File name:

bitdefenderfree.exe

Full analysis: https://app.any.run/tasks/7f77f620-eaeb-49b8-8e3a-665e9ffcdbde
Verdict: Malicious activity
Analysis date: December 23, 2024, 12:11:06
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
rust
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

FD1E2D74EE69D385FFE392DE738A09A8

SHA1:

CFFDC38420D50F6D2672FC5C9C3267F12B8D08B8

SHA256:

BA580F566EFF785F741C99A84877B6E867B8805210C91205B5BCD21A59FA7AEB

SSDEEP:

98304:zM5IMaLpm1tVRD/1TZHk/VY1k57gTGLIF5FWhys1aP1C8Oq3uTmR0FGg1ZiGEOvM:7+R+FhK575rC6yEtewf21PX11yz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • DiscoverySrv.exe (PID: 2324)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • bitdefenderfree.exe (PID: 2672)
      • setuppackage.exe (PID: 4624)
      • installer.exe (PID: 644)

    • Reads security settings of Internet Explorer

      • bitdefenderfree.exe (PID: 2672)
      • agent_launcher.exe (PID: 3060)
      • bddeploy.exe (PID: 5244)
      • installer.exe (PID: 644)

    • Checks Windows Trust Settings

      • bddeploy.exe (PID: 5244)
      • agent_launcher.exe (PID: 3060)
      • installer.exe (PID: 644)
      • DiscoverySrv.exe (PID: 2324)
      • DiscoverySrv.exe (PID: 2144)
      • ProductAgentUI.exe (PID: 3364)
      • WatchDog.exe (PID: 5972)

    • Creates a software uninstall entry

      • installer.exe (PID: 644)

    • The process verifies whether the antivirus software is installed

      • ProductAgentService.exe (PID: 5096)
      • ProductAgentService.exe (PID: 6076)
      • ProductAgentService.exe (PID: 4392)
      • ProductAgentService.exe (PID: 5256)
      • DiscoverySrv.exe (PID: 2324)
      • installer.exe (PID: 644)
      • ProductAgentService.exe (PID: 6056)
      • bdredline.exe (PID: 5556)
      • DiscoverySrv.exe (PID: 2144)
      • ProductAgentService.exe (PID: 3524)
      • ProductAgentUI.exe (PID: 3364)
      • WatchDog.exe (PID: 5972)

    • Executes as Windows Service

      • bdredline.exe (PID: 5556)
      • ProductAgentService.exe (PID: 6056)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1380)

    • Application launched itself

      • ProductAgentService.exe (PID: 6056)

  • INFO

    • The sample compiled with english language support

      • bitdefenderfree.exe (PID: 2672)
      • setuppackage.exe (PID: 4624)
      • installer.exe (PID: 644)

    • Reads the computer name

      • bitdefenderfree.exe (PID: 2672)
      • agent_launcher.exe (PID: 3060)
      • setuppackage.exe (PID: 4624)
      • installer.exe (PID: 644)
      • bdredline.exe (PID: 5556)
      • ProductAgentService.exe (PID: 6056)
      • ProductAgentService.exe (PID: 6076)
      • ProductAgentService.exe (PID: 5256)
      • ProductAgentService.exe (PID: 4392)
      • DiscoverySrv.exe (PID: 2144)
      • WatchDog.exe (PID: 5972)

    • Checks supported languages

      • agent_launcher.exe (PID: 3060)
      • bddeploy.exe (PID: 5244)
      • bitdefenderfree.exe (PID: 2672)
      • setuppackage.exe (PID: 4624)
      • installer.exe (PID: 644)
      • ProductAgentService.exe (PID: 5096)
      • ProductAgentService.exe (PID: 6076)
      • bdredline.exe (PID: 5556)
      • ProductAgentService.exe (PID: 5256)
      • ProductAgentService.exe (PID: 4392)
      • ProductAgentService.exe (PID: 6056)
      • DiscoverySrv.exe (PID: 2324)
      • ProductAgentService.exe (PID: 3524)
      • ProductAgentUI.exe (PID: 3364)

    • Process checks computer location settings

      • bitdefenderfree.exe (PID: 2672)
      • agent_launcher.exe (PID: 3060)

    • Reads the software policy settings

      • bddeploy.exe (PID: 5244)
      • agent_launcher.exe (PID: 3060)
      • installer.exe (PID: 644)
      • DiscoverySrv.exe (PID: 2324)
      • DiscoverySrv.exe (PID: 2144)
      • ProductAgentService.exe (PID: 6056)

    • The process uses the downloaded file

      • bitdefenderfree.exe (PID: 2672)
      • installer.exe (PID: 644)

    • Reads the machine GUID from the registry

      • agent_launcher.exe (PID: 3060)
      • installer.exe (PID: 644)
      • DiscoverySrv.exe (PID: 2144)
      • ProductAgentService.exe (PID: 6056)
      • DiscoverySrv.exe (PID: 2324)
      • ProductAgentUI.exe (PID: 3364)
      • WatchDog.exe (PID: 5972)
      • bddeploy.exe (PID: 5244)

    • Create files in a temporary directory

      • setuppackage.exe (PID: 4624)

    • Creates files in the program directory

      • installer.exe (PID: 644)
      • ProductAgentService.exe (PID: 6056)

    • Application based on Rust

      • bdredline.exe (PID: 5556)

    • Reads CPU info

      • ProductAgentService.exe (PID: 6056)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:08:14 19:15:49+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 188416
InitializedDataSize: 265216
UninitializedDataSize: -
EntryPoint: 0x1cab5
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
139
Monitored processes
17
Malicious processes
13
Suspicious processes
2

Behavior graph

Click at the process to see the details
start bitdefenderfree.exe agent_launcher.exe no specs bddeploy.exe setuppackage.exe installer.exe productagentservice.exe no specs bdredline.exe productagentservice.exe no specs productagentservice.exe no specs productagentservice.exe no specs productagentservice.exe discoverysrv.exe no specs regsvr32.exe no specs discoverysrv.exe no specs productagentservice.exe no specs productagentui.exe no specs watchdog.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
644"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\installer.exe
bddeploy.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Installation File
Exit code:
0
Version:
27.0.16.279
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\packages\installer.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1380regsvr32 /s "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll"C:\Windows\SysWOW64\regsvr32.exeDiscoverySrv.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2144"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
DiscoverySrv
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\discoverysrv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\crypt32.dll
c:\windows\syswow64\ucrtbase.dll
2324"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe" installC:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
DiscoverySrv
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\discoverysrv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
2672"C:\Users\admin\Desktop\bitdefenderfree.exe" C:\Users\admin\Desktop\bitdefenderfree.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\bitdefenderfree.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
3060"C:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe" C:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exebitdefenderfree.exe
User:
admin
Company:
Bitdefender
Integrity Level:
MEDIUM
Description:
Bitdefender Agent Launcher
Exit code:
0
Version:
27.0.16.279
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\agent_launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
3364"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe" show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2 app_name="Bitdefender Security"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender Agent
Version:
27.0.1.264
Modules
Images
c:\program files\bitdefender agent\27.0.1.266\productagentui.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
3524"ProductAgentService.exe" login_silentC:\Program Files\Bitdefender Agent\ProductAgentService.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
4392"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enableC:\Program Files\Bitdefender Agent\ProductAgentService.exeinstaller.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.263
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
4624"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
bddeploy.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\packages\setuppackage.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
32 495
Read events
32 409
Write events
81
Delete events
5

Modification events

(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:InstallerLauncher
Value:
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:InstallerLauncher
Value:
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Install
Operation:writeName:ShortInstallPath
Value:
C:\Program Files\Bitdefender Agent\
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Install
Operation:writeName:InstallPath
Value:
C:\Program Files\Bitdefender Agent\
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceFolder
Value:
C:\ProgramData\Bitdefender Agent
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceLevel
Value:
1
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceMode
Value:
0
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Submission\Agent Submission Tool
Operation:writeName:AppPath
Value:
C:\Program Files\Bitdefender Agent\27.0.1.266\bdsubwiz.exe
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Bitdefender Agent\27.0.1.266\bdicon.ico
(PID) Process:(644) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent
Operation:writeName:DisplayName
Value:
Bitdefender Agent
Executable files
54
Suspicious files
25
Text files
161
Unknown types
0

Dropped files

PID
Process
Filename
Type
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe.md5text
MD5:46300D15F2888E56873E3635A808BF3B
SHA256:A920F077BA2A9715802A3A8D83FFECD7FA1F8025A4459BB8DB1A739E2F712FBC
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe.md5text
MD5:B3FD1281F2B79E1FE42EE4DDD4998A09
SHA256:34167C545F9FAD76ACE9097463BCAFDF5522D480B5AE9DAA86E38C0CB209CAF1
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exe.md5text
MD5:ADF45D21EE156877A30F4680B6A742FA
SHA256:F22A08394A54E58276D9AD87DE2B0AD691C70774771B0E5876E5F8854BB3D594
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\deploy.dll.md5text
MD5:FC9413A621084BAC8F53D939F27C8DBC
SHA256:189C8C42F95B2408665587C34B2937B6326FC8FBD7B9D57F6E9BBA271DAB9898
4624setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\bdec.dllexecutable
MD5:E2A0334684B05BF05A953B80A4832D20
SHA256:7DEDB34158F800166567887C7A007A85ECA0BE379D20D51DA3230F66C6B094C0
4624setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\bdec.inibinary
MD5:96D15C4F3DB04429631866751A1D2890
SHA256:E8D31C1DE790F738EF75DAA0402584560A0672402D0D3DED0899D2DBC95FB911
2672bitdefenderfree.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exeexecutable
MD5:2E0329C9637588E065D0EDBD669B9D18
SHA256:87B6D3936E879812C3E1FBD379CFD9CC4E7A1CB031EB4AB8801E88F0AB31679C
4624setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\bdnc.client_idtext
MD5:F4C2784AA289F17D144A589751C7980D
SHA256:E6E827F81840CE8975CD5E30467DDC1661C3F407CD9D342D00800F32C01DCC26
4624setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\bdnc.ini.md5text
MD5:3A0A7D7823833BE6E8AF5AB1AF295139
SHA256:A5F15BA3B16384B584780F2BBB0EF3E7FD49CCABD0B9CA10437882F65F49C7F2
5244bddeploy.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\data\params.jsonbinary
MD5:11C00C95ED8F6CD596B3F897DC50C674
SHA256:C1DAEE4DAA61DC1D984967A812D76BE7744BF4D48ED1A1CA0BD5BF4D369F6A59
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
36
TCP/UDP connections
49
DNS requests
31
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3040
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3040
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5556
bdredline.exe
GET
404
104.18.169.222:80
http://upgrade.bitdefender.com/redline_com.bitdefender.agent/versions.id
unknown
whitelisted
GET
34.54.215.149:443
https://elb-ned-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.117.254.173:443
https://elb-nvi-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.120.68.241:443
https://eu.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.120.68.241:443
https://eu.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.149.211.227:443
https://mclb-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
GET
34.54.215.149:443
https://elb-ned-gcp.nimbus.bitdefender.net/_ServerStatus
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3040
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
104.126.37.137:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.168.100.255:138
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3040
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
3040
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 51.124.78.146
whitelisted
www.bing.com
  • 104.126.37.137
  • 104.126.37.152
  • 104.126.37.130
  • 104.126.37.161
  • 104.126.37.139
  • 104.126.37.153
  • 104.126.37.155
  • 104.126.37.160
  • 104.126.37.131
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
upgrade.bitdefender.com
  • 104.18.169.222
  • 104.18.168.222
whitelisted
nimbus.bitdefender.net
  • 34.120.68.241
  • 2600:1901:0:69b7::
whitelisted
mclb-gcp.nimbus.bitdefender.net
  • 34.149.211.227
  • 2600:1901:0:c603::
whitelisted
eu.nimbus.bitdefender.net
  • 34.120.68.241
  • 2600:1901:0:69b7::
whitelisted
elb-ned-gcp.nimbus.bitdefender.net
  • 34.54.215.149
  • 2600:1901:0:ed69::
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
bitdefenderfree.exe