File name:

parsec-windows.exe

Full analysis: https://app.any.run/tasks/8271f647-0a18-4650-99b4-f1cdad7599dc
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 02, 2025, 23:12:43
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

29CF7D405BAC0269413514B386083209

SHA1:

20BFFCCBB602B5EBF53BE6C9BA0A0DE484B22305

SHA256:

F0EDC12C9F612507371727AF54993BB052C6E52857B3B025ACBBD720D3EF724E

SSDEEP:

98304:E9QkWrhYycq4DJLyPsYLhOtx+WVCj5VWMkV17LrQQSrLhdtjB2MzxuPhzAPHZZLs:dmIUHJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • pservice.exe (PID: 6208)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 3008)

    • Changes the autorun value in the registry

      • nefconw.exe (PID: 236)
      • parsecd.exe (PID: 7916)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • nefconw.exe (PID: 7616)
      • drvinst.exe (PID: 7796)
      • nefconw.exe (PID: 236)
      • drvinst.exe (PID: 6240)
      • parsec-vdd.exe (PID: 1240)
      • nefconw.exe (PID: 7332)
      • drvinst.exe (PID: 7012)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)

    • The process creates files with name similar to system file names

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • Windows service management via SC.EXE

      • sc.exe (PID: 2432)
      • sc.exe (PID: 1812)
      • sc.exe (PID: 7576)

    • Uses TASKKILL.EXE to kill process

      • parsec-windows.exe (PID: 7152)

    • Stops a currently running service

      • sc.exe (PID: 1388)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • parsec-windows.exe (PID: 7152)

    • Creates a software uninstall entry

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • Creates a new Windows service

      • sc.exe (PID: 8032)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 7512)

    • Executes as Windows Service

      • pservice.exe (PID: 6208)
      • WUDFHost.exe (PID: 6324)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • parsec-windows.exe (PID: 7152)

    • Starts CMD.EXE for commands execution

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • Drops a system driver (possible attempt to evade defenses)

      • parsec-vud.exe (PID: 7788)
      • drvinst.exe (PID: 7796)
      • nefconw.exe (PID: 7616)
      • nefconw.exe (PID: 236)
      • drvinst.exe (PID: 6240)

    • Executing commands from a ".bat" file

      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • Creates files in the driver directory

      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 7012)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 2332)
      • drvinst.exe (PID: 5548)
      • drvinst.exe (PID: 3872)
      • drvinst.exe (PID: 7196)

    • Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest

      • parsec-vdd.exe (PID: 1240)
      • wevtutil.exe (PID: 2152)

    • Reads security settings of Internet Explorer

      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)

    • There is functionality for taking screenshot (YARA)

      • parsec-windows.exe (PID: 7152)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • parsec-vdd.exe (PID: 1240)
      • wevtutil.exe (PID: 776)

    • Application launched itself

      • parsecd.exe (PID: 6712)

    • Searches for installed software

      • parsecd.exe (PID: 6712)

  • INFO

    • Reads the computer name

      • parsec-windows.exe (PID: 7152)
      • pservice.exe (PID: 6208)
      • nefconw.exe (PID: 616)
      • nefconw.exe (PID: 7616)
      • nefconw.exe (PID: 236)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 5548)
      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 2332)
      • drvinst.exe (PID: 3872)
      • nefconw.exe (PID: 4980)
      • nefconw.exe (PID: 7332)
      • nefconw.exe (PID: 672)
      • drvinst.exe (PID: 7012)
      • drvinst.exe (PID: 7196)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 3008)

    • Checks supported languages

      • parsec-windows.exe (PID: 7152)
      • pservice.exe (PID: 6208)
      • parsec-vud.exe (PID: 7788)
      • nefconc.exe (PID: 6436)
      • nefconw.exe (PID: 7616)
      • drvinst.exe (PID: 7796)
      • nefconw.exe (PID: 616)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 5548)
      • drvinst.exe (PID: 2332)
      • nefconw.exe (PID: 236)
      • drvinst.exe (PID: 3872)
      • parsec-vdd.exe (PID: 1240)
      • nefconw.exe (PID: 4980)
      • drvinst.exe (PID: 7012)
      • nefconw.exe (PID: 672)
      • nefconw.exe (PID: 7332)
      • drvinst.exe (PID: 7196)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 3008)

    • The sample compiled with english language support

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)
      • drvinst.exe (PID: 7012)
      • nefconw.exe (PID: 7332)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)

    • Creates files in the program directory

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)
      • parsecd.exe (PID: 6712)

    • Create files in a temporary directory

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • nefconw.exe (PID: 7616)
      • nefconw.exe (PID: 236)
      • parsec-vdd.exe (PID: 1240)
      • nefconw.exe (PID: 7332)

    • Reads the software policy settings

      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 7012)
      • pservice.exe (PID: 6208)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 3008)
      • slui.exe (PID: 7724)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 7012)
      • pservice.exe (PID: 6208)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 3008)

    • Launch of the file from Registry key

      • nefconw.exe (PID: 236)
      • parsecd.exe (PID: 7916)

    • Reads the time zone

      • runonce.exe (PID: 7488)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 7488)

    • Creates files or folders in the user directory

      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)

    • Manual execution by a user

      • grpconv.exe (PID: 5216)
      • parsecd.exe (PID: 6344)

    • Checks proxy server information

      • slui.exe (PID: 7724)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x3552
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 150.99.0.0
ProductVersionNumber: 150.99.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Parsec
FileVersion: 150.99.0.0
ProductName: Parsec
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
67
Malicious processes
11
Suspicious processes
5

Behavior graph

Click at the process to see the details
start parsec-windows.exe sc.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs pservice.exe no specs netsh.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs parsec-vud.exe cmd.exe no specs conhost.exe no specs nefconc.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs runonce.exe no specs grpconv.exe no specs drvinst.exe no specs cmd.exe no specs conhost.exe no specs parsec-vdd.exe wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs wudfhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs parsecd.exe parsecd.exe parsecd.exe grpconv.exe no specs parsecd.exe no specs parsecd.exe no specs slui.exe parsec-windows.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236nefconw.exe --inf-default-install --inf-path ".\parsecvirtualds\parsecvirtualds.inf"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
516"C:\WINDOWS\system32\netsh.exe" advfirewall firewall delete rule name=ParsecC:\Windows\SysWOW64\netsh.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
616nefconw.exe --create-device-node --hardware-id Root\Parsec\VUSBA --class-name USB --class-guid "36fc9e60-c465-11cf-8056-444553540000"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
672\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
672.\nefconw.exe --remove-device-node --hardware-id Root\Parsec\VDA --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318"C:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
6
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
776wevtutil im "C:\Program Files\Parsec Virtual Display Driver\mm.man"C:\Windows\SysWOW64\wevtutil.exeparsec-vdd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Eventing Command Line Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcp_win.dll
1164C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\Parsec Virtual USB Adapter Driver\vusbinstall.bat""C:\Windows\System32\cmd.exeparsec-vud.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
1240"C:\Program Files\Parsec\vdd\parsec-vdd.exe" /SC:\Program Files\Parsec\vdd\parsec-vdd.exe
cmd.exe
User:
admin
Company:
Parsec Cloud Inc.
Integrity Level:
HIGH
Description:
Parsec Virtual Display Driver
Exit code:
0
Version:
0.45.0.0
Modules
Images
c:\program files\parsec\vdd\parsec-vdd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1388"C:\WINDOWS\system32\sc.exe" stop ParsecC:\Windows\SysWOW64\sc.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1812"C:\WINDOWS\system32\sc.exe" delete ParsecC:\Windows\SysWOW64\sc.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
35 370
Read events
35 239
Write events
114
Delete events
17

Modification events

(PID) Process:(7152) parsec-windows.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Parsec.App.0
Value:
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:Comments
Value:
Parsec
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Parsec\parsecd.exe
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayName
Value:
Parsec
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayVersion
Value:
150-99
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:EstimatedSize
Value:
8456
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:HelpLink
Value:
https://support.parsec.app
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:InstallLocation
Value:
C:\Program Files\Parsec
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoModify
Value:
1
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoRepair
Value:
1
Executable files
39
Suspicious files
38
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
7152parsec-windows.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parsec\Parsec.lnk
MD5:
SHA256:
7152parsec-windows.exeC:\Program Files\Parsec\vusb\parsec-vud.exeexecutable
MD5:FA2814C8CFF38B2F4737085C70154B8F
SHA256:F8DB024B61C36E5D45CA5B485BF855DBFE1D0523333158E873D7DEB4D86EC0E4
7152parsec-windows.exeC:\Program Files\Parsec\uninstall.exeexecutable
MD5:8B059DA814D19E8C80956A535E093F5F
SHA256:7645FC495FD854153EE6562899A20577CC8D683F36D72356CB736E21CA0A6645
7152parsec-windows.exeC:\Program Files\Parsec\teams.exeexecutable
MD5:FAA24223985ABFBF64E4DDCD43F062D3
SHA256:6DC71B2E92B770DCFECA4A32C8F1787210311F731F1124754DF193EC22D5D13E
7152parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsw11DB.tmp\System.dllexecutable
MD5:192639861E3DC2DC5C08BB8F8C7260D5
SHA256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
7788parsec-vud.exeC:\Users\admin\AppData\Local\Temp\nsj2312.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
7152parsec-windows.exeC:\Program Files\Parsec\skel\parsecd-150-99.dllexecutable
MD5:8AF23F146CF7F0CBC301E11981467642
SHA256:D1E1D111EFF2D7D3E60E5ED47D1919A43FE5A44E45F75D4A33F7A6CBC39A4AAC
7152parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsw11DB.tmp\nsExec.dllexecutable
MD5:11092C1D3FBB449A60695C44F9F3D183
SHA256:2CD3A2D4053954DB1196E2526545C36DFC138C6DE9B81F6264632F3132843C77
7616nefconw.exeC:\Windows\INF\setupapi.dev.log
MD5:
SHA256:
7152parsec-windows.exeC:\Program Files\Parsec\pservice.exeexecutable
MD5:C0FDABE612162A5CEE54773EFFE66625
SHA256:CC62D22BF8A082621FA25FDEEE3150C17B09DBC09C9371E3DCDD6EC83967770C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
31
DNS requests
8
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1056
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1056
RUXIMICS.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
104.18.1.181:443
https://builds.parsec.app/channel/release/appdata/windows/latest
unknown
unknown
GET
200
104.18.0.181:443
https://builds.parsec.app/channel/release-skel/binary/windows/gz/parsecd-150-94a.dll
unknown
executable
3.34 Mb
unknown
6712
parsecd.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
GET
200
104.18.0.181:443
https://public.parsec.app/data/notifications/maintenance.json
unknown
binary
18 b
unknown
GET
200
104.18.1.181:443
https://builds.parsec.app/data/versions.json
unknown
binary
257 b
unknown
6712
parsecd.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6712
parsecd.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAloEugzUPGt9OnVZ%2FPPgls%3D
unknown
whitelisted
GET
200
104.18.0.181:443
https://builds.parsec.app/channel/release/appdata/windows/latest
unknown
binary
154 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1056
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1056
RUXIMICS.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1056
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
6712
parsecd.exe
104.18.0.181:443
builds.parsec.app
CLOUDFLARENET
suspicious
6712
parsecd.exe
239.255.255.250:1900
whitelisted
7916
parsecd.exe
239.255.255.250:1900
whitelisted
7916
parsecd.exe
104.18.0.181:443
builds.parsec.app
CLOUDFLARENET
suspicious

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.28
  • 23.216.77.20
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
builds.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
public.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
ocsp.digicert.com
  • 2.23.77.188
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
self.events.data.microsoft.com
  • 52.178.17.233
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
parsec-windows.exe