Source: rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_p'; |
Source: loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_x'; |
Source: loaddll32.exe, 00000000.00000003.1573043222.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1572591145.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573590370.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573199142.0000000002E40000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1501995733.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1502006801.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499692861.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517099295.0000000000C03000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_v'; |
Source: loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_t'; |
Source: regsvr32.exe, 00000003.00000003.1518214869.000000000305B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.1519116434.000000000305D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_k_Index_Code','PinYinUserFreqTableV3_k',#1,'CREATE INDEX PinYinUserFreqTableV3_k_Index_Code on PinYinUserFreqTableV3_k(Code)'); |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_r_Index_Code','WuBiUserFreqTableV3_r',#1,'CREATE INDEX WuBiUserFreqTableV3_r_Index_Code on WuBiUserFreqTableV3_r(Code)'); |
Source: regsvr32.exe, 00000003.00000003.1518214869.000000000305B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.1519116434.000000000305D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_k_Index_Code','PinYinUserFreqTableV3_k',#1,'CREATE INDEX PinYinUserFreqTableV3_k_Index_Code on PinYinUserFreqTableV3_k(Code)');AR* |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_k_Index_Code','WuBiUserFreqTableV3_k',#1,'CREATE INDEX WuBiUserFreqTableV3_k_Index_Code on WuBiUserFreqTableV3_k(Code)'); |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1497588866.00000000009DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='UrlUserPhraseV1'; |
Source: regsvr32.exe, 00000003.00000003.1518214869.000000000305B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.1519116434.000000000305D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_r_Index_Code','PinYinUserFreqTableV3_r',#1,'CREATE INDEX PinYinUserFreqTableV3_r_Index_Code on PinYinUserFreqTableV3_r(Code)'); |
Source: loaddll32.exe, 00000000.00000003.1572793651.0000000000F4F000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_z';8 |
Source: rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1514078021.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1515977223.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1516990092.0000000000BE4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499028390.0000000000BDB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1514200557.0000000000BDB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: create table PinYinSystemPhraseV1( ID Integer PRIMARY KEY,Code TEXT,Word TEXT,Pos Integer); |
Source: loaddll32.exe, 00000000.00000003.1576675934.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570874316.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1577311780.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570932837.0000000000F40000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1516429419.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1533987697.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1528494385.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1518186868.0000000000A28000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiCustomPhraseV1'; |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserPhraseV2';8 |
Source: loaddll32.exe, 00000000.00000003.1576978359.0000000000F4C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499028390.0000000000BF0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BD3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='ClipboardPhraseV1'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_e_Index_Code','WuBiUserFreqTableV3_e',#1,'CREATE INDEX WuBiUserFreqTableV3_e_Index_Code on WuBiUserFreqTableV3_e(Code)');0 |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_y_Index_Code','WuBiUserFreqTableV3_y',#1,'CREATE INDEX WuBiUserFreqTableV3_y_Index_Code on WuBiUserFreqTableV3_y(Code)'); |
Source: regsvr32.exe, 00000003.00000003.1500828973.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1508599968.0000000004F84000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_n'; |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PositionUserPhraseV4';8 |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_m_Index_Code','WuBiUserFreqTableV3_m',#1,'CREATE INDEX WuBiUserFreqTableV3_m_Index_Code on WuBiUserFreqTableV3_m(Code)'); |
Source: regsvr32.exe, 00000003.00000003.1496851372.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1495635624.00000000030E2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497491426.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500113158.00000000030FD000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1496688491.00000000030ED000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500527085.000000000310E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500015482.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1497588866.00000000009DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: create table PinYinUserPhraseV1( ID Integer PRIMARY KEY, Code TEXT,Word TEXT,Freq Integer, SMCode TEXT, HSMCode TEXT); |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1497588866.00000000009DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='DuanYuUserPhraseV2'; |
Source: loaddll32.exe, 00000000.00000003.1573043222.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1572591145.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573590370.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573199142.0000000002E40000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1501995733.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543094241.00000000047D3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_r'; |
Source: loaddll32.exe, 00000000.00000003.1572793651.0000000000F4F000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573043222.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1576978359.0000000000F50000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1572591145.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1578591600.0000000000F50000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573590370.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573199142.0000000002E40000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='SystemOwnPhraseV1'; |
Source: rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_h'; |
Source: loaddll32.exe, 00000000.00000003.1576978359.0000000000F4C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='ClipboardPhraseV1';8 |
Source: rundll32.exe, 00000004.00000003.1504305896.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1503441897.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_a_Index_Code','WuBiUserFreqTableV3_a',#1,'CREATE INDEX WuBiUserFreqTableV3_a_Index_Code on WuBiUserFreqTableV3_a(Code)');w |
Source: rundll32.exe, 00000006.00000003.1502006801.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499692861.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517099295.0000000000C03000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524520092.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524221398.0000000004A92000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1536115297.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524296000.0000000004AA1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_f'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_j_Index_Code','WuBiUserFreqTableV3_j',#1,'CREATE INDEX WuBiUserFreqTableV3_j_Index_Code on WuBiUserFreqTableV3_j(Code)');a |
Source: rundll32.exe, 00000006.00000002.1516190821.0000000000B2A000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_h_Index_Code','PinYinUserFreqTableV3_h',#1,'CREATE INDEX PinYinUserFreqTableV3_h_Index_Code on PinYinUserFreqTableV3_h(Code)'); |
Source: rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserFreqTableV3_m'; |
Source: loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_o'; |
Source: rundll32.exe, 00000004.00000003.1501995733.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1502006801.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499692861.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517099295.0000000000C03000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524520092.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_s'; |
Source: loaddll32.exe, 00000000.00000003.1576675934.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1579876770.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570874316.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1577311780.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1582195339.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570932837.0000000000F40000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1516429419.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1533987697.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinSystemPhraseV1'; |
Source: rundll32.exe, 00000004.00000003.1501995733.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1502006801.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499692861.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517099295.0000000000C03000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_w'; |
Source: regsvr32.exe, 00000003.00000003.1508599968.0000000004F9E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F9B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1517923046.0000000004F9E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1502300485.0000000004F9B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1517493668.0000000004F9E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500828973.0000000004F9B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1515423131.00000000009B0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496792902.00000000009AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1493597591.00000000009AF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1497465451.00000000009B0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1499702778.00000000009B0000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_w'; |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1497588866.00000000009DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='LatelyUserPhraseV3'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_p_Index_Code','WuBiUserFreqTableV3_p',#1,'CREATE INDEX WuBiUserFreqTableV3_p_Index_Code on WuBiUserFreqTableV3_p(Code)');C7 |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_m_Index_Code','WuBiUserFreqTableV3_m',#1,'CREATE INDEX WuBiUserFreqTableV3_m_Index_Code on WuBiUserFreqTableV3_m(Code)');1 |
Source: loaddll32.exe, 00000000.00000003.1576675934.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570874316.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1577311780.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570932837.0000000000F40000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiCustomPhraseV1';8 |
Source: rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserFreqTableV3_e'; |
Source: rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserFreqTableV3_a'; |
Source: loaddll32.exe, 00000000.00000003.1572793651.0000000000F4F000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1576978359.0000000000F50000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1578591600.0000000000F50000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='SystemOwnPhraseV1';8 |
Source: regsvr32.exe, 00000003.00000003.1502083919.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1495635624.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1496458175.00000000030BE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500640044.00000000030C1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_y';P8 |
Source: loaddll32.exe, 00000000.00000003.1570874316.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570932837.0000000000F40000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCustomPhraseV1';8 |
Source: rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1514078021.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1515977223.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1516990092.0000000000BE4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499028390.0000000000BDB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1514200557.0000000000BDB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: create table WuBiCustomPhraseV1( ID Integer PRIMARY KEY,Code TEXT,Word TEXT,Pos Integer); |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='DuanYuUserPhraseV2';8 |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BD3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1516429419.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1517713355.0000000000A39000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserPhraseV2'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_d_Index_Code','WuBiUserFreqTableV3_d',#1,'CREATE INDEX WuBiUserFreqTableV3_d_Index_Code on WuBiUserFreqTableV3_d(Code)'); |
Source: regsvr32.exe, 00000003.00000003.1500296336.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1495635624.00000000030CA000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserFreqTableV3_z';P8 |
Source: loaddll32.exe, 00000000.00000003.1573043222.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1572591145.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573590370.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573199142.0000000002E40000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_k'; |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='UrlUserPhraseV1';8 |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1497588866.00000000009DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='DeleteUserPhraseV1'; |
Source: rundll32.exe, 00000004.00000003.1501995733.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524520092.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524221398.0000000004A92000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1536115297.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524296000.0000000004AA1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_o'; |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='DeleteUserPhraseV1';8 |
Source: regsvr32.exe, 00000003.00000003.1500828973.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1508599968.0000000004F84000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_c'; |
Source: rundll32.exe, 00000006.00000002.1516990092.0000000000BE4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499028390.0000000000BDB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1514200557.0000000000BDB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BD3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1508587479.0000000000BDB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BBB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: create table PinYinCustomPhraseV1( ID Integer PRIMARY KEY,Code TEXT,Word TEXT,Pos Integer); |
Source: regsvr32.exe, 00000003.00000003.1518214869.000000000305B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.1519116434.000000000305D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_l_Index_Code','PinYinUserFreqTableV3_l',#1,'CREATE INDEX PinYinUserFreqTableV3_l_Index_Code on PinYinUserFreqTableV3_l(Code)'); |
Source: rundll32.exe, 00000007.00000003.1512780517.00000000009DD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1518135586.00000000009EC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1513780980.00000000009E9000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_y';@ |
Source: loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_r'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_d_Index_Code','WuBiUserFreqTableV3_d',#1,'CREATE INDEX WuBiUserFreqTableV3_d_Index_Code on WuBiUserFreqTableV3_d(Code)');3 |
Source: rundll32.exe, 00000006.00000003.1512908200.0000000000B64000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1512807185.0000000000B63000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1512326514.0000000000B5D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1513499962.0000000000B75000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1513581850.0000000000B7B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinCloudLocalTableV1_v_Index_Code','PinYinCloudLocalTableV1_v',#1,'CREATE INDEX PinYinCloudLocalTableV1_v_Index_Code on PinYinCloudLocalTableV1_v(Code)'); |
Source: rundll32.exe, 00000004.00000002.1517107116.0000000004729000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1502368928.0000000004729000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1500948629.0000000004729000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494693710.0000000004729000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: create table SystemOwnPhraseV1 (ID integer PRIMARY KEY, Code TEXT, ShowWord TEXT, OutWord TEXT, IsDelete integer, MBType integer)); |
Source: loaddll32.exe, 00000000.00000003.1572793651.0000000000F4F000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1496851372.00000000030F5000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1495635624.00000000030E2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497491426.00000000030F8000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500113158.00000000030FD000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_z'; |
Source: rundll32.exe, 00000007.00000003.1524520092.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524221398.0000000004A92000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1536115297.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524296000.0000000004AA1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543258590.00000000047C9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_t'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_j_Index_Code','WuBiUserFreqTableV3_j',#1,'CREATE INDEX WuBiUserFreqTableV3_j_Index_Code on WuBiUserFreqTableV3_j(Code)'); |
Source: loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_v'; |
Source: regsvr32.exe, 00000003.00000003.1500828973.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1508599968.0000000004F84000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1502006801.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499692861.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517099295.0000000000C03000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524520092.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_x'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_q_Index_Code','WuBiUserFreqTableV3_q',#1,'CREATE INDEX WuBiUserFreqTableV3_q_Index_Code on WuBiUserFreqTableV3_q(Code)'); |
Source: rundll32.exe, 00000004.00000003.1504305896.0000000000C86000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1503441897.0000000000C79000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_a_Index_Code','WuBiUserFreqTableV3_a',#1,'CREATE INDEX WuBiUserFreqTableV3_a_Index_Code on WuBiUserFreqTableV3_a(Code)'); |
Source: regsvr32.exe, 00000003.00000003.1518214869.000000000305B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.1519116434.000000000305D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_f_Index_Code','PinYinUserFreqTableV3_f',#1,'CREATE INDEX PinYinUserFreqTableV3_f_Index_Code on PinYinUserFreqTableV3_f(Code)'); |
Source: regsvr32.exe, 00000003.00000003.1518214869.000000000305B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.1519116434.000000000305D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_z_Index_Code','PinYinUserFreqTableV3_z',#1,'CREATE INDEX PinYinUserFreqTableV3_z_Index_Code on PinYinUserFreqTableV3_z(Code)'); |
Source: loaddll32.exe, 00000000.00000003.1576675934.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1579876770.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570874316.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1577311780.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1582195339.0000000000F41000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570932837.0000000000F40000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinSystemPhraseV1';8 |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_h_Index_Code','WuBiUserFreqTableV3_h',#1,'CREATE INDEX WuBiUserFreqTableV3_h_Index_Code on WuBiUserFreqTableV3_h(Code)'); |
Source: loaddll32.exe, 00000000.00000003.1570874316.0000000000F32000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570932837.0000000000F40000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1514078021.00000000009CE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1515977223.00000000009D7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1516429419.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1533987697.0000000000A2B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCustomPhraseV1'; |
Source: loaddll32.exe, 00000000.00000003.1567668651.0000000000EF6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserFreqTableV3_z';P |
Source: regsvr32.exe, 00000003.00000003.1500828973.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1508599968.0000000004F84000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1502006801.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499692861.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517099295.0000000000C03000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_l'; |
Source: loaddll32.exe, 00000000.00000003.1571510703.0000000000EFD000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567668651.0000000000EF6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_y';P |
Source: regsvr32.exe, 00000003.00000003.1518214869.000000000305B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.1519116434.000000000305D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_r_Index_Code','PinYinUserFreqTableV3_r',#1,'CREATE INDEX PinYinUserFreqTableV3_r_Index_Code on PinYinUserFreqTableV3_r(Code)');[\ |
Source: loaddll32.exe, 00000000.00000003.1571510703.0000000000EFD000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567668651.0000000000EF6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500296336.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1495635624.00000000030CA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1499702778.0000000000994000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1493597591.000000000098C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1497558218.0000000000993000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497333323.0000000000BA3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494995668.0000000000BA0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000B9F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1516429419.00000000009F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserFreqTableV3_z'; |
Source: loaddll32.exe, 00000000.00000003.1573043222.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1572591145.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573590370.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573199142.0000000002E40000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_p'; |
Source: regsvr32.exe, 00000003.00000003.1500828973.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1508599968.0000000004F84000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1502006801.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499692861.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517099295.0000000000C03000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1494619778.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495874633.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_d'; |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1516429419.0000000000A23000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1517713355.0000000000A39000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1512302486.0000000000A18000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1541215719.0000000000728000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1541255879.000000000072D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1538509971.000000000071F000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1541761657.000000000073E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserPhraseV1'; |
Source: rundll32.exe, 00000007.00000003.1524520092.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524221398.0000000004A92000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000002.1536115297.0000000004AA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1524296000.0000000004AA1000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_h'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_c_Index_Code','WuBiUserFreqTableV3_c',#1,'CREATE INDEX WuBiUserFreqTableV3_c_Index_Code on WuBiUserFreqTableV3_c(Code)'); |
Source: loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_m'; |
Source: loaddll32.exe, 00000000.00000003.1573043222.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1572591145.0000000002E0A000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573590370.0000000002E44000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1573199142.0000000002E40000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500828973.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1508599968.0000000004F84000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1502006801.0000000000BFD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1499692861.0000000000BF7000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517099295.0000000000C03000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_u'; |
Source: loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_y'; |
Source: loaddll32.exe, 00000000.00000003.1571510703.0000000000EFD000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567668651.0000000000EF6000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1502083919.00000000030C2000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500828973.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1508599968.0000000004F84000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1495635624.00000000030B0000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1496458175.00000000030BE000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1500640044.00000000030C1000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1501995733.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_y'; |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserPhraseV1';8 |
Source: rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_u'; |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496990571.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1497588866.00000000009DC000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1494502029.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495089991.00000000009C5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495422720.0000000000BD0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497560929.0000000000BE9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1497207394.0000000000BD8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1495284626.0000000000BC8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PositionUserPhraseV4'; |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_w_Index_Code','WuBiUserFreqTableV3_w',#1,'CREATE INDEX WuBiUserFreqTableV3_w_Index_Code on WuBiUserFreqTableV3_w(Code)'); |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_e_Index_Code','WuBiUserFreqTableV3_e',#1,'CREATE INDEX WuBiUserFreqTableV3_e_Index_Code on WuBiUserFreqTableV3_e(Code)'); |
Source: loaddll32.exe, 00000000.00000003.1580294761.0000000000E9C000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000002.1581572648.0000000000E9D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinUserFreqTableV3_c'; |
Source: rundll32.exe, 00000004.00000003.1511435101.0000000000961000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1514131471.000000000096C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1514569291.000000000096E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1513910194.000000000096C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1511278727.0000000000952000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1511876365.0000000000969000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1511321254.000000000095E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1515423131.0000000000971000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinCloudLocalTableV1_z_Index_Code','PinYinCloudLocalTableV1_z',#1,'CREATE INDEX PinYinCloudLocalTableV1_z_Index_Code on PinYinCloudLocalTableV1_z(Code)'); |
Source: rundll32.exe, 00000006.00000003.1494531669.00000000048B8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000002.1517793758.00000000048B8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1500205594.00000000048B8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000006.00000003.1493956051.00000000048B8000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_v_Index_Code','WuBiUserFreqTableV3_v',#1,'CREATE INDEX WuBiUserFreqTableV3_v_Index_Code on WuBiUserFreqTableV3_v(Code)'); |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_h_Index_Code','WuBiUserFreqTableV3_h',#1,'CREATE INDEX WuBiUserFreqTableV3_h_Index_Code on WuBiUserFreqTableV3_h(Code)');x |
Source: rundll32.exe, 00000004.00000003.1496860879.00000000047F3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.1517429894.00000000047F3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','WuBiUserFreqTableV3_p_Index_Code','WuBiUserFreqTableV3_p',#1,'CREATE INDEX WuBiUserFreqTableV3_p_Index_Code on WuBiUserFreqTableV3_p(Code)'); |
Source: loaddll32.exe, 00000000.00000003.1570516625.0000000000F2D000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1567592649.0000000000F22000.00000004.00000020.00020000.00000000.sdmp, loaddll32.exe, 00000000.00000003.1570750503.0000000000F46000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='LatelyUserPhraseV3';8 |
Source: rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543258590.00000000047C9000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_a'; |
Source: rundll32.exe, 00000008.00000003.1542907608.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1553536640.00000000047C4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543022788.00000000047BA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1542834252.000000000478E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1543167810.00000000047C2000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='PinYinCloudLocalTableV1_a'; |
Source: rundll32.exe, 00000004.00000003.1501995733.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_m'; |
Source: rundll32.exe, 00000004.00000003.1501995733.0000000000CA4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1496281317.0000000000C78000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.1495245983.0000000000C3F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_q'; |
Source: rundll32.exe, 00000007.00000003.1532557702.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1532655268.00000000009CB000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1532117573.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1532477027.00000000009BD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1532080914.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000007.00000003.1531893253.00000000009AF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinCloudLocalTableV1_e_Index_Code','PinYinCloudLocalTableV1_e',#1,'CREATE INDEX PinYinCloudLocalTableV1_e_Index_Code on PinYinCloudLocalTableV1_e(Code)'); |
Source: regsvr32.exe, 00000003.00000003.1518214869.000000000305B000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000002.1519116434.000000000305D000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: INSERT INTO 'main'.sqlite_master VALUES('index','PinYinUserFreqTableV3_t_Index_Code','PinYinUserFreqTableV3_t',#1,'CREATE INDEX PinYinUserFreqTableV3_t_Index_Code on PinYinUserFreqTableV3_t(Code)'); |
Source: regsvr32.exe, 00000003.00000003.1500828973.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1508599968.0000000004F84000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 00000003.00000003.1497044833.0000000004F1E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SELECT count(*) FROM sqlite_master WHERE type='table' AND name='WuBiUserFreqTableV3_i'; |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\SysWOW64\rundll32.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |