URL:

https://ytdlp.online/

Full analysis: https://app.any.run/tasks/19d80080-c046-48d9-83c0-ed2468983d43
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 25, 2025, 14:52:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
loader
delphi
inno
installer
electron-js
websocket
nodejs
Indicators:
MD5:

E69A5582EA81B379322413922F515CCF

SHA1:

5DD9A3A31FCF48F4885B76C3A8C3CA34BCC6DE4D

SHA256:

F9C31B2F473730974D37D72E34685C3EDA685E7DD954428E7B29697E2A8F815D

SSDEEP:

3:N8CmK:2C9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • BrightVPN-Setup-1.366.856.exe (PID: 5504)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • YoutubeMusicDownloader_Setup.exe (PID: 7676)
      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • Setup.tmp (PID: 7976)
      • Setup.exe (PID: 7960)
      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • YouTubeDownloader-Installer.exe (PID: 7280)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • net_updater32.exe (PID: 7808)
      • Bright VPN.exe (PID: 7956)
      • YoutubeMusicDownloader.exe (PID: 5724)
      • vcredist_x86.exe (PID: 5768)
      • youtube-dl.exe (PID: 7632)

    • Reads the Windows owner or organization settings

      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • Setup.tmp (PID: 7976)
      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • msiexec.exe (PID: 888)

    • Reads security settings of Internet Explorer

      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • Setup.tmp (PID: 7976)
      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • brightvpn_installer.exe (PID: 1632)
      • YoutubeMusicDownloader.exe (PID: 5724)
      • Setup.exe (PID: 2216)

    • Potential Corporate Privacy Violation

      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • net_updater32.exe (PID: 7808)
      • YoutubeMusicDownloader.exe (PID: 5724)

    • Process requests binary or script from the Internet

      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • YoutubeMusicDownloader.exe (PID: 5724)

    • The process creates files with name similar to system file names

      • BrightVPN-Setup-1.366.856.exe (PID: 5504)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • BrightVPN-Setup-1.366.856.exe (PID: 5504)

    • Drops 7-zip archiver for unpacking

      • BrightVPN-Setup-1.366.856.exe (PID: 5504)

    • Process drops legitimate windows executable

      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • net_updater32.exe (PID: 7808)
      • YoutubeMusicDownloader.exe (PID: 5724)
      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • There is functionality for taking screenshot (YARA)

      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • Setup.tmp (PID: 7976)

    • Executes as Windows Service

      • net_updater32.exe (PID: 7808)
      • WmiApSrv.exe (PID: 7476)

    • The process drops C-runtime libraries

      • net_updater32.exe (PID: 7808)
      • msiexec.exe (PID: 888)

    • Detected use of alternative data streams (AltDS)

      • net_updater32.exe (PID: 7808)
      • Bright VPN.exe (PID: 7956)

    • Starts CMD.EXE for commands execution

      • Bright VPN.exe (PID: 7956)

    • The process checks if it is being run in the virtual environment

      • net_updater32.exe (PID: 7808)

    • Application launched itself

      • Bright VPN.exe (PID: 7956)

    • Creates file in the systems drive root

      • vcredist_x86.exe (PID: 5768)

    • Reads the date of Windows installation

      • YoutubeMusicDownloader.exe (PID: 5724)

    • Process drops python dynamic module

      • youtube-dl.exe (PID: 7632)

  • INFO

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 4748)
      • chrome.exe (PID: 6668)
      • msiexec.exe (PID: 888)

    • Checks supported languages

      • YoutubeMusicDownloader_Setup.exe (PID: 7676)
      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • Setup.exe (PID: 7960)
      • Setup.tmp (PID: 7976)
      • YouTubeDownloader-Installer.exe (PID: 7280)
      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • brightvpn_installer.exe (PID: 1632)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • YoutubeMusicDownloader.exe (PID: 5724)
      • net_updater32.exe (PID: 7808)
      • net_updater32.exe (PID: 7768)
      • test_wpf.exe (PID: 7640)
      • Bright VPN.exe (PID: 7956)
      • brightdata.exe (PID: 2192)
      • idle_report.exe (PID: 7132)
      • test_wpf.exe (PID: 7504)
      • Bright VPN.exe (PID: 4060)
      • Bright VPN.exe (PID: 8228)
      • identity_helper.exe (PID: 8464)
      • idle_report.exe (PID: 7424)
      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)
      • Setup.exe (PID: 2216)
      • youtube-dl.exe (PID: 7632)

    • Create files in a temporary directory

      • YoutubeMusicDownloader_Setup.exe (PID: 7676)
      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • Setup.tmp (PID: 7976)
      • Setup.exe (PID: 7960)
      • YouTubeDownloader-Installer.exe (PID: 7280)
      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • Bright VPN.exe (PID: 7956)
      • Setup.exe (PID: 2216)
      • youtube-dl.exe (PID: 7632)

    • Application launched itself

      • chrome.exe (PID: 4748)
      • msedge.exe (PID: 7856)
      • msedge.exe (PID: 8648)

    • Reads the computer name

      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • Setup.tmp (PID: 7976)
      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • brightvpn_installer.exe (PID: 1632)
      • net_updater32.exe (PID: 7768)
      • YoutubeMusicDownloader.exe (PID: 5724)
      • net_updater32.exe (PID: 7808)
      • test_wpf.exe (PID: 7640)
      • brightdata.exe (PID: 2192)
      • idle_report.exe (PID: 7132)
      • test_wpf.exe (PID: 7504)
      • Bright VPN.exe (PID: 7956)
      • Bright VPN.exe (PID: 4060)
      • Bright VPN.exe (PID: 8228)
      • identity_helper.exe (PID: 8464)
      • idle_report.exe (PID: 7424)
      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)
      • Setup.exe (PID: 2216)
      • youtube-dl.exe (PID: 7632)

    • Checks proxy server information

      • Setup.tmp (PID: 7976)
      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • YoutubeMusicDownloader.exe (PID: 5724)
      • brightvpn_installer.exe (PID: 1632)
      • Bright VPN.exe (PID: 7956)
      • slui.exe (PID: 8412)

    • Detects InnoSetup installer (YARA)

      • Setup.exe (PID: 7960)
      • Setup.tmp (PID: 7976)

    • Compiled with Borland Delphi (YARA)

      • Setup.exe (PID: 7960)
      • Setup.tmp (PID: 7976)

    • Process checks computer location settings

      • YoutubeMusicDownloader_Setup.tmp (PID: 7696)
      • Setup.tmp (PID: 7976)
      • net_updater32.exe (PID: 7808)
      • Bright VPN.exe (PID: 7956)
      • YoutubeMusicDownloader.exe (PID: 5724)

    • The sample compiled with english language support

      • Setup.tmp (PID: 7976)
      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • net_updater32.exe (PID: 7808)
      • chrome.exe (PID: 6668)
      • YoutubeMusicDownloader.exe (PID: 5724)
      • Bright VPN.exe (PID: 7956)
      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • Creates a software uninstall entry

      • Setup.tmp (PID: 7976)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • msiexec.exe (PID: 888)

    • Reads the software policy settings

      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • brightvpn_installer.exe (PID: 1632)
      • net_updater32.exe (PID: 7768)
      • net_updater32.exe (PID: 7808)
      • Bright VPN.exe (PID: 7956)
      • Setup.exe (PID: 2216)
      • msiexec.exe (PID: 888)
      • slui.exe (PID: 8412)

    • Creates files or folders in the user directory

      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • Setup.tmp (PID: 7976)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • net_updater32.exe (PID: 7768)
      • brightvpn_installer.exe (PID: 1632)
      • Bright VPN.exe (PID: 7956)
      • Bright VPN.exe (PID: 8228)
      • YoutubeMusicDownloader.exe (PID: 5724)
      • msiexec.exe (PID: 888)

    • Reads the machine GUID from the registry

      • YouTubeDownloader-Installer.tmp (PID: 3876)
      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • brightvpn_installer.exe (PID: 1632)
      • net_updater32.exe (PID: 7768)
      • net_updater32.exe (PID: 7808)
      • test_wpf.exe (PID: 7640)
      • brightdata.exe (PID: 2192)
      • idle_report.exe (PID: 7132)
      • Bright VPN.exe (PID: 7956)
      • test_wpf.exe (PID: 7504)
      • idle_report.exe (PID: 7424)
      • vcredist_x86.exe (PID: 5768)
      • Setup.exe (PID: 2216)
      • msiexec.exe (PID: 888)
      • YoutubeMusicDownloader.exe (PID: 5724)

    • Disables trace logs

      • brightvpn_installer.exe (PID: 1632)
      • net_updater32.exe (PID: 7808)
      • Bright VPN.exe (PID: 7956)
      • rasdial.exe (PID: 8024)

    • Creates files in the program directory

      • BrightVPN-Setup-1.366.856.exe (PID: 5504)
      • net_updater32.exe (PID: 7768)
      • net_updater32.exe (PID: 7808)
      • Bright VPN.exe (PID: 7956)
      • brightdata.exe (PID: 2192)
      • YoutubeMusicDownloader.exe (PID: 5724)

    • Launching a file from a Registry key

      • BrightVPN-Setup-1.366.856.exe (PID: 5504)

    • Reads the time zone

      • net_updater32.exe (PID: 7808)

    • Reads CPU info

      • net_updater32.exe (PID: 7808)
      • Setup.exe (PID: 2216)

    • Manual execution by a user

      • Bright VPN.exe (PID: 7956)

    • ELECTRON JS mutex has been found

      • Bright VPN.exe (PID: 7956)

    • Reads Environment values

      • identity_helper.exe (PID: 8464)
      • YoutubeMusicDownloader.exe (PID: 5724)

    • Node.js compiler has been detected

      • Bright VPN.exe (PID: 7956)

    • The sample compiled with korean language support

      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • The sample compiled with japanese language support

      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • The sample compiled with chinese language support

      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • The sample compiled with Italian language support

      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • The sample compiled with french language support

      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • The sample compiled with spanish language support

      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • The sample compiled with german language support

      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)

    • The sample compiled with russian language support

      • vcredist_x86.exe (PID: 5768)
      • msiexec.exe (PID: 888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
239
Monitored processes
93
Malicious processes
10
Suspicious processes
2

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs youtubemusicdownloader_setup.exe youtubemusicdownloader_setup.tmp setup.exe setup.tmp youtubedownloader-installer.exe youtubedownloader-installer.tmp brightvpn-setup-1.366.856.exe brightvpn_installer.exe net_updater32.exe conhost.exe no specs youtubemusicdownloader.exe msedge.exe no specs net_updater32.exe test_wpf.exe no specs msedge.exe no specs bright vpn.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs idle_report.exe no specs conhost.exe no specs brightdata.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs test_wpf.exe no specs wmiapsrv.exe no specs rasdial.exe no specs msedge.exe no specs bright vpn.exe no specs bright vpn.exe msedge.exe no specs comppkgsrv.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs slui.exe chrome.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe idle_report.exe no specs conhost.exe no specs vcredist_x86.exe no specs vcredist_x86.exe setup.exe msedge.exe no specs msiexec.exe chrome.exe no specs msedge.exe no specs wermgr.exe no specs wermgr.exe no specs youtube-dl.exe conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
420"C:\WINDOWS\system32\wermgr.exe" "-outproc" "0" "5724" "2240" "2136" "2244" "0" "0" "2248" "2252" "0" "0" "0" "0" C:\Windows\System32\wermgr.exeYoutubeMusicDownloader.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Problem Reporting
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wermgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
888C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
3221225547
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
984\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenet_updater32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1388\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeidle_report.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1468"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5320,i,5722051671695464163,2761866736366577967,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=5908 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1588\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1632"C:\Users\admin\AppData\Local\Temp\nsj481C.tmp\brightvpn_installer.exe" /pid=5504 /port=6451 /affiliate=win_morningsunsoft_llc.ytmd_brightvpn /silent=yes /exe="C:\Users\admin\AppData\Local\Temp\is-PF34J.tmp\BrightVPN-Setup-1.366.856.exe"C:\Users\admin\AppData\Local\Temp\nsj481C.tmp\brightvpn_installer.exe
BrightVPN-Setup-1.366.856.exe
User:
admin
Company:
Bright Data Ltd
Integrity Level:
HIGH
Description:
Bright VPN
Exit code:
0
Version:
1.366.856
Modules
Images
c:\users\admin\appdata\local\temp\nsj481c.tmp\brightvpn_installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
2028"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgABAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1968,i,5722051671695464163,2761866736366577967,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=1964 /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
2040"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --field-trial-handle=2256,i,5722051671695464163,2761866736366577967,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250221-144540.991000 --mojo-platform-channel-handle=2280 /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Version:
133.0.6943.127
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\133.0.6943.127\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2192C:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\brightdata.exe --appid win_brightvpn.comC:\ProgramData\BrightData\6cca5f7f15056f66a3211bbbd92076486a2361bb\brightdata.exenet_updater32.exe
User:
admin
Company:
BrightData Ltd. (certified)
Integrity Level:
MEDIUM
Description:
BrightData service allows free use of certain features in an app you installed
Version:
1.366.856
Modules
Images
c:\programdata\brightdata\6cca5f7f15056f66a3211bbbd92076486a2361bb\brightdata.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\mscoree.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
Total events
44 409
Read events
43 992
Write events
348
Delete events
69

Modification events

(PID) Process:(4748) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(4748) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(4748) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4748) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(4748) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(7696) YoutubeMusicDownloader_Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7696) YoutubeMusicDownloader_Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7696) YoutubeMusicDownloader_Setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3876) YouTubeDownloader-Installer.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:Owner
Value:
240F00001F8084DE73FDDB01
(PID) Process:(3876) YouTubeDownloader-Installer.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\RestartManager\Session0001
Operation:writeName:SessionHash
Value:
822E50B098254D999B2F25244C2D74A3309B36A9141A22AD2D718C8235CE9586
Executable files
108
Suspicious files
582
Text files
211
Unknown types
391

Dropped files

PID
Process
Filename
Type
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old~RF18d50e.TMP
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF18d50e.TMP
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF18d51d.TMP
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old~RF18d52d.TMP
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF18d52d.TMP
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
4748chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
50
TCP/UDP connections
224
DNS requests
236
Threats
23

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3112
chrome.exe
GET
200
142.250.185.110:80
http://clients2.google.com/time/1/current?cup2key=8:u6Jo3TGUjv8Vtmv44gpnd6_YOx6DrDfSFIwRdj2BJZw&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1268
svchost.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
7104
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7696
YoutubeMusicDownloader_Setup.tmp
GET
302
104.21.80.1:80
http://ytmusicdownloader.us/download/updates/vcredist_x86.exe
unknown
unknown
7696
YoutubeMusicDownloader_Setup.tmp
GET
200
104.21.80.1:80
http://ytmusicdownloader.us/download/latest/s/vcredist_x86.exe
unknown
unknown
1268
svchost.exe
GET
200
23.216.77.20:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7976
Setup.tmp
GET
200
66.165.241.118:80
http://vtransmit.com/getip.php?k=v10
unknown
unknown
8132
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8132
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3876
YouTubeDownloader-Installer.tmp
GET
200
104.18.21.213:80
http://r11.c.lencr.org/120.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5032
RUXIMICS.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3112
chrome.exe
142.250.184.202:443
safebrowsingohttpgateway.googleapis.com
GOOGLE
US
whitelisted
3112
chrome.exe
142.250.185.110:80
clients2.google.com
GOOGLE
US
whitelisted
3112
chrome.exe
104.21.64.1:443
ytdlp.online
CLOUDFLARENET
suspicious
3112
chrome.exe
108.177.15.84:443
accounts.google.com
GOOGLE
US
whitelisted
3112
chrome.exe
104.16.224.240:443
static.getclicky.com
CLOUDFLARENET
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.238
whitelisted
safebrowsingohttpgateway.googleapis.com
  • 142.250.184.202
  • 142.250.186.170
  • 142.250.184.234
  • 172.217.18.10
  • 172.217.16.138
  • 142.250.185.106
  • 216.58.206.74
  • 142.250.185.202
  • 216.58.212.138
  • 142.250.185.170
  • 142.250.186.138
  • 142.250.181.234
  • 142.250.185.234
  • 172.217.18.106
  • 216.58.206.42
  • 142.250.185.74
whitelisted
clients2.google.com
  • 142.250.185.110
whitelisted
ytdlp.online
  • 104.21.64.1
  • 104.21.16.1
  • 104.21.80.1
  • 104.21.48.1
  • 104.21.96.1
  • 104.21.32.1
  • 104.21.112.1
unknown
accounts.google.com
  • 108.177.15.84
whitelisted
static.getclicky.com
  • 104.16.224.240
  • 104.16.225.240
whitelisted
api.qrserver.com
  • 88.99.85.235
  • 195.201.128.178
  • 159.69.246.187
  • 95.216.163.127
unknown
a.morningsunsoft.com
  • 172.67.167.93
  • 104.21.73.226
unknown
api.github.com
  • 140.82.121.6
whitelisted

Threats

PID
Process
Class
Message
3112
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
3112
chrome.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
7696
YoutubeMusicDownloader_Setup.tmp
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Potentially Bad Traffic
ET USER_AGENTS Suspicious Generic Style UA Observed (My_App)
Potentially Bad Traffic
ET USER_AGENTS Suspicious Generic Style UA Observed (My_App)
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Misc activity
ET INFO EXE - Served Attached HTTP
Potentially Bad Traffic
ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla))
Process
Message
Setup.exe
The operation completed successfully.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://ytdlp.online/