File name:

ParsecVDisplay-v0.45-setup.exe

Full analysis: https://app.any.run/tasks/ce03c199-561b-4d9b-bd5a-29332e2b9968
Verdict: Malicious activity
Analysis date: May 09, 2025, 08:32:44
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

37D43A8E355D94A15B7C36F5725014C5

SHA1:

AD0F74207B270BB65E75ABEEB1B0F5BC5664D9DE

SHA256:

4F317796E092FFA5420F6F1341242F085E8A7BF57A67878192E5FCD89816B759

SSDEEP:

98304:1+cD4dns/yPUsXusjjnMScH+Pmb9eHz2ib7m22GbPPAydY6foiXaEvKzgqx5Lkbz:W

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)
      • ParsecVDisplay-v0.45-setup.exe (PID: 7280)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • parsec-vdd-setup.exe (PID: 7996)
      • nefconw.exe (PID: 2392)
      • drvinst.exe (PID: 2152)

    • Reads security settings of Internet Explorer

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay.exe (PID: 5776)

    • Reads the Windows owner or organization settings

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-vdd-setup.exe (PID: 7996)

    • Executing commands from a ".bat" file

      • parsec-vdd-setup.exe (PID: 7996)

    • Starts CMD.EXE for commands execution

      • parsec-vdd-setup.exe (PID: 7996)

    • The process creates files with name similar to system file names

      • parsec-vdd-setup.exe (PID: 7996)

    • Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest

      • parsec-vdd-setup.exe (PID: 7996)
      • wevtutil.exe (PID: 8028)

    • Creates a software uninstall entry

      • parsec-vdd-setup.exe (PID: 7996)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2152)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 5772)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • parsec-vdd-setup.exe (PID: 7996)
      • wevtutil.exe (PID: 7448)

    • Executes as Windows Service

      • WUDFHost.exe (PID: 6744)

  • INFO

    • Checks supported languages

      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)
      • ParsecVDisplay-v0.45-setup.exe (PID: 7280)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • parsec-vdd-setup.exe (PID: 7996)
      • nefconw.exe (PID: 5576)
      • nefconw.exe (PID: 5960)
      • nefconw.exe (PID: 2392)
      • drvinst.exe (PID: 2152)
      • drvinst.exe (PID: 5772)
      • ParsecVDisplay.exe (PID: 5776)

    • Create files in a temporary directory

      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)
      • ParsecVDisplay-v0.45-setup.exe (PID: 7280)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • parsec-vdd-setup.exe (PID: 7996)
      • nefconw.exe (PID: 2392)

    • Reads the computer name

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • nefconw.exe (PID: 5576)
      • nefconw.exe (PID: 5960)
      • nefconw.exe (PID: 2392)
      • drvinst.exe (PID: 2152)
      • drvinst.exe (PID: 5772)
      • ParsecVDisplay.exe (PID: 5776)

    • Process checks computer location settings

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)

    • Detects InnoSetup installer (YARA)

      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)

    • Compiled with Borland Delphi (YARA)

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)

    • Creates files in the program directory

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • parsec-vdd-setup.exe (PID: 7996)

    • Creates a software uninstall entry

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)

    • The sample compiled with english language support

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • parsec-vdd-setup.exe (PID: 7996)
      • nefconw.exe (PID: 2392)
      • drvinst.exe (PID: 2152)

    • Reads the software policy settings

      • drvinst.exe (PID: 2152)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 2152)
      • ParsecVDisplay.exe (PID: 5776)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 66560
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.45.0.0
ProductVersionNumber: 0.45.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Nguyen Duy
FileDescription: ParsecVDisplay Setup
FileVersion: 0.45
LegalCopyright: © 2024 Nguyen Duy. All rights reserved.
OriginalFileName:
ProductName: ParsecVDisplay
ProductVersion: 0.45
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
22
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start parsecvdisplay-v0.45-setup.exe parsecvdisplay-v0.45-setup.tmp no specs sppextcomobj.exe no specs slui.exe no specs parsecvdisplay-v0.45-setup.exe parsecvdisplay-v0.45-setup.tmp parsec-vdd-setup.exe wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs wudfhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs parsecvdisplay.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2152DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{58f0439c-571d-024c-8662-b74ba347348e}\mm.inf" "9" "484386e17" "00000000000001E0" "WinSta0\Default" "00000000000001F8" "208" "C:\Program Files\Parsec Virtual Display Driver\driver"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
2392.\nefconw.exe --install-driver --inf-path ".\driver\mm.inf"C:\Program Files\Parsec Virtual Display Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
5324"C:\Users\admin\Desktop\ParsecVDisplay-v0.45-setup.exe" C:\Users\admin\Desktop\ParsecVDisplay-v0.45-setup.exe
explorer.exe
User:
admin
Company:
Nguyen Duy
Integrity Level:
MEDIUM
Description:
ParsecVDisplay Setup
Exit code:
0
Version:
0.45
Modules
Images
c:\users\admin\desktop\parsecvdisplay-v0.45-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
5576.\nefconw.exe --remove-device-node --hardware-id Root\Parsec\VDA --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318"C:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
6
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
5772DrvInst.exe "2" "201" "ROOT\DISPLAY\0000" "C:\WINDOWS\System32\DriverStore\FileRepository\mm.inf_amd64_615d17457058f652\mm.inf" "oem1.inf:*:*:0.45.0.0:Root\Parsec\VDA," "484386e17" "000000000000018C"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
5776"C:\Program Files\ParsecVDisplay\ParsecVDisplay.exe"C:\Program Files\ParsecVDisplay\ParsecVDisplay.exeParsecVDisplay-v0.45-setup.tmp
User:
admin
Integrity Level:
HIGH
Description:
ParsecVDisplay
Version:
0.45.0
Modules
Images
c:\program files\parsecvdisplay\parsecvdisplay.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
5960.\nefconw.exe --create-device-node --class-name Display --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318" --hardware-id Root\Parsec\VDAC:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\version.dll
6744"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3ab3ee86-e2d8-4634-a3c0-7af24061c2e9 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f27ed861-0738-482a-8d12-5bdaf0fff3a0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ff31b5f1-b58f-42d2-af9d-8ee49cbecad3 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4b376d83-b64d-483a-8d33-3f5c79e1565d -LifetimeId:05a1f5bf-b174-405b-a490-1c05d088492e -DeviceGroupId:ParsecDriverGroup -HostArg:0C:\Windows\System32\WUDFHost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Driver Foundation - User-mode Driver Framework Host Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wudfhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\devobj.dll
6944C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7020"C:\Users\admin\AppData\Local\Temp\is-SA3N1.tmp\ParsecVDisplay-v0.45-setup.tmp" /SL5="$702E2,1570843,809472,C:\Users\admin\Desktop\ParsecVDisplay-v0.45-setup.exe" C:\Users\admin\AppData\Local\Temp\is-SA3N1.tmp\ParsecVDisplay-v0.45-setup.tmpParsecVDisplay-v0.45-setup.exe
User:
admin
Company:
Nguyen Duy
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-sa3n1.tmp\parsecvdisplay-v0.45-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
Total events
5 195
Read events
5 103
Write events
86
Delete events
6

Modification events

(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:ParsecVDisplay
Value:
"C:\Program Files\ParsecVDisplay\ParsecVDisplay.exe"
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\ParsecVDisplay
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\ParsecVDisplay\
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
add_startup,install_vdd
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:DisplayName
Value:
ParsecVDisplay
Executable files
19
Suspicious files
15
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
7324ParsecVDisplay-v0.45-setup.tmpC:\Users\admin\AppData\Local\Temp\is-RAC99.tmp\_isetup\_setup64.tmpexecutable
MD5:E4211D6D009757C078A9FAC7FF4F03D4
SHA256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
7324ParsecVDisplay-v0.45-setup.tmpC:\Program Files\ParsecVDisplay\is-BIQQN.tmpexecutable
MD5:8732ED22B774D94920664327D8B9ED2A
SHA256:70C650AAE2E770F29EBCD92666F6523272D7F30FB109E17C1EED197122022542
7324ParsecVDisplay-v0.45-setup.tmpC:\Program Files\ParsecVDisplay\unins000.exeexecutable
MD5:95F34A2677294D2E2E5A34912FE695B1
SHA256:D028436877CA6D3838E886FC83FBA04928831B21E80C4D52F92E57FF568F70A1
7324ParsecVDisplay-v0.45-setup.tmpC:\Users\Public\Desktop\ParsecVDisplay.lnkbinary
MD5:185ADF9F15BF300FFE03870F97FC13CB
SHA256:3D688A100D7B01A371571B26A3FD3F3AB89121E25BDBE08E278D1E1D06B2ED0A
7324ParsecVDisplay-v0.45-setup.tmpC:\Program Files\ParsecVDisplay\driver\parsec-vdd-setup.exeexecutable
MD5:4B9A3048286692A865187013B70F44E8
SHA256:E23332448FDAF5AA017CB308DB5EF6855FAC526A7DED05D80C039404126D5362
7996parsec-vdd-setup.exeC:\Program Files\Parsec Virtual Display Driver\nefconw.exeexecutable
MD5:E9F2BC8C82AC755F47C7F89D1530F1A1
SHA256:CF746D1B0BBB713993D4A90DCCD774C78D9FFF8C2BA5A054B6C8F56C77E1EEE1
7996parsec-vdd-setup.exeC:\Users\admin\AppData\Local\Temp\nsh2180.tmp\nsExec.dllexecutable
MD5:675C4948E1EFC929EDCABFE67148EDDD
SHA256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
7324ParsecVDisplay-v0.45-setup.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParsecVDisplay.lnkbinary
MD5:66BFF60BFEE184A4AD33F2053E4BEE6E
SHA256:054DC7124BDD095F18A956188FA6038C924BCAC593DE7987BFC13938498AF712
7996parsec-vdd-setup.exeC:\Program Files\Parsec Virtual Display Driver\driver\mm.dllexecutable
MD5:F09967CC8CC9BF03612DDECB6BF86DAA
SHA256:96DB6AE2F950B56E52BE3E68F92893AFA94645EAE09FEA2ABD5DD1985758150A
7324ParsecVDisplay-v0.45-setup.tmpC:\Program Files\ParsecVDisplay\unins000.datbinary
MD5:A0B0836FB23BEE415134959BB1BE57A7
SHA256:5D390F12C953C770BEE282A748131F933F9D45B36E3BB9AEFF239C06197CBD66
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
27
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7888
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
7888
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6480
RUXIMICS.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
2104
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.76:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.212.142
whitelisted
crl.microsoft.com
  • 2.19.11.105
  • 2.19.11.120
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 23.35.229.160
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.32.76
  • 40.126.32.134
  • 40.126.32.74
  • 20.190.160.14
  • 20.190.160.130
  • 40.126.32.136
  • 20.190.160.2
  • 20.190.160.128
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
go.microsoft.com
  • 69.192.162.125
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ParsecVDisplay-v0.45-setup.exe