File name:

BrightVPN-Setup-1.557.736.exe

Full analysis: https://app.any.run/tasks/35357f34-8008-4e5b-8010-eba56c92929b
Verdict: Malicious activity
Analysis date: August 03, 2025, 01:19:40
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

F6105DF9183EDC1F4A96BCBA117658B2

SHA1:

938C102D33EE560266D16780929F52C72DD450B9

SHA256:

080E92020FD691D4C90AD3BFCEE58A754C50BB049E8711040AC49F5E5FA69513

SSDEEP:

98304:ONX9ID052jLC4w2+yfOeOC0QzwdYlUOV94Vr+pkiKtUkiCdpgAMSs4GoADiutrKo:9t2ceokWUWpnLcGbtUxjPif

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Starts NET.EXE for service management

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • net.exe (PID: 3460)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)

    • The process creates files with name similar to system file names

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)

    • Executable content was dropped or overwritten

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • net_updater32.exe (PID: 2040)

    • Reads security settings of Internet Explorer

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • brightvpn_installer.exe (PID: 2492)
      • net_updater32.exe (PID: 2040)

    • Process drops legitimate windows executable

      • net_updater32.exe (PID: 2040)

    • The process drops C-runtime libraries

      • net_updater32.exe (PID: 2040)

    • There is functionality for taking screenshot (YARA)

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • brightvpn_installer.exe (PID: 2492)

    • Detected use of alternative data streams (AltDS)

      • net_updater32.exe (PID: 2040)

    • Application launched itself

      • net_updater32.exe (PID: 2040)
      • net_updater32.exe (PID: 4768)

    • Reads binary file using Get-Content

      • powershell.exe (PID: 1128)
      • powershell.exe (PID: 2140)

    • Probably obfuscated PowerShell command line is found

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)

    • Starts POWERSHELL.EXE for commands execution

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)

  • INFO

    • The sample compiled with english language support

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • net_updater32.exe (PID: 2040)

    • Checks supported languages

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • brightvpn_installer.exe (PID: 2492)
      • net_updater32.exe (PID: 4768)
      • net_updater32.exe (PID: 2040)
      • net_updater32.exe (PID: 684)

    • Reads the computer name

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • brightvpn_installer.exe (PID: 2492)
      • net_updater32.exe (PID: 2040)
      • net_updater32.exe (PID: 684)

    • Create files in a temporary directory

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)

    • Checks proxy server information

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • brightvpn_installer.exe (PID: 2492)
      • net_updater32.exe (PID: 2040)
      • slui.exe (PID: 2132)

    • Reads the machine GUID from the registry

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • brightvpn_installer.exe (PID: 2492)
      • net_updater32.exe (PID: 2040)

    • Reads the software policy settings

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • brightvpn_installer.exe (PID: 2492)
      • net_updater32.exe (PID: 2040)
      • slui.exe (PID: 2132)

    • Disables trace logs

      • brightvpn_installer.exe (PID: 2492)
      • net_updater32.exe (PID: 2040)

    • Creates files in the program directory

      • brightvpn_installer.exe (PID: 2492)
      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • net_updater32.exe (PID: 2040)
      • net_updater32.exe (PID: 684)
      • net_updater32.exe (PID: 4768)
      • powershell.exe (PID: 1128)
      • powershell.exe (PID: 2140)

    • Creates files or folders in the user directory

      • BrightVPN-Setup-1.557.736.exe (PID: 3028)
      • net_updater32.exe (PID: 2040)

    • Process checks computer location settings

      • net_updater32.exe (PID: 2040)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.557.736.0
ProductVersionNumber: 1.557.736.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Bright Data Ltd.
FileDescription: -
FileVersion: 1.557.736
LegalCopyright: Copyright © 2025 Bright Data Ltd.
ProductName: Bright VPN
ProductVersion: 1.557.736
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
150
Monitored processes
16
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start brightvpn-setup-1.557.736.exe brightvpn_installer.exe net_updater32.exe no specs conhost.exe no specs net_updater32.exe net_updater32.exe conhost.exe no specs net.exe no specs conhost.exe no specs net1.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs slui.exe brightvpn-setup-1.557.736.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
684"C:\Program Files (x86)\Bright VPN\net_updater32.exe" --install win_brightvpn.com --no-cleanupC:\Program Files (x86)\Bright VPN\net_updater32.exe
net_updater32.exe
User:
admin
Company:
BrightData Ltd. (certified)
Integrity Level:
HIGH
Description:
BrightData service allows free use of certain features in an app you installed
Exit code:
0
Version:
1.557.736
Modules
Images
c:\program files (x86)\bright vpn\net_updater32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wldap32.dll
888"C:\Users\admin\Desktop\BrightVPN-Setup-1.557.736.exe" C:\Users\admin\Desktop\BrightVPN-Setup-1.557.736.exeexplorer.exe
User:
admin
Company:
Bright Data Ltd.
Integrity Level:
MEDIUM
Exit code:
3221226540
Version:
1.557.736
Modules
Images
c:\users\admin\desktop\brightvpn-setup-1.557.736.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
1036\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1096C:\WINDOWS\system32\net1 stop luminati_net_updater_win_brightvpn.comC:\Windows\SysWOW64\net1.exenet.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Net Command
Exit code:
2
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\net1.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\sechost.dll
1128powershell -Command "(Get-Content -Path 'C:\Program Files (x86)\Bright VPN\native_host_manifest_tmp.json') -replace 'EXE_PATH', 'C:\\Program Files (x86)\\Bright VPN\\BrightVpnNativeMessagingHost.exe' | Set-Content -Path 'C:\Program Files (x86)\Bright VPN\host_manifest.json'"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeBrightVPN-Setup-1.557.736.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2040"C:\\Program Files (x86)\\Bright VPN\\net_updater32.exe" --install-ui win_brightvpn.com --fastC:\Program Files (x86)\Bright VPN\net_updater32.exe
net_updater32.exe
User:
admin
Company:
BrightData Ltd. (certified)
Integrity Level:
HIGH
Description:
BrightData service allows free use of certain features in an app you installed
Exit code:
1
Version:
1.557.736
Modules
Images
c:\program files (x86)\bright vpn\net_updater32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\wldap32.dll
2132C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2140powershell -Command "(Get-Content -Path 'C:\Program Files (x86)\Bright VPN\native_host_manifest_firefox_tmp.json') -replace 'EXE_PATH', 'C:\\Program Files (x86)\\Bright VPN\\BrightVpnNativeMessagingHost.exe' | Set-Content -Path 'C:\Program Files (x86)\Bright VPN\host_manifest_firefox.json'"C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeBrightVPN-Setup-1.557.736.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2492"C:\Users\admin\AppData\Local\Temp\nscDD8B.tmp\brightvpn_installer.exe" /pid=3028 /port=6451 /affiliate= /silent= /exe="C:\Users\admin\Desktop\BrightVPN-Setup-1.557.736.exe" /appid="win_brightvpn.com"C:\Users\admin\AppData\Local\Temp\nscDD8B.tmp\brightvpn_installer.exe
BrightVPN-Setup-1.557.736.exe
User:
admin
Company:
Bright Data Ltd
Integrity Level:
HIGH
Description:
Bright VPN
Version:
1.557.736
Modules
Images
c:\users\admin\appdata\local\temp\nscdd8b.tmp\brightvpn_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
3028"C:\Users\admin\Desktop\BrightVPN-Setup-1.557.736.exe" C:\Users\admin\Desktop\BrightVPN-Setup-1.557.736.exe
explorer.exe
User:
admin
Company:
Bright Data Ltd.
Integrity Level:
HIGH
Version:
1.557.736
Modules
Images
c:\users\admin\desktop\brightvpn-setup-1.557.736.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
24 814
Read events
24 778
Write events
36
Delete events
0

Modification events

(PID) Process:(3028) BrightVPN-Setup-1.557.736.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3028) BrightVPN-Setup-1.557.736.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3028) BrightVPN-Setup-1.557.736.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2492) brightvpn_installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\brightvpn_installer_RASAPI32
Operation:writeName:EnableFileTracing
Value:
0
(PID) Process:(2492) brightvpn_installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\brightvpn_installer_RASAPI32
Operation:writeName:EnableAutoFileTracing
Value:
0
(PID) Process:(2492) brightvpn_installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\brightvpn_installer_RASAPI32
Operation:writeName:EnableConsoleTracing
Value:
0
(PID) Process:(2492) brightvpn_installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\brightvpn_installer_RASAPI32
Operation:writeName:FileTracingMask
Value:
(PID) Process:(2492) brightvpn_installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\brightvpn_installer_RASAPI32
Operation:writeName:ConsoleTracingMask
Value:
(PID) Process:(2492) brightvpn_installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\brightvpn_installer_RASAPI32
Operation:writeName:MaxFileSize
Value:
1048576
(PID) Process:(2492) brightvpn_installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Tracing\brightvpn_installer_RASAPI32
Operation:writeName:FileDirectory
Value:
%windir%\tracing
Executable files
11
Suspicious files
36
Text files
18
Unknown types
0

Dropped files

PID
Process
Filename
Type
3028BrightVPN-Setup-1.557.736.exeC:\Users\admin\AppData\Local\Temp\nscDD8B.tmp\StdUtils.dllexecutable
MD5:C6A6E03F77C313B267498515488C5740
SHA256:B72E9013A6204E9F01076DC38DABBF30870D44DFC66962ADBF73619D4331601E
3028BrightVPN-Setup-1.557.736.exeC:\Users\admin\AppData\Local\Temp\nscDD8B.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
3028BrightVPN-Setup-1.557.736.exeC:\Users\admin\AppData\Local\Temp\nscDD8B.tmp\nsProcess.dllexecutable
MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
SHA256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
3028BrightVPN-Setup-1.557.736.exeC:\Users\admin\AppData\Local\Temp\nscDD8B.tmp\INetC.dllexecutable
MD5:38CAA11A462B16538E0A3DAEB2FC0EAF
SHA256:ED04A4823F221E9197B8F3C3DA1D6859FF5B176185BDE2F1C923A442516C810A
3028BrightVPN-Setup-1.557.736.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\E4DJRUXW\init[1]text
MD5:115D0B1B2A63CB42AE4D45A2860DDB96
SHA256:DE89AC85A9E383E1AD01089796729CBEB28AAE5D1989AEF07BF313F8C07AFE54
3028BrightVPN-Setup-1.557.736.exeC:\Users\admin\AppData\Local\Microsoft\Windows\INetCache\IE\KCV3KQBA\affiliate[1]binary
MD5:CFCD208495D565EF66E7DFF9F98764DA
SHA256:5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
3028BrightVPN-Setup-1.557.736.exeC:\Users\admin\AppData\Local\Temp\nscDD8B.tmp\brightvpn_installer.exeexecutable
MD5:76CBF97D5048823F24FAED6E40EC214F
SHA256:B2E10BB41F545ED3CA7033AE6D84EE18DB3066075EB2568A61A32DB5E60271FB
3028BrightVPN-Setup-1.557.736.exeC:\Program Files (x86)\Bright VPN\brd_config.jsonbinary
MD5:8B7B33732167DEE17025EF93182B933D
SHA256:18B94CCBEFE1DED06FD52E8A0243ED5EED1B8850A79A897250D7BE51FC455F73
3028BrightVPN-Setup-1.557.736.exeC:\Program Files (x86)\Bright VPN\lum_sdk32.dllexecutable
MD5:EAFC308819708BCEC16A94BF18D463E6
SHA256:05249A43D6AD61E9157F4C720DF382F06BC8F2BCDE8F770428F0F12784185476
3028BrightVPN-Setup-1.557.736.exeC:\Program Files (x86)\Bright VPN\net_updater32.exeexecutable
MD5:A4F0C602CD8CF5803806340D04A21101
SHA256:EC23D9DBBAF8FA43640F1508D11114C2B91033005172717A4C7D32C006165C7E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
68
TCP/UDP connections
90
DNS requests
27
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
200
44.194.147.247:443
https://perr.brightvpn.com/perr?id=vpn.installer.init
unknown
text
11 b
5944
MoUsoCoreWorker.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6312
RUXIMICS.exe
GET
200
23.216.77.6:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.3.109.244:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.3.109.244:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6312
RUXIMICS.exe
GET
200
23.3.109.244:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
POST
200
44.194.147.247:443
https://perr.brightvpn.com/perr?id=vpn.installer.ui.show
unknown
text
11 b
POST
200
44.194.147.247:443
https://perr.brightvpn.com/perr?id=vpn.installer.ui.consent_agree
unknown
GET
200
44.194.147.247:443
https://client.brightvpn.com/api/campaign?download_id=0
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6312
RUXIMICS.exe
20.72.205.209:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
whitelisted
3028
BrightVPN-Setup-1.557.736.exe
44.194.147.247:443
perr.brightvpn.com
AMAZON-AES
US
unknown
5944
MoUsoCoreWorker.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6312
RUXIMICS.exe
23.216.77.6:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.3.109.244:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.72.205.209
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.110
whitelisted
perr.brightvpn.com
  • 44.194.147.247
unknown
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
  • 23.216.77.42
whitelisted
www.microsoft.com
  • 23.3.109.244
  • 95.101.149.131
whitelisted
client.brightvpn.com
  • 44.194.147.247
unknown
login.live.com
  • 20.190.159.2
  • 40.126.31.69
  • 40.126.31.71
  • 20.190.159.64
  • 20.190.159.129
  • 40.126.31.128
  • 20.190.159.68
  • 20.190.159.131
whitelisted
client.brightdata.com
  • 3.224.167.148
  • 3.222.6.40
unknown
ocsp.digicert.com
  • 2.17.190.73
whitelisted
brightvpn.com
  • 104.18.25.5
  • 104.18.24.5
unknown

Threats

PID
Process
Class
Message
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
BrightVPN-Setup-1.557.736.exe