File name:

bitdefenderfree.exe

Full analysis: https://app.any.run/tasks/7f77f620-eaeb-49b8-8e3a-665e9ffcdbde
Verdict: Malicious activity
Analysis date: December 23, 2024, 12:11:06
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
rust
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

FD1E2D74EE69D385FFE392DE738A09A8

SHA1:

CFFDC38420D50F6D2672FC5C9C3267F12B8D08B8

SHA256:

BA580F566EFF785F741C99A84877B6E867B8805210C91205B5BCD21A59FA7AEB

SSDEEP:

98304:zM5IMaLpm1tVRD/1TZHk/VY1k57gTGLIF5FWhys1aP1C8Oq3uTmR0FGg1ZiGEOvM:7+R+FhK575rC6yEtewf21PX11yz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • DiscoverySrv.exe (PID: 2324)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • bitdefenderfree.exe (PID: 2672)
      • agent_launcher.exe (PID: 3060)
      • bddeploy.exe (PID: 5244)
      • installer.exe (PID: 644)

    • Executable content was dropped or overwritten

      • bitdefenderfree.exe (PID: 2672)
      • setuppackage.exe (PID: 4624)
      • installer.exe (PID: 644)

    • Checks Windows Trust Settings

      • agent_launcher.exe (PID: 3060)
      • bddeploy.exe (PID: 5244)
      • installer.exe (PID: 644)
      • DiscoverySrv.exe (PID: 2324)
      • DiscoverySrv.exe (PID: 2144)
      • ProductAgentUI.exe (PID: 3364)
      • WatchDog.exe (PID: 5972)

    • Creates a software uninstall entry

      • installer.exe (PID: 644)

    • The process verifies whether the antivirus software is installed

      • ProductAgentService.exe (PID: 5096)
      • bdredline.exe (PID: 5556)
      • ProductAgentService.exe (PID: 6076)
      • ProductAgentService.exe (PID: 4392)
      • ProductAgentService.exe (PID: 5256)
      • DiscoverySrv.exe (PID: 2324)
      • ProductAgentService.exe (PID: 6056)
      • installer.exe (PID: 644)
      • DiscoverySrv.exe (PID: 2144)
      • ProductAgentService.exe (PID: 3524)
      • ProductAgentUI.exe (PID: 3364)
      • WatchDog.exe (PID: 5972)

    • Executes as Windows Service

      • bdredline.exe (PID: 5556)
      • ProductAgentService.exe (PID: 6056)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1380)

    • Application launched itself

      • ProductAgentService.exe (PID: 6056)

  • INFO

    • Reads the computer name

      • bitdefenderfree.exe (PID: 2672)
      • agent_launcher.exe (PID: 3060)
      • setuppackage.exe (PID: 4624)
      • installer.exe (PID: 644)
      • bdredline.exe (PID: 5556)
      • ProductAgentService.exe (PID: 6076)
      • ProductAgentService.exe (PID: 4392)
      • ProductAgentService.exe (PID: 6056)
      • ProductAgentService.exe (PID: 5256)
      • DiscoverySrv.exe (PID: 2144)
      • WatchDog.exe (PID: 5972)

    • The sample compiled with english language support

      • bitdefenderfree.exe (PID: 2672)
      • installer.exe (PID: 644)
      • setuppackage.exe (PID: 4624)

    • Checks supported languages

      • bitdefenderfree.exe (PID: 2672)
      • agent_launcher.exe (PID: 3060)
      • bddeploy.exe (PID: 5244)
      • setuppackage.exe (PID: 4624)
      • ProductAgentService.exe (PID: 5096)
      • installer.exe (PID: 644)
      • ProductAgentService.exe (PID: 6076)
      • bdredline.exe (PID: 5556)
      • ProductAgentService.exe (PID: 4392)
      • ProductAgentService.exe (PID: 5256)
      • ProductAgentService.exe (PID: 6056)
      • DiscoverySrv.exe (PID: 2324)
      • ProductAgentService.exe (PID: 3524)
      • ProductAgentUI.exe (PID: 3364)

    • The process uses the downloaded file

      • bitdefenderfree.exe (PID: 2672)
      • installer.exe (PID: 644)

    • Process checks computer location settings

      • bitdefenderfree.exe (PID: 2672)
      • agent_launcher.exe (PID: 3060)

    • Reads the machine GUID from the registry

      • agent_launcher.exe (PID: 3060)
      • bddeploy.exe (PID: 5244)
      • installer.exe (PID: 644)
      • DiscoverySrv.exe (PID: 2324)
      • DiscoverySrv.exe (PID: 2144)
      • ProductAgentService.exe (PID: 6056)
      • ProductAgentUI.exe (PID: 3364)
      • WatchDog.exe (PID: 5972)

    • Reads the software policy settings

      • agent_launcher.exe (PID: 3060)
      • bddeploy.exe (PID: 5244)
      • installer.exe (PID: 644)
      • DiscoverySrv.exe (PID: 2324)
      • DiscoverySrv.exe (PID: 2144)
      • ProductAgentService.exe (PID: 6056)

    • Create files in a temporary directory

      • setuppackage.exe (PID: 4624)

    • Creates files in the program directory

      • installer.exe (PID: 644)
      • ProductAgentService.exe (PID: 6056)

    • Reads CPU info

      • ProductAgentService.exe (PID: 6056)

    • Application based on Rust

      • bdredline.exe (PID: 5556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:08:14 19:15:49+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 188416
InitializedDataSize: 265216
UninitializedDataSize: -
EntryPoint: 0x1cab5
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
17
Malicious processes
13
Suspicious processes
2

Behavior graph

Click at the process to see the details
start bitdefenderfree.exe agent_launcher.exe no specs bddeploy.exe setuppackage.exe installer.exe productagentservice.exe no specs bdredline.exe productagentservice.exe no specs productagentservice.exe no specs productagentservice.exe no specs productagentservice.exe discoverysrv.exe no specs regsvr32.exe no specs discoverysrv.exe no specs productagentservice.exe no specs productagentui.exe no specs watchdog.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
644"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
bddeploy.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Installation File
Exit code:
0
Version:
27.0.16.279
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\packages\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1380regsvr32 /s "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll"C:\Windows\SysWOW64\regsvr32.exeDiscoverySrv.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2144"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
DiscoverySrv
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\discoverysrv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\ucrtbase.dll
2324"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe" installC:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
DiscoverySrv
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\discoverysrv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
2672"C:\Users\admin\Desktop\bitdefenderfree.exe" C:\Users\admin\Desktop\bitdefenderfree.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\bitdefenderfree.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3060"C:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe" C:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exebitdefenderfree.exe
User:
admin
Company:
Bitdefender
Integrity Level:
MEDIUM
Description:
Bitdefender Agent Launcher
Exit code:
0
Version:
27.0.16.279
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\agent_launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3364"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe" show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2 app_name="Bitdefender Security"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender Agent
Version:
27.0.1.264
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\productagentui.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
3524"ProductAgentService.exe" login_silentC:\Program Files\Bitdefender Agent\ProductAgentService.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4392"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enableC:\Program Files\Bitdefender Agent\ProductAgentService.exeinstaller.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4624"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
bddeploy.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\packages\setuppackage.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
32 495
Read events
32 409
Write events
81
Delete events
5

Modification events

(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:InstallerLauncher
Value:
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:InstallerLauncher
Value:
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Install
Operation:writeName:ShortInstallPath
Value:
C:\Program Files\Bitdefender Agent\
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Install
Operation:writeName:InstallPath
Value:
C:\Program Files\Bitdefender Agent\
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceFolder
Value:
C:\ProgramData\Bitdefender Agent
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceLevel
Value:
1
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceMode
Value:
0
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Submission\Agent Submission Tool
Operation:writeName:AppPath
Value:
C:\Program Files\Bitdefender Agent\27.0.1.266\bdsubwiz.exe
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Bitdefender Agent\27.0.1.266\bdicon.ico
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent
Operation:writeName:DisplayName
Value:
Bitdefender Agent
Executable files
54
Suspicious files
25
Text files
161
Unknown types
0

Dropped files

PID
Process
Filename
Type
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exeexecutable
MD5:3A1261CC0BEE2591E29842495E3F6AEB
SHA256:66436A1A34BB16464111AC1042189D99DE00390235C4109BA04E3F3A2D83D467
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\deploy.dllexecutable
MD5:D8CCAB8F709CAEBCC3995D689D40F5C3
SHA256:4462742E00EAB950190EEDA7484CC8D931646CC417BB0A5503361535EEE1275E
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exeexecutable
MD5:2E0329C9637588E065D0EDBD669B9D18
SHA256:87B6D3936E879812C3E1FBD379CFD9CC4E7A1CB031EB4AB8801E88F0AB31679C
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exe.md5text
MD5:ADF45D21EE156877A30F4680B6A742FA
SHA256:F22A08394A54E58276D9AD87DE2B0AD691C70774771B0E5876E5F8854BB3D594
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exeexecutable
MD5:3E68D3AFFB1D07B291B402B1F8733B52
SHA256:CCA66104ABC7B29B365F2F5F55579348F0B5645DEAFBD962FC802D18C520E676
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\deploy.dll.md5text
MD5:FC9413A621084BAC8F53D939F27C8DBC
SHA256:189C8C42F95B2408665587C34B2937B6326FC8FBD7B9D57F6E9BBA271DAB9898
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe.md5text
MD5:46300D15F2888E56873E3635A808BF3B
SHA256:A920F077BA2A9715802A3A8D83FFECD7FA1F8025A4459BB8DB1A739E2F712FBC
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exeexecutable
MD5:7CD9464AE3A1BBE3C155F0353E5F681F
SHA256:16BEFF6D89DD76A4F22130F5E7B9D7A30CA0CB63893CB6591943BD8E6D3D7F72
4624setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\bdec.dllexecutable
MD5:E2A0334684B05BF05A953B80A4832D20
SHA256:7DEDB34158F800166567887C7A007A85ECA0BE379D20D51DA3230F66C6B094C0
4624setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\additional.dllexecutable
MD5:CD10F317D54A8BA35E5CE85BA3B60220
SHA256:EE05132599596B99F595B0ECF7783E7E119D5D03519B12FE9F3DBF5DEEF6FAB4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
49
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
34.54.215.149:443
https://elb-ned-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.117.254.173:443
https://elb-nvi-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3040
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3040
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
34.120.68.241:443
https://eu.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.54.215.149:443
https://elb-ned-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.149.211.227:443
https://mclb-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.117.254.173:443
https://elb-nvi-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.54.215.149:443
https://elb-ned-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3040
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
104.126.37.137:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3040
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3040
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 51.124.78.146
whitelisted
www.bing.com
  • 104.126.37.137
  • 104.126.37.152
  • 104.126.37.130
  • 104.126.37.161
  • 104.126.37.139
  • 104.126.37.153
  • 104.126.37.155
  • 104.126.37.160
  • 104.126.37.131
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
upgrade.bitdefender.com
  • 104.18.169.222
  • 104.18.168.222
whitelisted
nimbus.bitdefender.net
  • 34.120.68.241
  • 2600:1901:0:69b7::
whitelisted
mclb-gcp.nimbus.bitdefender.net
  • 34.149.211.227
  • 2600:1901:0:c603::
whitelisted
eu.nimbus.bitdefender.net
  • 34.120.68.241
  • 2600:1901:0:69b7::
whitelisted
elb-ned-gcp.nimbus.bitdefender.net
  • 34.54.215.149
  • 2600:1901:0:ed69::
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
bitdefenderfree.exe