File name:

parsec-windows.exe

Full analysis: https://app.any.run/tasks/4e5ea0ba-b1a6-4022-a770-6ac0e46e54bd
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: July 04, 2025, 17:11:48
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

29CF7D405BAC0269413514B386083209

SHA1:

20BFFCCBB602B5EBF53BE6C9BA0A0DE484B22305

SHA256:

F0EDC12C9F612507371727AF54993BB052C6E52857B3B025ACBBD720D3EF724E

SSDEEP:

98304:E9QkWrhYycq4DJLyPsYLhOtx+WVCj5VWMkV17LrQQSrLhdtjB2MzxuPhzAPHZZLs:dmIUHJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • pservice.exe (PID: 1564)
      • parsecd.exe (PID: 1180)
      • parsecd.exe (PID: 4156)
      • parsecd.exe (PID: 4984)
      • parsecd.exe (PID: 5952)
      • parsecd.exe (PID: 1156)

    • Changes the autorun value in the registry

      • nefconw.exe (PID: 3948)
      • parsecd.exe (PID: 5952)

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-windows.exe (PID: 4192)
      • parsec-vud.exe (PID: 7060)
      • parsec-vdd.exe (PID: 4880)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • parsec-windows.exe (PID: 4192)

    • Executes as Windows Service

      • pservice.exe (PID: 1564)
      • WUDFHost.exe (PID: 2464)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 5552)

    • Creates a software uninstall entry

      • parsec-windows.exe (PID: 4192)
      • parsec-vud.exe (PID: 7060)
      • parsec-vdd.exe (PID: 4880)

    • Creates a new Windows service

      • sc.exe (PID: 6240)

    • Windows service management via SC.EXE

      • sc.exe (PID: 3820)
      • sc.exe (PID: 4984)
      • sc.exe (PID: 1520)

    • The process creates files with name similar to system file names

      • parsec-windows.exe (PID: 4192)
      • parsec-vud.exe (PID: 7060)
      • parsec-vdd.exe (PID: 4880)

    • Executable content was dropped or overwritten

      • parsec-windows.exe (PID: 4192)
      • parsec-vud.exe (PID: 7060)
      • nefconw.exe (PID: 1132)
      • drvinst.exe (PID: 2180)
      • nefconw.exe (PID: 3948)
      • drvinst.exe (PID: 5780)
      • parsec-vdd.exe (PID: 4880)
      • nefconw.exe (PID: 684)
      • drvinst.exe (PID: 6724)
      • parsecd.exe (PID: 1180)
      • parsecd.exe (PID: 4156)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • parsec-windows.exe (PID: 4192)

    • Starts CMD.EXE for commands execution

      • parsec-windows.exe (PID: 4192)
      • parsec-vud.exe (PID: 7060)
      • parsec-vdd.exe (PID: 4880)

    • Drops a system driver (possible attempt to evade defenses)

      • parsec-vud.exe (PID: 7060)
      • nefconw.exe (PID: 1132)
      • drvinst.exe (PID: 2180)
      • nefconw.exe (PID: 3948)
      • drvinst.exe (PID: 5780)

    • Executing commands from a ".bat" file

      • parsec-vud.exe (PID: 7060)
      • parsec-vdd.exe (PID: 4880)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 3788)
      • drvinst.exe (PID: 6376)
      • drvinst.exe (PID: 4500)
      • drvinst.exe (PID: 3620)

    • Creates files in the driver directory

      • drvinst.exe (PID: 5780)
      • drvinst.exe (PID: 2180)
      • drvinst.exe (PID: 6724)

    • There is functionality for taking screenshot (YARA)

      • parsec-windows.exe (PID: 4192)

    • Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest

      • parsec-vdd.exe (PID: 4880)
      • wevtutil.exe (PID: 6732)

    • Stops a currently running service

      • sc.exe (PID: 4800)

    • Uses TASKKILL.EXE to kill process

      • parsec-windows.exe (PID: 4192)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • parsec-vdd.exe (PID: 4880)
      • wevtutil.exe (PID: 1984)

    • Reads security settings of Internet Explorer

      • parsecd.exe (PID: 1180)
      • parsecd.exe (PID: 5952)
      • parsecd.exe (PID: 4984)

    • Application launched itself

      • parsecd.exe (PID: 4156)

  • INFO

    • Reads the computer name

      • parsec-windows.exe (PID: 4192)
      • pservice.exe (PID: 1564)
      • nefconw.exe (PID: 6424)
      • nefconw.exe (PID: 1132)
      • drvinst.exe (PID: 2180)
      • drvinst.exe (PID: 3788)
      • nefconw.exe (PID: 3948)
      • drvinst.exe (PID: 6376)
      • drvinst.exe (PID: 5780)
      • drvinst.exe (PID: 4500)
      • nefconw.exe (PID: 4820)
      • nefconw.exe (PID: 620)
      • nefconw.exe (PID: 684)
      • drvinst.exe (PID: 3620)
      • parsecd.exe (PID: 4156)
      • drvinst.exe (PID: 6724)
      • parsecd.exe (PID: 1180)
      • parsecd.exe (PID: 5952)
      • parsecd.exe (PID: 1156)
      • parsecd.exe (PID: 4984)

    • The sample compiled with english language support

      • parsec-windows.exe (PID: 4192)
      • parsec-vud.exe (PID: 7060)
      • parsec-vdd.exe (PID: 4880)
      • nefconw.exe (PID: 684)
      • drvinst.exe (PID: 6724)
      • parsecd.exe (PID: 1180)
      • parsecd.exe (PID: 4156)

    • Checks supported languages

      • parsec-windows.exe (PID: 4192)
      • pservice.exe (PID: 1564)
      • parsec-vud.exe (PID: 7060)
      • nefconc.exe (PID: 5372)
      • nefconw.exe (PID: 1132)
      • nefconw.exe (PID: 6424)
      • drvinst.exe (PID: 2180)
      • drvinst.exe (PID: 3788)
      • nefconw.exe (PID: 3948)
      • drvinst.exe (PID: 5780)
      • drvinst.exe (PID: 6376)
      • parsec-vdd.exe (PID: 4880)
      • drvinst.exe (PID: 4500)
      • nefconw.exe (PID: 4820)
      • nefconw.exe (PID: 684)
      • drvinst.exe (PID: 6724)
      • nefconw.exe (PID: 620)
      • drvinst.exe (PID: 3620)
      • parsecd.exe (PID: 1180)
      • parsecd.exe (PID: 4156)
      • parsecd.exe (PID: 4984)
      • parsecd.exe (PID: 5952)
      • parsecd.exe (PID: 1156)

    • Creates files in the program directory

      • parsec-vud.exe (PID: 7060)
      • parsec-vdd.exe (PID: 4880)
      • parsec-windows.exe (PID: 4192)
      • parsecd.exe (PID: 4156)

    • Create files in a temporary directory

      • parsec-vud.exe (PID: 7060)
      • nefconw.exe (PID: 1132)
      • nefconw.exe (PID: 3948)
      • parsec-vdd.exe (PID: 4880)
      • nefconw.exe (PID: 684)
      • parsec-windows.exe (PID: 4192)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 2180)
      • drvinst.exe (PID: 5780)
      • drvinst.exe (PID: 6724)
      • parsecd.exe (PID: 4156)
      • parsecd.exe (PID: 1180)
      • pservice.exe (PID: 1564)
      • parsecd.exe (PID: 5952)
      • parsecd.exe (PID: 4984)
      • parsecd.exe (PID: 1156)

    • Reads the software policy settings

      • drvinst.exe (PID: 2180)
      • drvinst.exe (PID: 5780)
      • drvinst.exe (PID: 6724)
      • parsecd.exe (PID: 4156)
      • parsecd.exe (PID: 1180)
      • pservice.exe (PID: 1564)
      • parsecd.exe (PID: 5952)
      • parsecd.exe (PID: 1156)
      • slui.exe (PID: 7092)
      • parsecd.exe (PID: 4984)

    • Launching a file from a Registry key

      • nefconw.exe (PID: 3948)
      • parsecd.exe (PID: 5952)

    • Reads the time zone

      • runonce.exe (PID: 3100)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 3100)

    • Creates files or folders in the user directory

      • parsecd.exe (PID: 1180)
      • parsecd.exe (PID: 4156)
      • parsecd.exe (PID: 5952)

    • Manual execution by a user

      • grpconv.exe (PID: 2532)
      • parsecd.exe (PID: 4984)

    • Checks proxy server information

      • slui.exe (PID: 7092)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x3552
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 150.99.0.0
ProductVersionNumber: 150.99.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Parsec
FileVersion: 150.99.0.0
ProductName: Parsec
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
204
Monitored processes
67
Malicious processes
10
Suspicious processes
5

Behavior graph

Click at the process to see the details
start parsec-windows.exe sc.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs pservice.exe no specs netsh.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs parsec-vud.exe cmd.exe no specs conhost.exe no specs nefconc.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs runonce.exe no specs grpconv.exe no specs drvinst.exe no specs cmd.exe no specs conhost.exe no specs parsec-vdd.exe wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs wudfhost.exe no specs grpconv.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs parsecd.exe parsecd.exe parsecd.exe parsecd.exe no specs parsecd.exe no specs slui.exe parsec-windows.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
320\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
620\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
620.\nefconw.exe --create-device-node --class-name Display --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318" --hardware-id Root\Parsec\VDAC:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
684.\nefconw.exe --install-driver --inf-path ".\driver\mm.inf"C:\Program Files\Parsec Virtual Display Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
864"C:\WINDOWS\system32\netsh.exe" advfirewall firewall delete rule name=parsecd.exeC:\Windows\SysWOW64\netsh.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1132nefconw.exe --install-driver --inf-path ".\parsecvusba\parsecvusba.inf"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\version.dll
c:\windows\system32\cfgmgr32.dll
1156"C:\Program Files\Parsec\parsecd.exe" app_silent=1 SERVICE_LAUNCHED_V10C:\Program Files\Parsec\parsecd.exepservice.exe
User:
SYSTEM
Company:
Parsec
Integrity Level:
SYSTEM
Description:
Parsec
Exit code:
0
Version:
150.97c.0.0
Modules
Images
c:\program files\parsec\parsecd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
1180C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\Parsec Virtual USB Adapter Driver\vusbinstall.bat""C:\Windows\System32\cmd.exeparsec-vud.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
1180"C:\Program Files\Parsec\parsecd.exe"C:\Program Files\Parsec\parsecd.exe
parsec-windows.exe
User:
admin
Company:
Parsec
Integrity Level:
HIGH
Description:
Parsec
Exit code:
0
Version:
150.97c.0.0
Modules
Images
c:\program files\parsec\parsecd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
1520"C:\WINDOWS\system32\sc.exe" delete ParsecC:\Windows\SysWOW64\sc.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
35 616
Read events
35 485
Write events
114
Delete events
17

Modification events

(PID) Process:(4192) parsec-windows.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Parsec.App.0
Value:
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:Comments
Value:
Parsec
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Parsec\parsecd.exe
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayName
Value:
Parsec
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayVersion
Value:
150-99
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:EstimatedSize
Value:
8456
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:HelpLink
Value:
https://support.parsec.app
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:InstallLocation
Value:
C:\Program Files\Parsec
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoModify
Value:
1
(PID) Process:(4192) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoRepair
Value:
1
Executable files
40
Suspicious files
45
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
4192parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsq6A15.tmp\System.dllexecutable
MD5:192639861E3DC2DC5C08BB8F8C7260D5
SHA256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
4192parsec-windows.exeC:\Program Files\Parsec\vusb\parsec-vud.exeexecutable
MD5:FA2814C8CFF38B2F4737085C70154B8F
SHA256:F8DB024B61C36E5D45CA5B485BF855DBFE1D0523333158E873D7DEB4D86EC0E4
4192parsec-windows.exeC:\Program Files\Parsec\vdd\parsec-vdd.exeexecutable
MD5:4B9A3048286692A865187013B70F44E8
SHA256:E23332448FDAF5AA017CB308DB5EF6855FAC526A7DED05D80C039404126D5362
4192parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsq6A15.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
7060parsec-vud.exeC:\Users\admin\AppData\Local\Temp\nsx7A42.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
4192parsec-windows.exeC:\Program Files\Parsec\teams.exeexecutable
MD5:FAA24223985ABFBF64E4DDCD43F062D3
SHA256:6DC71B2E92B770DCFECA4A32C8F1787210311F731F1124754DF193EC22D5D13E
4192parsec-windows.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parsec\Parsec.lnkbinary
MD5:B3399F10B2E7AF95761ABAEABCED22F3
SHA256:7D7ED6DF84733CF15C412392BBE1A74CCA48EAD69DE0C23AB10C0D2A7F6FA5B7
4192parsec-windows.exeC:\Program Files\Parsec\skel\appdata.jsonbinary
MD5:022F42B9FA9FDE270DB9D6948CC60B8D
SHA256:CA99728189686AF7D378AF8C3C6CC24BF04FC4B3B4833E1BC8CC4B2D643A0CD3
4192parsec-windows.exeC:\Program Files\Parsec\pservice.exeexecutable
MD5:C0FDABE612162A5CEE54773EFFE66625
SHA256:CC62D22BF8A082621FA25FDEEE3150C17B09DBC09C9371E3DCDD6EC83967770C
4192parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsq6A15.tmp\ApplicationID.dllexecutable
MD5:A858C1A57E32485505B1977CF0A125BE
SHA256:1462A072345E86318B981089B08B613A34027DDF527BFB66606C683F218FC3B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
25
DNS requests
10
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1268
svchost.exe
GET
200
2.16.168.114:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
104.18.0.181:443
https://builds.parsec.app/channel/release/appdata/windows/latest
unknown
GET
200
104.18.1.181:443
https://builds.parsec.app/channel/release/loader/windows/hash
unknown
GET
404
104.18.1.181:443
https://public.parsec.app/data/notifications/downtime_2.json
unknown
text
9 b
GET
200
104.18.0.181:443
https://builds.parsec.app/channel/release/service/windows/hash
unknown
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
104.18.1.181:443
https://public.parsec.app/data/notifications/maintenance.json
unknown
binary
18 b
GET
200
104.18.0.181:443
https://builds.parsec.app/data/versions.json
unknown
binary
257 b
GET
200
104.18.1.181:443
https://builds.parsec.app/channel/release-skel/binary/windows/gz/parsecd-150-94a.dll
unknown
executable
3.34 Mb
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
5944
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
1268
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6256
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
2.16.168.114:80
crl.microsoft.com
Akamai International B.V.
RU
whitelisted
1268
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
5944
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
1268
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4156
parsecd.exe
104.18.1.181:443
builds.parsec.app
CLOUDFLARENET
suspicious

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.110
whitelisted
crl.microsoft.com
  • 2.16.168.114
  • 2.16.168.124
whitelisted
www.microsoft.com
  • 2.23.246.101
whitelisted
builds.parsec.app
  • 104.18.1.181
  • 104.18.0.181
unknown
public.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
ocsp.digicert.com
  • 2.23.77.188
whitelisted
activation-v2.sls.microsoft.com
  • 40.91.76.224
whitelisted
self.events.data.microsoft.com
  • 20.189.173.5
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
parsec-windows.exe