File name:

MET_DC1_FS03v_2025-04-24_12_59_52.501.zip

Full analysis: https://app.any.run/tasks/9852146d-967d-404b-a6ad-c2ccc1dbb1c2
Verdict: Malicious activity
Analysis date: April 24, 2025, 13:10:00
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
obfuscated-js
Indicators:
MIME: application/zip
File info: Zip archive data, at least v4.5 to extract, compression method=deflate
MD5:

F32D25149C07708AEE590E8482CDB96F

SHA1:

91D979604F4289D04AA0FBBEAD98E261C0407707

SHA256:

9379D35EAB1D2E40C3546BD63481D22128B5AB0CA94D601ED4F9F7C231ACAC06

SSDEEP:

49152:YyZKabTxepKvPIinK0OlZMzjdKURQYHZXKuMUKQXIHwhb+KqBdFak/uR1007Xzax:ng4BPIi+ZMzjQUaYHNMUPXIHw6FD/80r

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • vshare-plugin-v7.exe (PID: 4448)
      • Stub.EXE (PID: 4980)
      • BHOVshareAc.exe (PID: 5156)
      • vshare-plugin-v7.exe (PID: 2096)
      • vshare-plugin-v7.exe (PID: 1600)
      • BHOVshareAc.exe (PID: 5124)
      • vshare-plugin-v7.exe (PID: 7324)
      • Stub.EXE (PID: 1240)

    • Registers / Runs the DLL via REGSVR32.EXE

      • BHOVshareAc.tmp (PID: 5588)
      • BHOVshareAc.tmp (PID: 7228)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • vshare-plugin-v7.exe (PID: 2096)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • vshare-plugin-v7.exe (PID: 2096)
      • vshare-plugin-v7.exe (PID: 7324)

    • Creates/Modifies COM task schedule object

      • vshare-plugin-v7.exe (PID: 2096)
      • regsvr32.exe (PID: 5204)
      • regsvr32.exe (PID: 6656)

    • Executable content was dropped or overwritten

      • Stub.EXE (PID: 4980)
      • BHOVshareAc.exe (PID: 5156)
      • BHOVshareAc.tmp (PID: 5588)
      • vshare-plugin-v7.exe (PID: 2096)
      • Stub.EXE (PID: 1240)
      • vshare-plugin-v7.exe (PID: 7324)
      • BHOVshareAc.exe (PID: 5124)
      • BHOVshareAc.tmp (PID: 7228)

    • There is functionality for taking screenshot (YARA)

      • vshare-plugin-v7.exe (PID: 2096)
      • Stub.EXE (PID: 4980)
      • vshare-plugin-v7.exe (PID: 7324)

    • Reads security settings of Internet Explorer

      • Stub.EXE (PID: 4980)
      • WinRAR.exe (PID: 1676)
      • vshare-plugin-v7.exe (PID: 2096)
      • identity_helper.exe (PID: 7380)

    • Process drops legitimate windows executable

      • BHOVshareAc.tmp (PID: 5588)
      • BHOVshareAc.tmp (PID: 7228)

    • Reads the Windows owner or organization settings

      • BHOVshareAc.tmp (PID: 5588)

    • Creates a software uninstall entry

      • vshare-plugin-v7.exe (PID: 2096)

  • INFO

    • Checks supported languages

      • vshare-plugin-v7.exe (PID: 2096)
      • Stub.EXE (PID: 4980)
      • BHOVshareAc.exe (PID: 5156)
      • InstTracker.exe (PID: 7020)
      • FireFoxExtension.exe (PID: 3332)
      • BHOVshareAc.tmp (PID: 5588)
      • identity_helper.exe (PID: 5200)
      • identity_helper.exe (PID: 7644)
      • identity_helper.exe (PID: 7380)
      • notification_helper.exe (PID: 8008)

    • Creates files in the program directory

      • vshare-plugin-v7.exe (PID: 2096)
      • BHOVshareAc.tmp (PID: 5588)

    • Checks proxy server information

      • Stub.EXE (PID: 4980)
      • vshare-plugin-v7.exe (PID: 2096)
      • slui.exe (PID: 5324)
      • InstTracker.exe (PID: 7020)

    • Reads the computer name

      • Stub.EXE (PID: 4980)
      • vshare-plugin-v7.exe (PID: 2096)
      • BHOVshareAc.tmp (PID: 5588)
      • FireFoxExtension.exe (PID: 3332)
      • InstTracker.exe (PID: 7020)
      • identity_helper.exe (PID: 5200)
      • identity_helper.exe (PID: 7644)
      • identity_helper.exe (PID: 7380)
      • notification_helper.exe (PID: 8008)

    • Reads the software policy settings

      • slui.exe (PID: 1276)
      • InstTracker.exe (PID: 7020)
      • slui.exe (PID: 5324)

    • Create files in a temporary directory

      • Stub.EXE (PID: 4980)
      • BHOVshareAc.exe (PID: 5156)
      • BHOVshareAc.tmp (PID: 5588)
      • vshare-plugin-v7.exe (PID: 2096)

    • The sample compiled with english language support

      • vshare-plugin-v7.exe (PID: 2096)
      • BHOVshareAc.tmp (PID: 5588)
      • BHOVshareAc.tmp (PID: 7228)

    • Creates files or folders in the user directory

      • BHOVshareAc.tmp (PID: 5588)
      • FireFoxExtension.exe (PID: 3332)
      • notification_helper.exe (PID: 8008)

    • Creates a software uninstall entry

      • BHOVshareAc.tmp (PID: 5588)

    • Application launched itself

      • msedge.exe (PID: 1096)
      • msedge.exe (PID: 3968)
      • msedge.exe (PID: 7628)

    • Manual execution by a user

      • msedge.exe (PID: 3968)

    • Reads the machine GUID from the registry

      • InstTracker.exe (PID: 7020)

    • Reads Environment values

      • InstTracker.exe (PID: 7020)
      • identity_helper.exe (PID: 5200)
      • identity_helper.exe (PID: 7644)
      • identity_helper.exe (PID: 7380)
      • notification_helper.exe (PID: 8008)

    • Disables trace logs

      • InstTracker.exe (PID: 7020)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1676)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0801
ZipCompression: Deflated
ZipModifyDate: 1980:00:00 00:00:00
ZipCRC: 0x5bce1c63
ZipCompressedSize: 1382079
ZipUncompressedSize: 1400408
ZipFileName: Device/HarddiskVolume5/OLD-FS02V-ARCHIVES/1. Groups Archive/Terminated Employees/Neill, Benjamin_9_23_18/Personal/Downloads/vshare-plugin-v7.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
305
Monitored processes
164
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe vshare-plugin-v7.exe no specs vshare-plugin-v7.exe stub.exe slui.exe bhovshareac.exe bhovshareac.tmp regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs firefoxextension.exe no specs insttracker.exe conhost.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs vshare-plugin-v7.exe no specs vshare-plugin-v7.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs stub.exe bhovshareac.exe bhovshareac.tmp notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs firefoxextension.exe no specs insttracker.exe conhost.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5436 --field-trial-handle=2260,i,5406034207406452913,11811445454283047877,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
664"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2260,i,5406034207406452913,11811445454283047877,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
684"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\notification_helper.exe" -EmbeddingC:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\notification_helper.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\notification_helper.exe
c:\windows\system32\ntdll.dll
728"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4236 --field-trial-handle=2260,i,5406034207406452913,11811445454283047877,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\notification_helper.exe" -EmbeddingC:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\notification_helper.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\notification_helper.exe
c:\windows\system32\ntdll.dll
976"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2652 --field-trial-handle=2304,i,15758429386110763711,10291139178437226524,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vshare.tv/postplugin.php?tb=conduitC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exevshare-plugin-v7.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4324 --field-trial-handle=2416,i,9706246400861616085,16510719897640409097,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1240C:\Users\admin\AppData\Local\Temp\Stub.exe -ctid=CT2818425 -ie -ch -ff -openwelcomedialog=false -defaultsearch=true -searchfromaddress=true -startpage=true C:\Users\admin\AppData\Local\Temp\Stub.EXE
vshare-plugin-v7.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\stub.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
1276"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
20 723
Read events
20 498
Write events
198
Delete events
27

Modification events

(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\MET_DC1_FS03v_2025-04-24_12_59_52.501.zip
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(2096) vshare-plugin-v7.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
Executable files
55
Suspicious files
305
Text files
187
Unknown types
75

Dropped files

PID
Process
Filename
Type
2096vshare-plugin-v7.exeC:\Program Files (x86)\vShare.tv plugin\IEhelperActiveX.dllexecutable
MD5:1AF9EABC6DC76C6C640F9BE5CC2EDF5F
SHA256:2DB5C5C196350ADA08A50B5267421FE282A4A261E883D01F2C780F54B88B6055
2096vshare-plugin-v7.exeC:\Program Files (x86)\vShare.tv plugin\vshareplg.crxcrx
MD5:D7D3304BBD770BB3A62B55B2E18B427E
SHA256:D8BC3EE57CA18CB7232C5635AC893963F8E808B1253717CFA05ED4F8C1F7F946
2096vshare-plugin-v7.exeC:\Users\admin\AppData\Local\Temp\BHOVshareAc.exeexecutable
MD5:C1E83811BC404D3FFABEB6B74B3CF99C
SHA256:6850E8D182801070C254E5EAC8CC165F723F01E81A979C4EEA76A00B5DDD8872
2096vshare-plugin-v7.exeC:\Users\admin\AppData\Local\Temp\nsv688C.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
4980Stub.EXEC:\Users\admin\AppData\Local\Temp\GLC8D97.tmpexecutable
MD5:8C97D8BB1470C6498E47B12C5A03CE39
SHA256:A87F19F9FEE475D2B2E82ACFB4589BE6D816B613064CD06826E1D4C147BEB50A
4980Stub.EXEC:\Users\admin\AppData\Local\Temp\GLM8DB7.tmpexecutable
MD5:484CB68472473A1A84FF07996BB8C1F6
SHA256:15BB390AF019D92E1D02771B02335FA360DB1BB34BCF4F0C72705027428F4FF1
5588BHOVshareAc.tmpC:\Users\admin\AppData\Local\Temp\is-4N15R.tmp\_isetup\_RegDLL.tmpexecutable
MD5:0EE914C6F0BB93996C75941E1AD629C6
SHA256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
4980Stub.EXEC:\Users\admin\AppData\Local\Temp\GLG91B1.tmptext
MD5:4F068586D639538EC190F11256A75E7C
SHA256:819B41B055F5EB2FE31CAECC68DC31ED511462477E05E95EE42263B7FA8DC24D
4980Stub.EXEC:\~GLHTTP1.TMPhtml
MD5:095DCC8FB2053AE6FE312F502D197270
SHA256:557CC131482C64043A38DF8E8875F5DB8AFB0DB1B7958ABC7AF3567337E1E7B7
2096vshare-plugin-v7.exeC:\Users\admin\AppData\Local\Temp\chutil.dllexecutable
MD5:8A497E8284C2B9E71BCA1EC8A165AF03
SHA256:F32B02D76279764758E5219C8F892C11793A60907CBCCF6641077D75174A5596
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
144
DNS requests
137
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1568
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
4980
Stub.EXE
GET
404
142.250.181.238:80
http://servicemap.conduit-services.com/Toolbar/?ownerId=ct2818425
unknown
whitelisted
4980
Stub.EXE
GET
404
3.126.5.188:80
http://3.126.5.188:80/ie?RequesterId=ConduitStubInstaller&ForBrowserVersion=9.11.19041.0&StubVersion=1.3.0.5
unknown
unknown
4980
Stub.EXE
GET
404
3.126.5.188:80
http://3.126.5.188:80/ie?RequesterId=ConduitStubInstaller&ForBrowserVersion=9.11.19041.0&StubVersion=1.3.0.5
unknown
unknown
2096
vshare-plugin-v7.exe
GET
200
64.190.63.222:80
http://startsear.ch/install.php?aff=1&id=a30ee108-210d-11f0-b4ed-18f7786f96ee&sp=1&hp=1&pp=conduit
unknown
unknown
5344
msedge.exe
GET
200
103.224.182.206:80
http://dypigu.com/f.php?e=SFVGHy%2B9q3R9l7x4U8mQ5X49fmJaZDBPU3RsL3JOMXdLRXhnU2dKRW1QZjd6MW5Bd3loWGtVYkhLZXZ1Z21CaFNWUHFYVW8va3EraVBETjZQVmJXWm4vSGRhRXJ6Nk5UeHBZeHF5UHFFajlVR0JIcVRaUVBRVlNFNjduZHVRN29wSDZ4UFl4L0EzeGVxT09YSDBwUzZKc2F0djc0akFYRW9PNktBUVByU3pMb1A5NGVPK2gxOFhwcWR4RTJaWnQ2ZDBvaUZ1OTdjeW5Sakh0TWIwYWxxeUtNeUZQdnM3K05KRERKdVJQZS9iVGJybjNPZVhHODdBc0ZzREtBQWxHQW5wZzEvd21DaHVIWGRTKzBKSHFhNmUxMURDbTczbkx1VTNibWRrUGRCN25VdktpeXhtbzBxeGJSdjRoVm1TYzhJVU1VVWl1WUxwd1ZXMUFlc2R1QU1GOUJnSzRmcGJWYzgxOVU4RW4yQW80cVArUGtUNTZiNWRqSVlGRkFJdTVvUkFURDh0cU9La2t0dDdESVgxZ1BreEpJcTF6WWlZUUw4K3RQdi84K29DN1NtYmFHUUZ0bk9weFNrRnVabk5yRWJ0UWt0NUkvQi9BSy9GNWJUNlExdlZnVU5ONXNhd2Fsekd1KzlqZldDRXg4RVlUa094MUNVMncxbFlJNlpFVVhvYkpSSmVZKzc3TG9ZNTE2Q1N5
unknown
unknown
4980
Stub.EXE
GET
404
142.250.181.238:80
http://142.250.181.238:80/Toolbar/?ownerId=ct2818425
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
4996
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
40.126.31.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 142.250.186.174
whitelisted
crl.microsoft.com
  • 2.19.11.105
  • 2.19.11.120
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.31.128
  • 40.126.31.69
  • 20.190.159.71
  • 20.190.159.128
  • 40.126.31.131
  • 40.126.31.129
  • 40.126.31.3
  • 40.126.31.0
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
servicemap.conduit-services.com
  • 142.250.181.238
unknown

Threats

PID
Process
Class
Message
4980
Stub.EXE
Misc activity
ET INFO Wise Solutions Install Reporting via HTTP - User Agent (Wise)
5344
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
5344
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
1240
Stub.EXE
Misc activity
ET INFO Wise Solutions Install Reporting via HTTP - User Agent (Wise)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MET_DC1_FS03v_2025-04-24_12_59_52.501.zip