a65d65625e5412e778673ffbe6506e955a09bbfbc5a37405fb610cd9c6d5c1a1

Analysis

max time kernel
149s
max time network
159s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
23/02/2024, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Eon_Launcher.msi
Size

80.5MB
MD5

529f82d425bd210aba0a0b94c97da313
SHA1

c8aebd148d9d79b75ebf33e8aefc4b55f3b393d5
SHA256

a65d65625e5412e778673ffbe6506e955a09bbfbc5a37405fb610cd9c6d5c1a1
SHA512

7793f976b746db6278b3ca31a140ea11fa2f6252d97751a97baaac113d3be9b7a37e61106cf3c6dcef6b357d250cad731a2020c87b51319c257b9ff04ed3bff0
SSDEEP

1572864:7y/xxm7XfVGfZDretOgUflZONWWrTksjNI6cEAxf8FSiqlLm58eL0biB3crhYJxg:7+xiNCretOguqksjSPlxNhm58xOMrhYU

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\fr-FR\Microsoft.UI.Xaml.Phone.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\api-ms-win-core-processthreads-l1-1-1.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\msquic.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.IO.Pipes.AccessControl.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\ar-SA\Microsoft.UI.Xaml.Phone.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Pages\ItemShopPage.xbf	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\sv-SE\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\api-ms-win-core-fibers-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.IO.FileSystem.Watcher.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\pt-BR\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\api-ms-win-core-namedpipe-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.Win32.Primitives.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Private.CoreLib.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\cs-CZ\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\nl-NL\Microsoft.UI.Xaml.Phone.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Pages\ServerStatusPage.xbf	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\api-ms-win-core-datetime-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.Graphics.Display.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.WindowsAppRuntime.Release.Net.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Core.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\fi-FI\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\tr-TR\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Assets\ShieldExclamationMark.png	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\es-ES\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\sr-Cyrl-RS\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Google.Apis.Sheets.v4.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Resources.Writer.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\az-Latn-AZ\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\is-IS\Microsoft.UI.Xaml.Phone.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\api-ms-win-crt-filesystem-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\createdump.exe	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Runtime.CompilerServices.Unsafe.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Pages\LoginPage.xbf	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\tr-TR\Microsoft.UI.Xaml.Phone.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.UI.Windowing.Core.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.ServiceModel.Web.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\clrjit.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.Graphics.Canvas.Interop.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\ru-RU\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\CommunityToolkit.WinUI.UI.Controls.Primitives.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.UI.Input.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Globalization.Extensions.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\en-GB\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\api-ms-win-crt-multibyte-l1-1-0.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Text.Encoding.Extensions.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Threading.Tasks.Parallel.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\pl-PL\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\ru-RU\Microsoft.UI.Xaml.Phone.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\CoreMessagingXP.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.ui.xaml.resources.common.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.Win32.Registry.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Runtime.InteropServices.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\da-DK\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\SharpCompress.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Assets\warning.png	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\fi-FI\Microsoft.UI.Xaml.Phone.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Pages\SettingsPage.xbf	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\DWriteCore.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.CSharp.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Runtime.CompilerServices.VisualC.dll	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\bs-Latn-BA\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\ka-GE\Microsoft.ui.xaml.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\lv-LV\Microsoft.UI.Xaml.Phone.dll.mui	msiexec.exe
File created	C:\Program Files (x86)\Eon\Eon Launcher\Eon\marshal.dll	msiexec.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI3014.tmp	msiexec.exe
File created	C:\Windows\Installer\e582f0c.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF7306AEADF6FD5374.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI3100.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF279465F950471C61.TMP	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC041E1AADC127440.TMP	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI371B.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF9443F4508DF21FB8.TMP	msiexec.exe
File created	C:\Windows\Installer\e582f0a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e582f0a.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI30E0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{5C3E0203-BB79-438F-8F8D-80BCE2B29F02}	msiexec.exe

Executes dropped EXE 1 IoCs

pid	Process
3716	Eon.exe

Loads dropped DLL 64 IoCs

pid	Process
3984	MsiExec.exe
3984	MsiExec.exe
3984	MsiExec.exe
3984	MsiExec.exe
3984	MsiExec.exe
3984	MsiExec.exe
3984	MsiExec.exe
1164	MsiExec.exe
1164	MsiExec.exe
1164	MsiExec.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe
3716	Eon.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000004b52018b2f23ece20000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800004b52018b0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809004b52018b000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d4b52018b000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000004b52018b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Modifies Control Panel 1 IoCs

evasion

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Control Panel\Colors	Eon.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23	msiexec.exe

Modifies registry class 24 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\SourceList\Media	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{0C4D467A-43F0-4744-A2FD-650207FFCC5B}	Eon.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\ProductName = "Eon Launcher"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\PackageCode = "A53588559A65DB349B779F1974DD667E"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\InstanceType = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\AuthorizedLUAApp = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\345344445CFF5714CA8173ADE0AF1BE3	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3020E3C597BBF834F8D808CB2E2BF920\MainFeature	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\DeploymentFlags = "3"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\SourceList	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\SourceList\Media\DiskPrompt = "[1]"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\SourceList\Media\1 = ";"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\345344445CFF5714CA8173ADE0AF1BE3\3020E3C597BBF834F8D808CB2E2BF920	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\SourceList\PackageName = "Eon_Launcher.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\3020E3C597BBF834F8D808CB2E2BF920	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\Language = "1033"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\Version = "16777216"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\Assignment = "1"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\3020E3C597BBF834F8D808CB2E2BF920\AdvertiseFlags = "388"	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
444	msiexec.exe
444	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1808	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1808	msiexec.exe
Token: SeSecurityPrivilege	444	msiexec.exe
Token: SeCreateTokenPrivilege	1808	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1808	msiexec.exe
Token: SeLockMemoryPrivilege	1808	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1808	msiexec.exe
Token: SeMachineAccountPrivilege	1808	msiexec.exe
Token: SeTcbPrivilege	1808	msiexec.exe
Token: SeSecurityPrivilege	1808	msiexec.exe
Token: SeTakeOwnershipPrivilege	1808	msiexec.exe
Token: SeLoadDriverPrivilege	1808	msiexec.exe
Token: SeSystemProfilePrivilege	1808	msiexec.exe
Token: SeSystemtimePrivilege	1808	msiexec.exe
Token: SeProfSingleProcessPrivilege	1808	msiexec.exe
Token: SeIncBasePriorityPrivilege	1808	msiexec.exe
Token: SeCreatePagefilePrivilege	1808	msiexec.exe
Token: SeCreatePermanentPrivilege	1808	msiexec.exe
Token: SeBackupPrivilege	1808	msiexec.exe
Token: SeRestorePrivilege	1808	msiexec.exe
Token: SeShutdownPrivilege	1808	msiexec.exe
Token: SeDebugPrivilege	1808	msiexec.exe
Token: SeAuditPrivilege	1808	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1808	msiexec.exe
Token: SeChangeNotifyPrivilege	1808	msiexec.exe
Token: SeRemoteShutdownPrivilege	1808	msiexec.exe
Token: SeUndockPrivilege	1808	msiexec.exe
Token: SeSyncAgentPrivilege	1808	msiexec.exe
Token: SeEnableDelegationPrivilege	1808	msiexec.exe
Token: SeManageVolumePrivilege	1808	msiexec.exe
Token: SeImpersonatePrivilege	1808	msiexec.exe
Token: SeCreateGlobalPrivilege	1808	msiexec.exe
Token: SeCreateTokenPrivilege	1808	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1808	msiexec.exe
Token: SeLockMemoryPrivilege	1808	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1808	msiexec.exe
Token: SeMachineAccountPrivilege	1808	msiexec.exe
Token: SeTcbPrivilege	1808	msiexec.exe
Token: SeSecurityPrivilege	1808	msiexec.exe
Token: SeTakeOwnershipPrivilege	1808	msiexec.exe
Token: SeLoadDriverPrivilege	1808	msiexec.exe
Token: SeSystemProfilePrivilege	1808	msiexec.exe
Token: SeSystemtimePrivilege	1808	msiexec.exe
Token: SeProfSingleProcessPrivilege	1808	msiexec.exe
Token: SeIncBasePriorityPrivilege	1808	msiexec.exe
Token: SeCreatePagefilePrivilege	1808	msiexec.exe
Token: SeCreatePermanentPrivilege	1808	msiexec.exe
Token: SeBackupPrivilege	1808	msiexec.exe
Token: SeRestorePrivilege	1808	msiexec.exe
Token: SeShutdownPrivilege	1808	msiexec.exe
Token: SeDebugPrivilege	1808	msiexec.exe
Token: SeAuditPrivilege	1808	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1808	msiexec.exe
Token: SeChangeNotifyPrivilege	1808	msiexec.exe
Token: SeRemoteShutdownPrivilege	1808	msiexec.exe
Token: SeUndockPrivilege	1808	msiexec.exe
Token: SeSyncAgentPrivilege	1808	msiexec.exe
Token: SeEnableDelegationPrivilege	1808	msiexec.exe
Token: SeManageVolumePrivilege	1808	msiexec.exe
Token: SeImpersonatePrivilege	1808	msiexec.exe
Token: SeCreateGlobalPrivilege	1808	msiexec.exe
Token: SeCreateTokenPrivilege	1808	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1808	msiexec.exe
Token: SeLockMemoryPrivilege	1808	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1808	msiexec.exe
1808	msiexec.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 3984	444	msiexec.exe	81
PID 444 wrote to memory of 3984	444	msiexec.exe	81
PID 444 wrote to memory of 3984	444	msiexec.exe	81
PID 444 wrote to memory of 672	444	msiexec.exe	85
PID 444 wrote to memory of 672	444	msiexec.exe	85
PID 444 wrote to memory of 1164	444	msiexec.exe	87
PID 444 wrote to memory of 1164	444	msiexec.exe	87
PID 444 wrote to memory of 1164	444	msiexec.exe	87

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Eon_Launcher.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1808

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:444
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A622C92C13AD5E592DEF89032C587D6F C
  2⤵
  - Loads dropped DLL
  PID:3984
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:672
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 50D175A13DDA6F9EF19D9D8FC542F82C
  2⤵
  - Loads dropped DLL
  PID:1164

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4500

C:\Program Files (x86)\Eon\Eon Launcher\Eon\Eon.exe
"C:\Program Files (x86)\Eon\Eon Launcher\Eon\Eon.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Control Panel
- Modifies registry class
PID:3716

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004B4
1⤵
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e582f0b.rbs

Filesize
86KB

MD5
2691fabf11b8c4c4dc9e80e61dd6180b

SHA1
042d91d9261b151af42ab3a852292b35a3949459

SHA256
67521fb5f6db02f29fbfc5953944a7747fe7abfd5f52a925ae032d34e8ec21e9

SHA512
8b0777fb02e78f5940789877695c1ebf9773ef2480fa9dee090832213c415cab94636eb539458c2597137442d567925db1494f956423ba1b7dffe5a790d0d7d2

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\CoreMessagingXP.dll

Filesize
960KB

MD5
44cec8340f410186d4dad26e462de4fd

SHA1
a9626dfaf93889938d4af1b760defddd963c9f1c

SHA256
5f524134ffb24dfa7a16c85b241fe938fba72e2dc6c977e4622b0467730d477d

SHA512
d24af5a51ea54d88b0e08015c8e74c07d26711e4ad38c6d51c3c6abe3bf3caf6c3d7601aedeb1afee400a645cf1cfafb3f6059ddacf067a30a760dbf060c19a9

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\CoreMessagingXP.dll

Filesize
768KB

MD5
b5410a36246beb0681894479ccd600e9

SHA1
a39d6b6dbd5989a28b97f5269cd4ca10b6292ec2

SHA256
a033c20fec1bf94108806c6c0033b620a0120f0e35efb2b7b48ea4f2c8206b25

SHA512
b7a2588f8360fd9af5d26237eef467f326e7db0d6e48590f99eaded998b79771367706e5813526edf8b1bb0d637f442bf6d9fb401fe8318e0ba1b15395743065

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Eon.deps.json

Filesize
58KB

MD5
3392fe2c78f007ef9b0a2aa511f56f75

SHA1
f2324564c8874a632c6a401464c1c73dc87ae60a

SHA256
555e86bebe107bdc540d9d7d68e2c52d81bcd28f9ac2662b4445d0eccb059a2c

SHA512
10e5b1ac63f3f12541e038b0df863ee6e1ed899d06e3ed5fc364e8dc3da0633a9767cb9acde3bc25f082b5a20628e276780a6bf04ae3cb68f26e8993ca57212f

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Eon.dll

Filesize
656KB

MD5
56266948f9f3b7a4da0ebcf961adc7b8

SHA1
7c04ed62550522459ad9e645ab9ea88146249561

SHA256
42f6e87f57ba8d343e1d0b90e59aea4ac9b6a5779707d3630d94a245b060e1a0

SHA512
6ad5e01241a8df0937679158e92b59f1c47d6bcc652ee58ecfa31d7ddac4c8b0786d410fc14606cba60322f9364a5d2113acc832bde61ab6152449a0f7b0b802

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Eon.exe

Filesize
370KB

MD5
043c936abc6c0174d6babb010e830520

SHA1
71726b8b7f791eb027eb770cace1ed49d60ca623

SHA256
083093b1079202d15d940cc22a02637578bdbe08c58652bbf9982d4bee4336a1

SHA512
3b3722bc3a590be3594cf7bb926fb00cdedbbf56cf87b662f7db2b3e0ec02fb6478181492a1a2bf4f65c73179708460b584f4ac1bb219e8f7a6a9ca2f3e3366d

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Eon.runtimeconfig.json

Filesize
372B

MD5
c0cb403114b5d75cb7ee224cc645e164

SHA1
fe4f354a33aecc90180d5cd7179ba9aea68730ec

SHA256
f7f69fe909b5f288b5bf3c016f2e5222d218c46d27c14c57c2402f773bb6a4a7

SHA512
85027b37b05ff280d4ba00b1c35977ca9244270ddc5d468df1726f612d030442492f06caafa196072fc0668ff48f93f245550a7cf47b290a93de9bccdd50b949

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.Internal.FrameworkUdk.dll

Filesize
768KB

MD5
3a4951a50883ab36ed3b08ab08047207

SHA1
caf293276bcca1cea56f72fcced8ccf2bd350962

SHA256
0ea3fbef75dcbd84b17eef46a18b8950bb83a6b081698541c56a2fd11347a12e

SHA512
a24c47e21ef8292eef5bca32c0eb15f96055b30053174cd56cd04106c0c7aacf3aba5152edb63da3abd6c80a8e7d99ea830f06634b4ff73724403cea5a6b16a8

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.Internal.FrameworkUdk.dll

Filesize
704KB

MD5
b704ea65964dffba946afe9271e69feb

SHA1
dbf5b10d3c9ecfbbfaaa1415e3e6012633edbb12

SHA256
0dac1506d6f710ce0bbd08a9d3af4c7361b67475eb1a1ae01084d8fb407748a8

SHA512
06c764062aad15de3f5f99f8b1f57ca457aebb0502c5727ed0f7e9119b31621f24f59b45a6297066abf3261b4692454af445ee02dad72b477f498a8d43e115e4

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.UI.Windowing.Core.dll

Filesize
461KB

MD5
2bc27f95702a4da1e16879b3796cc9b8

SHA1
87ca997a47532bb520492d6b381ff543f710174a

SHA256
5e49a2d2b02ee082681c5f6cb954575e64ca930e9ebcdb08bdcda7236a86317a

SHA512
eddf27c8b201a995be2f56e2c7cd55c41c1014655f9e1e0c09df2dd63525e7d158ee821df0bd388ce29c5012ecc367adb7c23e1b1ea274961e2d98ea5d089f28

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.WinUI.dll

Filesize
2.8MB

MD5
9d043f169b837e0cc4d8d5af72510945

SHA1
b758a6863229f4639d02c96c136799e3bb952e86

SHA256
8cdd2ed26018655095542d8ec896f9899f8537a481147fb7b9a8ecfddc43c194

SHA512
1a156422624789e5a31ff81375e10dce37fbffbb59ff3ace6154b339acf4e01a4090c4eab4e4680d757cbfb9c97a9101e823017c46f9f90d4424cccb1b0bee75

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.WindowsAppRuntime.dll

Filesize
900KB

MD5
5bc60c43ee4f3b6ef8f44bf7d61870dd

SHA1
6fb751807fdd9c1600af8a171b28484aef2b56e6

SHA256
bcef6e6fc13bc61232f0c3d39ce355d85a942f5848a2b9866535421ff6069d41

SHA512
bde18bd4088c964614a96ec093678ce09db5a4b72693a064295606c03718e40c093f6e12c9df5dc49b04567a3b5a1989e39ba3c79ea00dbee106a5e96bcd2e41

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.ui.xaml.dll

Filesize
1.4MB

MD5
77906eb7c7cd1cca0d5790b127a678ca

SHA1
7244e988b5eb25884de9c687cbe42a30248a4b22

SHA256
14331808b0a7dce8ae3ff00b97a5023ebf591c8aa7c95a1039d1949d33390493

SHA512
84372085ac25819c20d002f9c024ccd450656fd9627d4d0372af336fdc353ee4917fcba5451442aa528be3c5d3afb6b68f845b05415aa8332dc4ab49fc84b805

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\Microsoft.ui.xaml.dll

Filesize
960KB

MD5
7fd702d2b2a780d5dd487249ceefac93

SHA1
a0978c0cd62e29922812cd0c0d8abcfb9351762c

SHA256
e49608071e16177832245ff3a29cc2bd338ded286ef35060517d36fca55dcdc3

SHA512
1c4d95e85da4604e68b38a619f656e33ba4364ef37c131281ed22254d4008d2cc58e557d05d4a781d4af689147b3e3c1d59cae9b2a474e2bd6d4d89caa894746

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Collections.Concurrent.dll

Filesize
241KB

MD5
1ef225bf5349669453c56c8a6926a6cd

SHA1
34f1080dd190c007236e0341298f20eb6d78e96c

SHA256
b01cc57d238f6e626ed67d4fbc01ca82fc41d57b214dad30e7be102366c07d43

SHA512
fc3f3bd4271df8d7af66cebd7993eac38a250772caff54415d02769fe17ded3d07f70eb818dea4faa62bba8e0f7ae9b6cf20f5c5a8bb03fe2eab34321b64ef1e

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Collections.dll

Filesize
258KB

MD5
a01f49ed88e0a55823241d830657f78a

SHA1
06b387412be9284c85884e0943a4f9becaf9e9ee

SHA256
4558e2a23f38653e0dcf0b80c36bd01f29dbf5b04041e045f4b9e6f19c3bb7aa

SHA512
40df2e4da7b3149af6398740100128abe54cb5bb2a9bb6debb7550c1498f848ac08e59c4cb7735634da27c438787123c36212f682303633c429fc6fff2f89d4a

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Private.CoreLib.dll

Filesize
3.2MB

MD5
eb541b948dceffb3f5369d1ea5c365d2

SHA1
6856d0fe00f8a0d22b7d613634c65fd4644c2ec8

SHA256
635b9959bfa353fd33b366878ea35a038d328e349bad241464e2175aa4fd14f7

SHA512
43ee10c1e2c82770692720c830c0a2edd6242482dcb22f94636096b7239147f2420198c1a622c3aa668c8644f0cb928a82d036189bb1f25d1ca78247d3549aee

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Private.CoreLib.dll

Filesize
2.9MB

MD5
0b5da938da441cad6d1efbafab25c447

SHA1
27ea6bb0f891cd0a9204ef8460feaf18a10b2b0a

SHA256
f0b7ad5fdb898b326eb3796f7ae2c835e449765464abd178bda7b16dfe9c3e67

SHA512
8ae0596e834d40b582cb5921dcfa345db466dc45ac5997ed39a535cd1e81820ffb4cf6d8565d8678e1ee61ef4706d06791fb52f9dc71d203fd3fe268ed248842

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Private.Uri.dll

Filesize
246KB

MD5
d02570674403ec387ac008a2e61d8013

SHA1
c14dafba9f721507814830adc32379cab06029d4

SHA256
aaff427307d962e60123d0655a7284db1898a4fecd18de6916eb5b97d39167c1

SHA512
d1865098d96ff631ba78d77593d69a31d3fff068cefce64cf37af7b32dd0574fc2470324eba6f2a69dd8f66bc2ca514bd5cf778591e749452476dc380b1a2f22

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Runtime.CompilerServices.Unsafe.dll

Filesize
22KB

MD5
c2fb5a5dff9a6d7da92d1bbfa771152b

SHA1
f90384686c4cbaa79ca09506937ab72bac746d26

SHA256
76478937536e24cb8fd4a38165680e69972a80c291ab158473241b0798a53257

SHA512
a475f12fc1bd739d6fe7d56c4d9404fa7485af9d9f13a372b8aeed830f63c24484ffe770f2a6901f7fc8d0fb71fe0529d23dcda36f19591d14eef2644d1743d0

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Runtime.InteropServices.dll

Filesize
50KB

MD5
b2b2f43d1953ed708f5d3ee903634b7c

SHA1
3094abca65bd4d729afd09c716cd929f2dd6bdfe

SHA256
cd4072b38ca583eb0428ab35da0b109e3f34e9b5d6e0e4ad1bceec83cd5ee094

SHA512
51ac99f8ff9a48ed22d6d54ba38199e3c436fc45ea8d5d6ca25ddce62bf43319388e52b0f03633a12f4b863567108f68d1d1320a8f112b3e8c29c98ad92cfd99

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Runtime.dll

Filesize
41KB

MD5
34b31d2ddc6c7d186f12790aa237dc0c

SHA1
e30747dac5c971095c444ae48a67e5aa602ef8cf

SHA256
1d0ce76eba87465bf72f2ef6c94dddd5899f96d6a92f82c638ac30ea2d41a792

SHA512
dc65f5971c14f63df3654c409414575ca51637a3d6ba719d3627f2fb8b4519982c8dc3e09abd6fe4858f0544969a4f75991a238f15a333115f18151fbb45ba4b

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\System.Threading.dll

Filesize
78KB

MD5
c975d969ba4f2c5830c4a201b17ed98d

SHA1
f35b5b16a030ea1c08e3d3faa456782b384f541d

SHA256
e1f4c118ffcfc1e8a0b72cb0bdb92ea8c5ef11fee1f6e0f1e236af8d8e5dd5b9

SHA512
1af6d42549b7ffd0f0094e23c2515e3b5e2247962dfe839f7d49e449432a45c9427198a22cbe7f71052c3e6354839a749f822630117a4ce5d8ed56da172b254b

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\WinRT.Runtime.dll

Filesize
389KB

MD5
0966745c6b954e7bbd15459756a106c6

SHA1
f6efa62a95b4f40c84341ed58c1d3c8d5af2111d

SHA256
4977a1e6dcee4c3310a68e20f2879cf39b95255e29f3fd7557781e058445cb9b

SHA512
ab8a07fdf72315ffaa49271faca6d0d6523b3480d53fd6f5225fdfcb41ee099e3b401872a684016ed02d347b48eae3467185b6e9dcd16994c0b7e3c562e9a047

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\clrjit.dll

Filesize
1.4MB

MD5
fa4bcd4b40994d933ebc8df084a83c14

SHA1
657da8b47caa9d49c4a6c89a01da1f0833add5e9

SHA256
aaa2ab0fc6e976e5cb6f0e1908ae97359c297ed5100a923e14e6666d1d037344

SHA512
e25f8231d562b8fc0ec40a08642a237e7a9b5cd5e1a12fa8b115ab225ff743e66af697f13a1782964a84938079bb83e4c070d3b786fa27d68fb5f40cc403cc44

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\coreclr.dll

Filesize
3.8MB

MD5
97a6bb7c900f8d6829eb49c9cea2f9e0

SHA1
35c2020ed7d9999af486ed2332405d6908a44434

SHA256
d9e03e9762375e8265624c968bc40d206cf638b14ad1b3aebc96f2469102b6ff

SHA512
849f9412b45c53b53077e454c8acc42561400d8f164cc42924f406548fc146d044d03cf4ad59beaacf061642e40533538deba708528ae95afbe5d0d2b5b26a7a

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\coreclr.dll

Filesize
2.4MB

MD5
c94e45ab626c09332eabe6aca1a27f5d

SHA1
c45538e11ef3926243d31ad64443d60e09dc9d8f

SHA256
e060213c7b54e32891cb94a9eb41aec339636f9c9fa394c325a94eee4025b5c3

SHA512
78d35d8dd31fc2a3aa3e64e2751e3ebf761efa6149f73e02ba3a6af880d39324416228f352f6a05e36a7506e8b69f1f17dcbbdb649c5aaae53544d25b077ccf1

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\hostfxr.dll

Filesize
369KB

MD5
edfc2bc2b9e76b294a3b7e9354dce5cc

SHA1
a853b96df7876934dfae45ef8cdb8c007151d2b2

SHA256
728f92ee30a983f0b25abed53c669d81583df0195ebbafc51624bc18a9e29210

SHA512
fc832cb52cf9f93ed54783fbc0de18f59aebb14a16a733bffc0879047f47b1474ed429ca913ea2d3ae83a8a4ff14a6c2f7c1fa1f3d7cbb7ef2c3641dfbae87d3

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\hostpolicy.dll

Filesize
384KB

MD5
11496e6efe7426883be8d7f5225deb34

SHA1
86680ebf9c2cd065f94538b0f0a053d3a6db14fb

SHA256
22182dfdd29141a69d1d88439661c3218b12f6089d66578448a7583062b3b3bd

SHA512
7f634648678227708c82139af15db235061f9f1656f3d64ad0110d9236a2cca34b8d276f4f797150548d25fe7411738f8f21b3d7de2362eaf65e00d096aa1859

Download Submit
C:\Program Files (x86)\Eon\Eon Launcher\Eon\mscorrc.dll

Filesize
143KB

MD5
f94ac59d78453e57cfba7756d56a2637

SHA1
989a5cc0772ef96deac09209038a9bac89ec5cd9

SHA256
44c18b4fe8fa993b2517216f4c86a4a2b0bbefd17f47b69559cdfa85a6642ab7

SHA512
bee68ea1d86fbf8c79d5fd425e220d22a9ba7766e46d782bfd3e4c81808f7a72624086c2a758e0a4be93c27f14dec9644632e596b6e65d88a00557d9fac8cfce

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIC1F8.tmp

Filesize
719KB

MD5
c9c085c00bc24802f066e5412defcf50

SHA1
557f02469f3f236097d015327d7ca77260e2aecc

SHA256
a412b642de0e94db761ebd2834dde72eed86e65fc4a580670a300015b874ba24

SHA512
a6fa1f34cd630a7509a6441be7ad060de7e039967d2ec015e27c2a643b04e0eecf53902b7173c4c2e92e3a890bd7acb6a3307d9923838f0bfc71496fb184b1de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\Installer\e582f0a.msi

Filesize
26.6MB

MD5
6fd4f20e31a4d1185267740831010815

SHA1
73b0e310a537cf75ef84ed5378d25e66cbb83cac

SHA256
13e94b642df19728ecde8f006c117e2f02ab47230022db7df53d32755c8e594b

SHA512
f62530363a466dc711387f4f3651abe704203e902ee98065f398195b929f8b8807e7d6d18653ea2a0affac5d00d2f47552f56488dac7935a2d04318fc34b50f7

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
c697915484747bf5c0c8013c2f57e4ed

SHA1
db37059137f4a8cb8fe82a3887fe24941f04bc3e

SHA256
967ece01a47720c26180e470ea7419640a0041b612e454b7a49c780360c612d0

SHA512
83e0ef61a72fd6e2bc6a6df408a5295e929fa389958dbe6ae1332512457a2668592fe9fba5a24aba764b363ced8db7d7d44e5a7bd9bc59b44fe95b26e07e5f7b

Download Submit
\??\Volume{8b01524b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{11498092-ecb5-401b-9fac-2a756f0701f4}_OnDiskSnapshotProp

Filesize
6KB

MD5
2e0995b142bfec36a8c6d560a61d5f76

SHA1
b876b12baa5e6d8417fbda651122d886dcca62a8

SHA256
b4f15b4089013e634f9c02fff6dd796c00399e502607dc0cd5e8b530cdeed99f

SHA512
663c5cb131dfd599254164432c0469932df4f244733fa22d4e6958f423b56d78294d88e3f596665b2312755d7a49c828873716754f210a79af85b65f42b7b0cb

Download Submit
memory/3716-547-0x00007FFB85C10000-0x00007FFB8610E000-memory.dmp

Filesize
5.0MB

Download
memory/3716-555-0x00007FFB64D50000-0x00007FFB64D60000-memory.dmp

Filesize
64KB

Download
memory/3716-605-0x00007FFB85C10000-0x00007FFB8610E000-memory.dmp

Filesize
5.0MB

Download