Sharpshares.exe [portable] Here

You can specify the number of parallel threads (default is often 25) to speed up scanning in large environments.

The tool automates the discovery of network assets and their associated permissions: sharpshares.exe

Because of its utility in the "discovery" phase of a cyberattack, many security solutions now include specific rules to detect SharpShares activity : mitchmoser/SharpShares - GitHub You can specify the number of parallel threads

A: Because of heuristic analysis . SharpShares scans network ports and attempts to connect to SMB (port 445). This behavior is identical to how worms and lateral movement tools operate. Security software flags the behavior , not the file itself. This behavior is identical to how worms and

: It queries all machines in a domain to list available network shares and determine if they are readable by the current user's context.

If the process respawns after deletion, you likely have a rootkit or persistent dropper. In this case:

The only initial alert? A suspicious .NET assembly execution from a non-standard path.