File name:

bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c

Full analysis: https://app.any.run/tasks/98c888be-2b1d-4b13-868e-17828effa1b2
Verdict: Malicious activity
Analysis date: June 02, 2025, 10:22:39
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 6 sections
MD5:

2B333CD461C15D29E2E15994134C0E19

SHA1:

394F75C386740732AC99686F41935D210D397DFD

SHA256:

BF4824A776C5DFCC7F11732E6595AD84C56AD67F3918F9A3BF2C285CBC6D034C

SSDEEP:

98304:pM5ZHA6uARswSA9P5Vqveq5YjYSUQgtIXvYfoWXynx0GFcbNmZBkgz7N7VlmC1pe:DKHLeJMIzSQ8F3vUhg72FMz4+7asry

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • DiscoverySrv.exe (PID: 1328)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)
      • setuppackage.exe (PID: 6820)
      • installer.exe (PID: 7492)

    • Reads security settings of Internet Explorer

      • agent_launcher.exe (PID: 7420)
      • bddeploy.exe (PID: 6392)
      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)
      • installer.exe (PID: 7492)

    • Creates a software uninstall entry

      • installer.exe (PID: 7492)

    • Connects to unusual port

      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)

    • The process verifies whether the antivirus software is installed

      • ProductAgentService.exe (PID: 2392)
      • ProductAgentService.exe (PID: 7768)
      • ProductAgentService.exe (PID: 1764)
      • ProductAgentService.exe (PID: 7184)
      • installer.exe (PID: 7492)
      • bdredline.exe (PID: 6876)
      • regsvr32.exe (PID: 7584)
      • ProductAgentService.exe (PID: 7700)
      • DiscoverySrv.exe (PID: 7680)
      • DiscoverySrv.exe (PID: 1328)
      • ProductAgentService.exe (PID: 1348)
      • ProductAgentUI.exe (PID: 7788)

    • Executes as Windows Service

      • bdredline.exe (PID: 6876)
      • ProductAgentService.exe (PID: 7700)

    • There is functionality for taking screenshot (YARA)

      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 7584)

    • Application launched itself

      • ProductAgentService.exe (PID: 7700)

  • INFO

    • The sample compiled with english language support

      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)
      • setuppackage.exe (PID: 6820)
      • installer.exe (PID: 7492)

    • Reads the computer name

      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)
      • agent_launcher.exe (PID: 7420)
      • setuppackage.exe (PID: 6820)
      • installer.exe (PID: 7492)
      • ProductAgentService.exe (PID: 7768)
      • ProductAgentService.exe (PID: 7184)
      • ProductAgentService.exe (PID: 1764)
      • ProductAgentService.exe (PID: 7700)
      • bdredline.exe (PID: 6876)
      • DiscoverySrv.exe (PID: 7680)
      • ProductAgentService.exe (PID: 1348)
      • ProductAgentUI.exe (PID: 7788)

    • Checks supported languages

      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)
      • bddeploy.exe (PID: 6392)
      • agent_launcher.exe (PID: 7420)
      • setuppackage.exe (PID: 6820)
      • installer.exe (PID: 7492)
      • ProductAgentService.exe (PID: 2392)
      • bdredline.exe (PID: 6876)
      • ProductAgentService.exe (PID: 7768)
      • ProductAgentService.exe (PID: 1764)
      • ProductAgentService.exe (PID: 7184)
      • ProductAgentService.exe (PID: 7700)
      • DiscoverySrv.exe (PID: 1328)
      • ProductAgentService.exe (PID: 1348)
      • DiscoverySrv.exe (PID: 7680)
      • ProductAgentUI.exe (PID: 7788)

    • Create files in a temporary directory

      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)
      • bddeploy.exe (PID: 6392)
      • setuppackage.exe (PID: 6820)
      • installer.exe (PID: 7492)

    • Reads the machine GUID from the registry

      • agent_launcher.exe (PID: 7420)
      • bddeploy.exe (PID: 6392)
      • installer.exe (PID: 7492)
      • DiscoverySrv.exe (PID: 7680)
      • ProductAgentService.exe (PID: 7700)
      • DiscoverySrv.exe (PID: 1328)
      • ProductAgentUI.exe (PID: 7788)

    • Reads the software policy settings

      • agent_launcher.exe (PID: 7420)
      • bddeploy.exe (PID: 6392)
      • installer.exe (PID: 7492)
      • DiscoverySrv.exe (PID: 7680)
      • ProductAgentService.exe (PID: 7700)
      • DiscoverySrv.exe (PID: 1328)
      • ProductAgentUI.exe (PID: 7788)

    • Process checks computer location settings

      • bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe (PID: 1696)
      • agent_launcher.exe (PID: 7420)

    • Creates files in the program directory

      • installer.exe (PID: 7492)
      • ProductAgentService.exe (PID: 7184)
      • ProductAgentService.exe (PID: 7700)

    • Reads Environment values

      • ProductAgentService.exe (PID: 7700)

    • Reads CPU info

      • ProductAgentService.exe (PID: 7700)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (46.3)
.exe | Win64 Executable (generic) (41)
.exe | Win32 Executable (generic) (6.6)
.exe | Generic Win/DOS Executable (2.9)
.exe | DOS Executable Generic (2.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2016:08:14 19:15:49+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14
CodeSize: 188416
InitializedDataSize: 265216
UninitializedDataSize: -
EntryPoint: 0x1cab5
OSVersion: 5.1
ImageVersion: -
SubsystemVersion: 5.1
Subsystem: Windows GUI
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
145
Monitored processes
18
Malicious processes
14
Suspicious processes
1

Behavior graph

Click at the process to see the details
start bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe sppextcomobj.exe no specs slui.exe no specs agent_launcher.exe no specs bddeploy.exe setuppackage.exe installer.exe productagentservice.exe no specs bdredline.exe productagentservice.exe no specs productagentservice.exe no specs productagentservice.exe no specs productagentservice.exe discoverysrv.exe no specs regsvr32.exe no specs discoverysrv.exe no specs productagentservice.exe no specs productagentui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1328"C:\Program Files\Bitdefender Agent\27.0.1.261\DiscoverySrv.exe" installC:\Program Files\Bitdefender Agent\27.0.1.261\DiscoverySrv.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
DiscoverySrv
Exit code:
0
Version:
27.0.1.259
Modules
Images
c:\program files\bitdefender agent\27.0.1.261\discoverysrv.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\crypt32.dll
1348"ProductAgentService.exe" login_silentC:\Program Files\Bitdefender Agent\ProductAgentService.exeProductAgentService.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.259
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\user32.dll
c:\windows\syswow64\win32u.dll
1696"C:\Users\admin\AppData\Local\Temp\bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe" C:\Users\admin\AppData\Local\Temp\bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1764"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enableC:\Program Files\Bitdefender Agent\ProductAgentService.exeinstaller.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Bitdefender Agent
Exit code:
0
Version:
27.0.1.259
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
2392"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" protectC:\Program Files\Bitdefender Agent\ProductAgentService.exeinstaller.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Bitdefender Agent
Exit code:
31
Version:
27.0.1.259
Modules
Images
c:\program files\bitdefender agent\productagentservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
5956C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
6036"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exeSppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
6392"C:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exe" C:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exe
agent_launcher.exe
User:
admin
Company:
Bitdefender
Integrity Level:
HIGH
Description:
Installation File
Exit code:
0
Version:
27.0.16.279
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\bddeploy.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6820"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"C:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe
bddeploy.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rarsfx0\packages\setuppackage.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
6876"C:\Program Files\Bitdefender Agent\redline\bdredline.exe"C:\Program Files\Bitdefender Agent\redline\bdredline.exe
services.exe
User:
SYSTEM
Company:
Bitdefender
Integrity Level:
SYSTEM
Description:
Bitdefender redline update
Version:
1.0.1.113
Modules
Images
c:\program files\bitdefender agent\redline\bdredline.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
Total events
29 669
Read events
29 587
Write events
79
Delete events
3

Modification events

(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:InstallerLauncher
Value:
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:InstallerLauncher
Value:
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Install
Operation:writeName:ShortInstallPath
Value:
C:\Program Files\Bitdefender Agent\
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Install
Operation:writeName:InstallPath
Value:
C:\Program Files\Bitdefender Agent\
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceFolder
Value:
C:\ProgramData\Bitdefender Agent
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceLevel
Value:
1
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Bitdefender Agent
Operation:writeName:traceMode
Value:
0
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Bitdefender Agent\Submission\Agent Submission Tool
Operation:writeName:AppPath
Value:
C:\Program Files\Bitdefender Agent\27.0.1.261\bdsubwiz.exe
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Bitdefender Agent\27.0.1.261\bdicon.ico
(PID) Process:(7492) installer.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bitdefender Agent
Operation:writeName:DisplayName
Value:
Bitdefender Agent
Executable files
54
Suspicious files
25
Text files
165
Unknown types
0

Dropped files

PID
Process
Filename
Type
1696bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exeexecutable
MD5:E36FF046E956EB4E6C34B5AB093D9DA9
SHA256:F5F22FEB3FE60CD84ED82DE59F378824FA5A0C1640F350C0BB7F4C15EBF7ECC4
1696bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exeexecutable
MD5:4EBCC89CE20AA95C47CA1B0D54DAC442
SHA256:08E34B18AFE90C8FC18C0E9F117C1ADDAE63076C11D48A72C02285EA6D4F610B
1696bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exeexecutable
MD5:CAB2C9759242CA0AD1B57045EB36FBA2
SHA256:E0683DEB62F58752F7B2A534434DDE3594DE99C07616ED107CD5DB88420081B7
1696bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe.md5text
MD5:3C32A551275E22A734A855B9F5C06058
SHA256:C45F45098C3B69B7BD4C4E73B067EF6AB7C3D0717C3F6DFB6093D51B5A8580A6
1696bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe.md5text
MD5:85019E9307915B01DBBFAFC1FD29F030
SHA256:EEF01615458364DCF1DC66C8FFD4781C07691E957C9B2062CD6740B954CB2D9C
1696bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\bddeploy.exe.md5text
MD5:4097D83DCA542C8CD3152B928E2E500D
SHA256:640F550C9CA0E73266128F1D164436124243DF0A4BABCABA751A3B762DC89AA3
6820setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\additional.dllexecutable
MD5:0FBFEFA64AA6B8513FC0721C71D3A9E4
SHA256:D2AAFDAF86F429939DB6C31FCEA9150986AF5B2C26C482D13A62382E51A1DF29
6392bddeploy.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\data\params.jsonbinary
MD5:CDAE04923BCB4E8D8B9B6CB971FCE3C3
SHA256:3E68F01899BE1329EDA818DFC29210C8B641822A6B9F065A2BDA6E66AC38F1AC
6820setuppackage.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\bdec.dllexecutable
MD5:C8C01915815D6E94FFAFD3A45E5842E0
SHA256:2B7BC6A24FE9C84FBB050607F40A876C28852AB9698E2E45A0083DEEB33DC4F8
1696bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exeC:\Users\admin\AppData\Local\Temp\RarSFX0\packages\agentpackage.exe.md5text
MD5:B227E3B8E87FD2DD80AFB624D8BD408E
SHA256:2A69EED9AB9126DA701B90336618146012264E42798278A543B9CEE311C2E86D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
61
DNS requests
22
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6876
bdredline.exe
GET
404
104.18.168.222:80
http://upgrade.bitdefender.com/redline_com.bitdefender.agent/versions.id
unknown
whitelisted
7700
ProductAgentService.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA%2BoSQYV1wCgviF2%2FcXsbb0%3D
unknown
whitelisted
7700
ProductAgentService.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSYagvY3tfizDNoybzVSPFZmSEm0wQUe2jOKarAF75JeuHlP9an90WPNTICEAmVn%2BfDj4dRvJn8or6d%2B%2Bc%3D
unknown
whitelisted
7948
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7948
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2692
RUXIMICS.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2088
svchost.exe
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
1696
bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c.exe
18.228.115.60:15432
AMAZON-02
BR
unknown
6544
svchost.exe
20.190.159.131:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.238
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 95.101.149.131
whitelisted
login.live.com
  • 20.190.159.131
  • 40.126.31.69
  • 20.190.159.128
  • 40.126.31.3
  • 20.190.159.2
  • 40.126.31.130
  • 40.126.31.2
  • 20.190.159.23
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
upgrade.bitdefender.com
  • 104.18.168.222
  • 104.18.169.222
whitelisted
nimbus.bitdefender.net
  • 34.120.68.241
whitelisted
eu.nimbus.bitdefender.net
  • 34.120.68.241
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c