URL:

https://eonfn.dev/Eon_Launcher_1.1.2_x64_en-US.exe

Full analysis: https://app.any.run/tasks/896dc940-2333-437e-ad1e-24f7fe0368d9
Verdict: Malicious activity
Analysis date: December 25, 2024, 09:21:12
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
discord
websocket
Indicators:
MD5:

5728C41BCDB934E4F4D7839DDAD9F9DD

SHA1:

C84994B4E6CF48573C3686E50781110242531FB0

SHA256:

484892114AC378EFCAEA602F85EFF1E7A917AE1700BCCDD6F3C77E5FAB45ADCB

SSDEEP:

3:N8+KL6ryN6td1s4A:2+Q5Wd1s4A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)

  • SUSPICIOUS

    • Cleans NTFS data stream (Zone Identifier)

      • msedge.exe (PID: 2632)

    • Executable content was dropped or overwritten

      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6488)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)

    • Reads the Windows owner or organization settings

      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • msiexec.exe (PID: 4764)

    • Process drops legitimate windows executable

      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • msiexec.exe (PID: 4764)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6488)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)

    • Executes as Windows Service

      • VSSVC.exe (PID: 8188)

    • Reads security settings of Internet Explorer

      • Eon.exe (PID: 7076)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • Eon.exe (PID: 2124)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 4764)

    • Searches for installed software

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 4764)
      • Eon.exe (PID: 2124)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 4764)

    • Connects to unusual port

      • Eon.exe (PID: 2124)

    • Executes application which crashes

      • Eon.exe (PID: 2124)

  • INFO

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 2632)
      • msiexec.exe (PID: 7756)
      • msiexec.exe (PID: 4764)
      • msedge.exe (PID: 8048)

    • Reads the computer name

      • identity_helper.exe (PID: 7780)
      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • msiexec.exe (PID: 4764)
      • msiexec.exe (PID: 7632)
      • identity_helper.exe (PID: 7156)
      • msiexec.exe (PID: 7708)
      • msiexec.exe (PID: 5872)
      • Eon.exe (PID: 7076)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)
      • msiexec.exe (PID: 6792)
      • identity_helper.exe (PID: 3652)
      • msiexec.exe (PID: 7172)
      • msiexec.exe (PID: 7064)
      • Eon.exe (PID: 2124)
      • msiexec.exe (PID: 8056)
      • identity_helper.exe (PID: 7416)

    • Reads Environment values

      • identity_helper.exe (PID: 7780)
      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • msiexec.exe (PID: 7708)
      • identity_helper.exe (PID: 7156)
      • msiexec.exe (PID: 7632)
      • msiexec.exe (PID: 5872)
      • identity_helper.exe (PID: 3652)
      • identity_helper.exe (PID: 7416)

    • The process uses the downloaded file

      • msedge.exe (PID: 5572)
      • msedge.exe (PID: 2632)
      • msedge.exe (PID: 6512)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)

    • Application launched itself

      • msedge.exe (PID: 2632)
      • msedge.exe (PID: 8048)
      • msedge.exe (PID: 6752)
      • msedge.exe (PID: 3816)

    • Checks supported languages

      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • identity_helper.exe (PID: 7780)
      • msiexec.exe (PID: 4764)
      • msiexec.exe (PID: 7632)
      • msiexec.exe (PID: 7708)
      • identity_helper.exe (PID: 7156)
      • msiexec.exe (PID: 5872)
      • Eon.exe (PID: 7076)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6488)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)
      • msiexec.exe (PID: 6792)
      • identity_helper.exe (PID: 3652)
      • msiexec.exe (PID: 7064)
      • msiexec.exe (PID: 7172)
      • msiexec.exe (PID: 8056)
      • Eon.exe (PID: 2124)
      • identity_helper.exe (PID: 7416)

    • Creates files or folders in the user directory

      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • Eon.exe (PID: 2124)

    • Create files in a temporary directory

      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6488)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)

    • The sample compiled with english language support

      • Eon_Launcher_1.1.2_x64_en-US.exe (PID: 4628)
      • msiexec.exe (PID: 4764)
      • msiexec.exe (PID: 7756)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 6488)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)

    • Manages system restore points

      • SrTasks.exe (PID: 7088)

    • The sample compiled with czech language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with german language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with spanish language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with Indonesian language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with Italian language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with japanese language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with korean language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with polish language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with portuguese language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with russian language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with slovak language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with swedish language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with arabic language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with bulgarian language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with french language support

      • msiexec.exe (PID: 4764)

    • Manual execution by a user

      • Eon.exe (PID: 7076)
      • Eon.exe (PID: 2124)

    • Sends debugging messages

      • Eon.exe (PID: 7076)
      • Eon.exe (PID: 2124)

    • The sample compiled with turkish language support

      • msiexec.exe (PID: 4764)

    • The sample compiled with chinese language support

      • msiexec.exe (PID: 4764)

    • Process checks computer location settings

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7596)
      • Eon.exe (PID: 2124)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)
      • Eon.exe (PID: 2124)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 4764)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-6.0.36-win-x64.exe (PID: 7116)
      • msiexec.exe (PID: 4764)
      • Eon.exe (PID: 2124)

    • Reads the software policy settings

      • msiexec.exe (PID: 4764)
      • WerFault.exe (PID: 7940)
      • Eon.exe (PID: 2124)

    • Checks proxy server information

      • Eon.exe (PID: 2124)

    • Attempting to use instant messaging service

      • msedge.exe (PID: 7644)

    • Attempting to connect via WebSocket

      • Eon.exe (PID: 2124)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
293
Monitored processes
153
Malicious processes
5
Suspicious processes
3

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs eon_launcher_1.1.2_x64_en-us.exe msiexec.exe msiexec.exe no specs msiexec.exe msiexec.exe no specs vssvc.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs eon.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.36-win-x64.exe windowsdesktop-runtime-6.0.36-win-x64.exe windowsdesktop-runtime-6.0.36-win-x64.exe msiexec.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs eon.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs werfault.exe msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
444"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2060 --field-trial-handle=2444,i,17003375090543854163,5860814454708612842,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
736"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=5428 --field-trial-handle=2320,i,17725167242543709825,12621496607636001038,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2716 --field-trial-handle=2444,i,17003375090543854163,5860814454708612842,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1468"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=2444,i,17003375090543854163,5860814454708612842,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1476"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.59 --initial-client-data=0x290,0x294,0x298,0x288,0x2a0,0x7ff818495fd8,0x7ff818495fe4,0x7ff818495ff0C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5384 --field-trial-handle=2444,i,17003375090543854163,5860814454708612842,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1576"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7028 --field-trial-handle=2288,i,6123243731831454532,3827192369357728549,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2076"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6368 --field-trial-handle=2444,i,17003375090543854163,5860814454708612842,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2124"C:\Program Files (x86)\Eon Launcher\Assets\Eon.exe" C:\Program Files (x86)\Eon Launcher\Assets\Eon.exe
explorer.exe
User:
admin
Company:
Eon
Integrity Level:
MEDIUM
Description:
Eon
Version:
1.0.0
Modules
Images
c:\program files (x86)\eon launcher\assets\eon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
2280"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=3244 --field-trial-handle=2320,i,17725167242543709825,12621496607636001038,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
41 249
Read events
39 497
Write events
1 669
Delete events
83

Modification events

(PID) Process:(2632) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2632) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2632) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2632) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(2632) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
6A54FE08AB882F00
(PID) Process:(2632) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
51260709AB882F00
(PID) Process:(2632) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
022F2809AB882F00
(PID) Process:(2632) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328536
Operation:writeName:WindowTabManagerFileMappingId
Value:
{816BEBCE-DB3D-4F16-BE65-EB83621E9446}
(PID) Process:(2632) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
Value:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
(PID) Process:(2632) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\Profiles
Operation:writeName:EnhancedLinkOpeningDefault
Value:
Default
Executable files
927
Suspicious files
807
Text files
241
Unknown types
11

Dropped files

PID
Process
Filename
Type
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF134ebf.TMP
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF134ebf.TMP
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF134ebf.TMP
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF134ecf.TMP
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF134ecf.TMP
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
2632msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
52
TCP/UDP connections
135
DNS requests
145
Threats
13

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
8048
msedge.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
1.01 Kb
whitelisted
2124
Eon.exe
GET
217.145.72.83:5595
http://217.145.72.83:5595//v1/validation
GB
unknown
6412
svchost.exe
GET
206
2.19.11.118:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1735349072&P2=404&P3=2&P4=VzZqtuoij5D67tZCAIj%2bvlEKT7F%2bUtWyrE7I0ryNas%2boAXLxIihMdKYuOq0YBkPkOjHKHVrxCBSM9EcI8Otjjw%3d%3d
NL
binary
1.83 Kb
whitelisted
6412
svchost.exe
GET
206
2.19.11.118:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1735349072&P2=404&P3=2&P4=VzZqtuoij5D67tZCAIj%2bvlEKT7F%2bUtWyrE7I0ryNas%2boAXLxIihMdKYuOq0YBkPkOjHKHVrxCBSM9EcI8Otjjw%3d%3d
NL
compressed
6.77 Kb
whitelisted
6412
svchost.exe
GET
206
2.19.11.118:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1735349072&P2=404&P3=2&P4=VzZqtuoij5D67tZCAIj%2bvlEKT7F%2bUtWyrE7I0ryNas%2boAXLxIihMdKYuOq0YBkPkOjHKHVrxCBSM9EcI8Otjjw%3d%3d
NL
binary
2.86 Kb
whitelisted
6412
svchost.exe
GET
206
2.19.11.118:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9b9f8fb4-8a65-41e4-bda3-5416858f0aeb?P1=1735349072&P2=404&P3=2&P4=VzZqtuoij5D67tZCAIj%2bvlEKT7F%2bUtWyrE7I0ryNas%2boAXLxIihMdKYuOq0YBkPkOjHKHVrxCBSM9EcI8Otjjw%3d%3d
NL
binary
9.72 Kb
whitelisted
6412
svchost.exe
HEAD
200
2.19.11.118:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1735349531&P2=404&P3=2&P4=iKjrORlDksMD2RuCYX6IyX53lf3lBwhDapyGG%2bY2EZ9Z58pT3QHXQYh03OT0PxJ%2bqtCT%2bTJheV6aHy49eF0I%2fA%3d%3d
NL
whitelisted
6412
svchost.exe
GET
206
2.19.11.118:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/2ed1297e-f6c9-4355-aec4-433ea371b116?P1=1735349531&P2=404&P3=2&P4=iKjrORlDksMD2RuCYX6IyX53lf3lBwhDapyGG%2bY2EZ9Z58pT3QHXQYh03OT0PxJ%2bqtCT%2bTJheV6aHy49eF0I%2fA%3d%3d
NL
binary
35.3 Kb
whitelisted
1488
svchost.exe
GET
200
2.16.164.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
1.01 Kb
whitelisted
1488
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
DE
binary
973 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
1488
svchost.exe
2.16.164.120:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
4712
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
1488
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
2.23.209.182:443
www.bing.com
Akamai International B.V.
GB
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2632
msedge.exe
239.255.255.250:1900
whitelisted
6420
msedge.exe
188.114.96.3:443
eonfn.dev
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
whitelisted
crl.microsoft.com
  • 2.16.164.120
  • 2.16.164.49
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 184.30.21.171
  • 95.101.149.131
whitelisted
google.com
  • 216.58.212.174
whitelisted
www.bing.com
  • 2.23.209.182
  • 2.23.209.148
  • 2.23.209.140
  • 2.23.209.176
  • 2.23.209.133
  • 2.23.209.149
  • 2.23.209.179
  • 2.23.209.189
  • 2.23.209.185
  • 2.23.209.150
  • 2.23.209.193
  • 2.23.209.161
  • 2.23.209.177
  • 104.126.37.155
  • 104.126.37.162
  • 104.126.37.144
  • 104.126.37.136
  • 104.126.37.154
  • 104.126.37.160
  • 104.126.37.153
  • 104.126.37.139
  • 104.126.37.145
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
edge-mobile-static.azureedge.net
  • 13.107.246.45
whitelisted
eonfn.dev
  • 188.114.96.3
  • 188.114.97.3
unknown

Threats

PID
Process
Class
Message
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
7644
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
7644
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
Process
Message
Eon.exe
You must install .NET to run this application. App: C:\Program Files (x86)\Eon Launcher\Assets\Eon.exe Architecture: x64 App host version: 6.0.28 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.28
Eon.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 2124. Message ID: [0x2509].
Eon.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://eonfn.dev/Eon_Launcher_1.1.2_x64_en-US.exe