File name:

parsec-windows.exe

Full analysis: https://app.any.run/tasks/644ef0fd-86f4-48cb-8bab-db32a63a71b4
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: December 09, 2024, 09:07:42
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

5BE3333A5E6933A5E8977E85DC56F571

SHA1:

5FC2E86BEA1B723948F1A2D83395109573F08B16

SHA256:

32AB1D25825F510B8BE2BFD73A48D6539DB914A9382726DD486BE114F6CCAE6E

SSDEEP:

98304:VgwkW/21bBYyUc4DJj3iWLhOtvwWprCD7DpCQJzZFmRrQQSrLhdtjB2MzxuPhzAB:9cG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • parsecd.exe (PID: 6688)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-windows.exe (PID: 1468)
      • parsec-vud.exe (PID: 6032)
      • parsec-vdd.exe (PID: 3700)

    • The process creates files with name similar to system file names

      • parsec-windows.exe (PID: 1468)
      • parsec-vud.exe (PID: 6032)
      • parsec-vdd.exe (PID: 3700)

    • The process executes VB scripts

      • parsec-windows.exe (PID: 1468)

    • Uses TASKKILL.EXE to kill process

      • wscript.exe (PID: 4640)

    • Executable content was dropped or overwritten

      • parsec-windows.exe (PID: 1468)
      • parsec-vud.exe (PID: 6032)
      • nefconw.exe (PID: 3724)
      • drvinst.exe (PID: 3544)
      • drvinst.exe (PID: 4388)
      • parsec-vdd.exe (PID: 3700)
      • nefconw.exe (PID: 6076)
      • nefconw.exe (PID: 4952)
      • drvinst.exe (PID: 3812)
      • parsecd.exe (PID: 6332)
      • parsecd.exe (PID: 6464)
      • parsecd.exe (PID: 6616)

    • Runs shell command (SCRIPT)

      • wscript.exe (PID: 5684)
      • wscript.exe (PID: 4640)
      • wscript.exe (PID: 5240)
      • wscript.exe (PID: 2312)
      • wscript.exe (PID: 2728)
      • wscript.exe (PID: 3836)

    • Creates FileSystem object to access computer's file system (SCRIPT)

      • wscript.exe (PID: 5240)
      • wscript.exe (PID: 2728)
      • wscript.exe (PID: 3836)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • wscript.exe (PID: 5240)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 4044)

    • Creates a software uninstall entry

      • parsec-windows.exe (PID: 1468)
      • parsec-vud.exe (PID: 6032)
      • parsec-vdd.exe (PID: 3700)

    • Executes as Windows Service

      • pservice.exe (PID: 5848)
      • WUDFHost.exe (PID: 2012)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • wscript.exe (PID: 3836)

    • Starts CMD.EXE for commands execution

      • parsec-windows.exe (PID: 1468)
      • parsec-vud.exe (PID: 6032)
      • parsec-vdd.exe (PID: 3700)

    • Drops a system driver (possible attempt to evade defenses)

      • parsec-vud.exe (PID: 6032)
      • nefconw.exe (PID: 3724)
      • drvinst.exe (PID: 3544)
      • nefconw.exe (PID: 6076)
      • drvinst.exe (PID: 4388)

    • Creates files in the driver directory

      • drvinst.exe (PID: 3544)
      • drvinst.exe (PID: 4388)
      • drvinst.exe (PID: 3812)

    • Checks Windows Trust Settings

      • drvinst.exe (PID: 3544)
      • drvinst.exe (PID: 4388)
      • drvinst.exe (PID: 3812)
      • parsecd.exe (PID: 6332)
      • parsecd.exe (PID: 6464)
      • parsecd.exe (PID: 6616)
      • parsecd.exe (PID: 6688)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 5696)
      • drvinst.exe (PID: 4536)
      • drvinst.exe (PID: 4816)

    • Executing commands from a ".bat" file

      • parsec-vud.exe (PID: 6032)
      • parsec-vdd.exe (PID: 3700)

    • Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest

      • parsec-vdd.exe (PID: 3700)
      • wevtutil.exe (PID: 2212)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • wevtutil.exe (PID: 6228)
      • parsec-vdd.exe (PID: 3700)

    • Reads security settings of Internet Explorer

      • parsecd.exe (PID: 6332)
      • parsecd.exe (PID: 6688)

    • Application launched itself

      • parsecd.exe (PID: 6616)

  • INFO

    • Reads the computer name

      • parsec-windows.exe (PID: 1468)
      • pservice.exe (PID: 5848)
      • nefconw.exe (PID: 848)
      • nefconw.exe (PID: 6076)
      • nefconw.exe (PID: 3724)
      • drvinst.exe (PID: 3544)
      • drvinst.exe (PID: 4388)
      • drvinst.exe (PID: 4816)
      • nefconw.exe (PID: 2132)
      • nefconw.exe (PID: 4244)
      • parsecd.exe (PID: 6464)

    • Checks supported languages

      • parsec-windows.exe (PID: 1468)
      • pservice.exe (PID: 5848)
      • parsec-vud.exe (PID: 6032)
      • nefconc.exe (PID: 6076)
      • nefconw.exe (PID: 848)
      • nefconw.exe (PID: 3724)
      • drvinst.exe (PID: 3544)
      • nefconw.exe (PID: 6076)
      • parsec-vdd.exe (PID: 3700)
      • drvinst.exe (PID: 4388)
      • drvinst.exe (PID: 4816)
      • nefconw.exe (PID: 4952)
      • nefconw.exe (PID: 2132)
      • nefconw.exe (PID: 4244)
      • drvinst.exe (PID: 3812)
      • drvinst.exe (PID: 1228)
      • parsecd.exe (PID: 6332)
      • parsecd.exe (PID: 6616)
      • parsecd.exe (PID: 6688)

    • Creates files in the program directory

      • parsec-windows.exe (PID: 1468)
      • parsec-vud.exe (PID: 6032)
      • parsec-vdd.exe (PID: 3700)
      • parsecd.exe (PID: 6616)

    • The process uses the downloaded file

      • wscript.exe (PID: 4640)
      • wscript.exe (PID: 5684)
      • wscript.exe (PID: 2312)
      • wscript.exe (PID: 2728)

    • Create files in a temporary directory

      • parsec-windows.exe (PID: 1468)
      • parsec-vud.exe (PID: 6032)
      • nefconw.exe (PID: 6076)
      • parsec-vdd.exe (PID: 3700)
      • nefconw.exe (PID: 4952)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 3544)
      • drvinst.exe (PID: 4388)
      • drvinst.exe (PID: 3812)
      • parsecd.exe (PID: 6332)
      • parsecd.exe (PID: 6464)
      • parsecd.exe (PID: 6616)
      • parsecd.exe (PID: 6688)

    • Reads the software policy settings

      • drvinst.exe (PID: 3544)
      • drvinst.exe (PID: 4388)
      • pservice.exe (PID: 5848)
      • parsecd.exe (PID: 6332)
      • parsecd.exe (PID: 6464)
      • parsecd.exe (PID: 6616)

    • Checks proxy server information

      • parsecd.exe (PID: 6332)

    • Creates files or folders in the user directory

      • parsecd.exe (PID: 6688)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2021:09:25 21:57:46+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 186880
UninitializedDataSize: 2048
EntryPoint: 0x352d
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 150.95.1.0
ProductVersionNumber: 150.95.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Parsec
FileVersion: 150.95.1.0
ProductName: Parsec
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
194
Monitored processes
70
Malicious processes
9
Suspicious processes
8

Behavior graph

Click at the process to see the details
start parsec-windows.exe wscript.exe no specs sc.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs wscript.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs wscript.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs wscript.exe no specs schtasks.exe no specs conhost.exe no specs wscript.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs pservice.exe wscript.exe no specs netsh.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs parsec-vud.exe cmd.exe no specs conhost.exe no specs nefconc.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs runonce.exe no specs grpconv.exe no specs drvinst.exe no specs cmd.exe no specs conhost.exe no specs parsec-vdd.exe wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs wudfhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs parsecd.exe parsecd.exe parsecd.exe parsecd.exe parsec-windows.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
188"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name=Parsec dir=in action=allow program="C:\Program Files\Parsec\parsecd.exe" enable=yes profile=public,private,domainC:\Windows\SysWOW64\netsh.exewscript.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\oleaut32.dll
644\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
836\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exesc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
836\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
848nefconw.exe --create-device-node --hardware-id Root\Parsec\VUSBA --class-name USB --class-guid "36fc9e60-c465-11cf-8056-444553540000"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
1228DrvInst.exe "2" "201" "ROOT\DISPLAY\0000" "C:\WINDOWS\System32\DriverStore\FileRepository\mm.inf_amd64_615d17457058f652\mm.inf" "oem7.inf:*:*:0.45.0.0:Root\Parsec\VDA," "484386e17" "00000000000001D8"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
1468"C:\Users\admin\Desktop\parsec-windows.exe" C:\Users\admin\Desktop\parsec-windows.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Parsec
Exit code:
0
Version:
150.95.1.0
Modules
Images
c:\users\admin\desktop\parsec-windows.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1576cmd /c "C:\Program Files\Parsec\vdd\parsec-vdd.exe" /SC:\Windows\SysWOW64\cmd.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1616\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1876\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
32 985
Read events
32 854
Write events
114
Delete events
17

Modification events

(PID) Process:(1468) parsec-windows.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Parsec.App.0
Value:
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:Comments
Value:
Parsec
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Parsec\parsecd.exe
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayName
Value:
Parsec
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayVersion
Value:
150-95a
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:EstimatedSize
Value:
6234
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:HelpLink
Value:
https://support.parsec.app
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:InstallLocation
Value:
C:\Program Files\Parsec
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoModify
Value:
1
(PID) Process:(1468) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoRepair
Value:
1
Executable files
40
Suspicious files
39
Text files
16
Unknown types
12

Dropped files

PID
Process
Filename
Type
1468parsec-windows.exeC:\Program Files\Parsec\wscripts\service-kill-parsec.vbstext
MD5:F7B0C63E7AEA5CBD96F7BF1021B28B73
SHA256:71F9CC28497B959377439F6611615EF582745DD5B9CCA02B5C4B24BB1FC3DFB8
1468parsec-windows.exeC:\Program Files\Parsec\wscripts\legacy-cleanup.vbstext
MD5:C78520C3162C1962F3164714B37EB4D0
SHA256:DEA38BD553ABE93C689DE42D0220ADD18F9BE3E3D2FA53F97EB8649F586DF4F3
1468parsec-windows.exeC:\Program Files\Parsec\wscripts\service-install.vbstext
MD5:971E2A344A6E17347A81EEB21ADA7BA7
SHA256:01F62A12DE3307B375DFF3EBCD6961D76FFCBC24F70682C7875655A811CE76A1
1468parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nso9F71.tmp\System.dllexecutable
MD5:CFF85C549D536F651D4FB8387F1976F2
SHA256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
1468parsec-windows.exeC:\Program Files\Parsec\wscripts\firewall-add.vbstext
MD5:882374285898F16B5F9FF44AFC1AE701
SHA256:0BE5AA5CC6395A86878F56B131E13DB4908E48F06E892FF8F8CF9E2D3B6C8ABB
1468parsec-windows.exeC:\Program Files\Parsec\wscripts\firewall-remove.vbstext
MD5:5D4D70CDF36FCDAA292DA1DA9133320C
SHA256:75F1DECE4FDA689A907F6D74B513ADB0C1771C1B79EA71160179542C9C4AB2F0
1468parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nso9F71.tmp\nsDialogs.dllexecutable
MD5:6C3F8C94D0727894D706940A8A980543
SHA256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
1468parsec-windows.exeC:\Program Files\Parsec\skel\parsecd-150-95a.dllexecutable
MD5:E12B3A175AF451D906F547027F0FA078
SHA256:E1C7498A58769C2D740D54895F04BF7E0926576583EFEE02B79239B5A0411B5C
1468parsec-windows.exeC:\Program Files\Parsec\parsecd.exeexecutable
MD5:62BEB668110B4C5DDAD09BB20D921CB6
SHA256:6F1BE9E26E403A885CC3B1FF0E4DBECBC96C0821119D25990C3E211564F215D5
1468parsec-windows.exeC:\Program Files\Parsec\skel\appdata.jsonbinary
MD5:B562F1B0CBEA553DE0102B36E670318F
SHA256:A8CA798B5712B8318A8749FDC3C09C53064AA5139110BD501F4484CC13B55F15
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
23
TCP/UDP connections
30
DNS requests
10
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4132
RUXIMICS.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
876
svchost.exe
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
4132
RUXIMICS.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
876
svchost.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6332
parsecd.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAloEugzUPGt9OnVZ%2FPPgls%3D
unknown
whitelisted
6332
parsecd.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
6332
parsecd.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
5848
pservice.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
876
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4712
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4132
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
4712
MoUsoCoreWorker.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4132
RUXIMICS.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
876
svchost.exe
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4132
RUXIMICS.exe
2.23.181.156:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.238
whitelisted
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
www.microsoft.com
  • 2.23.181.156
whitelisted
www.bing.com
  • 2.23.209.169
  • 2.23.209.168
  • 2.23.209.173
  • 2.23.209.160
  • 2.23.209.166
  • 2.23.209.175
  • 2.23.209.167
  • 2.23.209.162
  • 2.23.209.174
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
builds.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
public.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
self.events.data.microsoft.com
  • 13.70.79.200
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
parsec-windows.exe