I think one of these Bitdefender files is a trojan, my system stared dropping packets when I gave these files full disk access, I think one is fake. This shows the result.
sh-3.2# tcpdump -vvfA | grep 9.9.9.9
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
dns9.quad9.net.domain > 192.168.0.148.59097: [udp sum ok] 12219 q: A? dns.quad9.net. 2/0/0 dns.quad9.net. A 9.9.9.9, dns.quad9.net. A 149.112.112.112 (63)
21:19:09.999298 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 65)
21:19:09.999494 IP (tos 0x60, ttl 56, id 0, offset 0, flags [DF], proto UDP (17), length 1278)
^C10532 packets captured
10778 packets received by filter
0 packets dropped by kernel
sh-3.2# tcpdump -vvfA | grep 9.9.9.9
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
21:37:09.909492 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1277)
21:37:09.909693 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 113)
21:37:09.909794 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 91)
^C3316 packets captured
3325 packets received by filter
0 packets dropped by kernel
sh-3.2# tcpdump -vvfA | grep 9.9.9.9
tcpdump: data link type PKTAP
tcpdump: listening on pktap, link-type PKTAP (Apple DLT_PKTAP), snapshot length 524288 bytes
37.120.155.202.https > 192.168.0.148.51361: Flags [.], cksum 0x0f12 (correct), seq 898929:900317, ack 3531, win 330, length 1388
^C29661 packets captured
47892 packets received by filter
17080 packets dropped by kernel
The kernels were dropped after I gave all these items full disk access.