URL:

https://download.annke.com/software/HK/Annke_Vision_V3.7.0.50_E.exe

Full analysis: https://app.any.run/tasks/96c8b1ac-1bd0-4237-96da-6f98bae99276
Verdict: Malicious activity
Analysis date: November 21, 2025, 22:33:47
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MD5:

D219836DE1B58F4B0991C3DED0C721F4

SHA1:

9D7FF983BEFFF416CAFF584E0CCB40A7FDA612B5

SHA256:

C7229FF59CC96B4D1B4FF74B66D26C33509926114B4C77905B5CC432EFF06BAC

SSDEEP:

3:N8SEloTwKaOfT7mhLIJn:2SKoshOf+yJ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • vcredist2008.exe (PID: 5724)
      • install.exe (PID: 2308)
      • vcredist_x64_2008.exe (PID: 4796)
      • install.exe (PID: 4324)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x64_2013.exe (PID: 4384)
      • vcredist_x64_2013.exe (PID: 8188)
      • Setup.exe (PID: 6080)
      • vcredist_x86_2010.exe (PID: 696)
      • vcredist_x86.exe (PID: 9056)
      • vcredist_x86.exe (PID: 9080)
      • vcredist_x86.exe (PID: 9200)

    • Changes the autorun value in the registry

      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 8188)
      • vcredist_x86.exe (PID: 9200)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • vcredist_x86.exe (PID: 7312)
      • Setup.exe (PID: 6080)
      • vcredist_x86.exe (PID: 9080)
      • vcredist_x86.exe (PID: 9200)

    • Likely accesses (executes) a file from the Public directory

      • cmd.exe (PID: 5652)

    • Searches for installed software

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x86.exe (PID: 7312)
      • dllhost.exe (PID: 7776)
      • vcredist_x64_2013.exe (PID: 4384)
      • vcredist_x64_2013.exe (PID: 8188)
      • vc_redist.x86.exe (PID: 5780)
      • vc_redist.x64.exe (PID: 2144)
      • vcredist_x86.exe (PID: 9056)
      • vcredist_x86.exe (PID: 9080)
      • vcredist_x86.exe (PID: 9200)

    • Process drops legitimate windows executable

      • vcredist2008.exe (PID: 5724)
      • TiWorker.exe (PID: 2392)
      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • msiexec.exe (PID: 1836)
      • vcredist_x64_2008.exe (PID: 4796)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 4384)
      • vcredist_x64_2013.exe (PID: 8188)
      • vc_redist.x86.exe (PID: 8108)
      • vc_redist.x64.exe (PID: 580)
      • vcredist_x86_2010.exe (PID: 696)
      • vcredist_x86.exe (PID: 9056)
      • vcredist_x86.exe (PID: 9080)
      • msiexec.exe (PID: 6124)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 5656)
      • 7za.exe (PID: 7776)
      • 7za.exe (PID: 1676)

    • Executable content was dropped or overwritten

      • vcredist2008.exe (PID: 5724)
      • TiWorker.exe (PID: 2392)
      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • vcredist_x64_2008.exe (PID: 4796)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 4384)
      • vcredist_x64_2013.exe (PID: 8188)
      • vc_redist.x86.exe (PID: 8108)
      • vc_redist.x64.exe (PID: 580)
      • vc_redist.x64.exe (PID: 2144)
      • vc_redist.x86.exe (PID: 5780)
      • vcredist_x86_2010.exe (PID: 696)
      • 7za.exe (PID: 8044)
      • vcredist_x86.exe (PID: 9056)
      • vcredist_x86.exe (PID: 9080)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 4572)
      • 7za.exe (PID: 7108)
      • 7za.exe (PID: 8172)
      • 7za.exe (PID: 1952)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 5656)
      • 7za.exe (PID: 8860)
      • 7za.exe (PID: 6892)
      • 7za.exe (PID: 6980)
      • 7za.exe (PID: 9000)
      • 7za.exe (PID: 8936)
      • 7za.exe (PID: 7776)
      • 7za.exe (PID: 2540)
      • 7za.exe (PID: 5776)
      • 7za.exe (PID: 9212)
      • 7za.exe (PID: 1676)
      • 7za.exe (PID: 5732)
      • 7za.exe (PID: 9208)
      • 7za.exe (PID: 7828)
      • 7za.exe (PID: 8184)
      • 7za.exe (PID: 8164)
      • 7za.exe (PID: 8584)

    • Starts CMD.EXE for commands execution

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)

    • Starts a Microsoft application from unusual location

      • vcredist2008.exe (PID: 5724)
      • vcredist_x64_2008.exe (PID: 4796)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x64_2013.exe (PID: 8188)
      • vcredist_x64_2013.exe (PID: 4384)
      • vc_redist.x86.exe (PID: 8108)
      • vc_redist.x86.exe (PID: 5780)
      • vcredist_x86_2010.exe (PID: 696)
      • vc_redist.x64.exe (PID: 580)
      • vc_redist.x64.exe (PID: 2144)
      • ie4uinit.exe (PID: 7872)

    • The executable file from the user directory is run by the CMD process

      • vcredist2008.exe (PID: 5724)
      • vcredist_x64_2008.exe (PID: 4796)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 8188)
      • vc_redist.x86.exe (PID: 8108)
      • vcredist_x86_2010.exe (PID: 696)
      • vc_redist.x64.exe (PID: 580)
      • 7za.exe (PID: 8044)
      • 7za.exe (PID: 7108)
      • 7za.exe (PID: 4572)
      • 7za.exe (PID: 8172)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 1952)
      • 7za.exe (PID: 5656)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 8860)
      • 7za.exe (PID: 6980)
      • 7za.exe (PID: 8936)
      • 7za.exe (PID: 6892)
      • 7za.exe (PID: 9000)
      • 7za.exe (PID: 2540)
      • 7za.exe (PID: 7776)
      • 7za.exe (PID: 5732)
      • 7za.exe (PID: 5776)
      • 7za.exe (PID: 9212)
      • 7za.exe (PID: 1676)
      • 7za.exe (PID: 9208)
      • 7za.exe (PID: 7828)
      • 7za.exe (PID: 8184)
      • 7za.exe (PID: 8164)
      • 7za.exe (PID: 8584)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 1836)
      • msiexec.exe (PID: 6124)

    • Creates file in the systems drive root

      • vcredist2008.exe (PID: 5724)
      • vcredist_x86_2010.exe (PID: 696)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • msiexec.exe (PID: 6124)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 5656)
      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • 7za.exe (PID: 7776)

    • There is functionality for taking screenshot (YARA)

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)

    • Application launched itself

      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 8188)
      • vcredist_x86.exe (PID: 9056)
      • vcredist_x86.exe (PID: 9080)
      • nginx.exe (PID: 4620)

    • Executes as Windows Service

      • VSSVC.exe (PID: 8076)

    • Drops 7-zip archiver for unpacking

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)

    • Drops a system driver (possible attempt to evade defenses)

      • 7za.exe (PID: 8044)
      • 7za.exe (PID: 5036)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 4748)

    • Checks supported languages

      • identity_helper.exe (PID: 2928)
      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • vcredist2008.exe (PID: 5724)
      • install.exe (PID: 2308)
      • msiexec.exe (PID: 1836)
      • install.exe (PID: 4324)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2008.exe (PID: 4796)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x64_2013.exe (PID: 4384)
      • vcredist_x64_2013.exe (PID: 8188)
      • vc_redist.x86.exe (PID: 8108)
      • vc_redist.x86.exe (PID: 5780)
      • vc_redist.x64.exe (PID: 580)
      • vc_redist.x64.exe (PID: 2144)
      • vcredist_x86_2010.exe (PID: 696)
      • 7za.exe (PID: 8044)
      • NpfDetectApp.exe (PID: 2076)
      • Setup.exe (PID: 6080)
      • vcredist_x86.exe (PID: 9056)
      • vcredist_x86.exe (PID: 9080)
      • 7za.exe (PID: 7108)
      • vcredist_x86.exe (PID: 9200)
      • msiexec.exe (PID: 6124)
      • 7za.exe (PID: 4572)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 1952)
      • 7za.exe (PID: 5656)
      • 7za.exe (PID: 8172)
      • 7za.exe (PID: 8860)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 6892)
      • 7za.exe (PID: 6980)
      • 7za.exe (PID: 9000)
      • 7za.exe (PID: 2540)
      • 7za.exe (PID: 8936)
      • 7za.exe (PID: 5732)
      • 7za.exe (PID: 5776)
      • 7za.exe (PID: 7776)
      • 7za.exe (PID: 1676)
      • 7za.exe (PID: 9212)
      • 7za.exe (PID: 7828)
      • 7za.exe (PID: 8184)
      • 7za.exe (PID: 9208)
      • Annke Vision.Framework.S.exe (PID: 7896)
      • 7za.exe (PID: 8164)
      • 7za.exe (PID: 8584)
      • CrashServerDamon.exe (PID: 8596)
      • nginx.exe (PID: 4620)
      • WatchDog.exe (PID: 8912)
      • nginx.exe (PID: 8948)
      • ie4uinit.exe (PID: 7872)
      • Annke Vision.Framework.C.exe (PID: 8768)
      • CrashServerDamon.exe (PID: 5500)
      • Annke Vision.DataStatistics.S.exe (PID: 936)
      • CrashServerDamon.exe (PID: 892)
      • Annke Vision.Topology.S.exe (PID: 7068)
      • Annke Vision.Attendance.S.exe (PID: 9188)
      • Annke Vision.Log.S.exe (PID: 9144)
      • Annke Vision.AlarmCenter.S.exe (PID: 2100)
      • Annke Vision.Video.S.exe (PID: 9192)
      • Annke Vision.Emap.S.exe (PID: 9164)
      • CrashServerDamon.exe (PID: 8164)
      • CrashServerDamon.exe (PID: 8584)
      • CrashServerDamon.exe (PID: 3292)
      • Annke Vision.PersonalManagement.S.exe (PID: 8288)
      • CrashServerDamon.exe (PID: 8616)
      • CrashServerDamon.exe (PID: 2964)
      • CrashServerDamon.exe (PID: 1548)
      • CrashServerDamon.exe (PID: 7876)
      • Annke Vision.DeviceManagement.S.exe (PID: 9852)
      • Annke Vision.AccessController.S.exe (PID: 8284)
      • CrashServerDamon.exe (PID: 4400)
      • CrashServerDamon.exe (PID: 9924)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 4748)
      • msiexec.exe (PID: 1836)
      • msiexec.exe (PID: 6124)

    • Reads Environment values

      • identity_helper.exe (PID: 2928)

    • Reads the computer name

      • identity_helper.exe (PID: 2928)
      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • install.exe (PID: 2308)
      • vcredist_x64_2008.exe (PID: 4796)
      • install.exe (PID: 4324)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 8188)
      • vcredist_x64_2013.exe (PID: 4384)
      • vc_redist.x64.exe (PID: 2144)
      • vc_redist.x86.exe (PID: 5780)
      • vcredist_x86_2010.exe (PID: 696)
      • 7za.exe (PID: 8044)
      • NpfDetectApp.exe (PID: 2076)
      • Setup.exe (PID: 6080)
      • 7za.exe (PID: 7108)
      • vcredist_x86.exe (PID: 9080)
      • vcredist_x86.exe (PID: 9200)
      • msiexec.exe (PID: 6124)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 4572)
      • 7za.exe (PID: 1952)
      • 7za.exe (PID: 8172)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 5656)
      • 7za.exe (PID: 6892)
      • 7za.exe (PID: 6980)
      • 7za.exe (PID: 8860)
      • 7za.exe (PID: 9000)
      • 7za.exe (PID: 8936)
      • 7za.exe (PID: 2540)
      • 7za.exe (PID: 5776)
      • 7za.exe (PID: 7776)
      • 7za.exe (PID: 9212)
      • 7za.exe (PID: 1676)
      • 7za.exe (PID: 5732)
      • 7za.exe (PID: 8184)
      • 7za.exe (PID: 9208)
      • 7za.exe (PID: 7828)
      • 7za.exe (PID: 8584)
      • Annke Vision.Framework.S.exe (PID: 7896)
      • 7za.exe (PID: 8164)
      • nginx.exe (PID: 4620)
      • WatchDog.exe (PID: 8912)
      • nginx.exe (PID: 8948)
      • Annke Vision.Framework.C.exe (PID: 8768)
      • Annke Vision.Log.S.exe (PID: 9144)
      • Annke Vision.Attendance.S.exe (PID: 9188)
      • Annke Vision.Topology.S.exe (PID: 7068)
      • Annke Vision.DataStatistics.S.exe (PID: 936)
      • Annke Vision.AccessController.S.exe (PID: 8284)
      • Annke Vision.PersonalManagement.S.exe (PID: 8288)
      • Annke Vision.AlarmCenter.S.exe (PID: 2100)
      • Annke Vision.Emap.S.exe (PID: 9164)
      • Annke Vision.Video.S.exe (PID: 9192)
      • Annke Vision.DeviceManagement.S.exe (PID: 9852)

    • Process checks computer location settings

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • vcredist_x86.exe (PID: 9080)

    • Create files in a temporary directory

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • install.exe (PID: 2308)
      • install.exe (PID: 4324)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 4384)
      • vc_redist.x64.exe (PID: 2144)
      • vc_redist.x86.exe (PID: 5780)
      • Setup.exe (PID: 6080)
      • vcredist_x86.exe (PID: 9056)
      • vcredist_x86.exe (PID: 9080)
      • vcredist_x86.exe (PID: 9200)

    • Creates a software uninstall entry

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • msiexec.exe (PID: 1836)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 8188)
      • vcredist_x86.exe (PID: 9200)
      • msiexec.exe (PID: 6124)

    • Creates files in the program directory

      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 8188)
      • 7za.exe (PID: 8044)
      • NpfDetectApp.exe (PID: 2076)
      • 7za.exe (PID: 7108)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 4572)
      • 7za.exe (PID: 8172)
      • 7za.exe (PID: 1952)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 5656)
      • 7za.exe (PID: 6892)
      • 7za.exe (PID: 6980)
      • 7za.exe (PID: 8860)
      • 7za.exe (PID: 9000)
      • 7za.exe (PID: 2540)
      • 7za.exe (PID: 8936)
      • 7za.exe (PID: 5776)
      • 7za.exe (PID: 7776)
      • 7za.exe (PID: 9212)
      • 7za.exe (PID: 1676)
      • 7za.exe (PID: 5732)
      • 7za.exe (PID: 7828)
      • 7za.exe (PID: 8184)
      • 7za.exe (PID: 9208)
      • 7za.exe (PID: 8164)
      • 7za.exe (PID: 8584)
      • Annke Vision.Framework.S.exe (PID: 7896)
      • Annke Vision.Framework.C.exe (PID: 8768)
      • nginx.exe (PID: 4620)
      • Annke Vision.DeviceManagement.S.exe (PID: 9852)

    • Reads the machine GUID from the registry

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • vcredist_x64_2008.exe (PID: 4796)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x86_2010.exe (PID: 696)
      • Setup.exe (PID: 6080)
      • vcredist_x86.exe (PID: 9200)
      • nginx.exe (PID: 4620)
      • nginx.exe (PID: 8948)
      • Annke Vision.Framework.C.exe (PID: 8768)
      • Annke Vision.Framework.S.exe (PID: 7896)
      • Annke Vision.Log.S.exe (PID: 9144)
      • Annke Vision.Attendance.S.exe (PID: 9188)
      • Annke Vision.DataStatistics.S.exe (PID: 936)
      • Annke Vision.Topology.S.exe (PID: 7068)
      • Annke Vision.Emap.S.exe (PID: 9164)
      • Annke Vision.PersonalManagement.S.exe (PID: 8288)
      • Annke Vision.AlarmCenter.S.exe (PID: 2100)
      • Annke Vision.AccessController.S.exe (PID: 8284)
      • Annke Vision.Video.S.exe (PID: 9192)
      • Annke Vision.DeviceManagement.S.exe (PID: 9852)

    • The sample compiled with Italian language support

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • vcredist_x86_2010.exe (PID: 696)
      • msiexec.exe (PID: 6124)

    • The sample compiled with english language support

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • vcredist_x64_2008.exe (PID: 4796)
      • vcredist_x86.exe (PID: 936)
      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 4384)
      • vcredist_x64_2013.exe (PID: 8188)
      • vc_redist.x86.exe (PID: 8108)
      • vc_redist.x86.exe (PID: 5780)
      • vc_redist.x64.exe (PID: 580)
      • vc_redist.x64.exe (PID: 2144)
      • vcredist_x86_2010.exe (PID: 696)
      • vcredist_x86.exe (PID: 9056)
      • vcredist_x86.exe (PID: 9080)
      • msiexec.exe (PID: 6124)
      • 7za.exe (PID: 4572)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 8172)
      • 7za.exe (PID: 1952)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 5656)
      • 7za.exe (PID: 6980)
      • 7za.exe (PID: 9000)
      • 7za.exe (PID: 2540)
      • 7za.exe (PID: 7776)
      • 7za.exe (PID: 1676)
      • 7za.exe (PID: 5732)
      • 7za.exe (PID: 7828)
      • 7za.exe (PID: 8164)

    • The sample compiled with japanese language support

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • vcredist_x86_2010.exe (PID: 696)
      • msiexec.exe (PID: 6124)

    • The sample compiled with korean language support

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • vcredist_x86_2010.exe (PID: 696)
      • msiexec.exe (PID: 6124)

    • The sample compiled with russian language support

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • vcredist_x86_2010.exe (PID: 696)
      • msiexec.exe (PID: 6124)

    • The sample compiled with german language support

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • vcredist_x86_2010.exe (PID: 696)
      • msiexec.exe (PID: 6124)

    • The sample compiled with spanish language support

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • vcredist_x86_2010.exe (PID: 696)
      • msiexec.exe (PID: 6124)

    • The sample compiled with french language support

      • vcredist2008.exe (PID: 5724)
      • msiexec.exe (PID: 1836)
      • TiWorker.exe (PID: 2392)
      • vcredist_x86_2010.exe (PID: 696)
      • msiexec.exe (PID: 6124)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 1836)
      • vcredist_x86.exe (PID: 7312)

    • The sample compiled with chinese language support

      • msiexec.exe (PID: 1836)
      • vcredist2008.exe (PID: 5724)
      • TiWorker.exe (PID: 2392)
      • vcredist_x64_2008.exe (PID: 4796)
      • vcredist_x86_2010.exe (PID: 696)
      • Annke_Vision_V3.7.0.50_E.exe (PID: 5164)
      • 7za.exe (PID: 8044)
      • msiexec.exe (PID: 6124)
      • 7za.exe (PID: 5036)
      • 7za.exe (PID: 1952)
      • 7za.exe (PID: 8808)
      • 7za.exe (PID: 5656)
      • 7za.exe (PID: 6980)
      • 7za.exe (PID: 2540)
      • 7za.exe (PID: 9000)
      • 7za.exe (PID: 1676)
      • 7za.exe (PID: 7828)
      • 7za.exe (PID: 8184)
      • 7za.exe (PID: 8164)

    • Launching a file from a Registry key

      • vcredist_x86.exe (PID: 7312)
      • vcredist_x64_2013.exe (PID: 8188)
      • vcredist_x86.exe (PID: 9200)

    • Manages system restore points

      • SrTasks.exe (PID: 4572)

    • Checks proxy server information

      • vcredist_x86.exe (PID: 7312)
      • slui.exe (PID: 6712)

    • Reads CPU info

      • Setup.exe (PID: 6080)

    • Manual execution by a user

      • vcredist_x86.exe (PID: 9056)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
373
Monitored processes
209
Malicious processes
14
Suspicious processes
9

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs annke_vision_v3.7.0.50_e.exe no specs annke_vision_v3.7.0.50_e.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs vcredist2008.exe install.exe no specs msiexec.exe tiworker.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs vcredist_x64_2008.exe install.exe no specs cmd.exe no specs conhost.exe no specs vcredist_x86.exe vcredist_x86.exe SPPSurrogate no specs vssvc.exe no specs srtasks.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs vcredist_x64_2013.exe vcredist_x64_2013.exe cmd.exe no specs conhost.exe no specs vc_redist.x86.exe vc_redist.x86.exe cmd.exe no specs conhost.exe no specs vc_redist.x64.exe vc_redist.x64.exe cmd.exe no specs conhost.exe no specs vcredist_x86_2010.exe slui.exe setup.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs npfdetectapp.exe no specs cmd.exe no specs conhost.exe no specs 7za.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs vcredist_x86.exe vcredist_x86.exe vcredist_x86.exe SPPSurrogate no specs msiexec.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe cmd.exe no specs conhost.exe no specs 7za.exe annke vision.framework.s.exe annke vision.framework.c.exe ie4uinit.exe no specs crashserverdamon.exe no specs conhost.exe no specs crashserverdamon.exe no specs conhost.exe no specs nginx.exe no specs conhost.exe no specs watchdog.exe no specs nginx.exe no specs conhost.exe no specs annke vision.log.s.exe no specs annke vision.alarmcenter.s.exe no specs conhost.exe no specs annke vision.video.s.exe no specs conhost.exe no specs annke vision.attendance.s.exe no specs conhost.exe no specs annke vision.accesscontroller.s.exe no specs conhost.exe no specs annke vision.emap.s.exe annke vision.datastatistics.s.exe no specs conhost.exe no specs conhost.exe no specs annke vision.personalmanagement.s.exe no specs annke vision.topology.s.exe conhost.exe no specs conhost.exe no specs conhost.exe no specs crashserverdamon.exe no specs conhost.exe no specs crashserverdamon.exe no specs conhost.exe no specs crashserverdamon.exe no specs conhost.exe no specs crashserverdamon.exe no specs conhost.exe no specs crashserverdamon.exe no specs crashserverdamon.exe no specs crashserverdamon.exe no specs crashserverdamon.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs crashserverdamon.exe no specs conhost.exe no specs conhost.exe no specs msedge.exe no specs annke vision.devicemanagement.s.exe conhost.exe no specs crashserverdamon.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
580C:\Users\admin\AppData\Local\Temp\InstallationTempFile\vc_redist.x64.exe /q /norestartC:\Users\admin\AppData\Local\Temp\InstallationTempFile\vc_redist.x64.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29112
Exit code:
1638
Version:
14.27.29112.0
Modules
Images
c:\users\admin\appdata\local\temp\installationtempfile\vc_redist.x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
696C:\Users\admin\AppData\Local\Temp\InstallationTempFile\vcredist_x86_2010.exe /q /norestartC:\Users\admin\AppData\Local\Temp\InstallationTempFile\vcredist_x86_2010.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2010 x86 Redistributable Setup
Exit code:
0
Version:
10.0.30319.01
Modules
Images
c:\users\admin\appdata\local\temp\installationtempfile\vcredist_x86_2010.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
892CrashServerDamon.exe 9144C:\Program Files (x86)\Annke Vision Site\Annke Vision Client\Server\CrashServerDamon.exeAnnke Vision.Log.S.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\program files (x86)\annke vision site\annke vision client\server\crashserverdamon.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
920\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeCrashServerDamon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
936"C:\Users\admin\AppData\Local\Temp\InstallationTempFile\vcredist_x86.exe" /q /norestart -burn.unelevated BurnPipe.{A85C0D1B-EEBF-4DAD-B8BD-EC0104BFEBE6} {030EFAEB-6876-4413-9C98-BA609F654BDD} 7312C:\Users\admin\AppData\Local\Temp\InstallationTempFile\vcredist_x86.exe
vcredist_x86.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Exit code:
0
Version:
12.0.30501.0
Modules
Images
c:\users\admin\appdata\local\temp\installationtempfile\vcredist_x86.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
936"C:\Program Files (x86)\Annke Vision Site\Annke Vision Client\Server\Annke Vision.DataStatistics.S\Annke Vision.DataStatistics.S.exe" ServerFramework DataStatistics.S_e6b703ec9fc848f18bc74809167cca33 "0 1 0 7660 7300 1833 7760 false 0.0.0.0 8003 8004 8005 8006"C:\Program Files (x86)\Annke Vision Site\Annke Vision Client\Server\Annke Vision.DataStatistics.S\Annke Vision.DataStatistics.S.exeAnnke Vision.Framework.S.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\program files (x86)\annke vision site\annke vision client\server\annke vision.datastatistics.s\annke vision.datastatistics.s.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
1060\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeCrashServerDamon.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1184\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1248"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6412,i,3600983908993425362,8317055329271350297,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
1312"C:\Windows\System32\cmd.exe" /c cd /d "C:\Users\admin\AppData\Local\Temp\InstallationTempFile\" && .\7za.exe x "C:\Users\admin\AppData\Local\Temp\InstallationTempFile\Annke Vision.Attendance.S.7z" -o"C:\Program Files (x86)\Annke Vision Site\Annke Vision Client\Server" -aoaC:\Windows\SysWOW64\cmd.exeAnnke_Vision_V3.7.0.50_E.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
Total events
42 855
Read events
40 798
Write events
1 820
Delete events
237

Modification events

(PID) Process:(5164) Annke_Vision_V3.7.0.50_E.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7697245D-2E00-4B83-AD27-C051DE314D1F}
Operation:writeName:DisplayVersion
Value:
3.7.0.50
(PID) Process:(5164) Annke_Vision_V3.7.0.50_E.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7697245D-2E00-4B83-AD27-C051DE314D1F}
Operation:writeName:InstallLocation
Value:
C:\Program Files (x86)
(PID) Process:(5164) Annke_Vision_V3.7.0.50_E.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7697245D-2E00-4B83-AD27-C051DE314D1F}
Operation:writeName:LanguageType
Value:
E
(PID) Process:(5164) Annke_Vision_V3.7.0.50_E.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7697245D-2E00-4B83-AD27-C051DE314D1F}
Operation:writeName:ProductGuid
Value:
{7697245D-2E00-4B83-AD27-C051DE314D1F}
(PID) Process:(5164) Annke_Vision_V3.7.0.50_E.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7697245D-2E00-4B83-AD27-C051DE314D1F}
Operation:writeName:DisplayName
Value:
Annke Vision
(PID) Process:(5164) Annke_Vision_V3.7.0.50_E.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7697245D-2E00-4B83-AD27-C051DE314D1F}
Operation:writeName:Publisher
Value:
company
(PID) Process:(5164) Annke_Vision_V3.7.0.50_E.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7697245D-2E00-4B83-AD27-C051DE314D1F}
Operation:writeName:UninstallString
Value:
C:\Program Files (x86)\Annke Vision Site\uninstall.exe
(PID) Process:(5164) Annke_Vision_V3.7.0.50_E.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7697245D-2E00-4B83-AD27-C051DE314D1F}
Operation:writeName:ComponentList
Value:
0#4#2#12#101#106#103#112#1#102#5#6#107#108#8#110#3#104#7#109#9#111
(PID) Process:(1836) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
2C070000A81EC1F9365BDC01
(PID) Process:(1836) msiexec.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
4DFD71A33113FA1A576153B4DE77FC0E878937CDFC0B6B60A5F529BAFDAADB00
Executable files
704
Suspicious files
2 494
Text files
2 119
Unknown types
4

Dropped files

PID
Process
Filename
Type
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF162167.TMP
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF162177.TMP
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF162177.TMP
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF162177.TMP
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF162187.TMP
MD5:
SHA256:
4748msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
35
TCP/UDP connections
98
DNS requests
81
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6432
svchost.exe
GET
200
23.216.77.36:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
7400
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:8WP8Ks21q_OWggivq4GGp_YFGpX08dH1pGjd_Z9bbr0&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
unknown
whitelisted
1836
msiexec.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/CSPCA.crl
unknown
whitelisted
892
SIHClient.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6172
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
892
SIHClient.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl
unknown
whitelisted
892
SIHClient.exe
GET
200
2.16.241.19:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
892
SIHClient.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
unknown
whitelisted
892
SIHClient.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl
unknown
whitelisted
892
SIHClient.exe
GET
200
104.79.89.142:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.2.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
6432
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5596
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4260
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
7400
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7400
msedge.exe
150.171.27.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7400
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
7400
msedge.exe
188.114.97.3:443
download.annke.com
CLOUDFLARENET
NL
whitelisted
7400
msedge.exe
104.18.23.222:443
copilot.microsoft.com
CLOUDFLARENET
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 40.127.240.158
whitelisted
google.com
  • 142.250.184.238
whitelisted
edge.microsoft.com
  • 150.171.27.11
  • 150.171.28.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
download.annke.com
  • 188.114.97.3
  • 188.114.96.3
unknown
copilot.microsoft.com
  • 104.18.23.222
  • 104.18.22.222
whitelisted
www.bing.com
  • 92.123.104.49
  • 92.123.104.47
  • 92.123.104.32
  • 92.123.104.59
  • 92.123.104.60
  • 92.123.104.25
  • 92.123.104.50
  • 92.123.104.33
  • 92.123.104.26
  • 184.86.251.22
  • 184.86.251.27
  • 2.16.241.218
  • 2.16.241.201
whitelisted
update.googleapis.com
  • 216.58.206.35
whitelisted
clients2.googleusercontent.com
  • 142.250.185.97
whitelisted
edgeassetservice.azureedge.net
  • 13.107.246.44
  • 13.107.213.44
whitelisted

Threats

PID
Process
Class
Message
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
Process
Message
Setup.exe
The operation completed successfully.
Annke_Vision_V3.7.0.50_E.exe
byl strInstallPath = C:\Program Files (x86).
Annke_Vision_V3.7.0.50_E.exe
azb C:\ProgramData\Microsoft\Windows\Start Menu/Programs/Annke Vision 3.7.0.50/Annke Vision 3.7.0.50 Client.lnk
Annke_Vision_V3.7.0.50_E.exe
azb C:\ProgramData\Microsoft\Windows\Start Menu/Programs/Annke Vision 3.7.0.50/Annke Vision 3.7.0.50 User Manual.lnk
Annke_Vision_V3.7.0.50_E.exe
azb C:\ProgramData\Microsoft\Windows\Start Menu/Programs/Annke Vision 3.7.0.50/Uninstall Annke Vision 3.7.0.50.lnk
Annke_Vision_V3.7.0.50_E.exe
azb C:\Users\Public\Desktop/Annke Vision 3.7.0.50 Client.lnk
Annke_Vision_V3.7.0.50_E.exe
azb createShortcutIcon= Annke Vision 3.7.0.50 Client.
Annke Vision.Framework.S.exe
byl:crtPath "C:\\Program Files (x86)\\Annke Vision Site\\Annke Vision Client\\Server\\"
Annke Vision.Framework.S.exe
---scc--- LoadSkin = ServerFramework Success
Annke Vision.Framework.C.exe
huangzhongyi main start "2025-11-21 22:37:58:119"
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://download.annke.com/software/HK/Annke_Vision_V3.7.0.50_E.exe