File name:

amazon-video-downloader.exe

Full analysis: https://app.any.run/tasks/447ca5af-60b9-4ae3-9d28-d8936a954028
Verdict: Malicious activity
Analysis date: June 30, 2025, 10:59:59
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
python
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

956BD381874BD8DF4EE034B4ECEFCF26

SHA1:

DD67CA82C76F3AF357E4F7B503FF89E609FB210C

SHA256:

E32FDFDC54EC6B42E0E5BEE69DA4154036281938DB882CA5D0C3CF7D5EAEEC98

SSDEEP:

24576:geGrRuUU4HyNt85nq2O6vhCmSxbv0kFgQ0Qh1lhUqa84X9XxQvB7zHYccR0:UrRuUU4HyNt85q2O6ZCmSxbv0kFgQ0Q/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • vpdl.exe (PID: 6540)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • cmd.exe (PID: 7600)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe (PID: 7952)
      • vpdl.exe.downloading (PID: 7548)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)
      • vpdl.exe (PID: 7824)
      • vpdl.exe (PID: 7708)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • amazon-video-downloader.exe (PID: 4892)

    • The process creates files with name similar to system file names

      • amazon-video-downloader.exe (PID: 4892)

    • Reads security settings of Internet Explorer

      • amazon-video-downloader.exe (PID: 4892)

    • There is functionality for taking screenshot (YARA)

      • amazon-video-downloader.exe (PID: 4892)

    • Process drops legitimate windows executable

      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • vpdl.exe (PID: 6540)
      • cmd.exe (PID: 7600)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe (PID: 7952)
      • vpdl.exe.downloading (PID: 7548)
      • vpdl.exe (PID: 7824)
      • vpdl.exe (PID: 7708)

    • Creates a software uninstall entry

      • amazon-video-downloader.exe (PID: 4892)

    • Starts CMD.EXE for commands execution

      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • cmd.exe (PID: 7384)
      • vpdl.exe (PID: 7188)
      • mshta.exe (PID: 7588)
      • vpdl.exe.downloading (PID: 7996)
      • vpdl.exe (PID: 7576)
      • vpdl.exe.downloading (PID: 6352)
      • vpdl.exe (PID: 8908)
      • vpdl.exe (PID: 8160)

    • Starts application with an unusual extension

      • cmd.exe (PID: 2808)
      • cmd.exe (PID: 4752)
      • cmd.exe (PID: 6388)
      • cmd.exe (PID: 1100)
      • cmd.exe (PID: 5768)
      • cmd.exe (PID: 2728)
      • cmd.exe (PID: 2044)
      • cmd.exe (PID: 6508)
      • cmd.exe (PID: 3572)
      • cmd.exe (PID: 6540)
      • cmd.exe (PID: 2792)
      • cmd.exe (PID: 7344)
      • cmd.exe (PID: 8044)
      • cmd.exe (PID: 7924)
      • cmd.exe (PID: 8172)
      • cmd.exe (PID: 8180)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • vpdl.exe.downloading (PID: 7588)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • vpdl.exe.downloading (PID: 7548)

    • Drops 7-zip archiver for unpacking

      • amazon-video-downloader.exe (PID: 4892)

    • Process drops python dynamic module

      • amazon-video-downloader.exe (PID: 4892)
      • vpdl.exe (PID: 6540)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe (PID: 7952)
      • vpdl.exe.downloading (PID: 7548)
      • vpdl.exe (PID: 7708)
      • vpdl.exe (PID: 7824)

    • The process drops C-runtime libraries

      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • vpdl.exe (PID: 6540)
      • cmd.exe (PID: 7600)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe (PID: 7952)
      • vpdl.exe.downloading (PID: 7548)
      • vpdl.exe (PID: 7708)
      • vpdl.exe (PID: 7824)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 1100)
      • cmd.exe (PID: 4752)
      • cmd.exe (PID: 6388)
      • cmd.exe (PID: 6508)
      • cmd.exe (PID: 7924)
      • cmd.exe (PID: 8044)

    • Application launched itself

      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • cmd.exe (PID: 7384)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • vpdl.exe (PID: 6540)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe (PID: 7952)
      • vpdl.exe.downloading (PID: 7548)
      • vpdl.exe (PID: 7708)
      • vpdl.exe (PID: 7824)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 1100)
      • cmd.exe (PID: 5768)
      • cmd.exe (PID: 7924)
      • cmd.exe (PID: 8180)

    • Uses SYSTEMINFO.EXE to read the environment

      • cmd.exe (PID: 5768)
      • cmd.exe (PID: 2728)
      • cmd.exe (PID: 8180)
      • cmd.exe (PID: 8172)

    • Uses WMIC.EXE to obtain computer system information

      • cmd.exe (PID: 2044)

    • Uses WMIC.EXE to obtain memory chip information

      • cmd.exe (PID: 6540)

    • Uses WMIC.EXE to obtain Windows Installer data

      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 504)
      • WMIC.exe (PID: 2972)
      • WMIC.exe (PID: 4752)
      • WMIC.exe (PID: 7388)
      • WMIC.exe (PID: 7428)
      • WMIC.exe (PID: 7972)
      • WMIC.exe (PID: 7752)
      • WMIC.exe (PID: 7512)

    • Uses WMIC.EXE to obtain data on the base board management (motherboard or system board)

      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)

    • Checks for external IP

      • StreamFox Amazon Video Downloader.exe (PID: 5564)

    • Uses WMIC.EXE

      • cmd.exe (PID: 2792)

    • Executing commands from a ".bat" file

      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • cmd.exe (PID: 7384)
      • mshta.exe (PID: 7588)

    • Loads Python modules

      • psshReslover.exe (PID: 7528)
      • vpdl.exe (PID: 7188)
      • vpdl.exe.downloading (PID: 7996)
      • vpdl.exe (PID: 7576)

    • Runs shell command (SCRIPT)

      • mshta.exe (PID: 7588)

  • INFO

    • Execution of CURL command

      • amazon-video-downloader.exe (PID: 4892)

    • Create files in a temporary directory

      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • vpdl.exe (PID: 6540)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe (PID: 7952)
      • vpdl.exe.downloading (PID: 7548)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)
      • vpdl.exe (PID: 7708)
      • vpdl.exe (PID: 7824)

    • The sample compiled with english language support

      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • vpdl.exe (PID: 6540)
      • cmd.exe (PID: 7600)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe (PID: 7952)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • vpdl.exe.downloading (PID: 7548)
      • vpdl.exe (PID: 7708)
      • vpdl.exe (PID: 7824)

    • Checks supported languages

      • curl.exe (PID: 768)
      • curl.exe (PID: 6140)
      • amazon-video-downloader.exe (PID: 4892)
      • curl.exe (PID: 1100)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • chcp.com (PID: 3620)
      • StreamFox Amazon Video Downloader.exe (PID: 3956)
      • chcp.com (PID: 4040)
      • chcp.com (PID: 5824)
      • chcp.com (PID: 7120)
      • chcp.com (PID: 420)
      • chcp.com (PID: 4088)
      • chcp.com (PID: 5780)
      • curl.exe (PID: 4232)
      • chcp.com (PID: 2160)
      • chcp.com (PID: 5372)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • StreamFox Amazon Video Downloader.exe (PID: 2528)
      • chcp.com (PID: 5284)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • vpdl.exe (PID: 6540)
      • chcp.com (PID: 5172)
      • StreamFox Amazon Video Downloader.exe (PID: 7300)
      • chcp.com (PID: 7520)
      • psshReslover.exe (PID: 7528)
      • StreamFox Amazon Video Downloader.exe (PID: 7708)
      • StreamFox Amazon Video Downloader.exe (PID: 7784)
      • StreamFox Amazon Video Downloader.exe (PID: 7292)
      • chcp.com (PID: 7976)
      • chcp.com (PID: 8092)
      • vpdl.exe (PID: 7188)
      • chcp.com (PID: 6388)
      • chcp.com (PID: 2792)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe.downloading (PID: 7996)
      • vpdl.exe (PID: 7952)
      • vpdl.exe (PID: 7576)
      • vpdl.exe.downloading (PID: 7548)
      • vpdl.exe.downloading (PID: 6352)
      • identity_helper.exe (PID: 8920)
      • identity_helper.exe (PID: 7420)
      • StreamFox Amazon Video Downloader.exe (PID: 9212)
      • StreamFox Amazon Video Downloader.exe (PID: 1652)
      • StreamFox Amazon Video Downloader.exe (PID: 6192)
      • StreamFox Amazon Video Downloader.exe (PID: 8228)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)
      • vpdl.exe (PID: 7708)
      • vpdl.exe (PID: 8908)
      • vpdl.exe (PID: 7824)
      • StreamFox Amazon Video Downloader.exe (PID: 7784)
      • StreamFox Amazon Video Downloader.exe (PID: 5456)
      • vpdl.exe (PID: 8160)

    • Reads the computer name

      • curl.exe (PID: 6140)
      • curl.exe (PID: 768)
      • amazon-video-downloader.exe (PID: 4892)
      • curl.exe (PID: 1100)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • curl.exe (PID: 4232)
      • StreamFox Amazon Video Downloader.exe (PID: 2528)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • vpdl.exe (PID: 6540)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • psshReslover.exe (PID: 7528)
      • StreamFox Amazon Video Downloader.exe (PID: 7784)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • vpdl.exe.downloading (PID: 7588)
      • vpdl.exe (PID: 7952)
      • identity_helper.exe (PID: 7420)
      • vpdl.exe.downloading (PID: 7548)
      • StreamFox Amazon Video Downloader.exe (PID: 1652)
      • StreamFox Amazon Video Downloader.exe (PID: 6192)
      • identity_helper.exe (PID: 8920)
      • vpdl.exe (PID: 7708)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)
      • vpdl.exe (PID: 7824)

    • Creates files in the program directory

      • amazon-video-downloader.exe (PID: 4892)

    • Checks proxy server information

      • amazon-video-downloader.exe (PID: 4892)
      • reg.exe (PID: 1508)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • reg.exe (PID: 4216)
      • reg.exe (PID: 7532)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • mshta.exe (PID: 7588)
      • slui.exe (PID: 2532)

    • Reads the software policy settings

      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • slui.exe (PID: 2532)

    • Creates files or folders in the user directory

      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • StreamFox Amazon Video Downloader.exe (PID: 2528)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • StreamFox Amazon Video Downloader.exe (PID: 7300)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)

    • Reads the machine GUID from the registry

      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • psshReslover.exe (PID: 7528)
      • vpdl.exe (PID: 7188)
      • vpdl.exe.downloading (PID: 7996)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • vpdl.exe (PID: 7576)
      • vpdl.exe.downloading (PID: 6352)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)
      • vpdl.exe (PID: 8908)
      • vpdl.exe (PID: 8160)

    • Manual execution by a user

      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)

    • Reads product name

      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • StreamFox Amazon Video Downloader.exe (PID: 7300)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • StreamFox Amazon Video Downloader.exe (PID: 9212)
      • StreamFox Amazon Video Downloader.exe (PID: 8228)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)

    • Reads Environment values

      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • StreamFox Amazon Video Downloader.exe (PID: 7300)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • identity_helper.exe (PID: 7420)
      • StreamFox Amazon Video Downloader.exe (PID: 8228)
      • identity_helper.exe (PID: 8920)
      • StreamFox Amazon Video Downloader.exe (PID: 9212)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)

    • Changes the display of characters in the console

      • cmd.exe (PID: 2808)
      • cmd.exe (PID: 1100)
      • cmd.exe (PID: 6388)
      • cmd.exe (PID: 4752)
      • cmd.exe (PID: 5768)
      • cmd.exe (PID: 2044)
      • cmd.exe (PID: 2728)
      • cmd.exe (PID: 6508)
      • cmd.exe (PID: 3572)
      • cmd.exe (PID: 6540)
      • cmd.exe (PID: 2792)
      • cmd.exe (PID: 7924)
      • cmd.exe (PID: 7344)
      • cmd.exe (PID: 8044)
      • cmd.exe (PID: 8172)
      • cmd.exe (PID: 8180)

    • Process checks computer location settings

      • StreamFox Amazon Video Downloader.exe (PID: 5564)
      • StreamFox Amazon Video Downloader.exe (PID: 5960)
      • amazon-video-downloader.exe (PID: 4892)
      • StreamFox Amazon Video Downloader.exe (PID: 7300)
      • StreamFox Amazon Video Downloader.exe (PID: 7292)
      • StreamFox Amazon Video Downloader.exe (PID: 6152)
      • StreamFox Amazon Video Downloader.exe (PID: 7180)
      • StreamFox Amazon Video Downloader.exe (PID: 8228)
      • StreamFox Amazon Video Downloader.exe (PID: 9212)
      • StreamFox Amazon Video Downloader.exe (PID: 7900)
      • StreamFox Amazon Video Downloader.exe (PID: 7784)
      • StreamFox Amazon Video Downloader.exe (PID: 5456)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 3720)
      • WMIC.exe (PID: 2668)
      • WMIC.exe (PID: 504)
      • explorer.exe (PID: 3628)
      • explorer.exe (PID: 6868)
      • WMIC.exe (PID: 4864)
      • WMIC.exe (PID: 984)
      • WMIC.exe (PID: 2972)
      • WMIC.exe (PID: 1488)
      • WMIC.exe (PID: 3476)
      • WMIC.exe (PID: 4156)
      • WMIC.exe (PID: 4752)
      • WMIC.exe (PID: 7964)
      • WMIC.exe (PID: 7468)
      • WMIC.exe (PID: 7852)
      • WMIC.exe (PID: 7528)
      • WMIC.exe (PID: 7972)
      • WMIC.exe (PID: 7388)
      • WMIC.exe (PID: 7428)
      • WMIC.exe (PID: 7908)
      • WMIC.exe (PID: 7784)
      • WMIC.exe (PID: 2792)
      • WMIC.exe (PID: 3880)
      • WMIC.exe (PID: 8120)
      • WMIC.exe (PID: 7752)
      • WMIC.exe (PID: 8364)
      • WMIC.exe (PID: 7512)
      • WMIC.exe (PID: 7696)
      • WMIC.exe (PID: 7992)

    • Reads Internet Explorer settings

      • mshta.exe (PID: 7588)

    • Checks operating system version

      • vpdl.exe (PID: 7188)
      • vpdl.exe (PID: 7576)
      • vpdl.exe.downloading (PID: 7996)
      • vpdl.exe.downloading (PID: 6352)
      • vpdl.exe (PID: 8908)
      • vpdl.exe (PID: 8160)

    • Application launched itself

      • msedge.exe (PID: 2552)
      • msedge.exe (PID: 8368)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.1.6.0
ProductVersionNumber: 1.1.6.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: StreamFox
FileDescription: StreamFox Amazon Video Downloader
FileVersion: 1.1.6
LegalCopyright: Copyright © 2025 StreamFox
ProductName: StreamFox Amazon Video Downloader
ProductVersion: 1.1.6
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
367
Monitored processes
221
Malicious processes
13
Suspicious processes
2

Behavior graph

Click at the process to see the details
start amazon-video-downloader.exe curl.exe conhost.exe no specs curl.exe conhost.exe no specs curl.exe conhost.exe no specs slui.exe streamfox amazon video downloader.exe cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs reg.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs reg.exe no specs findstr.exe no specs streamfox amazon video downloader.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs chcp.com no specs reg.exe no specs chcp.com no specs reg.exe no specs curl.exe conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs chcp.com no specs systeminfo.exe no specs findstr.exe no specs chcp.com no specs chcp.com no specs wmic.exe no specs systeminfo.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs chcp.com no specs reg.exe no specs streamfox amazon video downloader.exe streamfox amazon video downloader.exe cmd.exe no specs conhost.exe no specs chcp.com no specs reg.exe no specs wmic.exe no specs conhost.exe no specs explorer.exe no specs explorer.exe no specs wmic.exe no specs conhost.exe no specs msedge.exe wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs tiworker.exe no specs wmic.exe no specs conhost.exe no specs vpdl.exe streamfox amazon video downloader.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs streamfox amazon video downloader.exe no specs streamfox amazon video downloader.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs chcp.com no specs psshreslover.exe no specs reg.exe no specs cmd.exe no specs mshta.exe no specs streamfox amazon video downloader.exe no specs streamfox amazon video downloader.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs reg.exe no specs findstr.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs reg.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs vpdl.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs chcp.com no specs systeminfo.exe no specs chcp.com no specs systeminfo.exe no specs findstr.exe no specs cmd.exe conhost.exe no specs wmic.exe no specs conhost.exe no specs cmd.exe no specs wmic.exe no specs conhost.exe no specs streamfox amazon video downloader.exe wmic.exe no specs conhost.exe no specs wmic.exe no specs vpdl.exe.downloading conhost.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs msedge.exe no specs wmic.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs wmic.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmic.exe no specs conhost.exe no specs vpdl.exe.downloading no specs vpdl.exe conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs vpdl.exe no specs wmic.exe no specs conhost.exe no specs msedge.exe no specs cmd.exe no specs vpdl.exe.downloading conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs vpdl.exe.downloading no specs cmd.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs streamfox amazon video downloader.exe no specs streamfox amazon video downloader.exe no specs streamfox amazon video downloader.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs streamfox amazon video downloader.exe no specs streamfox amazon video downloader.exe wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs wmic.exe no specs conhost.exe no specs vpdl.exe conhost.exe no specs vpdl.exe no specs cmd.exe no specs vpdl.exe conhost.exe no specs vpdl.exe no specs streamfox amazon video downloader.exe no specs streamfox amazon video downloader.exe no specs msedge.exe no specs cmd.exe no specs streamfox amazon video downloader.exe no specs msedge.exe no specs svchost.exe amazon-video-downloader.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420chcp 65001 C:\Windows\System32\chcp.comcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Change CodePage Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\chcp.com
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
436\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeWMIC.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
436"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --message-loop-type-ui --string-annotations --always-read-main-dll --field-trial-handle=4840,i,2555480877099683412,15685908218587011404,262144 --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
504wmic csproduct get uuidC:\Windows\System32\wbem\WMIC.exeStreamFox Amazon Video Downloader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
756\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
768curl -X POST -H "X-Parse-Application-Id: q5jvWMLK5VAn0zVjMVPFSnZYPpbCj2JEAiBpahAC" -H "Content-Type: application/json" -d "{\"event\":\"OpenInstallationPackage\",\"os\":\"win\",\"name\":\"StreamFox Amazon Video Downloader\",\"version\":\"1.1.6\",\"language\":\"en\"}" https://parse.dumpmedia.com/parse/classes/OvdEventC:\Windows\SysWOW64\curl.exe
amazon-video-downloader.exe
User:
admin
Company:
curl, https://curl.se/
Integrity Level:
HIGH
Description:
The curl executable
Exit code:
0
Version:
8.4.0
Modules
Images
c:\windows\syswow64\curl.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
984wmic baseboard get SerialNumberC:\Windows\System32\wbem\WMIC.exeStreamFox Amazon Video Downloader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
1100curl -X POST -H "X-Parse-Application-Id: q5jvWMLK5VAn0zVjMVPFSnZYPpbCj2JEAiBpahAC" -H "Content-Type: application/json" -d "{\"event\":\"StartInstall\",\"os\":\"win\",\"name\":\"StreamFox Amazon Video Downloader\",\"version\":\"1.1.6\",\"language\":\"en\"}" https://parse.dumpmedia.com/parse/classes/OvdEventC:\Windows\SysWOW64\curl.exe
amazon-video-downloader.exe
User:
admin
Company:
curl, https://curl.se/
Integrity Level:
HIGH
Description:
The curl executable
Exit code:
0
Version:
8.4.0
Modules
Images
c:\windows\syswow64\curl.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\ws2_32.dll
1100C:\WINDOWS\system32\cmd.exe /d /s /c "chcp 65001 | reg query "HKCU\Software\StreamFox Amazon Video Downloader" /V "Installer Path" | findstr /ri "Installer Path""C:\Windows\System32\cmd.exeStreamFox Amazon Video Downloader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1180\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
52 062
Read events
51 985
Write events
59
Delete events
18

Modification events

(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\StreamFox Amazon Video Downloader
Operation:writeName:FirstInstall
Value:
1
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\68290a3d-e059-5339-b3b3-e81c070e4360
Operation:writeName:InstallLocation
Value:
C:\Program Files\StreamFox Amazon Video Downloader
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\68290a3d-e059-5339-b3b3-e81c070e4360
Operation:writeName:KeepShortcuts
Value:
true
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\68290a3d-e059-5339-b3b3-e81c070e4360
Operation:writeName:ShortcutName
Value:
StreamFox Amazon Video Downloader
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\68290a3d-e059-5339-b3b3-e81c070e4360
Operation:writeName:DisplayName
Value:
StreamFox Amazon Video Downloader 1.1.6
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\68290a3d-e059-5339-b3b3-e81c070e4360
Operation:writeName:UninstallString
Value:
"C:\Program Files\StreamFox Amazon Video Downloader\Uninstall StreamFox Amazon Video Downloader.exe" /allusers
(PID) Process:(4892) amazon-video-downloader.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\68290a3d-e059-5339-b3b3-e81c070e4360
Operation:writeName:QuietUninstallString
Value:
"C:\Program Files\StreamFox Amazon Video Downloader\Uninstall StreamFox Amazon Video Downloader.exe" /allusers /S
Executable files
1 011
Suspicious files
330
Text files
315
Unknown types
178

Dropped files

PID
Process
Filename
Type
4892amazon-video-downloader.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\RR3E01RZ\StreamFox-Amazon-Video-Downloader-1.1.6-x64.nsis[1].7z
MD5:
SHA256:
4892amazon-video-downloader.exeC:\Users\admin\AppData\Local\Temp\nsu5A75.tmp\package.7z
MD5:
SHA256:
4892amazon-video-downloader.exeC:\Users\admin\AppData\Local\Temp\nsu5A75.tmp\7z-out\icudtl.dat
MD5:
SHA256:
4892amazon-video-downloader.exeC:\Users\admin\AppData\Local\Temp\nsu5A75.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
4892amazon-video-downloader.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\83D863F495E7D991917B3ABB3E1EB382_C11A4A5FE05CA2384302299EE5C6F9AFbinary
MD5:3094A8C61E4FEFB37CAFB5ED3D112F3F
SHA256:D9BB2AFB16226B4D055B0371E8342D80C3CBF0D9DCA25010B99D926DB70A19B5
4892amazon-video-downloader.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_645BC4A49DCDC40FE5917FA45C6D4517binary
MD5:EEF3CFAC2F8AFE5969251BFE8B11876C
SHA256:8F07D9CE003E36EE3CC0EB2A048463DC20A62772C85F29DE4A84DD8BAA8D0F62
4892amazon-video-downloader.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\83D863F495E7D991917B3ABB3E1EB382_C11A4A5FE05CA2384302299EE5C6F9AFder
MD5:B894594ED008A797C476A1819F38395B
SHA256:CC6FCF7C8C6ABA0128031569B0058A41CC70A98C55A83467BAA538994CE0A3C1
4892amazon-video-downloader.exeC:\Users\admin\AppData\Local\Temp\nsu5A75.tmp\LangDLL.dllexecutable
MD5:AB1DB56369412FE8476FEFFFD11E4CC0
SHA256:6F14C8F01F50A30743DAC68C5AC813451463DFB427EB4E35FCDFE2410E1A913B
4892amazon-video-downloader.exeC:\Users\admin\AppData\Local\Temp\nsu5A75.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
4892amazon-video-downloader.exeC:\Users\admin\AppData\Local\Temp\nsu5A75.tmp\nsProcess.dllexecutable
MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
SHA256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
14
TCP/UDP connections
163
DNS requests
138
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4892
amazon-video-downloader.exe
GET
200
18.245.38.41:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkzUBtJnwJkc3SmanzgxeYU%3D
unknown
whitelisted
764
lsass.exe
GET
200
2.16.202.121:80
http://r10.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRpD%2BQVZ%2B1vf7U0RGQGBm8JZwdxcgQUdKR2KRcYVIUxN75n5gZYwLzFBXICEgYwHQXWGu7Y4P1Z1nmwH%2FeR%2FQ%3D%3D
unknown
whitelisted
4892
amazon-video-downloader.exe
GET
200
18.245.65.219:80
http://ocsp.r2m03.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQqHI%2BsdmapawQncL1rpCEZZ8gTSAQUVdkYX9IczAHhWLS%2Bq9lVQgHXLgICEAK54H%2F3khhQl7dFAeSBUFU%3D
unknown
whitelisted
1268
svchost.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5012
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5328
SearchApp.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5008
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2940
svchost.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
5008
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2320
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
768
curl.exe
44.238.162.243:443
parse.dumpmedia.com
AMAZON-02
US
malicious
764
lsass.exe
2.16.202.121:80
r10.o.lencr.org
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
6140
curl.exe
44.238.162.243:443
parse.dumpmedia.com
AMAZON-02
US
malicious
1100
curl.exe
44.238.162.243:443
parse.dumpmedia.com
AMAZON-02
US
malicious
5012
svchost.exe
20.190.159.23:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
google.com
  • 142.250.184.238
whitelisted
parse.dumpmedia.com
  • 44.238.162.243
  • 54.188.131.74
malicious
r10.o.lencr.org
  • 2.16.202.121
  • 95.101.54.131
whitelisted
login.live.com
  • 20.190.159.23
  • 40.126.31.67
  • 40.126.31.131
  • 20.190.159.129
  • 20.190.159.75
  • 40.126.31.130
  • 40.126.31.71
  • 40.126.31.0
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
dl.streamfox.co
  • 52.222.236.44
  • 52.222.236.31
  • 52.222.236.43
  • 52.222.236.28
unknown
ocsp.rootca1.amazontrust.com
  • 18.245.38.41
whitelisted
ocsp.r2m03.amazontrust.com
  • 18.245.65.219
whitelisted

Threats

PID
Process
Class
Message
5564
StreamFox Amazon Video Downloader.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (myip .opendns .com in DNS lookup)
5564
StreamFox Amazon Video Downloader.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (myip .opendns .com in DNS lookup)
5564
StreamFox Amazon Video Downloader.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (myip .opendns .com in DNS lookup)
5564
StreamFox Amazon Video Downloader.exe
Device Retrieving External IP Address Detected
ET INFO External IP Lookup Domain (myip .opendns .com in DNS lookup)
7444
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7444
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7444
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
7444
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
amazon-video-downloader.exe