File name:

parsec-vud-0.3.10.0.exe

Full analysis: https://app.any.run/tasks/bc5d87f3-bcd5-409b-a5ff-a08208721ff8
Verdict: Malicious activity
Analysis date: March 08, 2025, 20:08:12
OS: Windows 11 Professional (build: 22000, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

FA2814C8CFF38B2F4737085C70154B8F

SHA1:

9D42ABC443B4E921DA6D4FC66530EBDBD3650051

SHA256:

98163F3C6F05B0B8BDF5766D6CED9BB10154CA18B1A924C5D0C939C0411EE8AA

SSDEEP:

49152:USMF0nT8rTH5Yy3K4I4DJXY3XLyzFAtlIdjkjLhBAtQdfiiWd9NgeRj+VWsljk8s:UXF0orTZYy3+4DJebyxy21gLhOtQBWdz

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • nefconw.exe (PID: 3780)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • parsec-vud-0.3.10.0.exe (PID: 3816)
      • nefconw.exe (PID: 2756)
      • drvinst.exe (PID: 3376)
      • drvinst.exe (PID: 3548)
      • nefconw.exe (PID: 3780)

    • The process creates files with name similar to system file names

      • parsec-vud-0.3.10.0.exe (PID: 3816)

    • Starts CMD.EXE for commands execution

      • parsec-vud-0.3.10.0.exe (PID: 3816)

    • Drops a system driver (possible attempt to evade defenses)

      • parsec-vud-0.3.10.0.exe (PID: 3816)
      • nefconw.exe (PID: 2756)
      • drvinst.exe (PID: 3376)
      • nefconw.exe (PID: 3780)
      • drvinst.exe (PID: 3548)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-vud-0.3.10.0.exe (PID: 3816)

    • Creates a software uninstall entry

      • parsec-vud-0.3.10.0.exe (PID: 3816)

    • Executing commands from a ".bat" file

      • parsec-vud-0.3.10.0.exe (PID: 3816)

    • Creates files in the driver directory

      • drvinst.exe (PID: 3376)
      • drvinst.exe (PID: 3548)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 2568)
      • drvinst.exe (PID: 3416)
      • drvinst.exe (PID: 4460)

    • Reads the Internet Settings

      • runonce.exe (PID: 5908)

    • There is functionality for taking screenshot (YARA)

      • parsec-vud-0.3.10.0.exe (PID: 3816)

  • INFO

    • The sample compiled with english language support

      • parsec-vud-0.3.10.0.exe (PID: 3816)

    • Checks supported languages

      • parsec-vud-0.3.10.0.exe (PID: 3816)
      • nefconc.exe (PID: 784)
      • nefconw.exe (PID: 5364)
      • nefconw.exe (PID: 2756)
      • drvinst.exe (PID: 3376)
      • drvinst.exe (PID: 2568)
      • nefconw.exe (PID: 3780)
      • drvinst.exe (PID: 3548)
      • drvinst.exe (PID: 4460)
      • drvinst.exe (PID: 3416)

    • Create files in a temporary directory

      • parsec-vud-0.3.10.0.exe (PID: 3816)
      • nefconw.exe (PID: 2756)
      • nefconw.exe (PID: 3780)

    • Reads the computer name

      • parsec-vud-0.3.10.0.exe (PID: 3816)
      • nefconw.exe (PID: 5364)
      • nefconw.exe (PID: 2756)
      • drvinst.exe (PID: 2568)
      • drvinst.exe (PID: 3376)
      • nefconw.exe (PID: 3780)
      • drvinst.exe (PID: 4460)
      • drvinst.exe (PID: 3416)
      • drvinst.exe (PID: 3548)

    • Creates files in the program directory

      • parsec-vud-0.3.10.0.exe (PID: 3816)

    • Reads the software policy settings

      • drvinst.exe (PID: 3376)
      • drvinst.exe (PID: 3548)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 3376)
      • drvinst.exe (PID: 3548)

    • Reads the time zone

      • runonce.exe (PID: 5908)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 5908)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x3552
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.3.10.0
ProductVersionNumber: 0.3.10.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: Parsec Virtual USB Adapter Driver
CompanyName: Parsec Cloud Inc.
FileDescription: Parsec Virtual USB Adapter Driver
FileVersion: 0.3.10.0
LegalCopyright: Parsec Cloud Inc.
ProductName: Parsec Virtual USB Adapter Driver
ProductVersion: 0.3.10.0
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
120
Monitored processes
17
Malicious processes
3
Suspicious processes
2

Behavior graph

Click at the process to see the details
start parsec-vud-0.3.10.0.exe cmd.exe no specs conhost.exe no specs nefconc.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs runonce.exe no specs grpconv.exe no specs drvinst.exe no specs parsec-vud-0.3.10.0.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
784"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconc.exe" --find-hwid --hardware-id VUSBAC:\Program Files\Parsec Virtual USB Adapter Driver\nefconc.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
1168
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
988cmd /c "C:\Program Files\Parsec Virtual USB Adapter Driver\nefconc.exe" --find-hwid --hardware-id VUSBAC:\Windows\SysWOW64\cmd.exeparsec-vud-0.3.10.0.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1168
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64base.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64con.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
1212\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
2036"C:\Users\admin\Desktop\parsec-vud-0.3.10.0.exe" C:\Users\admin\Desktop\parsec-vud-0.3.10.0.exeexplorer.exe
User:
admin
Company:
Parsec Cloud Inc.
Integrity Level:
MEDIUM
Description:
Parsec Virtual USB Adapter Driver
Exit code:
3221226540
Version:
0.3.10.0
Modules
Images
c:\users\admin\desktop\parsec-vud-0.3.10.0.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
2368"C:\Windows\System32\grpconv.exe" -oC:\Windows\System32\grpconv.exerunonce.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
1
Version:
10.0.22000.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
2568DrvInst.exe "2" "201" "ROOT\USB\0000" "C:\Windows\System32\DriverStore\FileRepository\parsecvusba.inf_amd64_4e0e9795c1e12fd4\parsecvusba.inf" "oem4.inf:*:*:0.3.10.0:Root\Parsec\VUSBA," "464910f03" "0000000000000168" "932d"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
2756nefconw.exe --install-driver --inf-path ".\parsecvusba\parsecvusba.inf"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
3376DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{7ca92dd8-1fff-ef4c-9cf1-09c54da35fae}\parsecvusba.inf" "9" "464910f03" "0000000000000168" "WinSta0\Default" "0000000000000178" "208" "C:\Program Files\Parsec Virtual USB Adapter Driver\parsecvusba"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
3416DrvInst.exe "8" "4" "C:\Windows\System32\DriverStore\FileRepository\parsecvirtualds.inf_amd64_37113b1521fc4458\parsecvirtualds.inf" "0" "4fea13f63" "0000000000000190" "WinSta0\Default"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
3548DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{285f21bb-5560-a948-a238-8930433071ad}\parsecvirtualds.inf" "9" "43799a85b" "0000000000000194" "WinSta0\Default" "0000000000000174" "208" "C:\Program Files\Parsec Virtual USB Adapter Driver\parsecvirtualds"C:\Windows\System32\drvinst.exe
svchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.22000.653 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
Total events
6 609
Read events
6 553
Write events
46
Delete events
10

Modification events

(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:Comments
Value:
Parsec Virtual USB Adapter Driver
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Parsec Virtual USB Adapter Driver\uninstall.exe
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:DisplayName
Value:
Parsec Virtual USB Adapter Driver
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:DisplayVersion
Value:
0.3.10.0
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:EstimatedSize
Value:
1582
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:HelpLink
Value:
https://support.parsec.app
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:InstallLocation
Value:
C:\Program Files\Parsec Virtual USB Adapter Driver
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:NoModify
Value:
1
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:NoRepair
Value:
1
(PID) Process:(3816) parsec-vud-0.3.10.0.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ParsecVUD
Operation:writeName:Publisher
Value:
Parsec Cloud Inc.
Executable files
18
Suspicious files
23
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
3816parsec-vud-0.3.10.0.exeC:\Users\admin\AppData\Local\Temp\nsh3BE6.tmp\UserInfo.dllexecutable
MD5:F8B6DD1F9620BE4EF2AD1E81FB6B79FA
SHA256:A921CC9CC4AF332BE96186D60D2539CB413DFA44CFD73E85687F9338505FF85E
3816parsec-vud-0.3.10.0.exeC:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.exeexecutable
MD5:E9F2BC8C82AC755F47C7F89D1530F1A1
SHA256:CF746D1B0BBB713993D4A90DCCD774C78D9FFF8C2BA5A054B6C8F56C77E1EEE1
3816parsec-vud-0.3.10.0.exeC:\Users\admin\AppData\Local\Temp\nsh3BE6.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
3816parsec-vud-0.3.10.0.exeC:\Users\admin\AppData\Local\Temp\nsh3BE6.tmp\System.dllexecutable
MD5:192639861E3DC2DC5C08BB8F8C7260D5
SHA256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
3816parsec-vud-0.3.10.0.exeC:\Program Files\Parsec Virtual USB Adapter Driver\parsecvusba\parsecvusba.catbinary
MD5:4113939133980818D62982AAE840FA03
SHA256:7B524BC6D08C0D823DD23483232B1FC68450158AB9F16C7AECE2DB2532FA13A5
3816parsec-vud-0.3.10.0.exeC:\Program Files\Parsec Virtual USB Adapter Driver\vusbinstall.battext
MD5:3B3CA1091EB59F0FA9ED9C9A50B3BF81
SHA256:94EE200CA574DD4499779048DB279264C872833C96A500E0F49B1342EE5F4802
3816parsec-vud-0.3.10.0.exeC:\Program Files\Parsec Virtual USB Adapter Driver\parsecvusba\parsecvusba.sysexecutable
MD5:566DCAA6C8BC45EB82C0A8C9F60AC7E9
SHA256:DC24FA47B151FE4FB604B47EC495F2B8911380064D964AD6ADBD148D98631E74
3816parsec-vud-0.3.10.0.exeC:\Program Files\Parsec Virtual USB Adapter Driver\vusbuninstall.battext
MD5:8E8F18F9109FCC7B93B2770BE222FA53
SHA256:E5A72F8064DE9B266CED03C042DAEF6BA9682CF0BA66BF8236E30E6169E88F0E
3816parsec-vud-0.3.10.0.exeC:\Program Files\Parsec Virtual USB Adapter Driver\parsecvirtualds\parsecvirtualds.catbinary
MD5:4D6C2C6D6FAFB8B88220B4D729083E4B
SHA256:5B1E3B5CC9D372A603212DF05317E3C21D675D25072ADFF5D9BFFC83F9494AAD
3816parsec-vud-0.3.10.0.exeC:\Program Files\Parsec Virtual USB Adapter Driver\parsecvusba\parsecvusba.infbinary
MD5:C4E261319A038B316E74EEB21159EB0C
SHA256:95E9899B2ACF64052EA5C09CBDE901F9BBD6B13B5C843AE999AC6D3429344DE8
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
22
TCP/UDP connections
23
DNS requests
10
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.24.77.4:80
http://www.msftconnecttest.com/connecttest.txt
unknown
whitelisted
4576
MoUsoCoreWorker.exe
GET
200
23.50.131.213:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?66e68538386affae
unknown
whitelisted
3640
svchost.exe
GET
200
23.50.131.213:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7b39e794b6da35ec
unknown
whitelisted
1228
svchost.exe
POST
403
23.35.238.131:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
1228
svchost.exe
POST
403
23.35.238.131:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
1228
svchost.exe
POST
403
23.35.238.131:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
1228
svchost.exe
POST
403
23.35.238.131:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
1228
svchost.exe
POST
403
23.35.238.131:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
1228
svchost.exe
POST
403
23.35.238.131:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
1228
svchost.exe
POST
403
23.35.238.131:80
http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
184.24.77.4:80
Akamai International B.V.
DE
unknown
4576
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4576
MoUsoCoreWorker.exe
23.50.131.213:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
whitelisted
3640
svchost.exe
20.190.160.65:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3640
svchost.exe
23.50.131.213:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
whitelisted
1228
svchost.exe
23.35.238.131:80
go.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:137
whitelisted
2352
smartscreen.exe
48.209.180.244:443
checkappexec.microsoft.com
US
whitelisted
3952
svchost.exe
239.255.255.250:1900
whitelisted
4792
svchost.exe
23.199.214.10:443
fs.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.213
  • 23.50.131.221
  • 23.50.131.196
  • 23.50.131.216
  • 23.50.131.205
  • 23.50.131.208
  • 72.247.153.178
  • 72.247.153.162
whitelisted
login.live.com
  • 20.190.160.65
  • 20.190.160.14
  • 40.126.32.76
  • 20.190.160.131
  • 40.126.32.140
  • 40.126.32.134
  • 40.126.32.136
  • 20.190.160.66
  • 20.190.160.132
  • 40.126.32.72
  • 20.190.160.130
  • 20.190.160.4
  • 20.190.160.64
  • 20.190.160.20
whitelisted
go.microsoft.com
  • 23.35.238.131
whitelisted
checkappexec.microsoft.com
  • 48.209.180.244
whitelisted
fs.microsoft.com
  • 23.199.214.10
whitelisted
self.events.data.microsoft.com
  • 104.208.16.90
whitelisted

Threats

PID
Process
Class
Message
Misc activity
ET INFO Microsoft Connection Test
Generic Protocol Command Decode
SURICATA HTTP Request unrecognized authorization method
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
parsec-vud-0.3.10.0.exe