分析任务
| 分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
|---|---|---|---|---|
| 文件 (Windows) | win7-sp1-x64-1 | 2016-09-06 14:58:23 | 2016-09-06 14:58:44 | 21 秒 |
魔盾分数
7.3
危险的
文件详细信息
| 文件名 | IMEWDBLD.EXE |
|---|---|
| 文件大小 | 749448 字节 |
| 文件类型 | PE32+ executable (GUI) x86-64, for MS Windows |
| MD5 | 4f62c9be3a3f9b0ad92e6c2ed939a336 |
| SHA1 | 227d52816048183e3fe08da724f76a0b877d2edb |
| SHA256 | 9b4026c314e0b39aa87b003f743ae01fed5dd2dbdc6f2265ec5b802ef6c4282e |
| SHA512 | 982f792c770295664996ec063259c66af3ea7e20ebb389f59a66b08b8a28d288640077b25f47d742b2bb560ccbb3cbe34ef692a3a9624fb39f8a7b59eef9db52 |
| CRC32 | 493C893A |
| Ssdeep | 12288:0Esgs0bd7OJIfaU7dMKghaOOjbz7Gs/U2:PsgsYd6UR/rb+s/5 |
| Yara | 登录查看Yara规则 |
| 样本下载 提交误报 |
登录查看威胁特征
运行截图
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 23.44.155.27 | 美国 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
摘要
登录查看详细行为信息PE 信息
| 初始地址 | 0x140000000 |
|---|---|
| 入口地址 | 0x14002470c |
| 声明校验值 | 0x000bbf73 |
| 实际校验值 | 0x000bbf73 |
| 最低操作系统版本要求 | 5.2 |
| PDB路径 | t:\ime\x64\ship\0\imewdbld.pdb\x00\ship\0\imewdbld.exe\bbtopt\imewdbldO.pdb |
| 编译时间 | 2010-01-21 16:17:28 |
| 图标 |  |
| 图标精确哈希值 | aa1672d32eebd49d20c2c71138a25148 |
| 图标相似性哈希值 | 5f63cd97579b076d4e0b9200a6908ba2 |
版本信息
| LegalCopyright | |
|---|---|
| InternalName | |
| FileVersion | |
| CompanyName | |
| LegalTrademarks | |
| ProductName | |
| ProductVersion | |
| FileDescription | |
| OriginalFilename | |
| Translation |
微软证书验证 (Sign Tool)
| SHA1 | 时间戳 | 有效性 | 错误 |
|---|---|---|---|
| 4db461d969afdff9d93b22894b9b50b81b80f159 | Thu Jan 21 16:36:51 2010 | 无 |
| 证书链 | Certificate Chain 1 |
| 发行给 | Microsoft Root Authority |
| 发行人 | Microsoft Root Authority |
| 有效期 | Thu Dec 31 150000 2020 |
| SHA1 哈希 | a43489159a520f0d93d032ccaf37e7fe20a8b419 |
| 证书链 | Certificate Chain 2 |
| 发行给 | Microsoft Code Signing PCA |
| 发行人 | Microsoft Root Authority |
| 有效期 | Sat Aug 25 150000 2012 |
| SHA1 哈希 | 3036e3b25b88a55b86fc90e6e9eaad5081445166 |
| 证书链 | Certificate Chain 3 |
| 发行给 | Microsoft Corporation |
| 发行人 | Microsoft Code Signing PCA |
| 有效期 | Tue Mar 08 064029 2011 |
| SHA1 哈希 | 9617094a1cfb59ae7c1f7dfdb6739e4e7c40508f |
| 证书链 | Timestamp Chain 1 |
| 发行给 | Microsoft Root Authority |
| 发行人 | Microsoft Root Authority |
| 有效期 | Thu Dec 31 150000 2020 |
| SHA1 哈希 | a43489159a520f0d93d032ccaf37e7fe20a8b419 |
| 证书链 | Timestamp Chain 2 |
| 发行给 | Microsoft Timestamping PCA |
| 发行人 | Microsoft Root Authority |
| 有效期 | Sun Sep 15 150000 2019 |
| SHA1 哈希 | 3ea99a60058275e0ed83b892a909449f8c33b245 |
| 证书链 | Timestamp Chain 3 |
| 发行给 | Microsoft Time-Stamp Service |
| 发行人 | Microsoft Timestamping PCA |
| 有效期 | Fri Jul 26 031217 2013 |
| SHA1 哈希 | 05fecb745f7f3b1a0e262a73435ccb7eaaed8b37 |
PE 数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x00067511 | 0x00067600 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.30 |
| .rdata | 0x00069000 | 0x00022514 | 0x00022600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.56 |
| .data | 0x0008c000 | 0x000049c0 | 0x00004600 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 2.21 |
| .pdata | 0x00091000 | 0x0000720c | 0x00007400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.58 |
| .rsrc | 0x00099000 | 0x0001f238 | 0x0001f400 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.98 |
| .reloc | 0x000b9000 | 0x000008d8 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.22 |
覆盖
| 偏移量 | 0x000b5800 |
| 大小 | 0x00001788 |
资源
| 名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
|---|---|---|---|---|---|---|
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_ICON | 0x000afe78 | 0x00000468 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.92 | GLS_BINARY_LSB_FIRST |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_DIALOG | 0x000b2d74 | 0x00000342 | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.96 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_STRING | 0x000b7804 | 0x000000ba | LANG_CHINESE | SUBLANG_CHINESE_SIMPLIFIED | 4.91 | data |
| RT_GROUP_ICON | 0x000b79cc | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.91 | MS Windows icon resource - 6 icons, 48x48, 256-colors |
| RT_GROUP_ICON | 0x000b79cc | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.91 | MS Windows icon resource - 6 icons, 48x48, 256-colors |
| RT_GROUP_ICON | 0x000b79cc | 0x0000005a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 2.91 | MS Windows icon resource - 6 icons, 48x48, 256-colors |
| RT_VERSION | 0x000b7a28 | 0x000004a4 | LANG_ENGLISH | SUBLANG_ENGLISH_US | 3.48 | data |
| RT_MANIFEST | 0x000b7ecc | 0x0000036a | LANG_ENGLISH | SUBLANG_ENGLISH_US | 5.07 | ASCII text, with CRLF line terminators |
导入
库: KERNEL32.dll:
• 0x140069000 QueryPerformanceCounter
• 0x140069008 VirtualProtect
• 0x140069010 GetProcessHeap
• 0x140069018 MultiByteToWideChar
• 0x140069020 WideCharToMultiByte
• 0x140069028 LoadLibraryExW
• 0x140069030 SetFilePointer
• 0x140069038 SetEndOfFile
• 0x140069040 GetFileSize
• 0x140069048 CreateDirectoryW
• 0x140069050 FlushViewOfFile
• 0x140069058 UnmapViewOfFile
• 0x140069060 FileTimeToSystemTime
• 0x140069068 SystemTimeToTzSpecificLocalTime
• 0x140069070 DosDateTimeToFileTime
• 0x140069078 LocalFileTimeToFileTime
• 0x140069080 SetFileTime
• 0x140069088 GetLocalTime
• 0x140069090 CreateFileMappingW
• 0x140069098 MapViewOfFile
• 0x1400690a0 GetTickCount
• 0x1400690a8 GetCurrentThreadId
• 0x1400690b0 GetCurrentProcessId
• 0x1400690b8 GetSystemTimeAsFileTime
• 0x1400690c0 HeapAlloc
• 0x1400690c8 GetModuleFileNameW
• 0x1400690d0 GetStartupInfoW
• 0x1400690d8 TerminateProcess
• 0x1400690e0 GetCurrentProcess
• 0x1400690e8 UnhandledExceptionFilter
• 0x1400690f0 SetUnhandledExceptionFilter
• 0x1400690f8 IsDebuggerPresent
• 0x140069100 RtlVirtualUnwind
• 0x140069108 RtlLookupFunctionEntry
• 0x140069110 HeapFree
• 0x140069118 RtlCaptureContext
• 0x140069120 RaiseException
• 0x140069128 EnterCriticalSection
• 0x140069130 LeaveCriticalSection
• 0x140069138 InitializeCriticalSection
• 0x140069140 DeleteCriticalSection
• 0x140069148 HeapDestroy
• 0x140069150 HeapReAlloc
• 0x140069158 HeapSize
• 0x140069160 GetVersionExW
• 0x140069168 ExpandEnvironmentStringsW
• 0x140069170 GetDateFormatW
• 0x140069178 GetTimeFormatW
• 0x140069180 LCMapStringW
• 0x140069188 GetCommandLineW
• 0x140069190 GetSystemDefaultLangID
• 0x140069198 CreateFileW
• 0x1400691a0 GetFileTime
• 0x1400691a8 WaitForSingleObject
• 0x1400691b0 CloseHandle
• 0x1400691b8 CreateThread
• 0x1400691c0 CopyFileW
• 0x1400691c8 SetFileAttributesW
• 0x1400691d0 Sleep
• 0x1400691d8 DeleteFileW
• 0x1400691e0 GetModuleHandleW
• 0x1400691e8 lstrlenW
• 0x1400691f0 LocalAlloc
• 0x1400691f8 GetTempPathW
• 0x140069200 LoadLibraryW
• 0x140069208 GetLastError
• 0x140069210 GetProcAddress
• 0x140069218 FormatMessageW
• 0x140069220 FindResourceExW
• 0x140069228 FindResourceW
• 0x140069230 LoadResource
• 0x140069238 LockResource
• 0x140069240 SizeofResource
• 0x140069248 LocalFree
• 0x140069250 FreeLibrary
• 0x140069258 GetFileAttributesW
• 0x140069260 MoveFileExW
• 0x140069268 CreateProcessW
• 0x140069270 GetTempFileNameW
• 0x140069278 GetSystemTime
• 0x140069280 SystemTimeToFileTime
• 0x140069288 CompareStringW
库: ole32.dll:
• 0x140069298 IIDFromString
• 0x1400692a0 CLSIDFromString
• 0x1400692a8 CoCreateInstance
• 0x1400692b0 CoInitialize
• 0x1400692b8 CoUninitialize
• 0x1400692c0 StringFromGUID2
• 0x1400692c8 CoCreateGuid
• 0x1400692d0 OleRun
库: OLEAUT32.dll:
• 0x1400692e0 None
• 0x1400692e8 None
• 0x1400692f0 None
• 0x1400692f8 None
• 0x140069300 None
• 0x140069308 None
• 0x140069310 None
• 0x140069318 None
• 0x140069320 None
• 0x140069328 None
• 0x140069330 None
• 0x140069338 None
• 0x140069340 None
库: ADVAPI32.dll:
• 0x140069350 RegEnumKeyExW
• 0x140069358 ConvertStringSecurityDescriptorToSecurityDescriptorW
• 0x140069360 RegOpenKeyExW
• 0x140069368 RegQueryValueExW
• 0x140069370 RegCloseKey
• 0x140069378 RegCreateKeyExW
• 0x140069380 RegSetValueExW
• 0x140069388 GetTokenInformation
• 0x140069390 IsValidSid
• 0x140069398 GetSidSubAuthorityCount
• 0x1400693a0 GetSidSubAuthority
• 0x1400693a8 OpenProcessToken
• 0x1400693b0 DeregisterEventSource
• 0x1400693b8 ReportEventW
• 0x1400693c0 RegisterEventSourceW
• 0x1400693c8 ConvertSidToStringSidW
库: SHELL32.dll:
• 0x1400693d8 ShellExecuteW
• 0x1400693e0 SHGetFolderPathW
• 0x1400693e8 None
• 0x1400693f0 None
• 0x1400693f8 CommandLineToArgvW
库: SHLWAPI.dll:
• 0x140069408 SHDeleteKeyW
• 0x140069410 PathFindFileNameW
• 0x140069418 PathRemoveBackslashW
• 0x140069420 PathFindExtensionW
• 0x140069428 PathRemoveExtensionW
• 0x140069430 PathFileExistsW
• 0x140069438 PathIsFileSpecW
库: USER32.dll:
• 0x140069448 ReleaseDC
• 0x140069450 GetDlgItem
• 0x140069458 EnableMenuItem
• 0x140069460 GetSystemMenu
• 0x140069468 EnableWindow
• 0x140069470 DialogBoxIndirectParamW
• 0x140069478 MessageBoxW
• 0x140069480 SetWindowTextW
• 0x140069488 EndDialog
• 0x140069490 SetWindowPos
• 0x140069498 OffsetRect
• 0x1400694a0 CopyRect
• 0x1400694a8 GetWindowRect
• 0x1400694b0 GetDesktopWindow
• 0x1400694b8 GetParent
• 0x1400694c0 GetDC
• 0x1400694c8 GetTabbedTextExtentW
• 0x1400694d0 CharNextW
• 0x1400694d8 DestroyIcon
• 0x1400694e0 GetWindowLongPtrW
• 0x1400694e8 SetDlgItemTextW
• 0x1400694f0 SetWindowLongPtrW
• 0x1400694f8 ShowWindow
• 0x140069500 LoadIconW
• 0x140069508 SendMessageW
• 0x140069510 LoadImageW
• 0x140069518 GetSystemMetrics
• 0x140069520 PostMessageW
• 0x140069528 SendDlgItemMessageW
库: WINTRUST.dll:
• 0x140069538 WinVerifyTrust
库: CRYPT32.dll:
• 0x140069548 CryptMsgClose
• 0x140069550 CryptQueryObject
• 0x140069558 CertCloseStore
• 0x140069560 CertGetNameStringW
• 0x140069568 CertFindCertificateInStore
• 0x140069570 CryptDecodeObject
• 0x140069578 CryptMsgGetParam
• 0x140069580 CertFreeCertificateContext
库: COMCTL32.dll:
• 0x140069590 InitCommonControlsEx
库: GDI32.dll:
• 0x1400695a0 SelectObject
• 0x1400695a8 CreateFontIndirectW
• 0x1400695b0 DeleteObject
库: UxTheme.dll:
• 0x1400695c0 GetThemeSysFont
库: MSVCR90.dll:
• 0x1400695d0 _initterm_e
• 0x1400695d8 _initterm
• 0x1400695e0 __setusermatherr
• 0x1400695e8 _commode
• 0x1400695f0 _fmode
• 0x1400695f8 _encode_pointer
• 0x140069600 __set_app_type
• 0x140069608 _unlock
• 0x140069610 __dllonexit
• 0x140069618 _lock
• 0x140069620 _onexit
• 0x140069628 _decode_pointer
• 0x140069630 __crt_debugger_hook
• 0x140069638 ?terminate@@YAXXZ
• 0x140069640 ?_type_info_dtor_internal_method@type_info@@QEAAXXZ
• 0x140069648 _wcmdln
• 0x140069650 exit
• 0x140069658 _cexit
• 0x140069660 _exit
• 0x140069668 _XcptFilter
• 0x140069670 __C_specific_handler
• 0x140069678 __wgetmainargs
• 0x140069680 _amsg_exit
• 0x140069688 memcpy
• 0x140069690 _wtoi
• 0x140069698 ??_U@YAPEAX_K@Z
• 0x1400696a0 ??_V@YAXPEAX@Z
• 0x1400696a8 _wopen
• 0x1400696b0 _lseek
• 0x1400696b8 _close
• 0x1400696c0 _write
• 0x1400696c8 _read
• 0x1400696d0 _wsopen_s
• 0x1400696d8 malloc
• 0x1400696e0 free
• 0x1400696e8 vfwprintf
• 0x1400696f0 fwprintf
• 0x1400696f8 fclose
• 0x140069700 _wfopen_s
• 0x140069708 _wcslwr_s
• 0x140069710 ??8type_info@@QEBA_NAEBV0@@Z
• 0x140069718 __RTDynamicCast
• 0x140069720 wcschr
• 0x140069728 wcsstr
• 0x140069730 _wcsicmp
• 0x140069738 ldiv
• 0x140069740 memcmp
• 0x140069748 ?what@exception@std@@UEBAPEBDXZ
• 0x140069750 ??0exception@std@@QEAA@AEBQEBD@Z
• 0x140069758 iswdigit
• 0x140069760 _wtoi64
• 0x140069768 ??0exception@std@@QEAA@AEBV01@@Z
• 0x140069770 swprintf_s
• 0x140069778 memset
• 0x140069780 _vsnwprintf_s
• 0x140069788 wcsncpy_s
• 0x140069790 wcsncat_s
• 0x140069798 vswprintf_s
• 0x1400697a0 _vscwprintf
• 0x1400697a8 _CxxThrowException
• 0x1400697b0 memmove_s
• 0x1400697b8 wcscpy_s
• 0x1400697c0 ??0exception@std@@QEAA@XZ
• 0x1400697c8 ??1exception@std@@UEAA@XZ
• 0x1400697d0 wcsnlen
• 0x1400697d8 _invalid_parameter_noinfo
• 0x1400697e0 memcpy_s
• 0x1400697e8 ??2@YAPEAX_K@Z
• 0x1400697f0 _wcstoui64
• 0x1400697f8 __CxxFrameHandler3
• 0x140069800 ??3@YAXPEAX@Z
• 0x140069808 bsearch
• 0x140069810 realloc
• 0x140069818 ftell
• 0x140069820 fprintf
• 0x140069828 atoi
• 0x140069830 isdigit
• 0x140069838 fopen_s
• 0x140069840 strrchr
• 0x140069848 fgets
• 0x140069850 fgetws
• 0x140069858 __iob_func
• 0x140069860 fputs
• 0x140069868 rewind
• 0x140069870 fgetwc
• 0x140069878 strncpy_s
• 0x140069880 strncat_s
• 0x140069888 qsort
• 0x140069890 _configthreadlocale
• 0x140069898 fwrite
• 0x1400698a0 wcsrchr
• 0x1400698a8 iswalpha
• 0x1400698b0 tolower
• 0x1400698b8 _vsnprintf_s
• 0x1400698c0 wcstok_s
• 0x1400698c8 memmove
库: MSVCP90.dll:
• 0x1400698f8 ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W0@Z
• 0x140069928 ??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
• 0x140069938 ?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W_K@Z
• 0x140069940 ?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_K_W_K@Z
• 0x140069950 ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV12@_K0@Z
• 0x140069968 ??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
• 0x140069978 ??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
• 0x140069980 ??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
.text
`.rdata
@.data
.pdata
@.rsrc
@.reloc
t:\ime\x64\ship\0\imewdbld.pdb
\ship\0\imewdbld.exe\bbtopt\imewdbldO.pdb
mM%`-
FNRM_GetRegistrationLevel
FNRM_CleanupGarbageFiles
FNRM_UnregisterAllPerUserFilesExcept
FNRM_SetActiveFile
FNRM_GetActiveFile
invalid map/set<T> iterator
vector<T> too long
list<T> too long
map/set<T> too long
DummyFileName
1.3.6.1.5.5.7.3.3
CryptUIDlgViewSignerInfoW
+HeapSetInformation
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
Unknown dictionary failed to be read.
Memory dictionary failed to be read.
User dictionary failed to be read.
IMJPABFN.DIC failed to be read.
IMJPABLN.DIC failed to be read.
IMJPADFN.DIC failed to be read.
IMJPADLN.DIC failed to be read.
IMJPNW.DIC failed to be read.
IMJPCH.DIC failed to be read.
IMJPSB.DIC failed to be read.
IMJPLN.DIC failed to be read.
IMJPNM.DIC failed to be read.
IMJPTK.DIC failed to be read.
IMJPZP.DIC failed to be read.
IMJPST.DIC failed to be read.
Dictionary name is not full-path.
IMEDMLEX
LoadLibraryEx failed: Unknown dictionary
LoadLibraryEx failed: Memory dictionary
LoadLibraryEx failed: User dictionary
LoadLibraryEx failed: IMJPABFN.DIC
LoadLibraryEx failed: IMJPABLN.DIC
LoadLibraryEx failed: IMJPADFN.DIC
LoadLibraryEx failed: IMJPADLN.DIC
LoadLibraryEx failed: IMJPNW.DIC
LoadLibraryEx failed: IMJPCH.DIC
LoadLibraryEx failed: IMJPSB.DIC
LoadLibraryEx failed: IMJPLN.DIC
LoadLibraryEx failed: IMJPNM.DIC
LoadLibraryEx failed: IMJPTK.DIC
LoadLibraryEx failed: IMJPZP.DIC
LoadLibraryEx failed: IMJPST.DIC
LoadLibraryEx failed: Dictionary name is not full-path.
CreateFileMapping returns NULL @ CFMRawBase::GetManagementBlock.
CreateFileMapping returns NULL @ CFMFileLess::GetManagementBlock.
CreateFileSub failed.
Write attempt to system dictionary.
CreateFileMapping returns NULL @ CFMFileLess::CreateOrOpenMemoryMapping.
tszFilePath = %S failed.
tszFilePath = %S.
m_strFilePath = %S.
m_strFilePath = %S, cbFileView = %d, m_cbFileView = %d.
szPath = %S, fReadOnly = %d.
szPath = %S.
-k200
maketrie.exe
stats.txt
Opening '%s'
O12#587400
DllCanUnloadNow
DllGetClassObject
MSVCP90.dll
MSVCR90.dll
UxTheme.dll
GDI32.dll
COMCTL32.dll
CRYPT32.dll
WINTRUST.dll
USER32.dll
SHLWAPI.dll
SHELL32.dll
ADVAPI32.dll
OLEAUT32.dll
ole32.dll
KERNEL32.dll
QueryPerformanceCounter
VirtualProtect
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryExW
SetFilePointer
SetEndOfFile
GetFileSize
CreateDirectoryW
FlushViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetLocalTime
CreateFileMappingW
MapViewOfFile
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
GetModuleFileNameW
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapFree
RtlCaptureContext
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
GetVersionExW
ExpandEnvironmentStringsW
GetDateFormatW
GetTimeFormatW
LCMapStringW
GetCommandLineW
GetSystemDefaultLangID
CreateFileW
GetFileTime
WaitForSingleObject
CloseHandle
CreateThread
CopyFileW
SetFileAttributesW
Sleep
DeleteFileW
GetModuleHandleW
lstrlenW
LocalAlloc
GetTempPathW
LoadLibraryW
GetLastError
GetProcAddress
FormatMessageW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LocalFree
FreeLibrary
GetFileAttributesW
MoveFileExW
CreateProcessW
GetTempFileNameW
GetSystemTime
SystemTimeToFileTime
CompareStringW
IIDFromString
CLSIDFromString
CoCreateInstance
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateGuid
OleRun
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
DeregisterEventSource
ReportEventW
RegisterEventSourceW
ConvertSidToStringSidW
ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW
SHDeleteKeyW
PathFindFileNameW
PathRemoveBackslashW
PathFindExtensionW
PathRemoveExtensionW
PathFileExistsW
PathIsFileSpecW
ReleaseDC
GetDlgItem
EnableMenuItem
GetSystemMenu
EnableWindow
DialogBoxIndirectParamW
MessageBoxW
SetWindowTextW
EndDialog
SetWindowPos
OffsetRect
CopyRect
GetWindowRect
GetDesktopWindow
GetParent
GetDC
GetTabbedTextExtentW
CharNextW
DestroyIcon
GetWindowLongPtrW
SetDlgItemTextW
SetWindowLongPtrW
ShowWindow
LoadIconW
SendMessageW
LoadImageW
GetSystemMetrics
PostMessageW
SendDlgItemMessageW
WinVerifyTrust
CryptMsgClose
CryptQueryObject
CertCloseStore
CertGetNameStringW
CertFindCertificateInStore
CryptDecodeObject
CryptMsgGetParam
CertFreeCertificateContext
InitCommonControlsEx
SelectObject
CreateFontIndirectW
DeleteObject
GetThemeSysFont
_initterm_e
_initterm
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_wcmdln
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_amsg_exit
memcpy
_wtoi
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
_wopen
_lseek
_close
_write
_read
_wsopen_s
malloc
vfwprintf
fwprintf
fclose
_wfopen_s
_wcslwr_s
??8type_info@@QEBA_NAEBV0@@Z
__RTDynamicCast
wcschr
wcsstr
_wcsicmp
memcmp
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBQEBD@Z
iswdigit
_wtoi64
??0exception@std@@QEAA@AEBV01@@Z
swprintf_s
memset
_vsnwprintf_s
wcsncpy_s
wcsncat_s
vswprintf_s
_vscwprintf
_CxxThrowException
memmove_s
wcscpy_s
??0exception@std@@QEAA@XZ
??1exception@std@@UEAA@XZ
wcsnlen
_invalid_parameter_noinfo
memcpy_s
??2@YAPEAX_K@Z
_wcstoui64
__CxxFrameHandler3
??3@YAXPEAX@Z
bsearch
realloc
ftell
fprintf
isdigit
fopen_s
strrchr
fgets
fgetws
__iob_func
fputs
rewind
fgetwc
strncpy_s
strncat_s
qsort
_configthreadlocale
fwrite
wcsrchr
iswalpha
tolower
_vsnprintf_s
wcstok_s
memmove
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_KXZ
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_NXZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W_K@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEA_W_K@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAX_K@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAAEB_W_K@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAXAEAV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV12@PEB_W_K@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA_K_W_K@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_WAEBV10@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBA?AV12@_K0@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAX_K@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@AEBV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@AEBV10@PEB_W@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEBAPEBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@PEB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PEB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@AEBV01@@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEBAPEB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAAAEAV01@PEB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QEAA@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2_KB
.?AVIFolderLocator@@
.?AV_com_error@@
.?AVlogic_error@std@@
.?AVexception@std@@
.?AVout_of_range@std@@
.?AVCAtlException@ATL@@
.?AVCFolderLocatorJpn@@
.?AVCFolderLocatorChs@@
.?AVbad_alloc@std@@
.?AVIDictionaryBuilder@@
.?AVlength_error@std@@
.?AVCNodeItemBase@@
.?AV?$comptr@UIDicDomainWordLexiconBuild@@@Comutil@@
.?AV?$CNodeItem@I@@
.?AV?$CNodeItem@_N@@
.?AVCImeDictAPIHeartBeat@@
.?AUIImeDictAPIHeartBeat@@
.?AUIUnknown@@
.?AVCNodeStringItem@@
.?AV?$CNodeItem@V_bstr_t@@@@
.?AV_bstr_t@@
.?AVCNodeUrlItem@@
.?AVCNodeInOutputStringItem@@
.?AVCNodePosItem@@
.?AVCNodeItems@@
.?AVCDictionaryEntryItems@@
.?AVCDictionaryBuilderChs@@
.?AVCDictionaryBuilderJpn@@
.?AVCWebDictCompilerUI@@
.?AVCConfigurationUI@@
.?AVCDigitalSignatureInfoUI@@
.?AV?$comptr@UINodeAttribute@@@Comutil@@
.?AVCWordList@@
.?AVNodeAttribute@@
.?AV?$comobj@UINodeAttribute@@$1?_GUID_c72f2ef8_9d62_4a55_9643_cc5f3962846c@@3U__s_GUID@@B@Comutil@@
.?AVtype_info@@
.?AV?$comptr@VCgwid@@@Comutil@@
.?AV?$comptr@UIJDictsSystemDictionary@@@Comutil@@
.?AV?$comptr@UIJDictsDictionaryManifest@@@Comutil@@
.?AV?$comlist_elemment@UINodeAttribute@@@Comutil@@
.?AVCLxRead@@
.?AV?$comptr@UIJDictsAutoFlushHandle@@@Comutil@@
.?AV?$comptr@UIJDictsPosInsideMinMax@@@Comutil@@
.?AVCgwid@@
.?AUIJDictsProbCountKey@@
.?AV?$comptr@UIJDictsFileMapping@@@Comutil@@
.?AV?$comptr@UIJDictsGlobalFileHeader@@@Comutil@@
.?AV?$comptr@UIJDictsIndexer@@@Comutil@@
.?AVCgwidBig@@
.?AV?$comptr@VCna_Basic@@@Comutil@@
.?AV?$comptr@VCna_BasicExRead@@@Comutil@@
.?AV?$comptr@VCna_Posattr@@@Comutil@@
.?AV?$comptr@VCna_Learning@@@Comutil@@
.?AV?$comptr@VCna_Editflag@@@Comutil@@
.?AV?$comptr@VCNodeAttribute@@@Comutil@@
.?AV?$crefcountobj@VCna_Basic@@@Comutil@@
.?AV?$crefcountobj@VCna_Posattr@@@Comutil@@
.?AV?$crefcountobj@VCna_Learning@@@Comutil@@
.?AV?$crefcountobj@VCna_Editflag@@@Comutil@@
.?AVCna_Basic@@
.?AVCna_BasicExRead@@
.?AVCna_Posattr@@
.?AVCna_Learning@@
.?AVCna_Editflag@@
.?AVCna_BasicSml@@
.?AVCna_BasicBig@@
.?AVCna_BasicFilterSml@@
.?AVCna_BasicFilterBig@@
.?AVCna_BasicFilterSml_Cna@@
.?AVCna_BasicFilterBig_Cna@@
.?AVCNodeAttribute@@
.?AUINodeAttribute@@
.?AV?$comptr@UIUserProfileMgr@@@Comutil@@
.?AV?$comptr@UIJDictsDataForDWORD@@@Comutil@@
.?AV?$comptr@UIComponentPathMgr@@@Comutil@@
.?AV?$comptr@UIComponentMgr@@@Comutil@@
.?AV?$comptr@UIImeDictAPIHeartBeat@@@Comutil@@
.?AV?$comptr@VCJDictsPosInsideMinMax@@@Comutil@@
.?AV?$comptr@UIJDictsIndexer_TrieSpecial@@@Comutil@@
.?AV?$comptr@UIJDictsDataBlocksForString@@@Comutil@@
.?AVCSystemLexiconStore@@
.?AUIJDictsSystemDictionary@@
.?AUIJDictsLogicalDictionary@@
.?AVCJDictsLogicalDictionaryBase@@
.?AVCJDictsPosInsideMinMax@@
.?AUIJDictsPosInsideMinMax@@
.?AVCJDictsSystemLexiconStoreDelayLoad@@
.?AV?$comptr@UIJDictsDataBlocksForGUID@@@Comutil@@
.?AVCJDictsDictionaryManifest@@
.?AUIJDictsDictionaryManifest@@
.?AVCommonFileMappingRawBase@@
.?AVCommonFileMappingRawPEWrapped@@
.?AVCommonFileMappingRawFileLess@@
.?AVCommonFileMappingRawNormal@@
.?AVCJDictsFileMapping@@
.?AUIJDictsFileMapping@@
.?AVCJDictsGlobalFileHeader@@
.?AUIJDictsGlobalFileHeader@@
.?AVUIndexTraverser@UnifiedDictionaryUIndex@@
.?AVCJDictsIndexerBase@@
.?AUIJDictsIndexer@@
.?AVCJDictsIndexerSatori@@
.?AUIJDictsIndexedData@@
.?AVCJDictsIndexedDataBase@@
.?AVCJDictsAutoFlushHandle@@
.?AUIJDictsAutoFlushHandle@@
.?AVCJDictsDataForDWORD@@
.?AUIJDictsDataForDWORD@@
.?AVCJDictsIndexerTRIE@@
.?AUIJDictsIndexer_TrieSpecial@@
.?AVCJDictsIndexerMono@@
.?AVCJDictsIndexer16keys@@
.?AVCJDictsDataBlocksForString@@
.?AUIJDictsDataBlocksForString@@
.?AVCJDictsDataBlocksForGUID@@
.?AUIJDictsDataBlocksForGUID@@
.?AVCVArr@@
.?AV?$comptr@UIImeCustomerFeedbackManager@@@Comutil@@
.?AVImeCustomerFeedbackManager@Imecfmutil@@
.?AVCComServer@Comutil@@
.?AV?$comobj@UIImeCustomerFeedbackManager@@$1?_GUID_c0aa4669_fd79_4b02_b95e_4aed3a2e8928@@3U__s_GUID@@B@Comutil@@
.?AV?$comptr@UIClassFactory@@@Comutil@@
IIKPRRN.('" B
/.<\ca6"2
eo}jG
G?Gpe.3PJ7#c
G?imy10QR$,
<i?Gim}e*)d
riiiot~{
k@Fi=
X]\wVMKsbag
)A!c!A)!
R9<9!
ZQJ{RQJ1
{9{mZ!
s!4{!
{),11
sus9!$!!
\O(u<
uW0~0W0_0
g0Y0
peL0
n0$P
n0$P
n0$P
n0$P
n0$P
peo0
agpe:N
0S0n0
0S0n0
vW[&{
0-NbkW0f0D0~0Y0.
agpe:
agpe:
agpe:
agpe:
</assembly>PA
zw9gj
CLSID
-unrg
-nofilter
-testing
imewdbld_silentmode_error.txt
Unknown error 0x%0lX
IDispatch error #%d
.dctxc
.dctx
%s\%s_%s.dctr
Disabled
Software\Policies\Microsoft\IME\Shared\14.0\OpenExtendedDict
symbol
idiom
character
suffix-number
suffix-village2
suffix-village1
suffix-town2
suffix-town1
suffix-city
suffix-ward
suffix-county
suffix-prefecture
suffix-personalname
suffix
prefix-number
prefix
interjection
conjunction
adnominal
adverb-tosuru
adverb-to
adverb-da
adverb-na
adverb-ni
adverb-suru
adverb
adjectivalnoun-taru
adjectivalnoun-no
adjectivalnoun
adjective-syu
adjective-me
adjective-garu
adjective
verb-1
verb-irregular-r
verb-euphony-k
verb-euphonyu-aw
verb-5-r
verb-5-m
verb-5-b
verb-5-n
verb-5-t
verb-5-s
verb-5-g
verb-5-k
verb-5-aw
number
pronoun
shortcut
emoticon
name-construction
name-organization
name-company
noun-proper
place-village-son
place-village-mura
place-town-cho
place-town-machi
place-station
place-village
place-town
place-city
place-ward
place-county
place-prefecture
place
name-given
name-family
name-personal
noun-sa-adjectival
noun-adverb
noun-adjectival
noun-za
noun-sa
http://www.microsoft.com/ime/dctx
OutputString
InputString
false
SelectionNamespaces
xmlns
Dictionary
./child::
ja-jp
en-us
https://
http://
DictionaryEntry
CommonWord
ReverseConversion
Priority
CommentData3
CommentData2
CommentData1
PartOfSpeech
CommentHeader3
CommentHeader2
CommentHeader1
Copyright
Description
LongName
ShortName
zh-cn
Language
DictionaryInfo
IconID
CommentInsertion
SourceURL
DictionaryVersion
DictionaryLanguage
DictionaryGUID
DictionaryHeader
wt, ccs=UNICODE
Cryptui.dll
%s %s
DictionaryName
Software\Microsoft\IME\14.0\WebDictionaries\
SourceUrl
Version
Options
kernel32.dll
InsecureQI
Software\Microsoft\Security
Software\Policies\Microsoft\Security
CLSIDInterfaceTest
%s %s %s
%d.%d.%d.%d
Wversion.dll
InprocServer32
{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}
EnableLUA
Software\Microsoft\Windows\CurrentVersion\Policies\System
CLSID\%s\InprocServer32
CLSID\%s\LocalServer32
memory.dic
user.dic
.IMJPABFN.DIC
.IMJPABLN.DIC
.IMJPADFN.DIC
.IMJPADLN.DIC
IMJPNW.DIC
IMJPCH.DIC
IMJPSB.DIC
IMJPLN.DIC
IMJPNM.DIC
IMJPTK.DIC
IMJPZP.DIC
imjpst.dic
Software\Microsoft\IMEJP\14.0
AutoRecoverDict.MMFailure
"%s" %s
\Dicts
WebDictionary\
ConversionMode
IsDictionaryUsed
TicketFilePath
hwndParent
showui:
/f mr
IMSCDicCompiler.exe
Enabled
\2052
Software\Microsoft\IMESC14\WebDictionary
InstallDate
LastUpdateTime
Publisher
Filename
ForwardException
Software\Microsoft\IMEJP\14.0\directories
DictionaryPath
%s\Microsoft\IME14
%s\IMEJP
O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)S:(ML;;0x1;;;ME)
O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)S:(ML;;0x1;;;LW)
O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)S:(ML;;0x1;;;HI)
O:%sD:(A;;GA;;;BA)(A;;GA;;;SY)(A;;GA;;;%s)(A;;GA;;;RC)
0123456789ABCDEFL_
Global\
Unknown dictionary Copyright.
Unknown dictionary description.
Unknown dictionary title.
(More...)
now loading...
\Dicts\
[temp]\
_IMJP_14_UD_ManagementBlock_{8bbff7b9-ccde-414f-96ed-936990babd2d}
\VirtualStore\
imjpgn.grm
STREAM
DICTSTREAM
{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}
IME 2010 Open Extended Dictionary Safety Settings
MS Shell Dlg
Cancel
&Safety Filter
When this option is selected, the entries in the dictionary that can decrease conversion accuracy or performance are filtered out. Clearing this option will use all entries in the dictionary.
It is recommended to only check this option when the dictionary is from a vendor that you trust.
&Always show dictionary name in comment window
When this option is selected, words in the dictionary always show in the comment window, even if there are no comments, so the source dictionary is visible.
&Unused words only appear in the candidate list.
When this option is selected, unused words are displayed in the candidate list, but are not used for conversion. When this option is cleared, the conversion result is calculated including unused words.
Keep this check box selected to minimize any negative impact on accuracy or performance.
SysLink
<a>Learn about potential risks of using dictionaries.</a>
MS UI Gothic
SysLink
Microsoft Office IME 2010 Open Extended Dictionary Safety Settings
MS Shell Dlg
&Safety Filter
When this option is selected, the entries in the dictionary that can decrease conversion accuracy or performance are filtered out. Clearing this option will use all entries in the dictionary.
It is recommended to only check this option when the dictionary is from a vendor that you trust.
&Always show dictionary name in comment window
When this option is selected, words in the dictionary always show in the comment window, even if there are no comments, so the source dictionary is visible.
&Unused words only appear in the candidate list.
When this option is selected, unused words are displayed in the candidate list, but are not used for conversion. When this option is cleared, the conversion result is calculated including unused words.
Keep this check box selected to minimize any negative impact on accuracy or performance.
SysLink
IME 2010 Open Extended Dictionary
MS Shell Dlg
Creating dictionary...
msctls_progress32
Cancel
MS UI Gothic
msctls_progress32
MS Shell Dlg
msctls_progress32
Setting and Update Dictionary
MS Shell Dlg
&Safety Settings...
&Check Update
Dictionary Name
Source URL
Last Update
Code Sign
SysLink
MS UI Gothic
(&S)...
SysLink
MS Shell Dlg
(&S)...
SysLink
MS Shell Dlg
Cancel
Name:
SysLink
Click OK to install this dictionary. Click Cancel to stop using this dictionary.
Using a quality IME dictionary usually increases conversion accuracy. However, a poor quality IME dictionary can negatively affect accuracy and performance.
If you want to change the dictionary settings, click Safety settings. If you are not confident in the dictionary quality, its default settings will minimize negative effects.
SysLink
<a>Learn about potential risks of using dictionaries.</a>
&Safety settings...
MS UI Gothic
SysLink
SysLink
(&S)...
MS Shell Dlg
SysLink
SysLink
(&S)...
sIME 2010 is not installed properly. Please reinstall IME 2010 before running the Open Extended Dictionary Compiler.;Please install MSXML6.0 from the Microsoft Download Center.
Error: [%s] Invalid value '%s'.3Error: [DictionaryInfo] No valid language is found.GError: No vaild [DictionaryEntry] is found. Dictionary creation failed.&Error: [SourceURL] String is too long.
!Warning: [%s] Invalid value '%s'.4Warning: [%s] Invalid value '%s'. Defaulted to '%s'.MWarning: [DictionaryInfo] Language '%s' is not supported. Ignoring this node.GWarning: [DictionaryInfo] Language is not specified. Defaulted to '%s'.IWarning: [DictionaryInfo] Language '%s' is duplicate. Ignoring this node.
.;Warning: [%s] String is too long. Truncated string to '%s'.:Warning: (%s, %s): '%s' is duplicate. Ignoring this entry.+Warning: (%s, %s): [%s] Invalid value '%s'.
>Warning: (%s, %s): [%s] Invalid value '%s'. Defaulted to '%s'.@Warning: (%s, %s): [%s] Invalid value '%s'. Ignoring this entry.EWarning: (%s, %s): [%s] String is too long. Truncated string to '%s'.@Warning: (%s, %s): [%s] String is too long. Ignoring this entry.<Warning: (%s, %s): [URL] String is too long. Ignoring 'URL'.lWarning: (%s, %s): Safety filter is enabled. The maximum number of the word is %d,000. This word is ignored.]Warning: (%s, %s): Safety filter is enabled. The word whose reading length is one is ignored.gWarning: (%s, %s): Safety filter is enabled. The part of speech %s is restricted. This word is ignored.
aWarning: (%s, %s): [InputString] Invalid character '%c' is used. Ignoring this 'DictionaryEntry'.DWarning: (%s, %s): '%s' is missing. Ignoring this 'DictionaryEntry'.
TWarning: (%s, %s, %s): [DictionaryEntry] Duplicate entry found. Ignoring this entry.PWarning: (%s, %s): [DictionaryEntry] Duplicate entry found. Ignoring this entry.
!IME 2010 Open Extended Dictionary
'IME 2010 Open Extended Dictionary Error
Error opening input file %s
The operation was aborted.
Filtered by safety filter:
Cancelling Optimization...
Not signed
This dictionary is not signed.9http://go.microsoft.com/fwlink/?LinkID=139420&clcid=0x409KFailed to verify the digital signature of this dictionary by unknown error.9http://go.microsoft.com/fwlink/?LinkID=143451&clcid=0x409
$Compressed dictionary file is empty.VCompressed dictionary contains multiple dictionaries. Only one dictionary is expected.
The digital signature of "%s" is invalid or cannot be verified. Silent mode installation requires a dictionary with a valid digital signature.
9http://go.microsoft.com/fwlink/?LinkID=143451&clcid=0x411
9http://go.microsoft.com/fwlink/?LinkID=143451&clcid=0x804
?This function is restricted by Group Policy. Setup is canceled.
Error:
You are attempting to replace "<%1!s!>, version %2!d!" with an older version %3!d!. Do you really want to replace your current dictionary?
VS_VERSION_INFO
StringFileInfo
000004b0
CompanyName
Microsoft Corporation
FileDescription
IME Open Extended Dictionary Module
FileVersion
14.0.4734.1000
InternalName
imewdbld.exe
LegalCopyright
All rights reserved.
LegalTrademarks
Microsoft(R) is a registered trademark of Microsoft Corporation. Windows(R) is a registered trademark of Microsoft Corporation.
OriginalFilename
imewdbld.exe
ProductName
Microsoft Office IME 2010
ProductVersion
14.0.4734.1000
VarFileInfo
Translation
| 防病毒引擎/厂商 | 病毒名/规则匹配 | 病毒库日期 |
|---|---|---|
| Bkav | 未发现病毒 | 20160604 |
| MicroWorld-eScan | 未发现病毒 | 20160605 |
| nProtect | 未发现病毒 | 20160603 |
| CMC | 未发现病毒 | 20160602 |
| CAT-QuickHeal | 未发现病毒 | 20160604 |
| ALYac | 未发现病毒 | 20160605 |
| Malwarebytes | 未发现病毒 | 20160605 |
| Zillya | 未发现病毒 | 20160603 |
| TheHacker | 未发现病毒 | 20160604 |
| BitDefender | 未发现病毒 | 20160605 |
| K7GW | 未发现病毒 | 20160605 |
| K7AntiVirus | 未发现病毒 | 20160605 |
| Baidu | 未发现病毒 | 20160603 |
| F-Prot | 未发现病毒 | 20160605 |
| Symantec | 未发现病毒 | 20160605 |
| ESET-NOD32 | 未发现病毒 | 20160604 |
| TrendMicro-HouseCall | 未发现病毒 | 20160605 |
| Avast | 未发现病毒 | 20160605 |
| ClamAV | 未发现病毒 | 20160605 |
| GData | 未发现病毒 | 20160605 |
| Kaspersky | 未发现病毒 | 20160605 |
| Alibaba | 未发现病毒 | 20160603 |
| NANO-Antivirus | 未发现病毒 | 20160605 |
| ViRobot | 未发现病毒 | 20160604 |
| AegisLab | 未发现病毒 | 20160604 |
| Rising | 未发现病毒 | 20160605 |
| Ad-Aware | 未发现病毒 | 20160605 |
| Sophos | 未发现病毒 | 20160605 |
| Comodo | 未发现病毒 | 20160605 |
| F-Secure | 未发现病毒 | 20160604 |
| DrWeb | 未发现病毒 | 20160605 |
| VIPRE | 未发现病毒 | 20160605 |
| TrendMicro | 未发现病毒 | 20160605 |
| McAfee-GW-Edition | 未发现病毒 | 20160605 |
| Emsisoft | 未发现病毒 | 20160605 |
| Cyren | 未发现病毒 | 20160605 |
| Jiangmin | 未发现病毒 | 20160605 |
| Antiy-AVL | 未发现病毒 | 20160605 |
| Kingsoft | 未发现病毒 | 20160605 |
| Arcabit | 未发现病毒 | 20160605 |
| SUPERAntiSpyware | 未发现病毒 | 20160605 |
| AhnLab-V3 | 未发现病毒 | 20160604 |
| Microsoft | 未发现病毒 | 20160605 |
| TotalDefense | 未发现病毒 | 20160605 |
| McAfee | 未发现病毒 | 20160605 |
| AVware | 未发现病毒 | 20160604 |
| VBA32 | 未发现病毒 | 20160603 |
| Baidu-International | 未发现病毒 | 20160604 |
| Zoner | 未发现病毒 | 20160605 |
| Tencent | 未发现病毒 | 20160605 |
| Yandex | 未发现病毒 | 20160604 |
| Ikarus | 未发现病毒 | 20160605 |
| Fortinet | 未发现病毒 | 20160605 |
| AVG | 未发现病毒 | 20160605 |
| Panda | 未发现病毒 | 20160605 |
| Qihoo-360 | 未发现病毒 | 20160605 |
访问主机纪录 (可点击查询WPING实时安全评级)
| 直接 | IP | 安全评级 | 地理位置 |
|---|---|---|---|
| 是 | 23.44.155.27 | 美国 |
TCP
无TCP连接纪录.
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.69 | 5355 | 192.168.122.70 | 51435 |
| 192.168.122.70 | 55256 | 192.168.122.1 | 53 |
| 192.168.122.70 | 60614 | 192.168.122.1 | 53 |
| 192.168.122.70 | 62263 | 192.168.122.1 | 53 |
| 192.168.122.70 | 63780 | 192.168.122.1 | 53 |
| 192.168.122.70 | 64732 | 192.168.122.1 | 53 |
| 192.168.122.70 | 51435 | 224.0.0.252 | 5355 |
| 192.168.122.70 | 57195 | 239.255.255.250 | 1900 |
| 192.168.122.70 | 123 | 52.169.179.91 | 123 |
域名解析 (可点击查询WPING实时安全评级)
无域名信息.
TCP
无TCP连接纪录.
UDP
| 源地址 | 源端口 | 目标地址 | 目标端口 |
|---|---|---|---|
| 192.168.122.69 | 5355 | 192.168.122.70 | 51435 |
| 192.168.122.70 | 55256 | 192.168.122.1 | 53 |
| 192.168.122.70 | 60614 | 192.168.122.1 | 53 |
| 192.168.122.70 | 62263 | 192.168.122.1 | 53 |
| 192.168.122.70 | 63780 | 192.168.122.1 | 53 |
| 192.168.122.70 | 64732 | 192.168.122.1 | 53 |
| 192.168.122.70 | 51435 | 224.0.0.252 | 5355 |
| 192.168.122.70 | 57195 | 239.255.255.250 | 1900 |
| 192.168.122.70 | 123 | 52.169.179.91 | 123 |
HTTP 请求
未发现HTTP请求.
SMTP 流量
无SMTP流量.
IRC 流量
无IRC请求.
ICMP 流量
无ICMP流量.
CIF 报告
无 CIF 结果
网络警报
无警报
TLS
No TLS
Suricata HTTP
No Suricata HTTP
未发现网络提取文件
抱歉! 没有任何文件投放。
没有发现相似的分析.
| HTML 总结报告 (需15-60分钟同步) |
下载 |
|---|
Processing ( 18.769 seconds )
- 15.149 NetworkAnalysis
- 1.634 VirusTotal
- 1.091 Static
- 0.44 TargetInfo
- 0.267 peid
- 0.089 Strings
- 0.046 BehaviorAnalysis
- 0.022 AnalysisInfo
- 0.013 config_decoder
- 0.009 Debug
- 0.005 Memory
- 0.003 Dropped
- 0.001 ProcessMemory
Signatures ( 0.08 seconds )
- 0.015 antiav_detectreg
- 0.008 shifu_behavior
- 0.008 persistence_autorun
- 0.007 tinba_behavior
- 0.006 antiav_detectfile
- 0.005 infostealer_ftp
- 0.004 infostealer_bitcoin
- 0.004 infostealer_im
- 0.003 antianalysis_detectreg
- 0.003 antivm_vbox_files
- 0.003 infostealer_mail
- 0.002 geodo_banking_trojan
- 0.002 banker_zeus_mutex
- 0.002 disables_browser_warn
- 0.001 betabot_behavior
- 0.001 kibex_behavior
- 0.001 bot_drive
- 0.001 bot_drive2
- 0.001 modify_proxy
- 0.001 browser_security
- 0.001 modify_uac_prompt
- 0.001 ransomware_files
Reporting ( 1.453 seconds )
- 0.873 ReportPDF
- 0.57 ReportHTMLSummary
- 0.01 Malheur
| Task ID | 16179 |
|---|---|
| Mongo ID | 57ce693a4d3bd048e4982996 |
| Cuckoo release | 1.4-Maldun |
沪公网安备 31011502009736号