URL:

https://github.com/Extravi/Bloxshade

Full analysis: https://app.any.run/tasks/6dd72f38-17ed-4109-9a87-f2879267e0e3
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: August 31, 2024, 17:19:28
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
github
loader
Indicators:
MD5:

06C6AD29F6A75659940CDCC2D4BC4B12

SHA1:

4CA92964C39CEA9D8255D5E6E52E6FBC2551FCCF

SHA256:

3F0B4DFC2794E167CBE91DCE6656C3DB833A451E0A2CE8BF07BD6BA494799C7C

SSDEEP:

3:N8tEdvLuBA:2upuBA

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Scans artifacts that could help determine the target

      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 8040)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 2608)
      • msedgewebview2.exe (PID: 7476)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Setup - Bloxshade.exe (PID: 7128)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • msedgewebview2.exe (PID: 2028)
      • installer.exe (PID: 7860)
      • msedgewebview2.exe (PID: 8040)

    • Process drops legitimate windows executable

      • msedge.exe (PID: 5376)
      • msedge.exe (PID: 448)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7932)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • svchost.exe (PID: 1496)
      • MicrosoftEdge_X64_128.0.2739.54.exe (PID: 7912)
      • setup.exe (PID: 8124)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeWebview2Setup.exe (PID: 7932)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • MicrosoftEdge_X64_128.0.2739.54.exe (PID: 7912)
      • setup.exe (PID: 8124)
      • Setup - Bloxshade.exe (PID: 6272)
      • Setup - Bloxshade.exe (PID: 7852)
      • RobloxPlayerInstaller.exe (PID: 7212)

    • Drops the executable file immediately after the start

      • MicrosoftEdgeWebview2Setup.exe (PID: 7932)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • MicrosoftEdge_X64_128.0.2739.54.exe (PID: 7912)
      • setup.exe (PID: 8124)
      • Setup - Bloxshade.exe (PID: 6272)
      • Setup - Bloxshade.exe (PID: 7852)
      • RobloxPlayerInstaller.exe (PID: 7212)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8168)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7592)
      • MicrosoftEdgeUpdate.exe (PID: 2876)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8128)

    • Reads the date of Windows installation

      • MicrosoftEdgeUpdate.exe (PID: 8020)

    • Potential Corporate Privacy Violation

      • svchost.exe (PID: 1496)

    • Application launched itself

      • setup.exe (PID: 8124)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 8040)

    • Checks Windows Trust Settings

      • MicrosoftEdgeUpdate.exe (PID: 2264)

    • Creates a software uninstall entry

      • setup.exe (PID: 8124)

    • Searches for installed software

      • setup.exe (PID: 8124)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 7416)
      • cmd.exe (PID: 7012)
      • cmd.exe (PID: 3144)
      • cmd.exe (PID: 7668)

    • Starts CMD.EXE for commands execution

      • Setup - Bloxshade.exe (PID: 6272)
      • Setup - Bloxshade.exe (PID: 7852)

    • Changes default file association

      • RobloxPlayerInstaller.exe (PID: 7212)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 6988)
      • msedge.exe (PID: 5644)
      • msedge.exe (PID: 5376)

    • Reads Microsoft Office registry keys

      • chrome.exe (PID: 6988)
      • Setup - Bloxshade.exe (PID: 7128)
      • msedge.exe (PID: 5644)
      • msedge.exe (PID: 5376)
      • msedgewebview2.exe (PID: 2028)
      • installer.exe (PID: 7860)
      • msedgewebview2.exe (PID: 8040)

    • The process uses the downloaded file

      • WinRAR.exe (PID: 1280)
      • chrome.exe (PID: 3276)
      • chrome.exe (PID: 7152)
      • msedge.exe (PID: 7812)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7932)
      • msedge.exe (PID: 5376)
      • msedge.exe (PID: 6604)

    • Manual execution by a user

      • WinRAR.exe (PID: 1280)
      • Setup - Bloxshade.exe (PID: 7100)
      • Setup - Bloxshade.exe (PID: 7128)
      • msedge.exe (PID: 5376)
      • Setup - Bloxshade.exe (PID: 1488)
      • Setup - Bloxshade.exe (PID: 6272)
      • Setup - Bloxshade.exe (PID: 2892)
      • Setup - Bloxshade.exe (PID: 7852)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6608)
      • WinRAR.exe (PID: 1280)
      • chrome.exe (PID: 5372)
      • msedge.exe (PID: 448)
      • msedge.exe (PID: 5376)

    • Checks supported languages

      • Setup - Bloxshade.exe (PID: 7128)
      • identity_helper.exe (PID: 7852)
      • MicrosoftEdgeWebview2Setup.exe (PID: 7932)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • MicrosoftEdgeUpdate.exe (PID: 2876)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7592)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8128)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8168)
      • MicrosoftEdgeUpdate.exe (PID: 7272)
      • MicrosoftEdgeUpdate.exe (PID: 5284)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • setup.exe (PID: 8140)
      • MicrosoftEdge_X64_128.0.2739.54.exe (PID: 7912)
      • setup.exe (PID: 8124)
      • MicrosoftEdgeUpdate.exe (PID: 7500)
      • Setup - Bloxshade.exe (PID: 6272)
      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 4392)
      • msedgewebview2.exe (PID: 2608)
      • msedgewebview2.exe (PID: 8100)
      • msedgewebview2.exe (PID: 5908)
      • setup.exe (PID: 4088)
      • installer.exe (PID: 2588)
      • installer.exe (PID: 7860)
      • RobloxPlayerInstaller.exe (PID: 7212)
      • msedgewebview2.exe (PID: 7704)
      • Setup - Bloxshade.exe (PID: 7852)
      • setup.exe (PID: 1132)
      • msedgewebview2.exe (PID: 8040)
      • msedgewebview2.exe (PID: 7924)
      • msedgewebview2.exe (PID: 7476)
      • msedgewebview2.exe (PID: 884)
      • msedgewebview2.exe (PID: 2724)
      • msedgewebview2.exe (PID: 8168)
      • installer.exe (PID: 8088)

    • Reads the computer name

      • Setup - Bloxshade.exe (PID: 7128)
      • identity_helper.exe (PID: 7852)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • MicrosoftEdgeUpdate.exe (PID: 2876)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8128)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7592)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 8168)
      • MicrosoftEdgeUpdate.exe (PID: 7272)
      • MicrosoftEdgeUpdate.exe (PID: 5284)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • MicrosoftEdge_X64_128.0.2739.54.exe (PID: 7912)
      • setup.exe (PID: 8124)
      • MicrosoftEdgeUpdate.exe (PID: 7500)
      • setup.exe (PID: 4088)
      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 2608)
      • msedgewebview2.exe (PID: 8100)
      • installer.exe (PID: 2588)
      • installer.exe (PID: 7860)
      • RobloxPlayerInstaller.exe (PID: 7212)
      • setup.exe (PID: 1132)
      • msedgewebview2.exe (PID: 8040)
      • msedgewebview2.exe (PID: 7476)
      • msedgewebview2.exe (PID: 884)
      • installer.exe (PID: 8088)

    • Create files in a temporary directory

      • MicrosoftEdgeWebview2Setup.exe (PID: 7932)
      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • svchost.exe (PID: 1496)
      • msedgewebview2.exe (PID: 2028)
      • RobloxPlayerInstaller.exe (PID: 7212)
      • msedgewebview2.exe (PID: 8040)

    • Reads Environment values

      • identity_helper.exe (PID: 7852)
      • MicrosoftEdgeUpdate.exe (PID: 7272)
      • MicrosoftEdgeUpdate.exe (PID: 7500)
      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 8040)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • MicrosoftEdge_X64_128.0.2739.54.exe (PID: 7912)
      • setup.exe (PID: 8140)
      • setup.exe (PID: 8124)
      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 5908)
      • RobloxPlayerInstaller.exe (PID: 7212)
      • msedgewebview2.exe (PID: 8100)
      • msedgewebview2.exe (PID: 884)
      • msedgewebview2.exe (PID: 8040)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 8020)
      • setup.exe (PID: 8124)
      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 7704)
      • msedgewebview2.exe (PID: 8040)
      • msedgewebview2.exe (PID: 2724)

    • Reads the software policy settings

      • slui.exe (PID: 7936)
      • MicrosoftEdgeUpdate.exe (PID: 7272)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • slui.exe (PID: 788)
      • MicrosoftEdgeUpdate.exe (PID: 7500)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 7272)
      • slui.exe (PID: 7936)
      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • MicrosoftEdgeUpdate.exe (PID: 7500)
      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 8040)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 2264)
      • RobloxPlayerInstaller.exe (PID: 7212)
      • msedgewebview2.exe (PID: 2028)
      • msedgewebview2.exe (PID: 8040)

    • Creates files in the program directory

      • Setup - Bloxshade.exe (PID: 6272)
      • setup.exe (PID: 4088)
      • Setup - Bloxshade.exe (PID: 7852)
      • setup.exe (PID: 1132)

    • Process checks whether UAC notifications are on

      • RobloxPlayerInstaller.exe (PID: 7212)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
271
Monitored processes
126
Malicious processes
14
Suspicious processes
2

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sppextcomobj.exe no specs slui.exe chrome.exe chrome.exe no specs chrome.exe chrome.exe no specs rundll32.exe no specs winrar.exe setup - bloxshade.exe no specs setup - bloxshade.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe svchost.exe slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs microsoftedge_x64_128.0.2739.54.exe setup.exe setup.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe setup - bloxshade.exe no specs setup - bloxshade.exe cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs setup.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs installer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs installer.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs robloxplayerinstaller.exe chrome.exe no specs msedge.exe no specs msedge.exe no specs setup - bloxshade.exe no specs setup - bloxshade.exe cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs setup.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs installer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
252"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2328 --field-trial-handle=2360,i,4387315776686746011,16489794529840728694,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
448"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2424 --field-trial-handle=2360,i,4387315776686746011,16489794529840728694,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
780"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=122.0.6261.70 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7fffd23fdc40,0x7fffd23fdc4c,0x7fffd23fdc58C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
788"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
884"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\admin\AppData\Local\com.bloxshade.tauri\EBWebView" --webview-exe-name=setup.exe --webview-exe-version=2.8.11 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --field-trial-handle=1920,i,3645319465581274567,5999276085999743108,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:3C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\128.0.2739.54\msedgewebview2.exe
msedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Version:
128.0.2739.54
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\128.0.2739.54\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\128.0.2739.54\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1064"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6132 --field-trial-handle=2360,i,4387315776686746011,16489794529840728694,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1108"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5012 --field-trial-handle=2360,i,4387315776686746011,16489794529840728694,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5920 --field-trial-handle=2360,i,4387315776686746011,16489794529840728694,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1132"C:\Program Files\Bloxshade\setup.exe"C:\Program Files\Bloxshade\setup.exeSetup - Bloxshade.exe
User:
admin
Integrity Level:
HIGH
Version:
2.8.11
Modules
Images
c:\program files\bloxshade\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
1156"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3872 --field-trial-handle=2360,i,4387315776686746011,16489794529840728694,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
70 199
Read events
66 341
Write events
3 781
Delete events
77

Modification events

(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(6988) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(6988) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
Executable files
230
Suspicious files
798
Text files
216
Unknown types
159

Dropped files

PID
Process
Filename
Type
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF12ad20.TMP
MD5:
SHA256:
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF12ad30.TMP
MD5:
SHA256:
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:FC81892AC822DCBB09441D3B58B47125
SHA256:FB077C966296D02D50CCBF7F761D2A3311A206A784A7496F331C2B0D6AD205C8
6988chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old~RF12ad20.TMPtext
MD5:139F545948FC1F10256A27E3C2CEF062
SHA256:9399CC6F9C335015E086DB37208B1816A7831221A005B04AC83C4F86CC04230D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
75
TCP/UDP connections
114
DNS requests
118
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1776
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3448
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
5376
msedge.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
1496
svchost.exe
HEAD
200
2.19.126.155:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6e21df09-d909-4575-8e24-d945909e58df?P1=1725729630&P2=404&P3=2&P4=Ini9WrCuH6xRqGVLClMGNw3IjfB1GIuhp1dzkFV7hspKudYj6GIYaNXT5QwhvL6FqQUmIphsQsxMuBigdFps7w%3d%3d
unknown
whitelisted
3448
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
1496
svchost.exe
GET
200
2.19.126.155:80
http://msedge.f.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/6e21df09-d909-4575-8e24-d945909e58df?P1=1725729630&P2=404&P3=2&P4=Ini9WrCuH6xRqGVLClMGNw3IjfB1GIuhp1dzkFV7hspKudYj6GIYaNXT5QwhvL6FqQUmIphsQsxMuBigdFps7w%3d%3d
unknown
whitelisted
1496
svchost.exe
HEAD
200
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
unknown
whitelisted
1496
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
unknown
whitelisted
1496
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
unknown
whitelisted
1496
svchost.exe
GET
206
34.104.35.123:80
http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6652
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
448
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2120
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6988
chrome.exe
239.255.255.250:1900
whitelisted
5128
chrome.exe
140.82.121.3:443
github.com
GITHUB
US
shared
3260
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5128
chrome.exe
142.250.147.84:443
accounts.google.com
GOOGLE
US
whitelisted
5128
chrome.exe
185.199.111.133:443
avatars.githubusercontent.com
FASTLY
US
shared
5128
chrome.exe
185.199.109.154:443
github.githubassets.com
FASTLY
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 51.124.78.146
  • 4.231.128.59
whitelisted
google.com
  • 216.58.212.174
whitelisted
github.com
  • 140.82.121.3
shared
client.wns.windows.com
  • 40.115.3.253
whitelisted
accounts.google.com
  • 142.250.147.84
whitelisted
github.githubassets.com
  • 185.199.109.154
  • 185.199.108.154
  • 185.199.110.154
  • 185.199.111.154
whitelisted
avatars.githubusercontent.com
  • 185.199.111.133
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.109.133
whitelisted
camo.githubusercontent.com
  • 185.199.109.133
  • 185.199.110.133
  • 185.199.111.133
  • 185.199.108.133
shared
github-cloud.s3.amazonaws.com
  • 54.231.130.121
  • 3.5.24.251
  • 52.217.128.137
  • 54.231.200.1
  • 3.5.25.205
  • 16.15.176.252
  • 3.5.24.206
  • 52.217.226.49
shared
user-images.githubusercontent.com
  • 185.199.111.133
  • 185.199.108.133
  • 185.199.110.133
  • 185.199.109.133
whitelisted

Threats

PID
Process
Class
Message
5128
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
5128
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
1496
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
Process
Message
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\com.bloxshade.tauri directory exists )
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\com.bloxshade.tauri\EBWebView directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/Extravi/Bloxshade