File name:

parsec-windows.exe

Full analysis: https://app.any.run/tasks/25c21f37-0200-4ac3-9fcb-f4566bc3d732
Verdict: Malicious activity
Analysis date: July 14, 2025, 19:36:22
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

29CF7D405BAC0269413514B386083209

SHA1:

20BFFCCBB602B5EBF53BE6C9BA0A0DE484B22305

SHA256:

F0EDC12C9F612507371727AF54993BB052C6E52857B3B025ACBBD720D3EF724E

SSDEEP:

98304:E9QkWrhYycq4DJLyPsYLhOtx+WVCj5VWMkV17LrQQSrLhdtjB2MzxuPhzAPHZZLs:dmIUHJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • pservice.exe (PID: 4132)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 424)
      • parsecd.exe (PID: 1156)

    • Changes the autorun value in the registry

      • nefconw.exe (PID: 6128)
      • parsecd.exe (PID: 424)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • The process creates files with name similar to system file names

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Uses TASKKILL.EXE to kill process

      • parsec-windows.exe (PID: 1160)

    • Windows service management via SC.EXE

      • sc.exe (PID: 2320)
      • sc.exe (PID: 760)
      • sc.exe (PID: 7000)

    • There is functionality for taking screenshot (YARA)

      • parsec-windows.exe (PID: 1160)

    • Stops a currently running service

      • sc.exe (PID: 2804)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • parsec-windows.exe (PID: 1160)

    • Executable content was dropped or overwritten

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • nefconw.exe (PID: 1128)
      • drvinst.exe (PID: 3028)
      • nefconw.exe (PID: 6128)
      • drvinst.exe (PID: 1512)
      • parsec-vdd.exe (PID: 6264)
      • nefconw.exe (PID: 2144)
      • drvinst.exe (PID: 7152)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 1156)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 6788)

    • Creates a software uninstall entry

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Creates a new Windows service

      • sc.exe (PID: 1976)

    • Executes as Windows Service

      • pservice.exe (PID: 4132)
      • WUDFHost.exe (PID: 1984)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • parsec-windows.exe (PID: 1160)

    • Starts CMD.EXE for commands execution

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Executing commands from a ".bat" file

      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Drops a system driver (possible attempt to evade defenses)

      • parsec-vud.exe (PID: 5824)
      • nefconw.exe (PID: 1128)
      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 1512)
      • nefconw.exe (PID: 6128)

    • Creates files in the driver directory

      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 7152)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 768)
      • drvinst.exe (PID: 4084)
      • drvinst.exe (PID: 1208)
      • drvinst.exe (PID: 4084)

    • Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest

      • parsec-vdd.exe (PID: 6264)
      • wevtutil.exe (PID: 6400)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • wevtutil.exe (PID: 6340)
      • parsec-vdd.exe (PID: 6264)

    • Application launched itself

      • parsecd.exe (PID: 1156)

    • Reads security settings of Internet Explorer

      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 424)

    • Searches for installed software

      • parsecd.exe (PID: 1156)

  • INFO

    • The sample compiled with english language support

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)
      • drvinst.exe (PID: 7152)
      • nefconw.exe (PID: 2144)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 1156)

    • Checks supported languages

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • nefconc.exe (PID: 1132)
      • pservice.exe (PID: 4132)
      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 768)
      • nefconw.exe (PID: 6128)
      • nefconw.exe (PID: 6656)
      • nefconw.exe (PID: 1128)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 4084)
      • drvinst.exe (PID: 1208)
      • nefconw.exe (PID: 2716)
      • nefconw.exe (PID: 768)
      • nefconw.exe (PID: 2144)
      • drvinst.exe (PID: 7152)
      • parsec-vdd.exe (PID: 6264)
      • drvinst.exe (PID: 4084)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 1156)
      • parsecd.exe (PID: 424)

    • Reads the computer name

      • parsec-windows.exe (PID: 1160)
      • pservice.exe (PID: 4132)
      • nefconw.exe (PID: 6656)
      • drvinst.exe (PID: 768)
      • drvinst.exe (PID: 3028)
      • nefconw.exe (PID: 6128)
      • nefconw.exe (PID: 1128)
      • drvinst.exe (PID: 1208)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 4084)
      • nefconw.exe (PID: 768)
      • nefconw.exe (PID: 2716)
      • nefconw.exe (PID: 2144)
      • drvinst.exe (PID: 4084)
      • drvinst.exe (PID: 7152)
      • parsecd.exe (PID: 1156)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 424)

    • Creates files in the program directory

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)
      • parsecd.exe (PID: 1156)

    • Create files in a temporary directory

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • nefconw.exe (PID: 6128)
      • nefconw.exe (PID: 1128)
      • parsec-vdd.exe (PID: 6264)
      • nefconw.exe (PID: 2144)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 7152)
      • parsecd.exe (PID: 424)
      • parsecd.exe (PID: 5824)
      • pservice.exe (PID: 4132)
      • parsecd.exe (PID: 1156)

    • Reads the software policy settings

      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 7152)
      • parsecd.exe (PID: 5824)
      • pservice.exe (PID: 4132)
      • parsecd.exe (PID: 1156)
      • slui.exe (PID: 6304)
      • parsecd.exe (PID: 424)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 2664)

    • Launching a file from a Registry key

      • nefconw.exe (PID: 6128)
      • parsecd.exe (PID: 424)

    • Reads the time zone

      • runonce.exe (PID: 2664)

    • Creates files or folders in the user directory

      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 1156)
      • parsecd.exe (PID: 424)

    • Checks proxy server information

      • slui.exe (PID: 6304)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x3552
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 150.99.0.0
ProductVersionNumber: 150.99.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Parsec
FileVersion: 150.99.0.0
ProductName: Parsec
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
64
Malicious processes
11
Suspicious processes
3

Behavior graph

Click at the process to see the details
start parsec-windows.exe sc.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs pservice.exe no specs netsh.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs parsec-vud.exe cmd.exe no specs conhost.exe no specs nefconc.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs runonce.exe no specs grpconv.exe no specs drvinst.exe no specs cmd.exe no specs conhost.exe no specs parsec-vdd.exe wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs wudfhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs parsecd.exe parsecd.exe parsecd.exe slui.exe parsec-windows.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
424"C:\Program Files\Parsec\parsecd.exe" "" "SERVICE_LAUNCHED_V10" "LOADER_V13" "PARSEC_IPC_28822ad66ff8bd69"C:\Program Files\Parsec\parsecd.exe
parsecd.exe
User:
admin
Company:
Parsec
Integrity Level:
MEDIUM
Description:
Parsec
Version:
150.97c.0.0
Modules
Images
c:\program files\parsec\parsecd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
432cmd /c "C:\Program Files\Parsec\vusb\parsec-vud.exe" /SC:\Windows\SysWOW64\cmd.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
684\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
760"C:\WINDOWS\system32\sc.exe" delete ParsecC:\Windows\SysWOW64\sc.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
768DrvInst.exe "2" "201" "ROOT\USB\0000" "C:\WINDOWS\System32\DriverStore\FileRepository\parsecvusba.inf_amd64_4e0e9795c1e12fd4\parsecvusba.inf" "oem1.inf:*:*:0.3.10.0:Root\Parsec\VUSBA," "464910f03" "00000000000001E4"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
768.\nefconw.exe --create-device-node --class-name Display --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318" --hardware-id Root\Parsec\VDAC:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\version.dll
1044"C:\Windows\System32\grpconv.exe" -oC:\Windows\System32\grpconv.exerunonce.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1128nefconw.exe --install-driver --inf-path ".\parsecvusba\parsecvusba.inf"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
1132"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconc.exe" --find-hwid --hardware-id VUSBAC:\Program Files\Parsec Virtual USB Adapter Driver\nefconc.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
1168
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
1132\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exewevtutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
26 561
Read events
26 430
Write events
114
Delete events
17

Modification events

(PID) Process:(1160) parsec-windows.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Parsec.App.0
Value:
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:Comments
Value:
Parsec
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Parsec\parsecd.exe
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayName
Value:
Parsec
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayVersion
Value:
150-99
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:EstimatedSize
Value:
8456
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:HelpLink
Value:
https://support.parsec.app
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:InstallLocation
Value:
C:\Program Files\Parsec
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoModify
Value:
1
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoRepair
Value:
1
Executable files
38
Suspicious files
20
Text files
11
Unknown types
26

Dropped files

PID
Process
Filename
Type
1160parsec-windows.exeC:\Program Files\Parsec\vusb\parsec-vud.exeexecutable
MD5:FA2814C8CFF38B2F4737085C70154B8F
SHA256:F8DB024B61C36E5D45CA5B485BF855DBFE1D0523333158E873D7DEB4D86EC0E4
1160parsec-windows.exeC:\Program Files\Parsec\skel\appdata.jsonbinary
MD5:022F42B9FA9FDE270DB9D6948CC60B8D
SHA256:CA99728189686AF7D378AF8C3C6CC24BF04FC4B3B4833E1BC8CC4B2D643A0CD3
1160parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsa69B7.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
1160parsec-windows.exeC:\Program Files\Parsec\teams.exeexecutable
MD5:FAA24223985ABFBF64E4DDCD43F062D3
SHA256:6DC71B2E92B770DCFECA4A32C8F1787210311F731F1124754DF193EC22D5D13E
1160parsec-windows.exeC:\Program Files\Parsec\vdd\parsec-vdd.exeexecutable
MD5:4B9A3048286692A865187013B70F44E8
SHA256:E23332448FDAF5AA017CB308DB5EF6855FAC526A7DED05D80C039404126D5362
1160parsec-windows.exeC:\Program Files\Parsec\skel\parsecd-150-99.dllexecutable
MD5:8AF23F146CF7F0CBC301E11981467642
SHA256:D1E1D111EFF2D7D3E60E5ED47D1919A43FE5A44E45F75D4A33F7A6CBC39A4AAC
5824parsec-vud.exeC:\Users\admin\AppData\Local\Temp\nsd7E58.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
1160parsec-windows.exeC:\Program Files\Parsec\uninstall.exeexecutable
MD5:8B059DA814D19E8C80956A535E093F5F
SHA256:7645FC495FD854153EE6562899A20577CC8D683F36D72356CB736E21CA0A6645
5824parsec-vud.exeC:\Users\admin\AppData\Local\Temp\nsd7E58.tmp\UserInfo.dllexecutable
MD5:F8B6DD1F9620BE4EF2AD1E81FB6B79FA
SHA256:A921CC9CC4AF332BE96186D60D2539CB413DFA44CFD73E85687F9338505FF85E
5824parsec-vud.exeC:\Program Files\Parsec Virtual USB Adapter Driver\nefconc.exeexecutable
MD5:DDDEE00430F7A3D52580B7C85D63D9DC
SHA256:002CBD46BBFAA2D9E04A578F7200711B5740BDA119166F111E2590D8B19D3E68
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
99
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.36:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1156
parsecd.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
2288
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1156
parsecd.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
1156
parsecd.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAloEugzUPGt9OnVZ%2FPPgls%3D
unknown
whitelisted
2940
svchost.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
2668
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2668
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3588
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.216.77.36:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2288
svchost.exe
20.190.160.65:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2288
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
3624
svchost.exe
95.100.186.9:443
go.microsoft.com
AKAMAI-AS
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 23.216.77.36
  • 23.216.77.6
  • 23.216.77.20
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
login.live.com
  • 20.190.160.65
  • 40.126.32.138
  • 40.126.32.74
  • 20.190.160.64
  • 20.190.160.67
  • 20.190.160.20
  • 20.190.160.128
  • 40.126.32.134
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
builds.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
public.parsec.app
  • 104.18.1.181
  • 104.18.0.181
unknown
nexusrules.officeapps.live.com
  • 52.111.227.13
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
parsec-windows.exe