File name:

parsec-windows.exe

Full analysis: https://app.any.run/tasks/8271f647-0a18-4650-99b4-f1cdad7599dc
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: June 02, 2025, 23:12:43
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
auto-reg
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

29CF7D405BAC0269413514B386083209

SHA1:

20BFFCCBB602B5EBF53BE6C9BA0A0DE484B22305

SHA256:

F0EDC12C9F612507371727AF54993BB052C6E52857B3B025ACBBD720D3EF724E

SSDEEP:

98304:E9QkWrhYycq4DJLyPsYLhOtx+WVCj5VWMkV17LrQQSrLhdtjB2MzxuPhzAPHZZLs:dmIUHJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • pservice.exe (PID: 6208)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 3008)

    • Changes the autorun value in the registry

      • nefconw.exe (PID: 236)
      • parsecd.exe (PID: 7916)

  • SUSPICIOUS

    • Stops a currently running service

      • sc.exe (PID: 1388)

    • Windows service management via SC.EXE

      • sc.exe (PID: 2432)
      • sc.exe (PID: 1812)
      • sc.exe (PID: 7576)

    • Uses TASKKILL.EXE to kill process

      • parsec-windows.exe (PID: 7152)

    • Uses NETSH.EXE to delete a firewall rule or allowed programs

      • parsec-windows.exe (PID: 7152)

    • Creates a new Windows service

      • sc.exe (PID: 8032)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 7512)

    • Creates a software uninstall entry

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • The process creates files with name similar to system file names

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • Executes as Windows Service

      • pservice.exe (PID: 6208)
      • WUDFHost.exe (PID: 6324)

    • Starts CMD.EXE for commands execution

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • parsec-windows.exe (PID: 7152)

    • Executable content was dropped or overwritten

      • parsec-vud.exe (PID: 7788)
      • nefconw.exe (PID: 7616)
      • drvinst.exe (PID: 7796)
      • nefconw.exe (PID: 236)
      • drvinst.exe (PID: 6240)
      • parsec-vdd.exe (PID: 1240)
      • parsec-windows.exe (PID: 7152)
      • nefconw.exe (PID: 7332)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • drvinst.exe (PID: 7012)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • parsec-vud.exe (PID: 7788)
      • parsec-windows.exe (PID: 7152)
      • parsec-vdd.exe (PID: 1240)

    • Drops a system driver (possible attempt to evade defenses)

      • parsec-vud.exe (PID: 7788)
      • drvinst.exe (PID: 7796)
      • nefconw.exe (PID: 7616)
      • nefconw.exe (PID: 236)
      • drvinst.exe (PID: 6240)

    • Executing commands from a ".bat" file

      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)

    • Creates files in the driver directory

      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 7012)

    • Creates or modifies Windows services

      • drvinst.exe (PID: 2332)
      • drvinst.exe (PID: 5548)
      • drvinst.exe (PID: 3872)
      • drvinst.exe (PID: 7196)

    • Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest

      • wevtutil.exe (PID: 2152)
      • parsec-vdd.exe (PID: 1240)

    • Uses WEVTUTIL.EXE to install publishers and event logs from the manifest

      • parsec-vdd.exe (PID: 1240)
      • wevtutil.exe (PID: 776)

    • There is functionality for taking screenshot (YARA)

      • parsec-windows.exe (PID: 7152)

    • Reads security settings of Internet Explorer

      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 7916)

    • Application launched itself

      • parsecd.exe (PID: 6712)

    • Searches for installed software

      • parsecd.exe (PID: 6712)

  • INFO

    • Checks supported languages

      • parsec-windows.exe (PID: 7152)
      • pservice.exe (PID: 6208)
      • parsec-vud.exe (PID: 7788)
      • nefconw.exe (PID: 616)
      • nefconc.exe (PID: 6436)
      • nefconw.exe (PID: 7616)
      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 2332)
      • nefconw.exe (PID: 236)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 5548)
      • parsec-vdd.exe (PID: 1240)
      • drvinst.exe (PID: 3872)
      • nefconw.exe (PID: 4980)
      • nefconw.exe (PID: 672)
      • nefconw.exe (PID: 7332)
      • drvinst.exe (PID: 7012)
      • drvinst.exe (PID: 7196)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 3008)

    • The sample compiled with english language support

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)
      • nefconw.exe (PID: 7332)
      • drvinst.exe (PID: 7012)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)

    • Creates files in the program directory

      • parsec-windows.exe (PID: 7152)
      • parsec-vud.exe (PID: 7788)
      • parsec-vdd.exe (PID: 1240)
      • parsecd.exe (PID: 6712)

    • Reads the computer name

      • pservice.exe (PID: 6208)
      • nefconw.exe (PID: 616)
      • nefconw.exe (PID: 7616)
      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 2332)
      • nefconw.exe (PID: 236)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 5548)
      • drvinst.exe (PID: 3872)
      • parsec-windows.exe (PID: 7152)
      • nefconw.exe (PID: 672)
      • nefconw.exe (PID: 7332)
      • nefconw.exe (PID: 4980)
      • drvinst.exe (PID: 7012)
      • drvinst.exe (PID: 7196)
      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)
      • parsecd.exe (PID: 3008)

    • Create files in a temporary directory

      • parsec-vud.exe (PID: 7788)
      • nefconw.exe (PID: 7616)
      • nefconw.exe (PID: 236)
      • parsec-vdd.exe (PID: 1240)
      • parsec-windows.exe (PID: 7152)
      • nefconw.exe (PID: 7332)

    • Reads the software policy settings

      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 7012)
      • parsecd.exe (PID: 4728)
      • pservice.exe (PID: 6208)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 6344)
      • slui.exe (PID: 7724)
      • parsecd.exe (PID: 3008)

    • Reads the machine GUID from the registry

      • drvinst.exe (PID: 7796)
      • drvinst.exe (PID: 6240)
      • drvinst.exe (PID: 7012)
      • parsecd.exe (PID: 4728)
      • pservice.exe (PID: 6208)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)
      • parsecd.exe (PID: 3008)
      • parsecd.exe (PID: 6344)

    • Launch of the file from Registry key

      • nefconw.exe (PID: 236)
      • parsecd.exe (PID: 7916)

    • Reads security settings of Internet Explorer

      • runonce.exe (PID: 7488)

    • Creates files or folders in the user directory

      • parsecd.exe (PID: 4728)
      • parsecd.exe (PID: 6712)
      • parsecd.exe (PID: 7916)

    • Manual execution by a user

      • grpconv.exe (PID: 5216)
      • parsecd.exe (PID: 6344)

    • Reads the time zone

      • runonce.exe (PID: 7488)

    • Checks proxy server information

      • slui.exe (PID: 7724)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:03:30 16:55:23+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 27136
InitializedDataSize: 184832
UninitializedDataSize: 2048
EntryPoint: 0x3552
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 150.99.0.0
ProductVersionNumber: 150.99.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Parsec
FileVersion: 150.99.0.0
ProductName: Parsec
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
193
Monitored processes
67
Malicious processes
11
Suspicious processes
5

Behavior graph

Click at the process to see the details
start parsec-windows.exe sc.exe no specs conhost.exe no specs taskkill.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs netsh.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs sc.exe no specs conhost.exe no specs pservice.exe no specs netsh.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs parsec-vud.exe cmd.exe no specs conhost.exe no specs nefconc.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs runonce.exe no specs grpconv.exe no specs drvinst.exe no specs cmd.exe no specs conhost.exe no specs parsec-vdd.exe wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs cmd.exe no specs conhost.exe no specs nefconw.exe no specs nefconw.exe no specs nefconw.exe drvinst.exe drvinst.exe no specs wudfhost.exe no specs wevtutil.exe no specs conhost.exe no specs wevtutil.exe no specs parsecd.exe parsecd.exe parsecd.exe grpconv.exe no specs parsecd.exe no specs parsecd.exe no specs slui.exe parsec-windows.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
236nefconw.exe --inf-default-install --inf-path ".\parsecvirtualds\parsecvirtualds.inf"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.exe
cmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
516"C:\WINDOWS\system32\netsh.exe" advfirewall firewall delete rule name=ParsecC:\Windows\SysWOW64\netsh.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Network Command Shell
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\netsh.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
616nefconw.exe --create-device-node --hardware-id Root\Parsec\VUSBA --class-name USB --class-guid "36fc9e60-c465-11cf-8056-444553540000"C:\Program Files\Parsec Virtual USB Adapter Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
0
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual usb adapter driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
672\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exenetsh.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
672.\nefconw.exe --remove-device-node --hardware-id Root\Parsec\VDA --class-guid "4D36E968-E325-11CE-BFC1-08002BE10318"C:\Program Files\Parsec Virtual Display Driver\nefconw.execmd.exe
User:
admin
Company:
Nefarius Software Solutions e.U.
Integrity Level:
HIGH
Description:
Nefarius' Device Console Utility
Exit code:
6
Version:
1.10.0.0
Modules
Images
c:\program files\parsec virtual display driver\nefconw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
776wevtutil im "C:\Program Files\Parsec Virtual Display Driver\mm.man"C:\Windows\SysWOW64\wevtutil.exeparsec-vdd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Eventing Command Line Utility
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\wevtutil.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcp_win.dll
1164C:\WINDOWS\system32\cmd.exe /c ""C:\Program Files\Parsec Virtual USB Adapter Driver\vusbinstall.bat""C:\Windows\System32\cmd.exeparsec-vud.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\cmdext.dll
1240"C:\Program Files\Parsec\vdd\parsec-vdd.exe" /SC:\Program Files\Parsec\vdd\parsec-vdd.exe
cmd.exe
User:
admin
Company:
Parsec Cloud Inc.
Integrity Level:
HIGH
Description:
Parsec Virtual Display Driver
Exit code:
0
Version:
0.45.0.0
Modules
Images
c:\program files\parsec\vdd\parsec-vdd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
1388"C:\WINDOWS\system32\sc.exe" stop ParsecC:\Windows\SysWOW64\sc.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
1812"C:\WINDOWS\system32\sc.exe" delete ParsecC:\Windows\SysWOW64\sc.exeparsec-windows.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Service Control Manager Configuration Tool
Exit code:
1060
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
35 370
Read events
35 239
Write events
114
Delete events
17

Modification events

(PID) Process:(7152) parsec-windows.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:Parsec.App.0
Value:
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:Comments
Value:
Parsec
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayIcon
Value:
C:\Program Files\Parsec\parsecd.exe
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayName
Value:
Parsec
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:DisplayVersion
Value:
150-99
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:EstimatedSize
Value:
8456
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:HelpLink
Value:
https://support.parsec.app
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:InstallLocation
Value:
C:\Program Files\Parsec
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoModify
Value:
1
(PID) Process:(7152) parsec-windows.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Parsec
Operation:writeName:NoRepair
Value:
1
Executable files
39
Suspicious files
38
Text files
6
Unknown types
0

Dropped files

PID
Process
Filename
Type
7152parsec-windows.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Parsec\Parsec.lnk
MD5:
SHA256:
7152parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsw11DB.tmp\System.dllexecutable
MD5:192639861E3DC2DC5C08BB8F8C7260D5
SHA256:23D618A0293C78CE00F7C6E6DD8B8923621DA7DD1F63A070163EF4C0EC3033D6
7152parsec-windows.exeC:\Program Files\Parsec\vusb\parsec-vud.exeexecutable
MD5:FA2814C8CFF38B2F4737085C70154B8F
SHA256:F8DB024B61C36E5D45CA5B485BF855DBFE1D0523333158E873D7DEB4D86EC0E4
7152parsec-windows.exeC:\Program Files\Parsec\pservice.exeexecutable
MD5:C0FDABE612162A5CEE54773EFFE66625
SHA256:CC62D22BF8A082621FA25FDEEE3150C17B09DBC09C9371E3DCDD6EC83967770C
7152parsec-windows.exeC:\Users\admin\AppData\Local\Temp\nsw11DB.tmp\nsDialogs.dllexecutable
MD5:B7D61F3F56ABF7B7FF0D4E7DA3AD783D
SHA256:89A82C4849C21DFE765052681E1FAD02D2D7B13C8B5075880C52423DCA72A912
7152parsec-windows.exeC:\Program Files\Parsec\parsecd.exeexecutable
MD5:3AD33F9CB1EFF184217E44C5970990E0
SHA256:38011E713B4BE8577576062754CAD03E9899859488932AE4C9C83E5FBB5CB7D2
7152parsec-windows.exeC:\Program Files\Parsec\skel\appdata.jsonbinary
MD5:022F42B9FA9FDE270DB9D6948CC60B8D
SHA256:CA99728189686AF7D378AF8C3C6CC24BF04FC4B3B4833E1BC8CC4B2D643A0CD3
7152parsec-windows.exeC:\Program Files\Parsec\teams.exeexecutable
MD5:FAA24223985ABFBF64E4DDCD43F062D3
SHA256:6DC71B2E92B770DCFECA4A32C8F1787210311F731F1124754DF193EC22D5D13E
7616nefconw.exeC:\Windows\INF\setupapi.dev.log
MD5:
SHA256:
7788parsec-vud.exeC:\Users\admin\AppData\Local\Temp\nsj2312.tmp\UserInfo.dllexecutable
MD5:F8B6DD1F9620BE4EF2AD1E81FB6B79FA
SHA256:A921CC9CC4AF332BE96186D60D2539CB413DFA44CFD73E85687F9338505FF85E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
16
TCP/UDP connections
31
DNS requests
8
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
104.18.1.181:443
https://builds.parsec.app/channel/release/service/windows/hash
unknown
1056
RUXIMICS.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
104.18.1.181:443
https://builds.parsec.app/channel/release/appdata/windows/latest
unknown
1056
RUXIMICS.exe
GET
200
23.216.77.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
404
104.18.0.181:443
https://public.parsec.app/data/notifications/downtime_2.json
unknown
text
9 b
GET
200
104.18.0.181:443
https://builds.parsec.app/channel/release/loader/windows/hash
unknown
text
64 b
GET
200
104.18.1.181:443
https://builds.parsec.app/channel/release-skel/appdata/windows/latest
unknown
GET
200
104.18.0.181:443
https://builds.parsec.app/channel/release-skel/binary/windows/gz/parsecd-150-94a.dll
unknown
executable
3.34 Mb
GET
200
104.18.0.181:443
https://public.parsec.app/data/notifications/maintenance.json
unknown
binary
18 b
GET
200
104.18.1.181:443
https://builds.parsec.app/data/versions.json
unknown
binary
257 b
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
1056
RUXIMICS.exe
51.124.78.146:443
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
1056
RUXIMICS.exe
23.216.77.42:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1056
RUXIMICS.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
6712
parsecd.exe
104.18.0.181:443
builds.parsec.app
CLOUDFLARENET
suspicious
6712
parsecd.exe
239.255.255.250:1900
whitelisted
7916
parsecd.exe
239.255.255.250:1900
whitelisted
7916
parsecd.exe
104.18.0.181:443
builds.parsec.app
CLOUDFLARENET
suspicious

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.174
whitelisted
crl.microsoft.com
  • 23.216.77.42
  • 23.216.77.28
  • 23.216.77.20
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
builds.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
public.parsec.app
  • 104.18.0.181
  • 104.18.1.181
unknown
ocsp.digicert.com
  • 2.23.77.188
whitelisted
activation-v2.sls.microsoft.com
  • 20.83.72.98
whitelisted
self.events.data.microsoft.com
  • 52.178.17.233
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
parsec-windows.exe