TEST:

• Visit ytddownloader com.
• Hit the "Free Download" button (Redirected URL@ hxxp://ytddownloader com/download.html ) on the main page.

• Soon, a pop-up@ hxxp://www.searchme com/sr/intst.cgi?tfs=YtddownloaderWIN_InstallScreen_J&afid=ytdd&bgpg=http%3A%2F%2Fwww.ytddownloader dot com%2F&adlnk=&pipg=http%3A%2F%2Fwww.ytddownloader dot com%2Fdownload.html will come up, requesting permission to install so-called Smart Results Chrome extension if you're using a real O/S.

(Accept to download & install, or, shut down that page. That button did not work when trying to proceed on the vmware station, just BTW.)

vs:

(VM)

• Reload that long URL on VM, get the following IMG, offering the option Cancel.

• Clicking on the Cancel button will open a new tab, which directly visits the same URL@ hXXp://www.searchme com/sr/intst.cgi?tfs=YtddownloaderWIN_InstallScreen_J&afid=ytdd&bgpg=http%3A%2F%2Fwww.ytddownloader dot com%2F&adlnk=&pipg=http%3A%2F%2Fwww.ytddownloader dot com%2Fdownload.html#
• The trick is that, the Cancel button can remove itself automatically, if you choose to stay on the page long enough!
• Run the downloaded YTDSetup.exe (SHA256, 8aae1da3608b1ea4612861fc4c5f118b79512be0c6ce2fbdc115b8cde6184245)

Seems that that exe can recognize or read the OS info or VM related process(es) - I was unable to detect any PUPs during the install process.

Similarly, this too happened to the ask toolbar installer, such as this one (SHA256: 77034c99465a9dee83f0fa008541cf8690b7330f9bf98ccddcac65ae409bf2df ) : the exe quitted itself automatically.