分析任务

分析类型 虚拟机标签 开始时间 结束时间 持续时间
文件 (Windows) win7-sp1-x64-shaapp02-1 2022-09-24 22:34:07 2022-09-24 22:36:18 131 秒

魔盾分数

2.525

可疑的

文件详细信息

文件名 CMWTAT_Digital_Release_2_6_2_0.exe
文件大小 13385216 字节
文件类型 PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
MD5 b3eb76220a557522e5e58a7a11c6f462
SHA1 bcb0b181f49bdf434f6c3912323803641f7013cb
SHA256 1834e6d6b9a50b753a36f8d0c2e54cd15f6850e1b1d18a76fa44f100fb63aeaa
SHA512 a929cdeba86d79f41533a53e23bd5c57710112a1314b682f3f661dadc144b5df2602b1ad34d421493011dcfe7f8bec27fbe65b7ab79da7e9a3593fe69991ac54
CRC32 F38DC682
Ssdeep 196608:PInBDceT/wcnJ45/9iD54+V11bFv4zPE:Y+014
Yara 登录查看Yara规则
找不到该样本 提交漏报

登录查看威胁特征

运行截图


访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

域名解析 (可点击查询WPING实时安全评级)

无域名信息.


摘要

登录查看详细行为信息

PE 信息

初始地址 0x00400000
入口地址 0x01061d5e
声明校验值 0x00000000
实际校验值 0x00ccb2a9
最低操作系统版本要求 4.0
PDB路径 D:\Projects\CMWTAT_Digital_Edition\CMWTAT_DIGITAL\obj\Release\CMWTAT_DIGITAL.pdb
编译时间 2022-09-11 19:26:05
载入哈希 f34d5f2d4577ed6d9ceec516c1f5a744

版本信息

Translation
LegalCopyright
Assembly Version
InternalName
FileVersion
CompanyName
LegalTrademarks
Comments
ProductName
ProductVersion
FileDescription
OriginalFilename

PE 数据组成

名称 虚拟地址 虚拟大小 原始数据大小 特征 熵(Entropy)
.text 0x00002000 0x00c5fd64 0x00c5fe00 IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 6.06
.rsrc 0x00c62000 0x00063a40 0x00063c00 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 6.90
.reloc 0x00cc6000 0x0000000c 0x00000200 IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 0.10

导入

库: mscoree.dll:
0x402000 _CorExeMain

装载信息

名称 CMWTAT_DIGITAL
版本 2.6.2.0

装载参考

名称 版本
mscorlib 4.0.0.0
PresentationFramework 4.0.0.0
PresentationCore 4.0.0.0
System 4.0.0.0
WindowsBase 4.0.0.0
System.Xaml 4.0.0.0
System.Windows.Forms 4.0.0.0
Newtonsoft.Json 13.0.0.0
MaterialDesignThemes.Wpf 4.5.0.0
System.Runtime.WindowsRuntime 4.0.0.0
System.Drawing 4.0.0.0
LibGatherOsState 1.0.0.0
Windows.UI 255.255.255.255
System.Core 4.0.0.0

自定义属性

类型 名称
Assembly [mscorlib]System.Reflection.AssemblyTitleAttribute CMWTAT Digital Edition
Assembly [mscorlib]System.Reflection.AssemblyDescriptionAttribute CloudMoe Windows 10 Activation Toolkit
Assembly [mscorlib]System.Reflection.AssemblyCompanyAttribute CloudMoe Netwo
Assembly [mscorlib]System.Reflection.AssemblyProductAttribute CMWTAT Digital Edition
Assembly [mscorlib]System.Reflection.AssemblyCopyrightAttribute Copyright \xc2\xa9 CloudMoe Saltfish Studio 20
Assembly [mscorlib]System.Reflection.AssemblyTrademarkAttribute CloudMoe Saltfish Stud

类型参考

装载 类型名称
LibGatherOsState LibGatherOsState.GatherOsState
LibGatherOsState LibGatherOsState.GatherOsState/ActivateLicenseXMLResult
LibGatherOsState LibGatherOsState.GatherOsState/ActivateLicenseXMLResultState
LibGatherOsState LibGatherOsState.GatherOsState/LicenseType
MaterialDesignThemes.Wpf MaterialDesignThemes.Wpf.DialogHost
MaterialDesignThemes.Wpf MaterialDesignThemes.Wpf.IBaseTheme
MaterialDesignThemes.Wpf MaterialDesignThemes.Wpf.ITheme
MaterialDesignThemes.Wpf MaterialDesignThemes.Wpf.PaletteHelper
MaterialDesignThemes.Wpf MaterialDesignThemes.Wpf.Theme
MaterialDesignThemes.Wpf MaterialDesignThemes.Wpf.ThemeExtensions
Newtonsoft.Json Newtonsoft.Json.Linq.JArray
Newtonsoft.Json Newtonsoft.Json.Linq.JObject
Newtonsoft.Json Newtonsoft.Json.Linq.JToken
Newtonsoft.Json Newtonsoft.Json.Linq.JValue
PresentationCore System.Windows.Resources.AssemblyAssociatedContentFileAttribute
PresentationCore System.Windows.RoutedEventArgs
PresentationCore System.Windows.RoutedEventHandler
PresentationCore System.Windows.UIElement
PresentationCore System.Windows.Visibility
PresentationFramework System.Windows.Application
PresentationFramework System.Windows.Controls.Button
PresentationFramework System.Windows.Controls.ComboBox
PresentationFramework System.Windows.Controls.Grid
PresentationFramework System.Windows.Controls.ItemsControl
PresentationFramework System.Windows.Controls.Primitives.ButtonBase
PresentationFramework System.Windows.Controls.Primitives.Selector
PresentationFramework System.Windows.Controls.Primitives.TextBoxBase
PresentationFramework System.Windows.Controls.Primitives.ToggleButton
PresentationFramework System.Windows.Controls.RadioButton
PresentationFramework System.Windows.Controls.TextBlock
PresentationFramework System.Windows.Controls.TextBox
PresentationFramework System.Windows.Controls.TextChangedEventArgs
PresentationFramework System.Windows.Controls.TextChangedEventHandler
PresentationFramework System.Windows.Controls.ValidationResult
PresentationFramework System.Windows.Controls.ValidationRule
PresentationFramework System.Windows.FrameworkElement
PresentationFramework System.Windows.ResourceDictionary
PresentationFramework System.Windows.ResourceDictionaryLocation
PresentationFramework System.Windows.ThemeInfoAttribute
PresentationFramework System.Windows.Window
System System.CodeDom.Compiler.GeneratedCodeAttribute
System System.Collections.Specialized.NameValueCollection
System System.ComponentModel.CancelEventArgs
System System.ComponentModel.CancelEventHandler
System System.ComponentModel.EditorBrowsableAttribute
System System.ComponentModel.EditorBrowsableState
System System.ComponentModel.INotifyPropertyChanged
System System.ComponentModel.PropertyChangedEventArgs
System System.ComponentModel.PropertyChangedEventHandler
System System.Configuration.ApplicationSettingsBase
System System.Configuration.SettingsBase
System System.Diagnostics.Process
System System.Diagnostics.ProcessStartInfo
System System.Net.HttpWebRequest
System System.Net.HttpWebResponse
System System.Net.WebException
System System.Net.WebExceptionStatus
System System.Net.WebHeaderCollection
System System.Net.WebRequest
System System.Net.WebResponse
System System.Text.RegularExpressions.Regex
System System.Text.RegularExpressions.RegexOptions
System System.Uri
System System.UriKind
System.Core System.Linq.Enumerable
System.Drawing System.Drawing.Color
System.Drawing System.Drawing.Icon
System.Runtime.WindowsRuntime Windows.UI.Color
System.Windows.Forms System.Windows.Forms.Application
System.Windows.Forms System.Windows.Forms.ContextMenu
System.Windows.Forms System.Windows.Forms.MenuItem
System.Windows.Forms System.Windows.Forms.NotifyIcon
System.Windows.Forms System.Windows.Forms.ToolTipIcon
System.Xaml System.Windows.Markup.IComponentConnector
Windows.UI Windows.UI.ViewManagement.UIColorType
Windows.UI Windows.UI.ViewManagement.UISettings
WindowsBase System.Windows.Markup.InternalTypeHelper
WindowsBase System.Windows.Threading.Dispatcher
WindowsBase System.Windows.Threading.DispatcherObject
mscorlib Microsoft.Win32.Registry
mscorlib Microsoft.Win32.RegistryKey
mscorlib System.Action
mscorlib System.Action`1
mscorlib System.Activator
mscorlib System.AppDomain
mscorlib System.AsyncCallback
mscorlib System.Attribute
mscorlib System.Byte
mscorlib System.Char
mscorlib System.Collections.Generic.Dictionary`2
mscorlib System.Collections.Generic.EqualityComparer`1
mscorlib System.Collections.Generic.IEnumerable`1
mscorlib System.Collections.Generic.IList`1
mscorlib System.Collections.Generic.List`1
mscorlib System.Collections.IDictionary
mscorlib System.Collections.IEnumerable
mscorlib System.Collections.ObjectModel.Collection`1
mscorlib System.Console
mscorlib System.Convert
mscorlib System.DateTime
mscorlib System.Delegate
mscorlib System.Diagnostics.DebuggableAttribute
mscorlib System.Diagnostics.DebuggableAttribute/DebuggingModes
mscorlib System.Diagnostics.DebuggerNonUserCodeAttribute
mscorlib System.Enum
mscorlib System.Environment
mscorlib System.Environment/SpecialFolder
mscorlib System.EventArgs
mscorlib System.EventHandler
mscorlib System.Exception
mscorlib System.Globalization.CultureInfo
mscorlib System.IAsyncResult
mscorlib System.IDisposable
mscorlib System.IO.Directory
mscorlib System.IO.DirectoryInfo
mscorlib System.IO.File
mscorlib System.IO.FileAccess
mscorlib System.IO.FileAttributes
mscorlib System.IO.FileMode
mscorlib System.IO.FileStream
mscorlib System.IO.Path
mscorlib System.IO.Stream
mscorlib System.IO.StreamReader
mscorlib System.IO.StreamWriter
mscorlib System.IO.TextReader
mscorlib System.IO.TextWriter
mscorlib System.Int32
mscorlib System.IntPtr
mscorlib System.MulticastDelegate
mscorlib System.Object
mscorlib System.OperatingSystem
mscorlib System.PlatformID
mscorlib System.Reflection.Assembly
mscorlib System.Reflection.AssemblyCompanyAttribute
mscorlib System.Reflection.AssemblyConfigurationAttribute
mscorlib System.Reflection.AssemblyCopyrightAttribute
mscorlib System.Reflection.AssemblyDescriptionAttribute
mscorlib System.Reflection.AssemblyFileVersionAttribute
mscorlib System.Reflection.AssemblyName
mscorlib System.Reflection.AssemblyProductAttribute
mscorlib System.Reflection.AssemblyTitleAttribute
mscorlib System.Reflection.AssemblyTrademarkAttribute
mscorlib System.Reflection.Binder
mscorlib System.Reflection.BindingFlags
mscorlib System.Reflection.EventInfo
mscorlib System.Reflection.PropertyInfo
mscorlib System.ResolveEventArgs
mscorlib System.ResolveEventHandler
mscorlib System.Resources.ResourceManager
mscorlib System.Runtime.CompilerServices.CallerMemberNameAttribute
mscorlib System.Runtime.CompilerServices.CompilationRelaxationsAttribute
mscorlib System.Runtime.CompilerServices.CompilerGeneratedAttribute
mscorlib System.Runtime.CompilerServices.ExtensionAttribute
mscorlib System.Runtime.CompilerServices.RuntimeCompatibilityAttribute
mscorlib System.Runtime.InteropServices.ComVisibleAttribute
mscorlib System.Runtime.InteropServices.Marshal
mscorlib System.Runtime.Versioning.TargetFrameworkAttribute
mscorlib System.RuntimeTypeHandle
mscorlib System.STAThreadAttribute
mscorlib System.String
mscorlib System.StringComparison
mscorlib System.Text.Encoding
mscorlib System.Threading.Interlocked
mscorlib System.Threading.Thread
mscorlib System.Threading.ThreadStart
mscorlib System.Type
mscorlib System.ValueType
mscorlib System.Version

.text
`.rsrc
@.reloc
,7ry
v4.0.30319
#Strings
#GUID
#Blob
<RunAct>b__10
IsWindows10
<>c__DisplayClass30_0
<ShowBallSameDig>b__40_0
<RaisePropertyChanged>b__11_0
<>c__DisplayClass41_0
<>c__DisplayClass5_0
<InvokeTest>b__26_0
<>c__DisplayClass27_0
<>c__DisplayClass38_0
<RunUpgradeFullVersion>b__39_0
<CheckUpdate>b__0
<RunInstall>b__0
<Main>b__0
<RunAct>b__0
<LoadOSList>b__0
<RunAct>b__11
<>c__DisplayClass30_1
<>c__DisplayClass41_1
<RunUpgradeFullVersion>b__39_1
<RunInstall>b__1
<RunAct>b__1
<LoadOSList>b__1
IEnumerable`1
Action`1
Collection`1
EqualityComparer`1
IList`1
CS$<>8__locals1
<RunAct>b__12
kernel32
Microsoft.Win32
user32
Bit32
ToInt32
<RunInstall>b__2
<RunAct>b__2
<LoadOSList>b__2
Dictionary`2
<RunAct>b__13
<RunInstall>b__3
<RunAct>b__3
<LoadOSList>b__3
<RunAct>b__14
PRODUCT_ENTERPRISE_SERVER_IA64
Itanium64
Bit64
<RunInstall>b__4
<RunAct>b__4
<LoadOSList>b__4
<RunInstall>b__5
<RunAct>b__5
<LoadOSList>b__5
<RunInstall>b__6
<RunAct>b__6
<RunInstall>b__7
<RunAct>b__7
get_UTF8
<RunAct>b__8
<RunAct>b__9
<Module>
get_B
PRODUCT_HOME_BASIC
PRODUCT_ESSENTIALBUSINESS_SERVER_ADDLSVC
PRODUCT_ESSENTIALBUSINESS_SERVER_MGMTSVC
PRODUCT_EMBEDDED
PRODUCT_UNDEFINED
get_ID
set_ID
PlatformID
RunCMD
VER_SUITE_BLADE
PRODUCT_SMALLBUSINESS_SERVER_PREMIUM_CORE
PRODUCT_SOLUTION_EMBEDDEDSERVER_CORE
PRODUCT_WEB_SERVER_CORE
PRODUCT_STORAGE_STANDARD_SERVER_CORE
PRODUCT_STANDARD_SERVER_CORE
PRODUCT_STORAGE_ENTERPRISE_SERVER_CORE
PRODUCT_ENTERPRISE_SERVER_CORE
PRODUCT_STORAGE_WORKGROUP_SERVER_CORE
PRODUCT_DATACENTER_SERVER_CORE
PRODUCT_STORAGE_EXPRESS_SERVER_CORE
PRODUCT_STANDARD_SERVER_SOLUTIONS_CORE
VER_SUITE_ENTERPRISE
PRODUCT_ENTERPRISE
PRODUCT_ULTIMATE
PRODUCT_HOME_BASIC_E
PRODUCT_ENTERPRISE_E
PRODUCT_ULTIMATE_E
PRODUCT_PROFESSIONAL_E
PRODUCT_HOME_PREMIUM_E
PRODUCT_STARTER_E
PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING
get_G
RunCLI
Windows.UI
DialogWithOK
VER_SUITE_TERMINAL
PRODUCT_PROFESSIONAL
VER_SUITE_PERSONAL
CMWTAT_DIGITAL
PRODUCT_ESSENTIALBUSINESS_SERVER_ADDL
GenActivateLicenseXML
PRODUCT_SB_SOLUTION_SERVER_EM
PRODUCT_SERVER_FOR_SB_SOLUTIONS_EM
PRODUCT_HOME_PREMIUM
PRODUCT_SMALLBUSINESS_SERVER_PREMIUM
get_CMWTAT_ICON
_PROCESSOR_INFO_UNION
PRODUCT_SERVER_FOUNDATION
VER_NT_WORKSTATION
get_SN
set_SN
PRODUCT_HOME_BASIC_N
PRODUCT_ENTERPRISE_N
PRODUCT_ULTIMATE_N
PRODUCT_PROFESSIONAL_N
PRODUCT_HOME_PREMIUM_N
PRODUCT_STARTER_N
PRODUCT_BUSINESS_N
SYSTEM_INFO
System.IO
VER_NT_DOMAIN_CONTROLLER
VER_SUITE_DATACENTER
PRODUCT_STARTER
PRODUCT_SOLUTION_EMBEDDEDSERVER
PRODUCT_WEB_SERVER
PRODUCT_STORAGE_STANDARD_SERVER
PRODUCT_STANDARD_SERVER
PRODUCT_HOME_SERVER
PRODUCT_STORAGE_ENTERPRISE_SERVER
PRODUCT_ENTERPRISE_SERVER
PRODUCT_HOME_PREMIUM_SERVER
PRODUCT_SB_SOLUTION_SERVER
PRODUCT_STORAGE_WORKGROUP_SERVER
PRODUCT_DATACENTER_SERVER
PRODUCT_CLUSTER_SERVER
PRODUCT_SMALLBUSINESS_SERVER
PRODUCT_STORAGE_EXPRESS_SERVER
VER_NT_SERVER
get_R
CMWTAT_KMS
PRODUCT_SERVER_FOR_SB_SOLUTIONS
PRODUCT_STANDARD_SERVER_SOLUTIONS
get_DisplayOS
set_DisplayOS
VER_SUITE_SMALLBUSINESS
PRODUCT_SERVER_FOR_SMALLBUSINESS
PRODUCT_BUSINESS
VER_SUITE_SINGLEUSERTS
PRODUCT_ESSENTIALBUSINESS_SERVER_MGMT
PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT
GetSKU
PRODUCT_HYPERV
PRODUCT_STANDARD_SERVER_CORE_V
PRODUCT_ENTERPRISE_SERVER_CORE_V
PRODUCT_DATACENTER_SERVER_CORE_V
PRODUCT_STANDARD_SERVER_V
PRODUCT_ENTERPRISE_SERVER_V
PRODUCT_DATACENTER_SERVER_V
PRODUCT_CLUSTER_SERVER_V
PRODUCT_SERVER_FOR_SMALLBUSINESS_V
OSVERSIONINFOEX
PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY
value__
FromArgb
mscorlib
System.Collections.Generic
dwOemId
dwPlatformId
connectionId
langRd
RegistryRead
Thread
_contentLoaded
add_TextChanged
SystemEditionTextInput_TextChanged
add_PropertyChanged
remove_PropertyChanged
RaisePropertyChanged
INotifyPropertyChanged
add_Checked
A_RadioButton_Checked
M_RadioButton_Checked
Interlocked
set_IsEnabled
add_Activated
Window_Activated
is_selected
wReserved
System.Collections.Specialized
Synchronized
DialogHostGrid
TField
<ID>k__BackingField
<DisplayOS>k__BackingField
<LongListToTestComboVirtualization>k__BackingField
field
RunCMD_old
ReadToEnd
UriKind
method
Replace
ifValidateWhiteSpace
IsNullOrWhiteSpace
XamlGeneratedNamespace
CreateInstance
defaultInstance
instance
set_ItemsSource
FileMode
get_Message
Range
CompareExchange
EndInvoke
BeginInvoke
IEnumerable
IDisposable
set_Visible
get_Handle
RuntimeTypeHandle
GetTypeFromHandle
handle
DelectTempFile
ExportTempFile
log2file
tempfile
Console
get_Title
set_Title
DialogUpdateTitle
DialogWithOKToCloseDialogDonateTitle
DialogWithOKToCloseDialogTitle
DialogWithExitTitle
ValidationRule
s_Name
get_Name
set_FileName
procedureName
LangName
get_FullName
AssemblyName
libraryName
propertyName
ITheme
IBaseTheme
SetBaseTheme
CheckWindowsTheme
GetTheme
SetTheme
DateTime
System.Runtime.WindowsRuntime
WriteLine
Combine
LocalMachine
LicenseType
delegateType
ValueType
UIColorType
dwProcessorType
wProductType
GetType
System.Core
PresentationCore
CheckWindowsCore
SoftwareArchitecture
wProcessorArchitecture
get_Culture
set_Culture
resourceCulture
get_CurrentCulture
culture
ButtonBase
ApplicationSettingsBase
WindowsBase
TextBoxBase
ApplyBase
ifIgnoreCase
raise
HttpWebResponse
GetResponse
MutateVerbose
Close
Dispose
Parse
Validate
IgnoreUpdate
DialogUpdate
CheckUpdate
Create
_CreateDelegate
GetIsWow64ProcessDelegate
MulticastDelegate
DialogWithOKToCloseDialogDonate
EditorBrowsableState
LibGatherOsState
ActivateLicenseXMLResultState
state
Delete
STAThreadAttribute
CompilerGeneratedAttribute
GeneratedCodeAttribute
DebuggerNonUserCodeAttribute
DebuggableAttribute
EditorBrowsableAttribute
ComVisibleAttribute
AssemblyAssociatedContentFileAttribute
AssemblyTitleAttribute
CallerMemberNameAttribute
AssemblyTrademarkAttribute
TargetFrameworkAttribute
GetCustomAttribute
ExtensionAttribute
AssemblyFileVersionAttribute
AssemblyConfigurationAttribute
AssemblyDescriptionAttribute
ThemeInfoAttribute
CompilationRelaxationsAttribute
AssemblyProductAttribute
AssemblyCopyrightAttribute
AssemblyCompanyAttribute
RuntimeCompatibilityAttribute
set_UseShellExecute
GetHue
JValue
GetColorValue
TryGetValue
SetValue
DefaultValue
newValue
GetPropertyValue
SetPropertyValue
value
set_KeepAlive
add_AssemblyResolve
Remove
CMWTAT_DIGITAL.exe
get_Size
dwPageSize
dwOSVersionInfoSize
SizeOf
IndexOf
MaterialDesignThemes.Wpf
ShowBallSameDig
CurrentConfig
LoadLang
LocalLang
DefaultLang
NotSupportLang
NowLang
System.Threading
System.Windows.Threading
GetEncoding
set_StandardOutputEncoding
System.Runtime.Versioning
get_VersionString
ToString
Substring
add_Closing
Window_Closing
System.Drawing
ConsoleLog
WriteLog
strLog
DialogWithOKToCloseDialog
DialogActProg
IsMatch
UpdateInputMatch
wdPath
GetTempPath
GetFolderPath
RegistryPath
get_Length
EndsWith
StartsWith
set_StartupUri
get_ServicePack
AsyncCallback
callback
add_Click
Donate_Button_Click
Activate_Button_Click
Exit_Button_Click
UpdateBtn_Click
installbtn_Click
upgradefullbtn_Click
UpgradeFullVersionWindows_Click
TextBlock
get_Dark
isDark
PresentationFramework
wSuiteMask
dwActiveProcessorMask
Marshal
op_GreaterThanOrEqual
DialogWithCancel
System.Collections.ObjectModel
System.ComponentModel
ViewModel
dwProcessorLevel
RunInstall
Kernel32.dll
kernel32.dll
CMWTAT_DIGITAL.Res.LibGatherOsState.dll
CMWTAT_DIGITAL.Res.MaterialDesignThemes.Wpf.dll
CMWTAT_DIGITAL.Res.Newtonsoft.Json.dll
CMWTAT_DIGITAL.Res.MaterialDesignColors.dll
System.Xaml
ItemsControl
GetManifestResourceStream
FileStream
GetResponseStream
Program
get_Item
set_Item
MenuItem
OperatingSystem
system
get_Platform
resourceMan
op_LessThan
JToken
set_IsOpen
CMWTAT_DIGITAL.Domain
AppDomain
MainServerDomain
BackupServerDomain
get_CurrentDomain
set_Icon
ToolTipIcon
NotifyIcon
notifyIcon
get_Revision
dwProcessorRevision
NotifyPropertyChangedExtension
szCSDVersion
get_OSVersion
get_Version
AllowedVersion
get_BuildVersion
DialogUpgradeFullVersion
RunUpgradeFullVersion
get_RevisionVersion
get_MajorVersion
spMajorVersion
osMajorVersion
dwMajorVersion
get_MinorVersion
spMinorVersion
osMinorVersion
dwMinorVersion
get_ProductVersion
CurrentVersion
latest_version
Application
ResourceDictionaryLocation
System.Configuration
GetSaturation
System.Globalization
get_LongListToTestComboVirtualization
Action
System.Reflection
NameValueCollection
WebHeaderCollection
Wow64FsEnableRedirection
Wow64EnableWow64FsRedirection
s_Edition
get_Edition
SystemEdition
GetEdition
edition
WebException
get_Description
Newtonsoft.Json
StringComparison
ToggleButton
RadioButton
UpdateBtn
installbtn
upgradefullbtn
actbtn
hiderun
Shutdown
Unknown
currentCultureInfo
cultureInfo
GetNativeSystemInfo
lpSystemInfo
GetSystemInfo
OSVersionInfo
osVersionInfo
uProcessorInfo
GetProductInfo
EventInfo
eventInfo
get_StartInfo
set_StartInfo
ProcessStartInfo
DirectoryInfo
PropertyInfo
propertyInfo
ManualRadio
AutoRadio
is_auto
get_ClipUp
Sleep
ShowBalloonTip
DialogHelp
showhelp
System.Windows.Markup
System.Linq
Newtonsoft.Json.Linq
Clear
InvokeMember
dwBuildNumber
StreamReader
TextReader
SpecialFolder
sender
Binder
get_ResourceManager
get_Dispatcher
AddEventHandler
TextChangedEventHandler
PropertyChangedEventHandler
RoutedEventHandler
ResolveEventHandler
CancelEventHandler
handler
System.CodeDom.Compiler
GeneratedInternalTypeHelper
PaletteHelper
ToUpper
CurrentUser
StreamWriter
TextWriter
GetDelegateForFunctionPointer
ToLower
get_slmgr
get_Major
wServicePackMajor
Color
get_Minor
wServicePackMinor
Is32BitProcessOn64BitProcessor
Activator
.ctor
.cctor
Selector
IComponentConnector
IntPtr
patternStr
inputStr
GetSystemMetrics
System.Diagnostics
System.Runtime.InteropServices
System.Runtime.CompilerServices
System.Resources
System.Windows.Resources
get_Resources
CMWTAT_DIGITAL.g.resources
CMWTAT_DIGITAL.Properties.Resources.resources
DebuggingModes
loadedAssemblies
get_MergedDictionaries
CMWTAT_DIGITAL.Properties
GetEnvironmentVariables
FileAttributes
GetAttributes
WriteAllBytes
System.Windows.Controls.Primitives
BindingFlags
UISettings
TextChangedEventArgs
PropertyChangedEventArgs
RoutedEventArgs
ResolveEventArgs
CancelEventArgs
startup_args
<>4__this
Equals
System.Windows.Controls
ositems
System.Windows.Forms
Contains
ThemeExtensions
System.Text.RegularExpressions
System.Collections
RegexOptions
checked_os
selecos
get_Headers
Users
dwNumberOfProcessors
OSVersionInfoClass
FileAccess
isWow64Process
GetCurrentProcess
GetBrightness
GetProcAddress
lpMinimumApplicationAddress
lpMaximumApplicationAddress
get_OSBits
get_ProgramBits
get_ProcessorBits
Constants
set_Arguments
Exists
get_Status
WebExceptionStatus
System.Windows
Concat
Format
RunAct
is_not_network_to_act
autoact
expact
JObject
DispatcherObject
GetObject
object
System.Windows.Markup.IComponentConnector.Connect
System.Net
target
get_Light
get_Height
set_Height
get_Copyright
DialogWait
Split
DialogWithExit
WaitForExit
get_Default
ActivateLicenseXMLResult
IAsyncResult
get_ValidResult
ValidationResult
result
set_UserAgent
Windows.UI.ViewManagement
UIElement
FrameworkElement
Environment
LoadComponent
InitializeComponent
get_Current
get_Count
ClassesRoot
set_Accept
RunCScript
ThreadStart
get_SelectionStart
set_SelectionStart
Convert
InvokeTest
GetHttpWebRequest
LoadOSList
DialogHost
set_Timeout
timeout
get_StandardInput
set_RedirectStandardInput
SystemEditionTextInput
get_StandardOutput
set_RedirectStandardOutput
System.Text
get_Text
set_Text
DialogUpdateText
DialogWithOKToCloseDialogDonateText
DialogWithOKToCloseDialogText
WriteAllText
SystemEditionText
DialogWithExitText
log_text
activatingtext
set_DataContext
set_ContextMenu
get_Now
MainWindow
set_CreateNoWindow
GetVersionEx
set_SelectedIndex
nIndex
now_os_index
Regex
ComboBox
TextBox
JArray
Frequency
OpenSubKey
RegistryKey
last_key
get_Assembly
GetExecutingAssembly
IDictionary
ResourceDictionary
LoadLibrary
get_BaseDirectory
CreateDirectory
set_WorkingDirectory
get_SystemDirectory
retry
Registry
op_Equality
op_Inequality
set_Visibility
dwAllocationGranularity
IsNullOrEmpty
CMWTAT Digital Edition V2
)CloudMoe Windows 10 Activation Toolkit V2
CloudMoe Network
CloudMoe Saltfish Studio 2022
CloudMoe Saltfish Studio
2.6.2.0
res/clipup.exe
4.0.0.0
17.0.0.0
15.7.0.0
CMWTAT_KMS
0x_#+
[:\kG
app.baml
MSBAML
没有防病毒引擎扫描信息!

进程树


CMWTAT_Digital_Release_2_6_2_0.exe, PID: 2608, 上一级进程 PID: 2268

访问主机纪录 (可点击查询WPING实时安全评级)

无主机纪录.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.192.228.78 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

域名解析 (可点击查询WPING实时安全评级)

无域名信息.

TCP

源地址 源端口 目标地址 目标端口
192.168.122.201 49158 23.192.228.78 80

UDP

源地址 源端口 目标地址 目标端口
192.168.122.201 63246 192.168.122.1 53

HTTP 请求

URI HTTP数据
URL专业沙箱检测 -> http://acroipm.adobe.com/11/rdr/CHS/win/nooem/none/message.zip
GET /11/rdr/CHS/win/nooem/none/message.zip HTTP/1.1
Accept: */*
If-Modified-Since: Mon, 08 Nov 2017 08:44:36 GMT
User-Agent: IPM
Host: acroipm.adobe.com
Connection: Keep-Alive
Cache-Control: no-cache

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
HTML 总结报告
(需15-60分钟同步)
下载

Processing ( 44.247 seconds )

  • 26.814 Static
  • 10.95 Suricata
  • 2.491 TargetInfo
  • 1.34 VirusTotal
  • 1.147 NetworkAnalysis
  • 0.655 static_dotnet
  • 0.443 BehaviorAnalysis
  • 0.342 peid
  • 0.031 config_decoder
  • 0.016 AnalysisInfo
  • 0.016 Strings
  • 0.002 Memory

Signatures ( 1.621 seconds )

  • 1.308 md_url_bl
  • 0.026 antiav_detectfile
  • 0.026 antiav_detectreg
  • 0.023 api_spamming
  • 0.018 infostealer_bitcoin
  • 0.017 stealth_decoy_document
  • 0.017 stealth_timeout
  • 0.017 infostealer_ftp
  • 0.011 infostealer_im
  • 0.01 antivm_vbox_files
  • 0.008 md_domain_bl
  • 0.007 dyre_behavior
  • 0.007 infostealer_mail
  • 0.006 anomaly_persistence_autorun
  • 0.005 maldun_anomaly_massive_file_ops
  • 0.005 encrypted_ioc
  • 0.005 antianalysis_detectreg
  • 0.005 geodo_banking_trojan
  • 0.004 antidbg_devices
  • 0.004 ransomware_files
  • 0.003 antiemu_wine_func
  • 0.003 network_tor
  • 0.003 rat_nanocore
  • 0.003 mimics_filetime
  • 0.003 betabot_behavior
  • 0.003 infostealer_browser_password
  • 0.003 kovter_behavior
  • 0.003 network_http
  • 0.003 ransomware_extensions
  • 0.003 rat_pcclient
  • 0.002 tinba_behavior
  • 0.002 hawkeye_behavior
  • 0.002 bootkit
  • 0.002 stealth_file
  • 0.002 injection_createremotethread
  • 0.002 antivm_generic_services
  • 0.002 reads_self
  • 0.002 kazybot_behavior
  • 0.002 kibex_behavior
  • 0.002 antivm_generic_scsi
  • 0.002 shifu_behavior
  • 0.002 antivm_generic_disk
  • 0.002 anormaly_invoke_kills
  • 0.002 virus
  • 0.002 cryptowall_behavior
  • 0.002 antivm_vmware_files
  • 0.002 disables_browser_warn
  • 0.002 codelux_behavior
  • 0.001 antivm_vbox_libs
  • 0.001 dridex_behavior
  • 0.001 rat_luminosity
  • 0.001 antisandbox_sunbelt_libs
  • 0.001 exec_crash
  • 0.001 ispy_behavior
  • 0.001 cerber_behavior
  • 0.001 injection_runpe
  • 0.001 hancitor_behavior
  • 0.001 sniffer_winpcap
  • 0.001 antianalysis_detectfile
  • 0.001 antivm_generic_diskreg
  • 0.001 antivm_parallels_keys
  • 0.001 antivm_vpc_files
  • 0.001 antivm_xen_keys
  • 0.001 banker_cridex
  • 0.001 bot_drive
  • 0.001 bot_drive2
  • 0.001 browser_security
  • 0.001 modify_proxy
  • 0.001 darkcomet_regkeys
  • 0.001 maldun_malicious_drop_executable_file_to_temp_folder
  • 0.001 malicous_targeted_flame
  • 0.001 md_bad_drop
  • 0.001 network_cnc_http
  • 0.001 network_tor_service

Reporting ( 0.51 seconds )

  • 0.507 ReportHTMLSummary
  • 0.003 Malheur
Task ID 710644
Mongo ID 632f161ddc327b8d422c8fc7
Cuckoo release 1.4-Maldun