download:

/tannd0wn/Fluxus-Roblox-Executor/blob/main/Fluxus%20V7.exe

Full analysis: https://app.any.run/tasks/030d5a57-c1a5-4ddd-aff6-64e3ed79b994
Verdict: Malicious activity
Analysis date: October 24, 2024, 18:41:45
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: text/html
File info: HTML document, Unicode text, UTF-8 text, with very long lines (1616)
MD5:

D4AE5617094C4DEE4E181C35408FB6B7

SHA1:

6AECE1606FEEB4C49B87167ABECF73D2AEDD5D92

SHA256:

B0A6C9566B232890631B3025294A34FE70F73493E899B67EBA875B1C1F853D5C

SSDEEP:

3072:XmWGu6reSVacfSCgmz3tgXD6OOMe96MneBMLG/PVoj13KBMwIoGg/YYoj13KKlfW:ShouipOL/saqkPV9FemLtcsDSsmwq91l

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts POWERSHELL.EXE for commands execution

      • OpenWith.exe (PID: 5240)

  • INFO

    • Manual execution by a user

      • msedge.exe (PID: 3604)
      • WinRAR.exe (PID: 7144)

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 5240)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 3904)

    • Application launched itself

      • msedge.exe (PID: 3604)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

EXIF

HTML

Title: Fluxus-Roblox-Executor/Fluxus V7.exe at main · tannd0wn/Fluxus-Roblox-Executor · GitHub
RoutePattern: /:user_id/:repository/blob/*name(/*path)
RouteController: blob
RouteAction: show
CurrentCatalogServiceHash: f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb
RequestId: 90B0:1120A8:B95F5E:BCE836:671A94E9
HtmlSafeNonce: d4969b8e8d1c28569208c975c2cee053160ec53760e42ded7ea0b0376b572295
VisitorPayload: eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5MEIwOjExMjBBODpCOTVGNUU6QkNFODM2OjY3MUE5NEU5IiwidmlzaXRvcl9pZCI6Ijk1NDQ0ODA2MTExMTM3NTA4MSIsInJlZ2lvbl9lZGdlIjoiZnJhIiwicmVnaW9uX3JlbmRlciI6ImZyYSJ9
VisitorHmac: 35601e864fc3b42cf4685a9ad1b6aede45b725e2db91c5924118c1d66535d89c
HovercardSubjectTag: repository:877364504
GithubKeyboardShortcuts: repository,source-code,file-tree,copilot
GoogleSiteVerification: Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I
OctolyticsUrl: https://collector.github.com/github/collect
AnalyticsLocation: /<user-name>/<repo-name>/blob/show
UserLogin: -
Viewport: width=device-width
Description: 🚀 **Fluxus Executor** is a powerful and versatile script execution tool designed for Roblox users who want to enhance their gameplay experience by implementing customized Lua scripts. Whether you are a novice or an advanced user, Fluxus offers a wide range of features to cater to your needs and enrich your Roblox adventures. - Fluxus-Roblox-Executor/Fluxus V7.exe at main · tannd0wn/Fluxus-Roblox-Executor
AppleItunesApp: app-id=1477376905, app-argument=https://github.com/tannd0wn/Fluxus-Roblox-Executor/blob/main/Fluxus%20V7.exe
TwitterImage: https://opengraph.githubassets.com/3f750a75dd14f46b1703c783f1b1a291136120cb9036d098da01c43accc9732a/tannd0wn/Fluxus-Roblox-Executor
TwitterSite: @github
TwitterCard: summary_large_image
TwitterTitle: Fluxus-Roblox-Executor/Fluxus V7.exe at main · tannd0wn/Fluxus-Roblox-Executor
TwitterDescription: 🚀 **Fluxus Executor** is a powerful and versatile script execution tool designed for Roblox users who want to enhance their gameplay experience by implementing customized Lua scripts. Whether you a...
Hostname: github.com
ExpectedHostname: github.com
HTTPEquivXPjaxVersion: 40d784387c7b071ea9a6c40754264b30587ee239fc47c11376fd95c7054dc3ec
HTTPEquivXPjaxCspVersion: ace39c3b6632770952207593607e6e0be0db363435a8b877b1f96abe6430f345
HTTPEquivXPjaxCssVersion: 91f395d3a8feb7c539adc2efc83bf45d7c764fdd6a4312b4b103231fc78e9758
HTTPEquivXPjaxJsVersion: 124695169c37207c695022bbeba463133e7ba2a2ac97ef4551e94a843b016fea
TurboCacheControl: no-cache
GoImport: github.com/tannd0wn/Fluxus-Roblox-Executor git https://github.com/tannd0wn/Fluxus-Roblox-Executor.git
OctolyticsDimensionUser_id: 186062948
OctolyticsDimensionUser_login: tannd0wn
OctolyticsDimensionRepository_id: 877364504
OctolyticsDimensionRepository_nwo: tannd0wn/Fluxus-Roblox-Executor
OctolyticsDimensionRepository_public:
OctolyticsDimensionRepository_is_fork: -
OctolyticsDimensionRepository_network_root_id: 877364504
OctolyticsDimensionRepository_network_root_nwo: tannd0wn/Fluxus-Roblox-Executor
TurboBodyClasses: logged-out env-production page-responsive
BrowserStatsUrl: https://api.github.com/_private/browser/stats
BrowserErrorsUrl: https://api.github.com/_private/browser/errors
ThemeColor: #1e2327
ColorScheme: light dark
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
216
Monitored processes
80
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start openwith.exe no specs powershell.exe no specs conhost.exe no specs openwith.exe no specs rundll32.exe no specs openwith.exe no specs sppextcomobj.exe no specs slui.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs openwith.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
300"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3064 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
616"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7700 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1028"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6956 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3548 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1200"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5984 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1252"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2720 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
1428"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5160 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
1572"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3376 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
1788C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\System32\rundll32.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
2084"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5500 --field-trial-handle=2124,i,3171064541850542209,13003474456006504252,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Total events
0
Read events
0
Write events
0
Delete events
0

Modification events

No data
Executable files
13
Suspicious files
770
Text files
165
Unknown types
5

Dropped files

PID
Process
Filename
Type
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF9254f.TMP
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF9255e.TMP
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF9256e.TMP
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF9253f.TMP
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF9259d.TMP
MD5:
SHA256:
3604msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
50
TCP/UDP connections
224
DNS requests
234
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4360
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2776
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
512
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7496
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7496
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6024
msedge.exe
GET
304
69.192.161.44:80
http://x1.i.lencr.org/
unknown
whitelisted
6024
msedge.exe
GET
304
195.138.255.24:80
http://apps.identrust.com/roots/dstrootcax3.p7c
unknown
whitelisted
6024
msedge.exe
GET
304
69.192.161.44:80
http://r3.i.lencr.org/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
6944
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5488
MoUsoCoreWorker.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
23.48.23.147:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
104.126.37.170:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
2776
svchost.exe
40.126.32.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2776
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
crl.microsoft.com
  • 23.48.23.147
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
google.com
  • 142.250.186.174
whitelisted
www.bing.com
  • 104.126.37.170
  • 104.126.37.154
  • 104.126.37.152
  • 104.126.37.153
  • 104.126.37.168
  • 104.126.37.163
  • 104.126.37.160
  • 104.126.37.171
  • 104.126.37.147
  • 104.126.37.179
  • 104.126.37.178
  • 104.126.37.176
  • 104.126.37.139
  • 104.126.37.130
  • 104.126.37.137
  • 104.126.37.136
  • 104.126.37.128
  • 104.126.37.185
  • 104.126.37.162
  • 104.126.37.145
  • 104.126.37.146
  • 104.126.37.161
  • 104.126.37.155
  • 104.126.37.131
  • 2.23.209.130
  • 2.23.209.181
  • 2.23.209.189
  • 2.23.209.135
  • 2.23.209.185
  • 2.23.209.187
  • 2.23.209.133
  • 2.23.209.140
  • 2.23.209.182
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.32.68
  • 20.190.160.20
  • 20.190.160.17
  • 40.126.32.74
  • 20.190.160.14
  • 20.190.160.22
  • 40.126.32.134
  • 40.126.32.140
  • 40.126.32.136
  • 40.126.32.72
whitelisted
th.bing.com
  • 104.126.37.171
  • 104.126.37.178
  • 104.126.37.176
  • 104.126.37.123
  • 104.126.37.160
  • 104.126.37.163
  • 104.126.37.168
  • 104.126.37.185
  • 104.126.37.177
  • 104.126.37.162
  • 104.126.37.145
  • 104.126.37.136
  • 104.126.37.139
  • 104.126.37.137
  • 104.126.37.146
  • 104.126.37.154
  • 104.126.37.161
  • 104.126.37.152
  • 104.126.37.155
  • 104.126.37.131
  • 104.126.37.153
whitelisted
go.microsoft.com
  • 23.213.166.81
  • 184.28.89.167
whitelisted
client.wns.windows.com
  • 40.113.103.199
  • 40.115.3.253
whitelisted

Threats

PID
Process
Class
Message
6024
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
6024
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
6024
msedge.exe
Misc activity
SUSPICIOUS [ANY.RUN] Tracking Service (.popin .cc)
6024
msedge.exe
Potentially Bad Traffic
ET DNS Query for .cc TLD
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
/tannd0wn/Fluxus-Roblox-Executor/blob/main/Fluxus%20V7.exe