content was dropped or overwritten

      • msiexec.exe (PID: 6712)
      • WinRAR.exe (PID: 2972)
      • msiexec.exe (PID: 6808)

    • The sample compiled with japanese language support

      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • The sample compiled with korean language support

      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • The sample compiled with chinese language support

      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • The sample compiled with Italian language support

      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • The sample compiled with french language support

      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • The sample compiled with german language support

      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • The sample compiled with spanish language support

      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • The sample compiled with russian language support

      • vc_redist-10.0.40219.x86.exe (PID: 1220)
      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • Reads CPU info

      • Setup.exe (PID: 8704)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 6712)
      • msiexec.exe (PID: 6808)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 5680)

    • Gets data length (POWERSHELL)

      • powershell.exe (PID: 7388)
      • powershell.exe (PID: 7304)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:09:17 05:33:38+00:00
ImageFileCharacteristics: Executable, 32-bit, Removable run from swap, Net run from swap
PEType: PE32
LinkerVersion: 14.16
CodeSize: 299008
InitializedDataSize: 542208
UninitializedDataSize: -
EntryPoint: 0x2df71
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
FileVersionNumber: 13.396.0.5909
ProductVersionNumber: 13.396.0.5909
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Electronic Arts
FileDescription: EA app
FileVersion: 13.396.0.5909
InternalName: setup
LegalCopyright: Copyright (c) Electronic Arts. All rights reserved.
OriginalFileName: EAappInstaller.exe
ProductName: EA app
ProductVersion: 13.396.0.5909
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
321
Monitored processes
170
Malicious processes
18
Suspicious processes
2

Behavior graph

Click at the process to see the details
start eaappinstaller.exe eaappinstaller.exe eaappinstaller.exe SPPSurrogate no specs vssvc.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe msiexec.exe no specs rundll32.exe msedge.exe no specs msiexec.exe no specs rundll32.exe rundll32.exe rundll32.exe rundll32.exe rundll32.exe rundll32.exe no specs winrar.exe shellexperiencehost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs eabackgroundservice.exe originlegacycli.exe no specs msedge.exe no specs vc_redist-10.0.40219.x86.exe msedge.exe no specs setup.exe msedge.exe no specs rundll32.exe rundll32.exe ealauncher.exe no specs eadesktop.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs powershell.exe no specs eacefsubprocess.exe no specs ealocalhostsvc.exe eacefsubprocess.exe schtasks.exe no specs eacefsubprocess.exe no specs eacefsubprocess.exe no specs eacefsubprocess.exe no specs vc_redist-11.0.61030.x86.exe vc_redist-11.0.61030.x86.exe SPPSurrogate no specs msedge.exe no specs msiexec.exe vc_redist-12.0.40664.x86.exe vc_redist-12.0.40664.x86.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe conhost.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs powershell.exe msedge.exe no specs schtasks.exe no specs schtasks.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs powershell.exe no specs schtasks.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
648"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6372 --field-trial-handle=2380,i,3899165614197900609,9325339774611589170,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1020"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4728 --field-trial-handle=2332,i,17046465661097109278,11849694365113159822,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1220"C:\Program Files\Electronic Arts\EA Desktop\VC\vc_redist-10.0.40219.x86.exe" /install /quiet /norestart /log "C:\ProgramData\EA Desktop\Logs\vc_redist-10.0.40219.x86.exe.log"C:\Program Files\Electronic Arts\EA Desktop\VC\vc_redist-10.0.40219.x86.exe
EABackgroundService.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Visual C++ 2010 x86 Redistributable Setup
Exit code:
0
Version:
10.0.40219.473
Modules
Images
c:\program files\electronic arts\ea desktop\vc\vc_redist-10.0.40219.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1344"C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe" -ipcport=50012C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe
EADesktop.exe
User:
admin
Company:
Electronic Arts
Integrity Level:
MEDIUM
Description:
EA
Exit code:
4294967295
Version:
13, 396, 0, 5909
Modules
Images
c:\program files\electronic arts\ea desktop\ea desktop\ealocalhostsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
1488"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5404 --field-trial-handle=2332,i,17046465661097109278,11849694365113159822,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3772 --field-trial-handle=2380,i,3899165614197900609,9325339774611589170,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1868"C:\Program Files\Electronic Arts\EA Desktop\VC\vc_redist-12.0.40664.x86.exe" /install /quiet /norestart /log "C:\ProgramData\EA Desktop\Logs\vc_redist-12.0.40664.x86.exe.log"C:\Program Files\Electronic Arts\EA Desktop\VC\vc_redist-12.0.40664.x86.exe
EABackgroundService.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
Exit code:
0
Version:
12.0.40664.0
Modules
Images
c:\program files\electronic arts\ea desktop\vc\vc_redist-12.0.40664.x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
2220"C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe" -ls=LauncherC:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe
explorer.exe
User:
admin
Company:
Electronic Arts
Integrity Level:
MEDIUM
Description:
EA
Exit code:
4294967295
Version:
13, 396, 0, 5909
Modules
Images
c:\program files\electronic arts\ea desktop\ea desktop\eadesktop.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\gdi32.dll
2324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4316 --field-trial-handle=2380,i,3899165614197900609,9325339774611589170,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2396"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=9392 --field-trial-handle=2380,i,3899165614197900609,9325339774611589170,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
88 988
Read events
86 186
Write events
2 694
Delete events
108

Modification events

(PID) Process:(6420) EAappInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6420) EAappInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6420) EAappInstaller.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5240) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
48000000000000009EC075DE0C80DB0178140000700E0000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5240) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Leave)
Value:
480000000000000039073EDF0C80DB0178140000700E0000D20700000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5240) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Enter)
Value:
480000000000000039073EDF0C80DB0178140000700E0000D10700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5128) EAappInstaller.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
40000000000000009EC075DE0C80DB0108140000E80A0000D5070000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5240) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppEnumGroups (Leave)
Value:
48000000000000008C9647DF0C80DB0178140000700E0000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(5240) dllhost.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppCreate (Enter)
Value:
4800000000000000B34A4CDF0C80DB0178140000700E0000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4136) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
Executable files
393
Suspicious files
1 705
Text files
952
Unknown types
2

Dropped files

PID
Process
Filename
Type
6392EAappInstaller.exeC:\Users\admin\AppData\Local\Temp\{5BC067CE-EBF5-45FE-AC39-E9130ECDD554}\.cr\EAappInstaller.exeexecutable
MD5:4667DDCF8576D4EE634A68CD33ACFCBA
SHA256:06A39C9421B5AD36D4A544141362A6776F2EC060462A79F1C91559F4C0B869CF
6420EAappInstaller.exeC:\Users\admin\AppData\Local\Temp\{B47B21DA-004A-466B-B19A-7899C10B9583}\.ba\BootstrapperApplicationData.xmlxml
MD5:4052004D7CF66C24A59F5AB5BD5D0635
SHA256:0A671DCBEF6CDF84D8E89052F5728143001DB898FD80159BAA32091F8BA1090E
6420EAappInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\31976568FBE31D20174C3FAC50D34698_021454C3CC0AB8DF2C84EB07EFF02CE7binary
MD5:BC8F4250A1804D4E6308998CF762446E
SHA256:0C4FF70596AB9FA0B29B6FFBD199352F126E5E74B58A2ACC720DF7015277BBD2
6420EAappInstaller.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\13.396.0[1].jsonbinary
MD5:FAA49896EC7D1360E4F59381EBCB0570
SHA256:CFA34E7A7D49AD35777F6031329D82BB53BD91FD8545DA9CBA8D777E4153E898
6420EAappInstaller.exeC:\Users\admin\AppData\Local\Temp\{B47B21DA-004A-466B-B19A-7899C10B9583}\.ba\juno-bootstrapper-application.dllexecutable
MD5:E7817AA1EAC615256E1C01B27A56DD63
SHA256:F02AC678DBF54DC6F1C1515E1925E6D47158377A3261FA9218C9DA684462781E
6420EAappInstaller.exeC:\Users\admin\AppData\Local\Temp\{B47B21DA-004A-466B-B19A-7899C10B9583}\.be\EAappInstaller.exeexecutable
MD5:4667DDCF8576D4EE634A68CD33ACFCBA
SHA256:06A39C9421B5AD36D4A544141362A6776F2EC060462A79F1C91559F4C0B869CF
6420EAappInstaller.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\7[1].jsonbinary
MD5:67C4C55134D93029358BCB160C2A9085
SHA256:EC7232519B9F50109EA5D7525039649F622F30FED92DECF9975B155E7F1B03DA
6420EAappInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776binary
MD5:446C7FFBEF4E7DD8571FAC3BAD765045
SHA256:C7FEB2D86DE342A3D95DCD97D29AC859A7EC74B2C263EEC762182A51D316FAB9
4136msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF13a849.TMP
MD5:
SHA256:
6420EAappInstaller.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141binary
MD5:8A8DFD7A40E2EF9D8D0310C48D44BAE0
SHA256:46295F8688897D50A4D3AE2B47B58221B66BAE567B96E5DD4A988175F3C59CD4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
58
TCP/UDP connections
405
DNS requests
490
Threats
14

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6420
EAappInstaller.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
US
binary
471 b
whitelisted
6420
EAappInstaller.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
US
binary
471 b
whitelisted
6420
EAappInstaller.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
US
binary
727 b
whitelisted
6420
EAappInstaller.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQQX6Z6gAidtSefNc6DC0OInqPHDQQUD4BhHIIxYdUvKOeNRji0LOHG2eICEAmkqApTkBtUHrze5ePBmqo%3D
US
binary
471 b
whitelisted
6628
msedge.exe
GET
304
184.30.131.245:80
http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
US
whitelisted
6628
msedge.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/certs/Microsoft%20Azure%20RSA%20TLS%20Issuing%20CA%2007%20-%20xsign.crt
NL
binary
1.42 Kb
whitelisted
6420
EAappInstaller.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAZxNS3EwQO3Cucl6VRIY3Q%3D
US
binary
727 b
whitelisted
8032
SIHClient.exe
GET
200
23.222.10.99:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
US
binary
419 b
whitelisted
8032
SIHClient.exe
GET
200
23.222.10.99:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
US
binary
408 b
whitelisted
6164
svchost.exe
HEAD
200
199.232.210.172:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/1f0123a8-9c84-4881-bc20-66e0d22a37f0?P1=1740125901&P2=404&P3=2&P4=OwlyQqEyN5lSgQyjR%2bzC0C3O1P0fBiEz42P4v4M7w76rQTbrMi%2f%2feP5u%2bRfwv2UTOQoCN46dDjPPtUpsotSl6g%3d%3d
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
6420
EAappInstaller.exe
23.212.221.189:443
desktop-config.juno.ea.com
AKAMAI-AS
AU
whitelisted
6420
EAappInstaller.exe
184.30.131.245:80
cacerts.digicert.com
AKAMAI-AS
US
whitelisted
1512
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
1176
svchost.exe
20.190.160.2:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6420
EAappInstaller.exe
54.87.31.143:443
pin-river.data.ea.com
AMAZON-AES
US
whitelisted
1076
svchost.exe
184.30.18.9:443
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4136
msedge.exe
239.255.255.250:1900
whitelisted
6628
msedge.exe
13.107.246.45:443
edge-mobile-static.azureedge.net
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
desktop-config.juno.ea.com
  • 23.212.221.189
whitelisted
autopatch.juno.ea.com
  • 23.212.221.189
whitelisted
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
login.live.com
  • 20.190.160.2
  • 40.126.32.68
  • 40.126.32.74
  • 20.190.160.64
  • 40.126.32.76
  • 20.190.160.14
  • 20.190.160.132
  • 20.190.160.131
whitelisted
pin-river.data.ea.com
  • 54.87.31.143
  • 100.26.7.243
  • 52.87.124.78
  • 54.88.117.56
  • 3.82.95.253
  • 3.214.18.135
  • 52.201.165.47
  • 44.215.9.242
  • 54.147.82.83
  • 54.144.79.79
  • 44.193.85.197
  • 54.84.216.2
whitelisted
ratt.juno.ea.com
  • 23.212.221.189
whitelisted
go.microsoft.com
  • 184.30.18.9
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
ntp.msn.com
  • 204.79.197.203
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted

Threats

PID
Process
Class
Message
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] BootstrapCDN (stackpath .bootstrapcdn .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] jQuery JavaScript Library Code Loaded (code .jquery .com)
6628
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare content delivery network (cdnjs .cloudflare .com)
Process
Message
EADesktop.exe
EADesktop.exe
EADesktop.exe
2025-02-16 00:54:21 VERBOSE>EnvironmentService>Set environment identifier to (PROD) from source(4), overriding (UNKNOWN) from source(0).
EADesktop.exe
EADesktop.exe
EADesktop.exe
2025-02-16 00:54:21 VERBOSE>EnvironmentService>No configuration file at alternative path C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\assets\eadpsdk.json
EADesktop.exe
2025-02-16 00:54:21 VERBOSE>EnvironmentService>Failed to load any valid StringFileInfo entry.
EADesktop.exe
2025-02-16 00:54:21 DEBUG>PlatformUserUpdateServiceImpl>detectPlatformUserList()
EADesktop.exe
EADesktop.exe
2025-02-16 00:54:21 WARN>EnvironmentService>Cannot find the configuration file.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
EAappInstaller.exe