File name:

MET_DC1_FS03v_2025-04-24_12_59_52.501.zip

Full analysis: https://app.any.run/tasks/9852146d-967d-404b-a6ad-c2ccc1dbb1c2
Verdict: Malicious activity
Analysis date: April 24, 2025, 13:10:00
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
obfuscated-js
Indicators:
MIME: application/zip
File info: Zip archive data, at least v4.5 to extract, compression method=deflate
MD5:

F32D25149C07708AEE590E8482CDB96F

SHA1:

91D979604F4289D04AA0FBBEAD98E261C0407707

SHA256:

9379D35EAB1D2E40C3546BD63481D22128B5AB0CA94D601ED4F9F7C231ACAC06

SSDEEP:

49152:YyZKabTxepKvPIinK0OlZMzjdKURQYHZXKuMUKQXIHwhb+KqBdFak/uR1007Xzax:ng4BPIi+ZMzjQUaYHNMUPXIHw6FD/80r

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • vshare-plugin-v7.exe (PID: 4448)
      • vshare-plugin-v7.exe (PID: 2096)
      • Stub.EXE (PID: 4980)
      • BHOVshareAc.exe (PID: 5156)
      • vshare-plugin-v7.exe (PID: 7324)
      • vshare-plugin-v7.exe (PID: 1600)
      • Stub.EXE (PID: 1240)
      • BHOVshareAc.exe (PID: 5124)

    • Registers / Runs the DLL via REGSVR32.EXE

      • BHOVshareAc.tmp (PID: 5588)
      • BHOVshareAc.tmp (PID: 7228)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 1676)
      • Stub.EXE (PID: 4980)
      • identity_helper.exe (PID: 7380)
      • vshare-plugin-v7.exe (PID: 2096)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • vshare-plugin-v7.exe (PID: 2096)
      • vshare-plugin-v7.exe (PID: 7324)

    • The process creates files with name similar to system file names

      • vshare-plugin-v7.exe (PID: 2096)

    • Creates/Modifies COM task schedule object

      • vshare-plugin-v7.exe (PID: 2096)
      • regsvr32.exe (PID: 6656)
      • regsvr32.exe (PID: 5204)

    • There is functionality for taking screenshot (YARA)

      • Stub.EXE (PID: 4980)
      • vshare-plugin-v7.exe (PID: 2096)
      • vshare-plugin-v7.exe (PID: 7324)

    • Executable content was dropped or overwritten

      • BHOVshareAc.exe (PID: 5156)
      • Stub.EXE (PID: 4980)
      • vshare-plugin-v7.exe (PID: 2096)
      • BHOVshareAc.tmp (PID: 5588)
      • vshare-plugin-v7.exe (PID: 7324)
      • Stub.EXE (PID: 1240)
      • BHOVshareAc.exe (PID: 5124)
      • BHOVshareAc.tmp (PID: 7228)

    • Reads the Windows owner or organization settings

      • BHOVshareAc.tmp (PID: 5588)

    • Process drops legitimate windows executable

      • BHOVshareAc.tmp (PID: 5588)
      • BHOVshareAc.tmp (PID: 7228)

    • Creates a software uninstall entry

      • vshare-plugin-v7.exe (PID: 2096)

  • INFO

    • Checks supported languages

      • vshare-plugin-v7.exe (PID: 2096)
      • BHOVshareAc.exe (PID: 5156)
      • Stub.EXE (PID: 4980)
      • FireFoxExtension.exe (PID: 3332)
      • InstTracker.exe (PID: 7020)
      • identity_helper.exe (PID: 5200)
      • identity_helper.exe (PID: 7644)
      • identity_helper.exe (PID: 7380)
      • notification_helper.exe (PID: 8008)
      • BHOVshareAc.tmp (PID: 5588)

    • Creates files in the program directory

      • vshare-plugin-v7.exe (PID: 2096)
      • BHOVshareAc.tmp (PID: 5588)

    • Reads the computer name

      • vshare-plugin-v7.exe (PID: 2096)
      • BHOVshareAc.tmp (PID: 5588)
      • Stub.EXE (PID: 4980)
      • FireFoxExtension.exe (PID: 3332)
      • InstTracker.exe (PID: 7020)
      • identity_helper.exe (PID: 5200)
      • identity_helper.exe (PID: 7644)
      • identity_helper.exe (PID: 7380)
      • notification_helper.exe (PID: 8008)

    • The sample compiled with english language support

      • vshare-plugin-v7.exe (PID: 2096)
      • BHOVshareAc.tmp (PID: 5588)
      • BHOVshareAc.tmp (PID: 7228)

    • Reads the software policy settings

      • slui.exe (PID: 1276)
      • InstTracker.exe (PID: 7020)
      • slui.exe (PID: 5324)

    • Create files in a temporary directory

      • BHOVshareAc.exe (PID: 5156)
      • BHOVshareAc.tmp (PID: 5588)
      • vshare-plugin-v7.exe (PID: 2096)
      • Stub.EXE (PID: 4980)

    • Checks proxy server information

      • Stub.EXE (PID: 4980)
      • vshare-plugin-v7.exe (PID: 2096)
      • InstTracker.exe (PID: 7020)
      • slui.exe (PID: 5324)

    • Creates a software uninstall entry

      • BHOVshareAc.tmp (PID: 5588)

    • Manual execution by a user

      • msedge.exe (PID: 3968)

    • Creates files or folders in the user directory

      • FireFoxExtension.exe (PID: 3332)
      • BHOVshareAc.tmp (PID: 5588)
      • notification_helper.exe (PID: 8008)

    • Application launched itself

      • msedge.exe (PID: 1096)
      • msedge.exe (PID: 3968)
      • msedge.exe (PID: 7628)

    • Disables trace logs

      • InstTracker.exe (PID: 7020)

    • Reads the machine GUID from the registry

      • InstTracker.exe (PID: 7020)

    • Reads Environment values

      • InstTracker.exe (PID: 7020)
      • identity_helper.exe (PID: 5200)
      • identity_helper.exe (PID: 7644)
      • identity_helper.exe (PID: 7380)
      • notification_helper.exe (PID: 8008)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1676)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0801
ZipCompression: Deflated
ZipModifyDate: 1980:00:00 00:00:00
ZipCRC: 0x5bce1c63
ZipCompressedSize: 1382079
ZipUncompressedSize: 1400408
ZipFileName: Device/HarddiskVolume5/OLD-FS02V-ARCHIVES/1. Groups Archive/Terminated Employees/Neill, Benjamin_9_23_18/Personal/Downloads/vshare-plugin-v7.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
305
Monitored processes
164
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe sppextcomobj.exe no specs slui.exe vshare-plugin-v7.exe no specs vshare-plugin-v7.exe stub.exe slui.exe bhovshareac.exe bhovshareac.tmp regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs firefoxextension.exe no specs insttracker.exe conhost.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs vshare-plugin-v7.exe no specs vshare-plugin-v7.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs stub.exe bhovshareac.exe bhovshareac.tmp notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs regsvr32.exe no specs regsvr32.exe no specs regsvr32.exe no specs firefoxextension.exe no specs insttracker.exe conhost.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs notification_helper.exe no specs notification_helper.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5436 --field-trial-handle=2260,i,5406034207406452913,11811445454283047877,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
664"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2260,i,5406034207406452913,11811445454283047877,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
684"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\notification_helper.exe" -EmbeddingC:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\notification_helper.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\notification_helper.exe
c:\windows\system32\ntdll.dll
728"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4236 --field-trial-handle=2260,i,5406034207406452913,11811445454283047877,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\notification_helper.exe" -EmbeddingC:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\notification_helper.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\notification_helper.exe
c:\windows\system32\ntdll.dll
976"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2652 --field-trial-handle=2304,i,15758429386110763711,10291139178437226524,262144 --variations-seed-version /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1096"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://vshare.tv/postplugin.php?tb=conduitC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exevshare-plugin-v7.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
1
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4324 --field-trial-handle=2416,i,9706246400861616085,16510719897640409097,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1240C:\Users\admin\AppData\Local\Temp\Stub.exe -ctid=CT2818425 -ie -ch -ff -openwelcomedialog=false -defaultsearch=true -searchfromaddress=true -startpage=true C:\Users\admin\AppData\Local\Temp\Stub.EXE
vshare-plugin-v7.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\stub.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
1276"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
Total events
20 723
Read events
20 498
Write events
198
Delete events
27

Modification events

(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\preferences.zip
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\chromium_ext.zip
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\MET_DC1_FS03v_2025-04-24_12_59_52.501.zip
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1676) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(2096) vshare-plugin-v7.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A1B48071-416D-474E-A13B-BE5456E7FC31}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
Executable files
55
Suspicious files
305
Text files
187
Unknown types
75

Dropped files

PID
Process
Filename
Type
1676WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1676.5711\manifest.jsonini
MD5:AA138412C1D1EAFA1B6F2501B2E5DE0C
SHA256:FBEB1F9806EFC3E13F90482D1D0B083FDA3132F86ECC0C97ED81BEE09752A4D5
1676WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1676.5711\Device\HarddiskVolume5\OLD-FS02V-ARCHIVES\1. Groups Archive\Terminated Employees\Neill, Benjamin_9_23_18\Personal\Downloads\vshare-plugin-v7.exeexecutable
MD5:6E006AB472507FDA8B9BA02477CA4167
SHA256:C2EC765BB80BAA989FF4445C9BFE54115B993A1B6C20D19845E2AFB75BA30BD9
5588BHOVshareAc.tmpC:\Users\admin\AppData\Local\Temp\is-4N15R.tmp\_isetup\_RegDLL.tmpexecutable
MD5:0EE914C6F0BB93996C75941E1AD629C6
SHA256:4DC09BAC0613590F1FAC8771D18AF5BE25A1E1CB8FDBF4031AA364F3057E74A2
2096vshare-plugin-v7.exeC:\Users\admin\AppData\Local\Temp\nsv688C.tmp\welcome.bmpimage
MD5:94EE5F16CCFF815E5B2FE6283C156558
SHA256:7FD5CDE2913D99557CC5B0690FA62F6272C37397B8B0F35AD4299F41D735AAB3
2096vshare-plugin-v7.exeC:\Users\admin\AppData\Local\Temp\nsv688C.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
2096vshare-plugin-v7.exeC:\Users\admin\AppData\Local\Temp\Stub.EXEexecutable
MD5:81FF415C16AFF7AA1A0271D0DF34EF01
SHA256:A41AF7BB45079BAEF58439C87BEF4866FA26E5B8AA02E9ED731F26E3DCE67016
2096vshare-plugin-v7.exeC:\Users\admin\AppData\Local\Temp\sqlite3.dllexecutable
MD5:FEC17D5FB09A03376D3AA204C65562A7
SHA256:1E384AF4479BA64BD2FA02B00603205C4B0A99A468CFA4CC33CDCA7BAC845BEC
4980Stub.EXEC:\Users\admin\AppData\Local\Temp\GLC8D97.tmpexecutable
MD5:8C97D8BB1470C6498E47B12C5A03CE39
SHA256:A87F19F9FEE475D2B2E82ACFB4589BE6D816B613064CD06826E1D4C147BEB50A
5588BHOVshareAc.tmpC:\Users\admin\AppData\Local\Temp\is-4N15R.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
2096vshare-plugin-v7.exeC:\Program Files (x86)\vShare.tv plugin\vshareplg.crxcrx
MD5:D7D3304BBD770BB3A62B55B2E18B427E
SHA256:D8BC3EE57CA18CB7232C5635AC893963F8E808B1253717CFA05ED4F8C1F7F946
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
144
DNS requests
137
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.19.11.105:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4980
Stub.EXE
GET
404
3.126.5.188:80
http://3.126.5.188:80/ie?RequesterId=ConduitStubInstaller&ForBrowserVersion=9.11.19041.0&StubVersion=1.3.0.5
unknown
unknown
4980
Stub.EXE
GET
404
142.250.181.238:80
http://142.250.181.238:80/Toolbar/?ownerId=ct2818425
unknown
whitelisted
2096
vshare-plugin-v7.exe
GET
200
64.190.63.222:80
http://startsear.ch/install.php?aff=1&id=a30ee108-210d-11f0-b4ed-18f7786f96ee&sp=1&hp=1&pp=conduit
unknown
unknown
4980
Stub.EXE
GET
404
3.126.5.188:80
http://3.126.5.188:80/ie?RequesterId=ConduitStubInstaller&ForBrowserVersion=9.11.19041.0&StubVersion=1.3.0.5
unknown
unknown
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5344
msedge.exe
GET
103.224.182.206:80
http://dypigu.com/favicon.ico
unknown
unknown
5344
msedge.exe
GET
200
103.224.182.206:80
http://dypigu.com/js/fingerprint/iife.min.js
unknown
unknown
5344
msedge.exe
GET
302
103.224.182.206:80
http://dypigu.com/f2.php?e=XWfYioBnn%2Bx5hQzUETLm1349fjJhTkNvS3ZsQkxsNEwyTmhzY1QrY3F6QUNmQ01DRjh3RUNvaWM1RTNCMlF4NndoRFIzMGtuUk15bzF3SzBBY25UWWtHbWhPTStWOTFlNy9hdzUwbTZPazZkRHEvclptUkhFeFEwaktLYk5aZkgzTzlsSW52RlhTdUNXRFo1WUYrOUgwampkZG9nMXIyRWNjbTh5SWdxTUNSQ20zOUJESlM5RkVYV0NTT2Npcnh6YnhQak12S25FRlIyVVlaenR2T1R1b1BtcGg3eFFHekRNcjY1d05ieTdNNy9KdjlVZHZ4ajZlN2dJK0NNTlVBQnFQdFVqT05TcTcydDRZM09YV0F3aGMrKzhEUW9LNWlKOHgxN1RxRW1YSWUwWWJMNXliL3MreGRGcDRyZGt3WTFKZWhEejJadGl0bWk4V0krZ0tJbU5GTzQyUjI2U0RuMnF6R0I5dXF0RzRhNGpFMmV4Y3F6akxMVFhMNjJ2OEw4UE9ORitvVjJMZ0RONXl0dVJaUHJuNU10THZXazMxUFhpK3l2MWJTL1dOQzZJSG9hOTVaY210UnFPcHlGU3JrakNyeElQUlVDb05HL2ZGSHpZMlRLR09wcnh3SGJxSCs4S0cxZDNUT0owMEVnakpGOEE5Y0gwZ0IzbXc5cVMrU2JUSFR0aVZrUXI4TXhPbkQvTzg1bFNvdDJBV0xzZzl3UER1OGhpUWhON2VCWXF3SGVjSTlCcmJTOG9BYis3cz0%3D&vs=1272:606&ds=1280:720&sl=0:0&os=f&nos=f
unknown
unknown
7536
svchost.exe
GET
206
2.16.168.108:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/68591036-2289-4858-9f7f-9149e89c8a08?P1=1746054429&P2=404&P3=2&P4=DXrN90hmkGrlbEAKga%2fzmRGHW4uqaofDG6soWnoE7irm9aWQt8jlQ%2f3voAshpN%2f8dnmG4Q2eyTjwHwwWCHoanw%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
5496
MoUsoCoreWorker.exe
2.19.11.105:80
crl.microsoft.com
Elisa Oyj
NL
whitelisted
5496
MoUsoCoreWorker.exe
23.219.150.101:80
www.microsoft.com
AKAMAI-AS
CL
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
4996
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
40.126.31.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
google.com
  • 142.250.186.174
whitelisted
crl.microsoft.com
  • 2.19.11.105
  • 2.19.11.120
whitelisted
www.microsoft.com
  • 23.219.150.101
  • 184.30.21.171
whitelisted
client.wns.windows.com
  • 172.211.123.248
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.31.128
  • 40.126.31.69
  • 20.190.159.71
  • 20.190.159.128
  • 40.126.31.131
  • 40.126.31.129
  • 40.126.31.3
  • 40.126.31.0
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
fe3cr.delivery.mp.microsoft.com
  • 20.3.187.198
whitelisted
servicemap.conduit-services.com
  • 142.250.181.238
unknown

Threats

PID
Process
Class
Message
4980
Stub.EXE
Misc activity
ET INFO Wise Solutions Install Reporting via HTTP - User Agent (Wise)
5344
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
5344
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
1240
Stub.EXE
Misc activity
ET INFO Wise Solutions Install Reporting via HTTP - User Agent (Wise)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MET_DC1_FS03v_2025-04-24_12_59_52.501.zip