File name:

ParsecVDisplay-v0.45-setup.exe

Full analysis: https://app.any.run/tasks/ce03c199-561b-4d9b-bd5a-29332e2b9968
Verdict: Malicious activity
Analysis date: May 09, 2025, 08:32:44
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
delphi
inno
installer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 10 sections
MD5:

37D43A8E355D94A15B7C36F5725014C5

SHA1:

AD0F74207B270BB65E75ABEEB1B0F5BC5664D9DE

SHA256:

4F317796E092FFA5420F6F1341242F085E8A7BF57A67878192E5FCD89816B759

SSDEEP:

98304:1+cD4dns/yPUsXusjjnMScH+Pmb9eHz2ib7m22GbPPAydY6foiXaEvKzgqx5Lkbz:W

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay.exe (PID: 5776)

    • Executable content was dropped or overwritten

      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)
      • ParsecVDisplay-v0.45-setup.exe (PID: 7280)
      • parsec-vdd-setup.exe (PID: 7996)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • drvinst.exe (PID: 2152)
      • nefconw.exe (PID: 2392)

    • Reads the Windows owner or organization settings

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)

    • Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest

      • parsec-vdd-setup.exe (PID: 7996)
      • wevtutil.exe (PID: 8028)

    • The process creates files with name similar to system file names

      • parsec-vdd-setup.exe (PID: 7996)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-vdd-setup.exe (PID: 7996)

    • Creates a software uninstall entry

      • parsec-vdd-setup.exe (PID: 7996)

    • Creates files in the driver directory

      • drvinst.exe (PID: 2152)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 5772)

    • Starts CMD.EXE for commands execution

      • parsec-vdd-setup.exe (PID: 7996)

    • Executing commands from a ".bat" file

      • parsec-vdd-setup.exe (PID: 7996)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • parsec-vdd-setup.exe (PID: 7996)
      • wevtutil.exe (PID: 7448)

    • Executes as Windows Service

      • WUDFHost.exe (PID: 6744)

  • INFO

    • Checks supported languages

      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)
      • ParsecVDisplay-v0.45-setup.exe (PID: 7280)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • parsec-vdd-setup.exe (PID: 7996)
      • nefconw.exe (PID: 2392)
      • nefconw.exe (PID: 5960)
      • drvinst.exe (PID: 2152)
      • nefconw.exe (PID: 5576)
      • drvinst.exe (PID: 5772)
      • ParsecVDisplay.exe (PID: 5776)

    • Reads the computer name

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • nefconw.exe (PID: 2392)
      • drvinst.exe (PID: 5772)
      • drvinst.exe (PID: 2152)
      • nefconw.exe (PID: 5576)
      • nefconw.exe (PID: 5960)
      • ParsecVDisplay.exe (PID: 5776)

    • Create files in a temporary directory

      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)
      • ParsecVDisplay-v0.45-setup.exe (PID: 7280)
      • parsec-vdd-setup.exe (PID: 7996)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • nefconw.exe (PID: 2392)

    • Creates files in the program directory

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • parsec-vdd-setup.exe (PID: 7996)

    • Compiled with Borland Delphi (YARA)

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)

    • Detects InnoSetup installer (YARA)

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)
      • ParsecVDisplay-v0.45-setup.exe (PID: 5324)

    • Process checks computer location settings

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7020)

    • Creates a software uninstall entry

      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)

    • The sample compiled with english language support

      • parsec-vdd-setup.exe (PID: 7996)
      • ParsecVDisplay-v0.45-setup.tmp (PID: 7324)
      • nefconw.exe (PID: 2392)
      • drvinst.exe (PID: 2152)

    • Reads the software policy settings

      • drvinst.exe (PID: 2152)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 2152)
      • ParsecVDisplay.exe (PID: 5776)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Inno Setup installer (65.1)
.exe | Win32 EXE PECompact compressed (generic) (24.6)
.dll | Win32 Dynamic Link Library (generic) (3.9)
.exe | Win32 Executable (generic) (2.6)
.exe | Win16/32 Executable Delphi generic (1.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:02:15 14:54:16+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 741888
InitializedDataSize: 66560
UninitializedDataSize: -
EntryPoint: 0xb5eec
OSVersion: 6.1
ImageVersion: 6
SubsystemVersion: 6.1
Subsystem: Windows GUI
FileVersionNumber: 0.45.0.0
ProductVersionNumber: 0.45.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
Comments: This installation was built with Inno Setup.
CompanyName: Nguyen Duy
FileDescription: ParsecVDisplay Setup
FileVersion: 0.45
LegalCopyright: © 2024 Nguyen Duy. All rights reserved.
OriginalFileName:
ProductName: ParsecVDisplay
ProductVersion: 0.45
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
157
Monitored processes
22
Malicious processes
4
Suspicious processes
1

Behavior graph

Click at the process to see the details
start parsecvdisplay-v0.45-setup.exe parsecvdisplay-v0.45-setup.tmp no specs sppextcomobj.exe no specs slui.exe no specs parsecvdisplay-v0.45-setup.exe parsecvdisplay-v0.45-setup.tmp parsec-vdd-setup.exe wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs wudfhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs parsecvdisplay.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2152DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{58f0439c-571d-024c-8662-b74ba347348e}\mm.inf" "9" "484386e17" "00000000000001E0" "WinSta0\Default" "00000000000001F8" "208" "C:\Program Files\Parsec Virtual Display Driver\driver"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
2392.\nefconw.exe --install-driver --inf-path ".\driver\mm.inf"C:\Program Files\Parsec Virtual Display Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
5324"C:\Users\admin\Desktop\ParsecVDisplay-v0.45-setup.exe" C:\Users\admin\Desktop\ParsecVDisplay-v0.45-setup.exe
explorer.exe
User:
admin
Company:
Nguyen Duy
Integrity Level:
MEDIUM
Description:
ParsecVDisplay Setup
Exit code:
0
Version:
0.45
Modules
Images
c:\users\admin\desktop\parsecvdisplay-v0.45-setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comctl32.dll
5576.\nefconw.exe --remove-device-node --hardware-id Root\Parsec\VDA --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318"C:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
6
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
5772DrvInst.exe "2" "201" "ROOT\DISPLAY\0000" "C:\WINDOWS\System32\DriverStore\FileRepository\mm.inf_amd64_615d17457058f652\mm.inf" "oem1.inf:*:*:0.45.0.0:Root\Parsec\VDA," "484386e17" "000000000000018C"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
5776"C:\Program Files\ParsecVDisplay\ParsecVDisplay.exe"C:\Program Files\ParsecVDisplay\ParsecVDisplay.exeParsecVDisplay-v0.45-setup.tmp
User:
admin
Integrity Level:
HIGH
Description:
ParsecVDisplay
Version:
0.45.0
Modules
Images
c:\program files\parsecvdisplay\parsecvdisplay.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
5960.\nefconw.exe --create-device-node --class-name Display --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318" --hardware-id Root\Parsec\VDAC:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\version.dll
6744"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-3ab3ee86-e2d8-4634-a3c0-7af24061c2e9 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-f27ed861-0738-482a-8d12-5bdaf0fff3a0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ff31b5f1-b58f-42d2-af9d-8ee49cbecad3 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-4b376d83-b64d-483a-8d33-3f5c79e1565d -LifetimeId:05a1f5bf-b174-405b-a490-1c05d088492e -DeviceGroupId:ParsecDriverGroup -HostArg:0C:\Windows\System32\WUDFHost.exeservices.exe
User:
LOCAL SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Driver Foundation - User-mode Driver Framework Host Process
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wudfhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\devobj.dll
6944C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll
7020"C:\Users\admin\AppData\Local\Temp\is-SA3N1.tmp\ParsecVDisplay-v0.45-setup.tmp" /SL5="$702E2,1570843,809472,C:\Users\admin\Desktop\ParsecVDisplay-v0.45-setup.exe" C:\Users\admin\AppData\Local\Temp\is-SA3N1.tmp\ParsecVDisplay-v0.45-setup.tmpParsecVDisplay-v0.45-setup.exe
User:
admin
Company:
Nguyen Duy
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-sa3n1.tmp\parsecvdisplay-v0.45-setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\comdlg32.dll
Total events
5 195
Read events
5 103
Write events
86
Delete events
6

Modification events

(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:ParsecVDisplay
Value:
"C:\Program Files\ParsecVDisplay\ParsecVDisplay.exe"
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
6.2.2
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\ParsecVDisplay
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:InstallLocation
Value:
C:\Program Files\ParsecVDisplay\
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Icon Group
Value:
(Default)
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: User
Value:
admin
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Selected Tasks
Value:
add_startup,install_vdd
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Deselected Tasks
Value:
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:Inno Setup: Language
Value:
english
(PID) Process:(7324) ParsecVDisplay-v0.45-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D2005B5A-A8C4-4B77-807F-155132973D5D}_is1
Operation:writeName:DisplayName
Value:
ParsecVDisplay
Executable files
19
Suspicious files
15
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
7324ParsecVDisplay-v0.45-setup.tmpC:\Program Files\ParsecVDisplay\driver\is-9GS17.tmpexecutable
MD5:4B9A3048286692A865187013B70F44E8
SHA256:E23332448FDAF5AA017CB308DB5EF6855FAC526A7DED05D80C039404126D5362
7996parsec-vdd-setup.exeC:\Program Files\Parsec Virtual Display Driver\mm.manxml
MD5:481369808B1B657547BCD92A897C58C0
SHA256:E6A9944CA554B25D67B47B4D0DFBADA6EA5AE7CB208B9EC09CFE6132BAB4600F
7324ParsecVDisplay-v0.45-setup.tmpC:\Program Files\ParsecVDisplay\unins000.exeexecutable
MD5:95F34A2677294D2E2E5A34912FE695B1
SHA256:D028436877CA6D3838E886FC83FBA04928831B21E80C4D52F92E57FF568F70A1
7324ParsecVDisplay-v0.45-setup.tmpC:\Program Files\ParsecVDisplay\is-BIQQN.tmpexecutable
MD5:8732ED22B774D94920664327D8B9ED2A
SHA256:70C650AAE2E770F29EBCD92666F6523272D7F30FB109E17C1EED197122022542
7324ParsecVDisplay-v0.45-setup.tmpC:\Program Files\ParsecVDisplay\driver\parsec-vdd-setup.exeexecutable
MD5:4B9A3048286692A865187013B70F44E8
SHA256:E23332448FDAF5AA017CB308DB5EF6855FAC526A7DED05D80C039404126D5362
7324ParsecVDisplay-v0.45-setup.tmpC:\ProgramData\Microsoft\Windows\Start Menu\Programs\ParsecVDisplay.lnkbinary
MD5:66BFF60BFEE184A4AD33F2053E4BEE6E
SHA256:054DC7124BDD095F18A956188FA6038C924BCAC593DE7987BFC13938498AF712
7996parsec-vdd-setup.exeC:\Program Files\Parsec Virtual Display Driver\vdduninstall.battext
MD5:FBC8D5E19F89DFFCCD165F44ABF114B4
SHA256:8F503E40A32959D9D2EE5A9E2A3DA627F6ED158E6C87C47EF17F1E5D74F47B9A
7996parsec-vdd-setup.exeC:\Program Files\Parsec Virtual Display Driver\driver\mm.infbinary
MD5:D8030AFE09A2F984BE00389B31F7039B
SHA256:34DA9FF45C13577631F67E33D11B8A26E3D22CA685D00C388B6122A795800588
7280ParsecVDisplay-v0.45-setup.exeC:\Users\admin\AppData\Local\Temp\is-C7JFG.tmp\ParsecVDisplay-v0.45-setup.tmpexecutable
MD5:33B934BAEE238182E15E42EB72BF3847
SHA256:61F7F212624B82E8498100E8E4F9EEDF0D4A9848164ED7A1134BDD86EE48CEA9
7996parsec-vdd-setup.exeC:\Program Files\Parsec Virtual Display Driver\driver\mm.dllexecutable
MD5:F09967CC8CC9BF03612DDECB6BF86DAA
SHA256:96DB6AE2F950B56E52BE3E68F92893AFA94645EAE09FEA2ABD5DD1985758150A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
27
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7888
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7888
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6480
RUXIMICS.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
2104
svchost.exe
20.73.194.208:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3216
svchost.exe
172.211.123.249:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
6544
svchost.exe
40.126.32.76:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.212.142
whitelisted
crl.microsoft.com
  • 2.19.11.105
  • 2.19.11.120
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 23.35.229.160
whitelisted
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
client.wns.windows.com
  • 172.211.123.249
whitelisted
login.live.com
  • 40.126.32.76
  • 40.126.32.134
  • 40.126.32.74
  • 20.190.160.14
  • 20.190.160.130
  • 40.126.32.136
  • 20.190.160.2
  • 20.190.160.128
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
slscr.update.microsoft.com
  • 52.149.20.212
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
whitelisted
go.microsoft.com
  • 69.192.162.125
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
ParsecVDisplay-v0.45-setup.exe