File name:

parsec-windows.exe

Full analysis: https://app.any.run/tasks/25c21f37-0200-4ac3-9fcb-f4566bc3d732
Verdict: Malicious activity
Analysis date: July 14, 2025, 19:36:22
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

29CF7D405BAC0269413514B386083209

SHA1:

20BFFCCBB602B5EBF53BE6C9BA0A0DE484B22305

SHA256:

F0EDC12C9F612507371727AF54993BB052C6E52857B3B025ACBBD720D3EF724E

SSDEEP:

98304:E9QkWrhYycq4DJLyPsYLhOtx+WVCj5VWMkV17LrQQSrLhdtjB2MzxuPhzAPHZZLs:dmIUHJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • pservice.exe (PID: 4132)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 424)
      • parsecd.exe (PID: 1156)

    • Changes the autorun value in the registry

      • nefconw.exe (PID: 6128)
      • parsecd.exe (PID: 424)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Windows service management via SC.EXE

      • sc.exe (PID: 2320)
      • sc.exe (PID: 760)
      • sc.exe (PID: 7000)

    • Uses TASKKILL.EXE to kill process

      • parsec-windows.exe (PID: 1160)

    • There is functionality for taking screenshot (YARA)

      • parsec-windows.exe (PID: 1160)

    • Executable content was dropped or overwritten

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • nefconw.exe (PID: 1128)
      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 1512)
      • nefconw.exe (PID: 6128)
      • parsec-vdd.exe (PID: 6264)
      • nefconw.exe (PID: 2144)
      • drvinst.exe (PID: 7152)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 1156)

    • Stops a currently running service

      • sc.exe (PID: 2804)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • parsec-windows.exe (PID: 1160)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 6788)

    • Creates a new Windows service

      • sc.exe (PID: 1976)

    • Creates a software uninstall entry

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Executes as Windows Service

      • pservice.exe (PID: 4132)
      • WUDFHost.exe (PID: 1984)

    • Starts CMD.EXE for commands execution

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • parsec-windows.exe (PID: 1160)

    • Drops a system driver (possible attempt to evade defenses)

      • parsec-vud.exe (PID: 5824)
      • drvinst.exe (PID: 3028)
      • nefconw.exe (PID: 1128)
      • drvinst.exe (PID: 1512)
      • nefconw.exe (PID: 6128)

    • Executing commands from a ".bat" file

      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)

    • Creates files in the driver directory

      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 7152)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 768)
      • drvinst.exe (PID: 4084)
      • drvinst.exe (PID: 1208)
      • drvinst.exe (PID: 4084)

    • Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest

      • parsec-vdd.exe (PID: 6264)
      • wevtutil.exe (PID: 6400)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • wevtutil.exe (PID: 6340)
      • parsec-vdd.exe (PID: 6264)

    • Reads security settings of Internet Explorer

      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 424)

    • Application launched itself

      • parsecd.exe (PID: 1156)

    • Searches for installed software

      • parsecd.exe (PID: 1156)

  • INFO

    • Checks supported languages

      • parsec-windows.exe (PID: 1160)
      • pservice.exe (PID: 4132)
      • parsec-vud.exe (PID: 5824)
      • nefconc.exe (PID: 1132)
      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 768)
      • nefconw.exe (PID: 6128)
      • nefconw.exe (PID: 6656)
      • nefconw.exe (PID: 1128)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 4084)
      • parsec-vdd.exe (PID: 6264)
      • nefconw.exe (PID: 2716)
      • nefconw.exe (PID: 768)
      • drvinst.exe (PID: 1208)
      • drvinst.exe (PID: 7152)
      • nefconw.exe (PID: 2144)
      • drvinst.exe (PID: 4084)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 424)
      • parsecd.exe (PID: 1156)

    • Reads the computer name

      • parsec-windows.exe (PID: 1160)
      • pservice.exe (PID: 4132)
      • nefconw.exe (PID: 6656)
      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 768)
      • nefconw.exe (PID: 1128)
      • drvinst.exe (PID: 4084)
      • drvinst.exe (PID: 1512)
      • nefconw.exe (PID: 6128)
      • nefconw.exe (PID: 2716)
      • nefconw.exe (PID: 768)
      • drvinst.exe (PID: 1208)
      • nefconw.exe (PID: 2144)
      • drvinst.exe (PID: 4084)
      • drvinst.exe (PID: 7152)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 1156)
      • parsecd.exe (PID: 424)

    • The sample compiled with english language support

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)
      • nefconw.exe (PID: 2144)
      • drvinst.exe (PID: 7152)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 1156)

    • Create files in a temporary directory

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • nefconw.exe (PID: 1128)
      • nefconw.exe (PID: 6128)
      • parsec-vdd.exe (PID: 6264)
      • nefconw.exe (PID: 2144)

    • Creates files in the program directory

      • parsec-windows.exe (PID: 1160)
      • parsec-vud.exe (PID: 5824)
      • parsec-vdd.exe (PID: 6264)
      • parsecd.exe (PID: 1156)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 7152)
      • parsecd.exe (PID: 5824)
      • pservice.exe (PID: 4132)
      • parsecd.exe (PID: 424)
      • parsecd.exe (PID: 1156)

    • Reads the software policy settings

      • drvinst.exe (PID: 3028)
      • drvinst.exe (PID: 1512)
      • drvinst.exe (PID: 7152)
      • pservice.exe (PID: 4132)
      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 424)
      • parsecd.exe (PID: 1156)
      • slui.exe (PID: 6304)

    • Launching a file from a Registry key

      • nefconw.exe (PID: 6128)
      • parsecd.exe (PID: 424)

    • Reads the time zone

      • runonce.exe (PID: 2664)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 2664)

    • Creates files or folders in the user directory

      • parsecd.exe (PID: 5824)
      • parsecd.exe (PID: 1156)
      • parsecd.exe (PID: 424)

    • Checks proxy server information

      • slui.exe (PID: 6304)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x3552
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 150.99.0.0
ProductVersionNumber: 150.99.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Parsec
FileVersion: 150.99.0.0
ProductName: Parsec
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
206
Monitored processes
64
Malicious processes
11
Suspicious processes
3

Behavior graph

Click at the process to see the details
start parsec-windows.exe sc.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs pservice.exe no specs netsh.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs parsec-vud.exe cmd.exe no specs conhost.exe no specs nefconc.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs runonce.exe no specs grpconv.exe no specs drvinst.exe no specs cmd.exe no specs conhost.exe no specs parsec-vdd.exe wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs wudfhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs parsecd.exe parsecd.exe parsecd.exe slui.exe parsec-windows.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
424"C:\Program Files\Parsec\parsecd.exe" "" "SERVICE_LAUNCHED_V10" "LOADER_V13" "PARSEC_IPC_28822ad66ff8bd69"C:\Program Files\Parsec\parsecd.exe
parsecd.exe
User:
admin
Company:
Parsec
Integrity Level:
MEDIUM
Description:
Parsec
Version:
150.97c.0.0
Modules
Images
c:\program files\parsec\parsecd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
432cmd /c "C:\Program Files\Parsec\vusb\parsec-vud.exe" /SC:\Windows\SysWOW64\cmd.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
684\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
760"C:\WINDOWS\system32\sc.exe" delete ParsecC:\Windows\SysWOW64\sc.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
768DrvInst.exe "2" "201" "ROOT\USB\0000" "C:\WINDOWS\System32\DriverStore\FileRepository\parsecvusba.inf_amd64_4e0e9795c1e12fd4\parsecvusba.inf" "oem1.inf:*:*:0.3.10.0:Root\Parsec\VUSBA," "464910f03" "00000000000001E4"C:\Windows\System32\drvinst.exesvchost.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Driver Installation Module
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\drvinst.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\devrtl.dll
c:\windows\system32\drvstore.dll
768.\nefconw.exe --create-device-node --class-name Display --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318" --hardware-id Root\Parsec\VDAC:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\version.dll
1044"C:\Windows\System32\grpconv.exe" -oC:\Windows\System32\grpconv.exerunonce.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Progman Group Converter
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\grpconv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1128nefconw.exe --install-driver --inf-path ".\parsecvusba\parsecvusba.inf"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
1132"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconc.exe" --find-hwid --hardware-id VUSBAC:\Program Files\Parsec Virtual USB Adapter Driver\nefconc.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
1168
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
1132\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exewevtutil.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
26 561
Read events
26 430
Write events
114
Delete events
17

Modification events

(PID) Process:(1160) parsec-windows.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Parsec.App.0
Value:
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:Comments
Value:
Parsec
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Parsec\parsecd.exe
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayName
Value:
Parsec
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayVersion
Value:
150-99
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:EstimatedSize
Value:
8456
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:HelpLink
Value:
https://support.parsec.app
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:InstallLocation
Value:
C:\Program Files\Parsec
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoModify
Value:
1
(PID) Process:(1160) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoRepair
Value:
1
Executable files
38
Suspicious files
20
Text files
11
Unknown types
26

Dropped files

PID
Process
Filename
Type
1160parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsa69B7.tmp\nsDialogs.dllexecutable
MD5:B7D61F3F56ABF7B7FF0D4E7DA3AD783D
SHA256:89A82C4849C21DFE765052681E1FAD02D2D7B13C8B5075880C52423DCA72A912
1160parsec-windows.exeC:\Program Files\Parsec\skel\appdata.jsonbinary
MD5:022F42B9FA9FDE270DB9D6948CC60B8D
SHA256:CA99728189686AF7D378AF8C3C6CC24BF04FC4B3B4833E1BC8CC4B2D643A0CD3
1160parsec-windows.exeC:\Program Files\Parsec\pservice.exeexecutable
MD5:C0FDABE612162A5CEE54773EFFE66625
SHA256:CC62D22BF8A082621FA25FDEEE3150C17B09DBC09C9371E3DCDD6EC83967770C
5824parsec-vud.exeC:\Users\admin\AppData\Local\Temp\nsd7E58.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
5824parsec-vud.exeC:\Program Files\Parsec Virtual USB Adapter Driver\vusbuninstall.battext
MD5:8E8F18F9109FCC7B93B2770BE222FA53
SHA256:E5A72F8064DE9B266CED03C042DAEF6BA9682CF0BA66BF8236E30E6169E88F0E
1160parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsa69B7.tmp\ApplicationID.dllexecutable
MD5:A858C1A57E32485505B1977CF0A125BE
SHA256:1462A072345E86318B981089B08B613A34027DDF527BFB66606C683F218FC3B4
1160parsec-windows.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parsec\Parsec.lnklnk
MD5:EC12D7111B8AB2904666D2F96A1C7A14
SHA256:2E54AAFFFE9664E4FB4741888BBECF66622465C7302E17DE06CFAD0B639A5BE9
1160parsec-windows.exeC:\Program Files\Parsec\vdd\parsec-vdd.exeexecutable
MD5:4B9A3048286692A865187013B70F44E8
SHA256:E23332448FDAF5AA017CB308DB5EF6855FAC526A7DED05D80C039404126D5362
5824parsec-vud.exeC:\Users\admin\AppData\Local\Temp\nsd7E58.tmp\UserInfo.dllexecutable
MD5:F8B6DD1F9620BE4EF2AD1E81FB6B79FA
SHA256:A921CC9CC4AF332BE96186D60D2539CB413DFA44CFD73E85687F9338505FF85E
1160parsec-windows.exeC:\Program Files\Parsec\uninstall.exeexecutable
MD5:8B059DA814D19E8C80956A535E093F5F
SHA256:7645FC495FD854153EE6562899A20577CC8D683F36D72356CB736E21CA0A6645
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
99
DNS requests
28
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
23.216.77.36:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2288
svchost.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1156
parsecd.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
2668
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1156
parsecd.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAloEugzUPGt9OnVZ%2FPPgls%3D
unknown
whitelisted
1156
parsecd.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
2940
svchost.exe
GET
200
23.209.209.135:80
http://x1.c.lencr.org/
unknown
whitelisted
2668
SIHClient.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5944
MoUsoCoreWorker.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1268
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3588
RUXIMICS.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.216.77.36:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2288
svchost.exe
20.190.160.65:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2288
svchost.exe
2.17.190.73:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
3624
svchost.exe
95.100.186.9:443
go.microsoft.com
AKAMAI-AS
FR
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 20.73.194.208
whitelisted
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 23.216.77.36
  • 23.216.77.6
  • 23.216.77.20
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
login.live.com
  • 20.190.160.65
  • 40.126.32.138
  • 40.126.32.74
  • 20.190.160.64
  • 20.190.160.67
  • 20.190.160.20
  • 20.190.160.128
  • 40.126.32.134
whitelisted
ocsp.digicert.com
  • 2.17.190.73
whitelisted
go.microsoft.com
  • 95.100.186.9
whitelisted
builds.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
public.parsec.app
  • 104.18.1.181
  • 104.18.0.181
unknown
nexusrules.officeapps.live.com
  • 52.111.227.13
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
parsec-windows.exe