File name:

bitdefender_avfree130.exe

Full analysis: https://app.any.run/tasks/d0e8c611-2b72-4967-a5de-38720ae2fb68
Verdict: Malicious activity
Analysis date: May 15, 2025, 22:03:23
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

654DA9AD76A6913A0670A474C0E48138

SHA1:

9007453AE2D127D7ECE9FFDD5B0EBB4B772CCBB0

SHA256:

B49623AE45E78D24E93BC8092D8DA314BCAAC3226C5A2BB2DC566ADEA8DAF60F

SSDEEP:

98304:SM5IMaLpm1tVRD/1TZHkLSDsusJ87gTGLIF5FWhys1aP1C8Oq3uTmR0FGg1ZiGEW:L+R+FNrfdcEfk2bdO1I0P8Q28uZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • DiscoverySrv.exe (PID: 5960)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • bitdefender_avfree130.exe (PID: 7596)
      • setuppackage.exe (PID: 7804)
      • installer.exe (PID: 7836)

    • Reads security settings of Internet Explorer

      • bitdefender_avfree130.exe (PID: 7596)
      • agent_launcher.exe (PID: 7632)
      • bddeploy.exe (PID: 7768)
      • installer.exe (PID: 7836)

    • Adds/modifies Windows certificates

      • bddeploy.exe (PID: 7768)

    • Creates a software uninstall entry

      • installer.exe (PID: 7836)

    • The process verifies whether the antivirus software is installed

      • installer.exe (PID: 7836)
      • ProductAgentService.exe (PID: 8000)
      • bdredline.exe (PID: 2852)
      • ProductAgentService.exe (PID: 896)
      • ProductAgentService.exe (PID: 2284)
      • ProductAgentService.exe (PID: 7208)
      • DiscoverySrv.exe (PID: 5960)
      • ProductAgentService.exe (PID: 2504)
      • regsvr32.exe (PID: 6244)
      • ProductAgentService.exe (PID: 4408)
      • DiscoverySrv.exe (PID: 5324)
      • ProductAgentUI.exe (PID: 6476)

    • Executes as Windows Service

      • bdredline.exe (PID: 2852)
      • ProductAgentService.exe (PID: 7208)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 6244)

    • There is functionality for taking screenshot (YARA)

      • bitdefender_avfree130.exe (PID: 7596)

    • Application launched itself

      • ProductAgentService.exe (PID: 7208)

  • INFO

    • Reads the computer name

      • bitdefender_avfree130.exe (PID: 7596)
      • agent_launcher.exe (PID: 7632)
      • installer.exe (PID: 7836)
      • bdredline.exe (PID: 2852)
      • setuppackage.exe (PID: 7804)
      • ProductAgentService.exe (PID: 896)
      • ProductAgentService.exe (PID: 2284)
      • ProductAgentService.exe (PID: 7208)
      • ProductAgentService.exe (PID: 2504)
      • DiscoverySrv.exe (PID: 5324)
      • ProductAgentService.exe (PID: 4408)
      • ProductAgentUI.exe (PID: 6476)

    • The sample compiled with english language support

      • bitdefender_avfree130.exe (PID: 7596)
      • setuppackage.exe (PID: 7804)
      • installer.exe (PID: 7836)

    • Process checks computer location settings

      • bitdefender_avfree130.exe (PID: 7596)
      • agent_launcher.exe (PID: 7632)

    • Create files in a temporary directory

      • bitdefender_avfree130.exe (PID: 7596)
      • bddeploy.exe (PID: 7768)
      • setuppackage.exe (PID: 7804)
      • installer.exe (PID: 7836)

    • Checks supported languages

      • bitdefender_avfree130.exe (PID: 7596)
      • agent_launcher.exe (PID: 7632)
      • bddeploy.exe (PID: 7768)
      • setuppackage.exe (PID: 7804)
      • installer.exe (PID: 7836)
      • ProductAgentService.exe (PID: 8000)
      • bdredline.exe (PID: 2852)
      • ProductAgentService.exe (PID: 896)
      • ProductAgentService.exe (PID: 2504)
      • ProductAgentService.exe (PID: 2284)
      • DiscoverySrv.exe (PID: 5960)
      • ProductAgentService.exe (PID: 7208)
      • DiscoverySrv.exe (PID: 5324)
      • ProductAgentService.exe (PID: 4408)
      • ProductAgentUI.exe (PID: 6476)

    • Reads the machine GUID from the registry

      • agent_launcher.exe (PID: 7632)
      • bddeploy.exe (PID: 7768)
      • installer.exe (PID: 7836)
      • DiscoverySrv.exe (PID: 5960)
      • ProductAgentService.exe (PID: 7208)
      • DiscoverySrv.exe (PID: 5324)
      • ProductAgentUI.exe (PID: 6476)

    • Reads the software policy settings

      • agent_launcher.exe (PID: 7632)
      • bddeploy.exe (PID: 7768)
      • installer.exe (PID: 7836)
      • DiscoverySrv.exe (PID: 5960)
      • DiscoverySrv.exe (PID: 5324)
      • ProductAgentService.exe (PID: 7208)
      • ProductAgentUI.exe (PID: 6476)

    • Creates files in the program directory

      • installer.exe (PID: 7836)
      • ProductAgentService.exe (PID: 2284)
      • ProductAgentService.exe (PID: 7208)

    • Reads CPU info

      • ProductAgentService.exe (PID: 7208)

    • Reads Environment values

      • ProductAgentService.exe (PID: 7208)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:08:14 19:15:49+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 188416
InitializedDataSize: 265216
UninitializedDataSize: -
EntryPoint: 0x1cab5
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
143
Monitored processes
17
Malicious processes
13
Suspicious processes
2

Behavior graph

Click at the process to see the details
start bitdefender_avfree130.exe agent_launcher.exe no specs bddeploy.exe setuppackage.exe installer.exe productagentservice.exe no specs bdredline.exe productagentservice.exe no specs productagentservice.exe no specs productagentservice.exe no specs productagentservice.exe discoverysrv.exe no specs regsvr32.exe no specs discoverysrv.exe no specs productagentservice.exe no specs productagentui.exe no specs slui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
896"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" installC:\Program Files\Bitdefender Agent\ProductAgentService.exeinstaller.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2284"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" start "C:\Users\admin\AppData\Local\Temp\bitdefender_avfree130.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exeinstaller.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2504"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enableC:\Program Files\Bitdefender Agent\ProductAgentService.exeinstaller.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2852"C:\Program Files\Bitdefender Agent\redline\bdredline.exe"C:\Program Files\Bitdefender Agent\redline\bdredline.exe
services.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender redline update
Version:
1.0.1.113
Modules
Images
c:\program files\bitdefender agent\redline\bdredline.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
4408"ProductAgentService.exe" login_silentC:\Program Files\Bitdefender Agent\ProductAgentService.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
5324"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
DiscoverySrv
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\discoverysrv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\ucrtbase.dll
5960"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe" installC:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
DiscoverySrv
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\discoverysrv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
6244regsvr32 /s "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll"C:\Windows\SysWOW64\regsvr32.exeDiscoverySrv.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6476"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe" show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2 app_name="Bitdefender Security"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender Agent
Version:
27.0.1.264
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\productagentui.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
6972C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
29 569
Read events
29 483
Write events
81
Delete events
5

Modification events

(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:InstallerLauncher
Value:
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:InstallerLauncher
Value:
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Install
Operation:writeName:ShortInstallPath
Value:
C:\Program Files\Bitdefender Agent\
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Install
Operation:writeName:InstallPath
Value:
C:\Program Files\Bitdefender Agent\
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceFolder
Value:
C:\ProgramData\Bitdefender Agent
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceLevel
Value:
1
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceMode
Value:
0
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Submission\Agent Submission Tool
Operation:writeName:AppPath
Value:
C:\Program Files\Bitdefender Agent\27.0.1.266\bdsubwiz.exe
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Bitdefender Agent\27.0.1.266\bdicon.ico
(PID) Process:(7836) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent
Operation:writeName:DisplayName
Value:
Bitdefender Agent
Executable files
54
Suspicious files
25
Text files
165
Unknown types
0

Dropped files

PID
Process
Filename
Type
7804setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\bdec.dllexecutable
MD5:E2A0334684B05BF05A953B80A4832D20
SHA256:7DEDB34158F800166567887C7A007A85ECA0BE379D20D51DA3230F66C6B094C0
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exeexecutable
MD5:B685E5F768EF924A6D7B9CE5A836EC02
SHA256:3E0DC0308691760AD03D144AF28F2818C3E9DB62E7CD4D9E61D2806B13D1A73A
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exeexecutable
MD5:3A1261CC0BEE2591E29842495E3F6AEB
SHA256:66436A1A34BB16464111AC1042189D99DE00390235C4109BA04E3F3A2D83D467
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exeexecutable
MD5:05EE53AB2BB06F33024E8B094EF3140E
SHA256:B4856CDC5046FCCA636CB0CF747A56F3B78472301950E2AD8CE2259F578DF501
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exeexecutable
MD5:3E68D3AFFB1D07B291B402B1F8733B52
SHA256:CCA66104ABC7B29B365F2F5F55579348F0B5645DEAFBD962FC802D18C520E676
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\deploy.dllexecutable
MD5:12A33D34EFE5C1196366D9401CB87DB8
SHA256:61C06FAD9CE99B0E313761DC94AB244C1B196D56195BD037A028D34AE120EBA7
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exe.md5text
MD5:ADF45D21EE156877A30F4680B6A742FA
SHA256:F22A08394A54E58276D9AD87DE2B0AD691C70774771B0E5876E5F8854BB3D594
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exe.md5text
MD5:33E2DDE83EA3C901EA0313BB8F5831F4
SHA256:4FB97B6DC5E0F772BA3D9EAEBBA2ADE2CEA8EE71DC28A2E9528A45D927C6AC87
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\deploy.dll.md5text
MD5:0A02DBB21B6CCE58D3A38597630DB08E
SHA256:C7ABB0FD4F63E7E380CEC72BB4CF4567E3753CD9D18ACC3209DF82CBCB915BAE
7596bitdefender_avfree130.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe.md5text
MD5:15784F9CB8D05B0498105980D4A9445E
SHA256:2EF78B27AC9567707B1F28301DA62BBB8C96EDD81504E4A5FF60DE8088F5D4C2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
43
DNS requests
27
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.19.11.120:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2852
bdredline.exe
GET
404
104.18.168.222:80
http://upgrade.bitdefender.com/redline_com.bitdefender.agent/versions.id
unknown
whitelisted
7208
ProductAgentService.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAfUgQ0eGXaK4wv96iKa0QU%3D
unknown
whitelisted
7436
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7208
ProductAgentService.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
7436
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2104
svchost.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
2.19.11.120:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
20.190.159.75:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.19.11.120
  • 2.19.11.105
whitelisted
google.com
  • 142.250.186.78
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 95.101.149.131
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
login.live.com
  • 20.190.159.75
  • 20.190.159.64
  • 20.190.159.131
  • 20.190.159.2
  • 20.190.159.4
  • 40.126.31.71
  • 20.190.159.128
  • 40.126.31.69
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
upgrade.bitdefender.com
  • 104.18.168.222
  • 104.18.169.222
whitelisted
nimbus.bitdefender.net
  • 34.120.68.241
  • 2600:1901:0:69b7::
whitelisted
eu.nimbus.bitdefender.net
  • 34.120.68.241
  • 2600:1901:0:69b7::
whitelisted
elb-ned-gcp.nimbus.bitdefender.net
  • 34.54.215.149
  • 2600:1901:0:ed69::
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
bitdefender_avfree130.exe