lumma | d34079b3653d3e9dd02243c8023c1bcc56fcf8ec736d2fae0cabf316d3159fd5

Analysis

max time kernel
879s
max time network
898s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-03-2023 06:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

YoudaoDictSetup.exe
Size

97.8MB
MD5

6851728f39fd719cec8c2eee551d941e
SHA1

c63c9ab520598bd66ffbb3ef507e49558e0c0fd5
SHA256

d34079b3653d3e9dd02243c8023c1bcc56fcf8ec736d2fae0cabf316d3159fd5
SHA512

5bfe296b0a81065ccbb716bc37f4ccd11e8deb819763d07adb49342ed19670316a2766a1d5ded65ff56be58efa9585506d29069a1d2f9a1250a2ee1b5a9eaa7e
SSDEEP

3145728:UqMak7c+EtNngenOOZHQXvqlQ8iA1X6tSiIRys0:wAPtlxR2aQ8NN6teyT

Score

10^/10

lumma discovery persistence stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

YoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDict.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	YoudaoDictHelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	YoudaoDictHelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	YoudaoDictHelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	YoudaoDict.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	YoudaoDictHelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	YoudaoDictHelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Control Panel\International\Geo\Nation	YoudaoDictHelper.exe

Executes dropped EXE 33 IoCs

Processes:

YoudaoDictInstaller.exeYoudaoDictInstaller.exeInstallHelper.exeInstallHelper.exeInstallHelper.exeInstallHelper.exeInstallHelper.exeYoudaoDictInstaller.exeInstallDaemon.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictIcon.exeYoudaoDictInstaller.exeYoudaoDict.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoWSH.exeYoudaoDictHelper.exeYoudaoEH.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoOcr.exeYoudaoOcr.exeYoudaoOcr.exeYoudaoDictHelper.exeYoudaoDictHelper.exe

pid	process
1692	YoudaoDictInstaller.exe
1324	YoudaoDictInstaller.exe
1956	InstallHelper.exe
1564	InstallHelper.exe
652	InstallHelper.exe
1628	InstallHelper.exe
1164	InstallHelper.exe
2028	YoudaoDictInstaller.exe
2324	InstallDaemon.exe
2464	YoudaoDictInstaller.exe
2480	YoudaoDictInstaller.exe
2504	YoudaoDictIcon.exe
2520	YoudaoDictInstaller.exe
2988	YoudaoDict.exe
1272	YoudaoDictHelper.exe
1372	YoudaoDictHelper.exe
564	YoudaoDictHelper.exe
1712	YoudaoDictHelper.exe
1080	YoudaoDictHelper.exe
1704	YoudaoDictHelper.exe
2184	YoudaoDictHelper.exe
2256	YoudaoWSH.exe
2376	YoudaoDictHelper.exe
1108
2852	YoudaoEH.exe
2888	YoudaoDictHelper.exe
2876	YoudaoDictHelper.exe
1624	YoudaoDictHelper.exe
2176	YoudaoOcr.exe
2200	YoudaoOcr.exe
2284	YoudaoOcr.exe
1724	YoudaoDictHelper.exe
2900	YoudaoDictHelper.exe

Loads dropped DLL 64 IoCs

Processes:

YoudaoDictSetup.exeYoudaoDictInstaller.exeregsvr32.exeregsvr32.exeregsvr32.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDict.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exe

pid	process
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
2028	YoudaoDictInstaller.exe
2028	YoudaoDictInstaller.exe
2028	YoudaoDictInstaller.exe
2028	YoudaoDictInstaller.exe
2028	YoudaoDictInstaller.exe
2028	YoudaoDictInstaller.exe
2000	regsvr32.exe
588	regsvr32.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
2092	regsvr32.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
2480	YoudaoDictInstaller.exe
2480	YoudaoDictInstaller.exe
1696	YoudaoDictSetup.exe
1696	YoudaoDictSetup.exe
2520	YoudaoDictInstaller.exe
2520	YoudaoDictInstaller.exe
2520	YoudaoDictInstaller.exe
2520	YoudaoDictInstaller.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
1272	YoudaoDictHelper.exe
1272	YoudaoDictHelper.exe
1272	YoudaoDictHelper.exe
1272	YoudaoDictHelper.exe
1272	YoudaoDictHelper.exe
1372	YoudaoDictHelper.exe
1372	YoudaoDictHelper.exe
1712	YoudaoDictHelper.exe
1080	YoudaoDictHelper.exe
564	YoudaoDictHelper.exe
1712	YoudaoDictHelper.exe
564	YoudaoDictHelper.exe
1080	YoudaoDictHelper.exe
1712	YoudaoDictHelper.exe
1712	YoudaoDictHelper.exe
1712	YoudaoDictHelper.exe
1704	YoudaoDictHelper.exe
1704	YoudaoDictHelper.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

YoudaoDictInstaller.exeYoudaoDictSetup.exeYoudaoDictInstaller.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run	YoudaoDictInstaller.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run\YoudaoDict = "\"C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\YoudaoDict.exe\" -hide -autostart"	YoudaoDictInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run	YoudaoDictSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run\YoudaoDict = "\"C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\YoudaoDict.exe\" -hide -autostart"	YoudaoDictSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Windows\CurrentVersion\Run	YoudaoDictInstaller.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

Processes:

YoudaoDictInstaller.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\YodaoDict.api	YoudaoDictInstaller.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\YodaoDict.api	YoudaoDictInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ = "Connect Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\VersionIndependentProgID\ = "YoudaoGetWord64.Connect"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0\win32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord32.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\ = "Connect Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\CLSID\ = "{07473267-2FBF-468D-8C7D-A9DB6211F5F2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\TypeLib\ = "{55684B24-475C-4969-8C82-B498B5A53596}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\TypeLib\ = "{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ = "Connect Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ProgID\ = "YoudaoGetWord32.Connect.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\ = "YoudaoGetWord 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\ = "Connect Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CLSID\ = "{07473267-2FBF-468D-8C7D-A9DB6211F5F2}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CurVer\ = "YoudaoGetWord32.Connect.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\VersionIndependentProgID\ = "YoudaoGetWord32.Connect"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ProgID\ = "YoudaoGetWord64.Connect.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\CLSID\ = "{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord32.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\ = "Connect Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CLSID\ = "{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CurVer\ = "YoudaoGetWord64.Connect.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\ = "YoudaoGetWord 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\ = "Connect Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable"	regsvr32.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

YoudaoDict.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	YoudaoDict.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	YoudaoDict.exe

Suspicious behavior: EnumeratesProcesses 41 IoCs

Processes:

YoudaoDictInstaller.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDict.exeYoudaoDictHelper.exeYoudaoDictHelper.exe

pid	process
2028	YoudaoDictInstaller.exe
1272	YoudaoDictHelper.exe
1372	YoudaoDictHelper.exe
1712	YoudaoDictHelper.exe
1080	YoudaoDictHelper.exe
564	YoudaoDictHelper.exe
1704	YoudaoDictHelper.exe
2184	YoudaoDictHelper.exe
2376	YoudaoDictHelper.exe
2876	YoudaoDictHelper.exe
1624	YoudaoDictHelper.exe
2988	YoudaoDict.exe
1724	YoudaoDictHelper.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2900	YoudaoDictHelper.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

YoudaoDict.exe

description pid process

Token: 33 2988 YoudaoDict.exe
Token: SeIncBasePriorityPrivilege 2988 YoudaoDict.exe

description	pid	process
Token: 33	2988	YoudaoDict.exe
Token: SeIncBasePriorityPrivilege	2988	YoudaoDict.exe

Suspicious use of FindShellTrayWindow 10 IoCs

Processes:

YoudaoDict.exe

pid	process
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe

Suspicious use of SendNotifyMessage 7 IoCs

Processes:

YoudaoDict.exe

pid process

2988 YoudaoDict.exe
2988 YoudaoDict.exe
2988 YoudaoDict.exe
2988 YoudaoDict.exe
2988 YoudaoDict.exe
2988 YoudaoDict.exe
2988 YoudaoDict.exe

Suspicious use of SetWindowsHookEx 25 IoCs

Processes:

YoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDict.exeYoudaoWSH.exeYoudaoEH.exeYoudaoOcr.exeYoudaoOcr.exeYoudaoOcr.exe

pid	process
1692	YoudaoDictInstaller.exe
1324	YoudaoDictInstaller.exe
1324	YoudaoDictInstaller.exe
2028	YoudaoDictInstaller.exe
2480	YoudaoDictInstaller.exe
2464	YoudaoDictInstaller.exe
2520	YoudaoDictInstaller.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2988	YoudaoDict.exe
2256	YoudaoWSH.exe
2852	YoudaoEH.exe
2852	YoudaoEH.exe
2988	YoudaoDict.exe
2176	YoudaoOcr.exe
2176	YoudaoOcr.exe
2200	YoudaoOcr.exe
2200	YoudaoOcr.exe
2284	YoudaoOcr.exe
2284	YoudaoOcr.exe
2852	YoudaoEH.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

YoudaoDictSetup.exeYoudaoDictInstaller.exe

description	pid	process	target process
PID 1696 wrote to memory of 1692	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1692	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1692	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1692	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1692	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1692	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1692	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1324	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1324	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1324	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1324	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1324	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1324	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1324	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 1956	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1956	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1956	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1956	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1956	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1956	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1956	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1564	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1564	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1564	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1564	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1564	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1564	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1564	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 652	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 652	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 652	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 652	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 652	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 652	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 652	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1628	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1628	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1628	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1628	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1628	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1628	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1628	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1164	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1164	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1164	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1164	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1164	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1164	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 1164	1696	YoudaoDictSetup.exe	InstallHelper.exe
PID 1696 wrote to memory of 2028	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 2028	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 2028	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 2028	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 2028	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 2028	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 1696 wrote to memory of 2028	1696	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 2028 wrote to memory of 588	2028	YoudaoDictInstaller.exe	regsvr32.exe
PID 2028 wrote to memory of 588	2028	YoudaoDictInstaller.exe	regsvr32.exe
PID 2028 wrote to memory of 588	2028	YoudaoDictInstaller.exe	regsvr32.exe
PID 2028 wrote to memory of 588	2028	YoudaoDictInstaller.exe	regsvr32.exe
PID 2028 wrote to memory of 588	2028	YoudaoDictInstaller.exe	regsvr32.exe
PID 2028 wrote to memory of 588	2028	YoudaoDictInstaller.exe	regsvr32.exe
PID 2028 wrote to memory of 588	2028	YoudaoDictInstaller.exe	regsvr32.exe
PID 2028 wrote to memory of 2000	2028	YoudaoDictInstaller.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\YoudaoDictSetup.exe
"C:\Users\Admin\AppData\Local\Temp\YoudaoDictSetup.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1696

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe" "nsiinstall" "C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\install.ini" "0"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe" rundicttask * "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe" "0"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=gpu-process --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --disable-logging --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4952 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1272

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=gpu-process --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --disable-logging --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4256 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1712

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4844 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1080

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4200 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1372

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=gpu-process --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --disable-logging --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4968 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1704

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=utility --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4528 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:564

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=gpu-process --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --disable-logging --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=3760 /prefetch:2
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2184

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoWSH.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoWSH.exe" 2988
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4264 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2376

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoEH.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoEH.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5464 /prefetch:1
4⤵
- Executes dropped EXE
PID:2888

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5456 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2876

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5632 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1624

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoOcr.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\\YoudaoOcr.exe" start cbhwnd=0x101fc,lang=2
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoOcr.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\\YoudaoOcr.exe" start cbhwnd=0x101fc,lang=2
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoOcr.exe
YoudaoOcr.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4576 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1724

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0" --user-agent="Mozilla/5.0 (Windows NT 6.1.7601; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4896,1245598812526144453,8531800056785123189,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5760 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2900

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe" "exports" "C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\dict.7z" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.2.0.0"
2⤵
- Executes dropped EXE
PID:1956

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.2.0.0\YodaoDict.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YodaoDict.exe"
2⤵
- Executes dropped EXE
PID:1564

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.2.0.0\YoudaoDict.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
2⤵
- Executes dropped EXE
PID:652

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.2.0.0\9.2.0.0" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0"
2⤵
- Executes dropped EXE
PID:1628

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.2.0.0\Stable" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\Stable"
2⤵
- Executes dropped EXE
PID:1164

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictInstaller.exe" install "C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\install.ini" "full" 0
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord32.dll" /s
3⤵
- Loads dropped DLL
- Modifies registry class
PID:588

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord64.dll" /s
3⤵
- Loads dropped DLL
PID:2000

C:\Windows\system32\regsvr32.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord64.dll" /s
4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2092

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c echo y| cacls "C:\ProgramData\Youdao\DeskDict\pluginconfig.ini" /c /g everyone:f
3⤵
PID:1580

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
4⤵
PID:2132

C:\Windows\SysWOW64\cacls.exe
cacls "C:\ProgramData\Youdao\DeskDict\pluginconfig.ini" /c /g everyone:f
4⤵
PID:2152

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\InstallDaemon.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\InstallDaemon.exe" GetSoftListADC softs.ini ${BIND_SOFT_URL}
2⤵
- Executes dropped EXE
PID:2324

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe" "rundictnow" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe" "cleanup" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictIcon.exe
"C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictIcon.exe"
2⤵
- Executes dropped EXE
PID:2504

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.2.0.0\YoudaoDictInstaller.exe" instreport
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:2520

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\YodaoDict.api
Filesize
176KB

MD5
260d438b13406700bbcdabdba2c2d43c

SHA1
7c413b4c8f96beac86895a35bc285de6f3576f07

SHA256
4edd999c04f77ba491dbcd97d2771f7453d99507e546d99c05397f33afa9ff34

SHA512
a8187d3d29b80116fb26332ad682d4246320586132733a0a3d60d17658ddf69e6a3199dd6b94025d9753ded74a8f283af95386857b4f598142a9208efee05b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\LockedList.dll
Filesize
95KB

MD5
5a94bf8916a11b5fe94aca44886c9393

SHA1
820d9c5e3365e323d6f43d3cce26fd9d2ea48b93

SHA256
0b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d

SHA512
79cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\OP_Logging.dll
Filesize
45KB

MD5
a72c2dca77dcc121d8a8fe8806d1f1d8

SHA1
680308d6ae3d53913205f3dd2245cbf7125ab3de

SHA256
4a802d435fb605a78e74e5a481bf047e1017942537d0a5e526266316c1e85af4

SHA512
14911c94d8b19a848b95d4fb0cd9f23a701b7b4396d2bc1a2a44b8ba1eadf8ba27579ef1c3caf2cfe588d609f542df021445085fa72a6f2202c5d3c405923ec5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\OP_ProgressBar.dll
Filesize
35KB

MD5
95ecdbdf41e9450e68895cd8a51ac3b5

SHA1
21a80e466f1bc0d7190d8c9c12f9d90476a9c2b3

SHA256
75b9c807487764b4196eee5310ed096f74dfe585ed8318e0dff0ace2ae054e26

SHA512
26a8b8fc05b9ca59ff32bf151f7860c609e8b8efc4aabc12801286378cd05022cceb9fbfb2cd814230eedeb1db0753da5368fb9f91b0d3b17187f520880cf884

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\OP_WndProc.dll
Filesize
48KB

MD5
765cf74fc709fb3450fa71aac44e7f53

SHA1
b423271b4faac68f88fef15fa4697cf0149bad85

SHA256
cc46ab0bf6b19a2601cd002b06769ad08baf4ed0b14e8728973f8af96bdee57e

SHA512
0c347d9a2960a17f8ec9b78ede972bf3cf6567fd079a6aa5a6ac262ac227bfd36acc53a7a127fd7f387dec9f4509f4f3f754b10853a213e993ea1573e74ed7e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\SkinBtn.dll
Filesize
4KB

MD5
29818862640ac659ce520c9c64e63e9e

SHA1
485e1e6cc552fa4f05fb767043b1e7c9eb80be64

SHA256
e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb

SHA512
ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\System.dll
Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictIcon.exe
Filesize
164KB

MD5
21360d9b7340a8d4d0d980cc60929354

SHA1
0781a1d755ea5925cb4d6a006b415b3a7986df17

SHA256
798a70ed6358e09d218aed2d0c2eb5cc3400eb20df7d4f8947069e3090f53595

SHA512
c6e79bd6fb46f0cfd471bf28e45d6e7315a1522f5f59e8c4c0b1b983449410bddd72d84b10147fef99d96cd9f5f479ee2b8474535eb405f9e2cbef44c09428f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
0b17027edf8fa0c29a9aa85db2f5994f

SHA1
ef08817aabf7ede8112303f7ba2aae0275067094

SHA256
241268dbab2369f12f1acca5bffa0486283e77cd8c11f2a460c51086742859ed

SHA512
77a7f4c71f43683503066028c4a8e7836fed763e720ccab059eb1ae78d55d5b31a4f0b5ea1caef7a1fa6180ad2ed57d1f37575580d45dfcfede4862d60752647

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
0b17027edf8fa0c29a9aa85db2f5994f

SHA1
ef08817aabf7ede8112303f7ba2aae0275067094

SHA256
241268dbab2369f12f1acca5bffa0486283e77cd8c11f2a460c51086742859ed

SHA512
77a7f4c71f43683503066028c4a8e7836fed763e720ccab059eb1ae78d55d5b31a4f0b5ea1caef7a1fa6180ad2ed57d1f37575580d45dfcfede4862d60752647

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
0b17027edf8fa0c29a9aa85db2f5994f

SHA1
ef08817aabf7ede8112303f7ba2aae0275067094

SHA256
241268dbab2369f12f1acca5bffa0486283e77cd8c11f2a460c51086742859ed

SHA512
77a7f4c71f43683503066028c4a8e7836fed763e720ccab059eb1ae78d55d5b31a4f0b5ea1caef7a1fa6180ad2ed57d1f37575580d45dfcfede4862d60752647

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\bg.bmp
Filesize
697KB

MD5
ad0c36807c8d566c11653d41f1a78240

SHA1
5d2bc425a809f06c1594c0f3a9725db87590cfb0

SHA256
1d8b406b86316a7f91238a5c7d4aeb05f4b7ddc110e7fd625bf25f74b6e95fdf

SHA512
28841f464583222db544fba0b254204fb5a15b54dc77be21e3c859abe7fc4e42f75772eb904592b3452b08eb8b24a882c06fc37fa5ef7327b30eb8bdc37b4160

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\bg_license.bmp
Filesize
697KB

MD5
e81b45b4e0be2199af0cdbe06c65b2b0

SHA1
19ce3c4613f56e9553bb785d995b3985946b30e4

SHA256
e0dea7922a48743995ee7644812f6ba5665a9f7f3c5c283fa6f7d7abbcd4f45a

SHA512
d662d709218eaf087a304d499027691e5b2b7b4c99cb8f493bdfef4e9aa2fef15f5d6770a06ba591d9284a8abb3e1c149e0f7858cce5e8fc42fb3a9e9ab3c2eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\btn_agree.bmp
Filesize
38KB

MD5
a8aad0bbeab0b6890a01ae96e021de89

SHA1
7c6d6d23c24ce694fe453e16d65c4d030addcced

SHA256
93ddd683f0aff0d0ef83d9256d925aa4cff97bde8a19f7868946b378416fb76b

SHA512
7211b259907f46c63fa668c4534c2ee68e88ec7659052ee0d6a7398aa1513308a4ccee596cedc43ed713ac64b3307bc4ce3ac823377d64c94072e30cd7e8ff27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\btn_close.bmp
Filesize
5KB

MD5
07506ad9ddbddd347d30ea00372ee1d1

SHA1
8fa380167d70b684428f735cffcf0362091c4171

SHA256
9c2208e9324f7d86b8769a6fd4b5d298fd2487581ae7b37db068693c4943f8a2

SHA512
de5715ce2919dc3d26821206762aa8c39c9f260fc1d8d53f1e5fe2abeab9caaa926cbebd9673af7472cd6ed3c60af08df24fbde7b254ba5652c2f8d91fbef2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\btn_disagree.bmp
Filesize
38KB

MD5
bf79dc7f118e58a1be313a250106e277

SHA1
ed2d21493244090059225f3d47f5fc20e75f0c29

SHA256
a8507e762a8abce98c7ba16b322927243492a9ff3bcfbd0e75f05fbcec1f1439

SHA512
59582b7484a16d10160331d60779c983587a57dbddbe318d5069299e850b8c66afc15e744e1f18f8ad5cd55f637aaeb5ee01724b571a5068a9202ce676cde94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\btn_install.bmp
Filesize
116KB

MD5
9521f2ab5ffd201e8d18336aff17b35f

SHA1
14057ed5cd521d672e101f40c363e04566763482

SHA256
648dfe8f47610a6a078d9cebc7da17ec577354c1877e9180fc58dff5415bc497

SHA512
312ecaf39d973a62b3f144def64e72a7fdc532bdaf4d245b7f0475db0b84357349a9cfc4dcca261621d997bf4cdd5955daf86bac3a1d579d75c90b670d3aa93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\checkbox.bmp
Filesize
3KB

MD5
8fbdda129fc2e7f63497c33022318d05

SHA1
480e061e9454e8b025468811d8b9919c7d08b9b4

SHA256
4ebd1a0dbc8d25da6659013705d4d6810b2e378e176354589697ad7ce71522dc

SHA512
2e88b65e56f4642d7e506343f523a9840d58a5a4c52abdd6442ea772c536bc7a957ff9376376649acef404baeb2eba1cd1866235454b258561575f230e0a6afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\checkbox_null.bmp
Filesize
3KB

MD5
4edd651564365f8400bbb4ef28658ea4

SHA1
8fead75659c35b1d573063daf4be86c1014cc9ea

SHA256
19cc5f64e5bbb7a93827dba7311cf6d42be2bd463b62154a65e3f688f684cfc1

SHA512
beb59b60efb8a8e9e7a02e73597929c4fb8c9507f96073fec1fea0f3cde7e7d49c303956e5b901ad24b6f192d9c9e037b7abf4257436b6e214e112adf065e42b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\dict.7z
Filesize
93.6MB

MD5
9178a9236f1e27c7ffc34e09a1c2f2b4

SHA1
dab41f22956ae92d85a61903e6ccbf4cda4eadae

SHA256
171bfeed37c3eb9a1d45e6cf4ec4c6124e609658d0e7d2383f56c7f958588400

SHA512
98bac3192b5be010862be2e1f3a31ddcf457ae50338600eb84201ca13c6ebb73231769803b7867707e81a989d4ab9e3f5a5a9d4ec87340e0e1cc6d9037ed5bc0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\install.ini
Filesize
194B

MD5
1646927621f7069d84a7eb724282b16a

SHA1
1fb830d4ce235dc29e2ae0fb83e6471499401e67

SHA256
f4bbc4a2f6a022c2cbf9cde15724dd97e7cc0a45c0a9d5323d84f741d5ea72dc

SHA512
f4d8e736d143fb5944e490e53fec38ea9ced7557b8d4c93c1ae7f5b2b34ddc0be3eb0f39980ea29be98c3381dd818e8ba8a9af146c00a451d7dfb89f2334b133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\nsDialogs.dll
Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\nsisSlideshow.dll
Filesize
7KB

MD5
05555b779901f6b604ad890224a7a663

SHA1
4e98bc415745c95aae75dfda79c78295bd3cef2c

SHA256
f8d353598129877a8aeb45821dbb9845fa5b347ad51c46c640f92a418dd3f174

SHA512
757296383f15884cb4747c9a16432598bdaa0925cbb4b06f1664138aba1aebdc49e594ad4353fce1bde620077a5851b754fa871b07f29cab40f05e208997f641

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\config.ini
Filesize
2KB

MD5
cebe7c7f95386ea60c0e97c53e8f7505

SHA1
4e0951ed5592df16ba45f9da0e917f6c84dad639

SHA256
eaf11e7388c1f3663f9fe8286c752d35ff1d73ee086866b4dc4c3c61485ad560

SHA512
d5e1eb72325cc5afab094e94cb04296cc0f3040c8bca7b86f8b4a2a2ab3eaa564b899daa7a0076199ed5e8be9f53d665573c5b5d3fb0f3757535142e0a47f9e3

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\config.ini
Filesize
2KB

MD5
cebe7c7f95386ea60c0e97c53e8f7505

SHA1
4e0951ed5592df16ba45f9da0e917f6c84dad639

SHA256
eaf11e7388c1f3663f9fe8286c752d35ff1d73ee086866b4dc4c3c61485ad560

SHA512
d5e1eb72325cc5afab094e94cb04296cc0f3040c8bca7b86f8b4a2a2ab3eaa564b899daa7a0076199ed5e8be9f53d665573c5b5d3fb0f3757535142e0a47f9e3

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\config.ini
Filesize
2KB

MD5
ad6d50a606c0cb614c9cd99dc5936dae

SHA1
0a6421d0e472b86c6f6187f05ab5db144d790ddc

SHA256
cf57364008382f4aa3e0a2d82367e1176277d21168fcfd0b050408bc034c3569

SHA512
040eed71d90fbba191df94bc5e9c4aeb043914ca7c702e962efa2cf03128183330ff2115d3afe4713d1b68b1c286344b1d772b1a2bd8f0a95cd8a2911229441d

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Cache\Cache_Data\f_000007
Filesize
25KB

MD5
6b998b53b5e71cc814ac874ce5c37ab7

SHA1
49fcbb1954123eba713e0e232927b7c604d840f4

SHA256
d3f5105180b5803dac4cfce402bd05c467b93894c9d10c2be2b38dd4577b7d15

SHA512
83f5558fcfb530a40f5141a1bd1aec1bfc54b6368bb27f8ce73711712c1a00b9d32f367b28a74a52ba2d5b446f9f202588335fa452dcd9b8ed5e17ea30a52e14

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Cache\Cache_Data\f_000008
Filesize
25KB

MD5
d5c182abd3d54aebda7b9032828f5252

SHA1
6523a621acccfbac88ff1ef52e09f4381568c86e

SHA256
8b802f3926f239e23dc568a09ee6240ae94b7080be37ff3f7a3046dd150ee83f

SHA512
90ed39b80ba2f8a7c5a4b94850204242a785f8b7e94d5d835544c07f5efb03034e8387538db374198900a11aad8f3ce93e3016269e48ca5bbfb2ec185121fe10

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
e0c9462b917d69e1c415125db9091e4d

SHA1
b23c38847fef32b37a95893e8263afd987e164cc

SHA256
c0253af869d72ececa75f856e322c5216b3ca4f4a76fcafe9b423ea2a3879978

SHA512
4a260c13508a7a1b38fa48878047855b9bd302b839e6fd032fa2d610761a49761ff9911a09eb865ca4b1b08cc4c35fe34e807cf86ee7a785fcb56722cbbbfb82

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Local Storage\leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Network Persistent State
Filesize
814B

MD5
bd5d63800e84a5a9860b30d752b4a56a

SHA1
5fc8aae49337b15902cfa6821ddf426dbc05b5bc

SHA256
5734d20da67369adaa237afb4578f81a0fed8ad4c5baba1639e6d3f2dc0aa6d9

SHA512
73157b8e686639425324e3e7320e6b37942e7daf3f45726dd2be7b2e23758d55057a1e4ad6fe7503d9b8d6932877a6776a00de83deb136e95e3e9b12db35c1e4

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Network Persistent State
Filesize
814B

MD5
345c37e8613e82695b349e864b061244

SHA1
9725af25b57d3fa48978bdc427a3233815862c0e

SHA256
8670e2c59936b859b1c8b91198cab62d2c05ccb40925976a0369e10037617721

SHA512
4a22436fedd6cd4d9d71f9f875f8a5e34ab4fad2bd4e0a5505796384afcd07993d3350a7adbd9fb117314a822560a390bbb0702cd518af6b8a696b79a07825e0

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\TransportSecurity
Filesize
199B

MD5
87aedc969e9ee324d9a9d73b5b38eec8

SHA1
370996df14c13ba4439e0e90756a336a49820513

SHA256
9006488e0f731d8b02e21ab4a08ccfb8861f0661ad7115b276b0a393ba196b7e

SHA512
60612d2d471f7e4c8e17392cc90fe0499fd1cb84d56e7129fddbb6b5c898c1dd272f7a23db775e5f61714fc10edc21adbbc000bd02664ca2fb11f4fc41e1e802

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dladdin\addin.ini
Filesize
74B

MD5
0a90d525cb4caf3556a937e843464cbc

SHA1
788d4fd8ef280b9937dffbdc4670a8a7fcfaf88d

SHA256
ef11fffcffee99e4262a7cdf2a11eb7105b63597164d174308933a021c5b3374

SHA512
fdd7de611ab20903aef8de14f17d658037aab5956d2488839101b3390b4dd39c93cafdbcef31baf2e67f43e8787e589da2f1f4fde726fa44fdc7bb02639ca156

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\InstallDaemon.exe
Filesize
97KB

MD5
6133bea2c2f6923a5152228899b1c756

SHA1
580f51e94be4396fd164e5acb1942eb060e45f42

SHA256
bc7b7e49aa6b047ee4c380a606935adff48f355da8dd69a5db337a0f4a4d139c

SHA512
cffccce73a412ea0590b0f69a26d7ac81edad850f291438d9be730c125ccdaf6099c3c4e9057c2874e2739589911459cdf954ad77fcfdebed4d01ffeb81e0d0f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\YoudaoEH.exe
Filesize
2.7MB

MD5
407d5b2ba88e518045bf3ccee4c2d91e

SHA1
dd4c6734d0d4b36b7f78c76471a925fea5ea0274

SHA256
24e6391e7ec901491034b5eb1b5744d7af3bf83c8c83963a09908a447eee0f3b

SHA512
c21f86285df240d9a441b3f86d9057ffdff27e8a8b9bf9b4e0a548d6dc1745d2393c273194d364b428daf77fd3af6c31d6e04fbc9f33960ce5c7ea8e0b91ae36

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\YoudaoWSH.exe
Filesize
253KB

MD5
6c08ddf60b3964dda1acc2474c74272c

SHA1
e60dba36ff74d180dffb46afad9c99220aad09d1

SHA256
323ee9ac01836b0f60ef9ce56757a1a43ac42be98577c27cae0da5e563b9d425

SHA512
bdec7db3066e05d60809108720d82b5df5daf7b4d029fbfec0bb843ca770c3366452d16955cfb20831a879bef9778cf112ca98375341450efb18029f4b933fef

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\otherskins\simisent\css\s-search-2.png
Filesize
134B

MD5
4cf33e947d4690872c10997813c47453

SHA1
ddc0d10c850367211bfee534f395c793a4cd9561

SHA256
827696048e9e9f6406e75835aed917946db147cbb783d6380da5096f475406c2

SHA512
2485599e9574110547c79c7742e0a817d6d87bdcfc4f936f1196bd732995819fc556f393cdd5d83ff63b1dceeb5b3fb1a66d481d6d372c7ee5c6e7cac4d96262

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\resultui\fonts\AvertaStd-Semibold.ttf
Filesize
171KB

MD5
aef2da2daa6e15be44ff1a2706cc61a1

SHA1
65ab937099da5272f9349e478561b597c3775cf9

SHA256
27c7c6820cd15bb81940efc7c14eff9311585df09b49d50c19b589b8994e6eb8

SHA512
71c01b8100952056ae7542306f49286f66c0337d57e0ddc95508ec6ba1ea95839f9d314dfb875cd71bc2a4cb1a3c501872c992be83ac64c9d71677e3228e7fc0

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\resultui\img\doctran-loading.gif
Filesize
29KB

MD5
f2b60488681c68eb21bf21259b87a6cc

SHA1
a8d14ea0233eb5a73bb1cee97fa51da84f2234a4

SHA256
80bc57fd5f2059ecc2ffdeaa735b6fb64af3aca8ecc5e353e26eaa50585ff3dd

SHA512
9d5fc21968686e99f51008bb8050e8c84142462e975b5dcf2e731d4653150af56933d610006560892f6d53b944c105513e9922af23ab64cf2e8871a764ddb32f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\resultui\img\ic_file_fail.png
Filesize
631B

MD5
43acd065a549358fa08b39475cc60473

SHA1
0adc6021f4aad95db355f2f0a5c5ff486475d631

SHA256
7eca65b5fd7c93b9e7088a91638ff692099f0cee9acfde7ce6cf369ab94a7f1f

SHA512
98100f055436c2b2f2797d9382dce8fc2cc95b8ef474e32338aae7cad63564bce38809ff2db7be4fd37d06042c8dae2e8ae3ed491b4d3d131029b1dab9eddad4

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\resultui\img\ic_network_error.png
Filesize
690B

MD5
29d6befbe4bacdd0cf93be84715160f2

SHA1
b3a479ce1b57e693cc1951cae95a6fa622be865e

SHA256
b9cf3017835b3284e748e75116454f2f6cb8280a77956b6ef2ea7daeeb2c333f

SHA512
f5e25d51e4d0677bb381fcc9235ebf79248531d261d46aa109c031c46b435b7f217c46d848916c008a81ea71332548c07c58900507f2bd4592e7c2b373c153c4

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\resultui\img\ic_play_voice.png
Filesize
674B

MD5
b75b9dfabb25e1192e65ee98745fc237

SHA1
0740bdc00df4eab2b83250127d300af6ac148ea0

SHA256
2954c081ed5dd775fa3c1218c209b80771c2db75fa7af60f18abed1cffde5557

SHA512
7f0e6bc409ee465b866fd7aaf44a11039affabce73e8dfb159d4871832047ca6e63b9387b51129bd2d0bf31bc7b0e1197910efedc60870245a9b182ad56a304d

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\resultui\img\ic_question2.png
Filesize
762B

MD5
7c0659907ee4cd6fc943732c0ec509b3

SHA1
b5c0fe394bb53ace43a0615bc2da379d61fb5e60

SHA256
ec0ecfec8e4235eb1ab44aaac34013566df90b81c3e3ecbb1016d2a25a19bb51

SHA512
a9c0563dda469b8dd016ebb4c7b1ad3cf338a01338620730d81cdfb135f714275dde7baa5b1b47ae9cbee24c0f5964cc20518129dab5ea0361f2718e8d46750a

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\resultui\img\ic_translate_history.png
Filesize
759B

MD5
30af4a589da202cc9ff6ddd2f820c3a2

SHA1
ec6c5fa21610fd8cd82d90a25f6aa5c4542b6157

SHA256
e92eaba58489c25660bb56d4b054f601c1b9f42c4c68ecb6b7b0460ad75dc1d8

SHA512
b9db2c2b1377ca971e77191d9b69eaada32b4d2770dd30376d97034192406935bd8b48d15b4b57a6acb5b57cdc2391182796fc4b91a9af1a1e76413b69e4c42c

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\resultui\img\ic_translate_human_translation.png
Filesize
884B

MD5
0db3ea936c424b76c7b3dbc69427b998

SHA1
7761197ca26277ab8ab62f8cd216f2f22d63392f

SHA256
e30b9806526c1a6da19828a354f437122244f03c2d3e4ec749aac0e004549677

SHA512
ea2a99b04150a734dd65ce8d89364df1817eb56f48e932d27730fac5423087ac1ea21fefc9914add056972dc61ee75484a52f99fe35994d0d90988ed83328740

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\skins\icons\doc-error-toast.png
Filesize
1KB

MD5
00e4f507d735711f169edacf6027c98a

SHA1
21db5cd84ea8b5f36c9db3c51ac2eedc37ec9c69

SHA256
65260a848437f9ebaf322c2feef021197a650770a7bef9480958fb1070475cd5

SHA512
0f7c1a3e7167bc8c462290bc2ad875c8e88adb9e1c7ccdfb9e27c039176e65f8d525700eb27997a3deae728ac75cdc7c1fef663acb60a18382cfdda0ecb6ab86

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\skins\icons\document-gay.png
Filesize
1KB

MD5
ba0a6aa0ccb00e8417454cae30be1768

SHA1
4dad002a53a36de0d29b74916c93f6eb46f9c019

SHA256
5dbb089e1fcc07c9bba2acd8638c076b81a89c956cfb0e30257031446ecdff0b

SHA512
8a68c2e127f19c34ce3570faf09c60ef4377ed97cc73e566f9d72f98ab3535d9d4776771fed3f36ed3d0beed5a90dc9cf7f956066feefa1bb31848265b9d04ab

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\skins\icons\lang-drop-click-dark.png
Filesize
296B

MD5
4934e433a50ad444edc977d029222bdd

SHA1
393202fe0563be884e839d07baef52f4e6780478

SHA256
d0b0eab41fce58cd6e71c8dc4922e7ca3600457edbd1ee82f71c2fa13caa88bc

SHA512
023ee3223788ef7091e3d64013d57562eac181d0e68df83047db881c63f0c3b3212aa090c71fc6cfb04b65eb1f41bba95cc64efba74f0d301c506f038ab89315

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\skins\icons\mini-close-dark.png
Filesize
584B

MD5
4c00a7ce8ebbf792abe15279450d3627

SHA1
5c205cbc89f9c413caf71ad341dbd53db31f1298

SHA256
efa0b0769650081ddfdfa2140535ab9650696ea595e5264a427fa9e7152e66ae

SHA512
f5b49b517eb5016e84aa0f17c190d7b757fe28e4897e41f0a60f7ee76b794878f43497657f2949ff8b8fd445d91c57abca051a427751a2f34ce69cd92eb26908

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\skins\icons\mini-more-dark.png
Filesize
463B

MD5
0da1cef20a89fac58b53362547107854

SHA1
f04d0bb0ad32857962d42ac290b618d57f2cf253

SHA256
13161872734adc174fe6a9ec84cd3a3b860ea0e42e13041533436ce3bb07b7a5

SHA512
0b4f1b50d3f7632dc5212d32b27a0b5385ca393357fcdb4af31da3d6b4c3e87e213294fd8ae8ba1fdc9ab63e23523df98fff0ef771be493df0656651cbffb91e

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\skins\icons\mini-open-main-wnd-dark.png
Filesize
549B

MD5
02074d46065d5bb7295b1c92e48dd56a

SHA1
53df07ea147d32a39bb660987280dd99d22a29dd

SHA256
228f618d1050ab3a4e030e25aa7aa52f2bdddc15ead9dc52ea7747c98d631e0d

SHA512
4f29ad944caf140fdd97ff9afb4a0f86ae05bd5bc764d9c58511b69a95a27045717dbc168d3ea684376cb62aafbd2eefb6ea55938584d29d54af75cc90089c53

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\skins\icons\mini-sprig-dark.png
Filesize
982B

MD5
9e363d4879a63481ac28f350ea5b4c26

SHA1
da780cb482c10ed5f5af9512c9200d9e48904699

SHA256
ace141c765a60a4a872e1eba75266f58e1e77715ee8eb3fc80267c84a0a8d643

SHA512
5eae13a7434596deb3f87ab6f381793a2d27c869ef0950e65e23cae7959cf1af22a2ce022d12229a4046eb1fcee1c9b7bf12a85e9e84a4230468dea8a74b09a8

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.2.0.0\skins\icons\wb-sync-1.png
Filesize
1KB

MD5
f7a6f61b4dbbc90bf35715db6b740ec8

SHA1
7731403d0cc92f6353aa6d5c8b8a6871133ca60c

SHA256
59cb8b78d9e1f62a11162faad7c8544b80b9697f8ee96bd6da0db56ddc834149

SHA512
e78a9065a1aee62c7c85f94960a57ddec86eab379aaafcd3dd4ea561ab03bc10e33e097fdc051346a5921f441e80e0bfb9d68d320dc096b3cb89c7890bed5bbc

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\CrashRpt.dll
Filesize
123KB

MD5
fb85545895a28990ade8ac0aaa834e5f

SHA1
d25700291dbb52ee5522df4f30281c0d71bfc447

SHA256
7c58b215637a0e0fd3c640cec66306a03edb1d408b6d2aadc1505510340f1ad9

SHA512
04ae75aea30e8c600f4f1a0b38542b793058e97456d7e38f72898d7f6cddf7c273ea897198260d4f38b975eed5cf168236eb2b2a1f895fa235dd573d946dc951

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\Monitor.exe
Filesize
288KB

MD5
524c10a857e649681c03681f66366a5a

SHA1
0b4b2012bb4839c744ac2a7fbadb699682f68314

SHA256
2c18e58114d0505914edf4312abf3bac9ee4fdcd9e090ee418bf47e1580b0305

SHA512
519d441fd005d958e6bd0a49c75320f99da659f92a27a126f27f32f316a62972c3baca283156e41f4864d6ecf5965b09865c70ede4446046097d10cca6b5376b

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\OcrInfo.xml
Filesize
1KB

MD5
76f997632b746f7089e5f4634692a626

SHA1
ea906e11ab8e1ce8447bcd90827a780aa4ffa273

SHA256
2d91b312fdcd60f8c997339d29c462f7a7058a06a5206dce2a8a7c92522bf140

SHA512
a80ba8147ba36be640d92257b3ca3674be11ce0406821eb75722b74ad4501da4b6155b47ba45f332bb2e303e6be904e49deaa4e644b058b046443340a8d18793

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\TextExtractorImpl32.dll
Filesize
2.1MB

MD5
43d82271680f06e9aab0354b17bcb6b5

SHA1
853457c6def25146e8ab2f79f0c6ab27db784a03

SHA256
99ba7b0f4d9ec4742e492f3f09e757943d33c91559cfc7a306deb517180d1c1b

SHA512
9034141a5425234ac266ea9c1c3dcf4ba50ac46ddd73cf0e48c451c991497775ee1c6b078bff7692493a4ac2b9e40d53fd0ff7163db8bce92c8c30e0929fc9c9

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\TextExtractorImpl64.dll
Filesize
2.6MB

MD5
5401cbc0b5e8ed89e0808da3803b12ee

SHA1
d81e21b9e5400f174e60e9e311487a6c2540c153

SHA256
51bae1b78e090e745bd139900f596293bb95e4e8a69bd3d6f9f76a558e142d1e

SHA512
4ceab86bc91dddf7a136a05ce925f4b43c3bf2d9cf4008a1f65ac85806ce69712a0e99dba3b0e5bb00882d76dcd7aabf7a94be07562efa50ddc4e38ce58f22a3

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\WordStrokeHelper32.dll
Filesize
103KB

MD5
d0fe66c82d3be333926d4a8c7df5c7ff

SHA1
96b93e20c3e66c5bda3a39fe44deeed35e3d5915

SHA256
2371b77eee724f4ba67072cb5d29e799b5cd8ca7d146c32868d26fe2c5b1698e

SHA512
ef7ea5cfa9d88c291fca4f0c33b0c58211d68c7019a024e9725cca7366d871756588ba9dc2bf978676c072200ef8ed1c4de14bcf1c31a0a5bb884a8d856332a4

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\WordStrokeHelper64.dll
Filesize
136KB

MD5
948c5f10b2f5b6fac0a32267ae55ee7e

SHA1
4f596e2a8d2b9c79ca89a11c695d72aa29dd4df7

SHA256
2a43281c23414410ac5de82b5a7482e6dc938526d99b2d114c943b962ee1423f

SHA512
4f291017c1f629e09c1e81c64d3c076d0ac805ff6257ac9050aa689f65b237356bf465d8228546bba6dc8e8fc5355f216f9e47d3729b48e83d3fdda9faad28b9

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\XDLL.dll
Filesize
136KB

MD5
eda214f831cd198d3f7628a56d28faae

SHA1
67f6527181f28b58866a4497c77be400ba570aaa

SHA256
5d1e2e8a57cdf54905ef80898fa8fb9210f860604cf3b2e8413df14c77153718

SHA512
235d105840162b1407025ade0b3673b30275b9a9e91275b352f4540e27ac67c21709e0841fe68df1fe23a6fb1c516b8f5047b77cf8e69c71a7007be668713fee

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\YodaoDict.api
Filesize
176KB

MD5
260d438b13406700bbcdabdba2c2d43c

SHA1
7c413b4c8f96beac86895a35bc285de6f3576f07

SHA256
4edd999c04f77ba491dbcd97d2771f7453d99507e546d99c05397f33afa9ff34

SHA512
a8187d3d29b80116fb26332ad682d4246320586132733a0a3d60d17658ddf69e6a3199dd6b94025d9753ded74a8f283af95386857b4f598142a9208efee05b18

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\YodaoDict7.api
Filesize
176KB

MD5
4eca618c99ae526787e310d8178746e4

SHA1
078167eeacadd0b676e05d798d588528b6f0c68d

SHA256
1b3c86f7136bf11a9f71871ad49e3b0e4f5f6c704e9f3df39a1ee2013b8f79bc

SHA512
d23ddd7b774a22db348ce05288f23bcf446e615a0763bf2ea4033af7b37ea1404f48316a07fcc3534b1257c37c2a8e63ea5bb1e34c9ca95239ac35b9f54a428d

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\YoudaoCookieAssist.exe
Filesize
65KB

MD5
cbec926eb62180548812b34b88dd70a7

SHA1
05bc446a39db8223b4da63eed4a540f6728bac57

SHA256
eaa1f6b0635a916a95d6fa9ba4d44aef2438b1f28fdf667252a90c2408255436

SHA512
3b0139a613b96aeca9df18afeed55e87e95b456b113a7dee8ac999215b5d06c22c8240d024e3571a5b056b513070afb2d72d26492d07599c03fe0325b54255a0

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\YoudaoDictHelper.exe
Filesize
3.2MB

MD5
e0c9b5634ea2d3fe3057aff7b850d52c

SHA1
f63dad92551471a87ed9fa5623086c051f0f56f4

SHA256
c82e65c9cf2a8469df6865e3bc111ff276f0c838ea6f7c5ee6cee93ab8ce385a

SHA512
de1ecb4bcf9bd096a45e2893fa201612402a1479251af4a7618af0abad83d8597f5c59911bf7c20b5977c91518767cc674c01f8f785d20ce08ff999f66913120

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\YoudaoDictPlugin.mxaddon
Filesize
21KB

MD5
fda5fee7824b4923f7816d88e87c5427

SHA1
3b3c4ccc0e687a1103851a78a95c35e8173bd1e4

SHA256
3c1c85cb21599818460ca3777e97d55669d6d4912d08ac0c8ff716915c1a151f

SHA512
f5aed3368f06ddb6d99f87d6d4fbd70692fd37d7c97ae0798226c742030acd0b44f81dedecc4a5c6d793d0b21eeed5a7ef66c3b5ab4270794eb93ccb61a4bc60

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\YoudaoEH.exe
Filesize
2.7MB

MD5
407d5b2ba88e518045bf3ccee4c2d91e

SHA1
dd4c6734d0d4b36b7f78c76471a925fea5ea0274

SHA256
24e6391e7ec901491034b5eb1b5744d7af3bf83c8c83963a09908a447eee0f3b

SHA512
c21f86285df240d9a441b3f86d9057ffdff27e8a8b9bf9b4e0a548d6dc1745d2393c273194d364b428daf77fd3af6c31d6e04fbc9f33960ce5c7ea8e0b91ae36

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\YoudaoOcr.exe
Filesize
3.7MB

MD5
c43883f577b46e4991f9a9830c0e0ad6

SHA1
bc66f5cfcdee91fa965d6cbe2384218264673d98

SHA256
d0f9301b76e698b6b5d29a18bbfd16c08dd594080100dcb02a43b7a00af2a7d6

SHA512
bd0c2aeef54cae858e58729d2ed5aeeda29b5f592aee7b82153f7ffc068a563201b92f06a4672d3c88793bd50ce0d7aab19023d7f1c232277665c0215c609539

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\YoudaoWSH.exe
Filesize
253KB

MD5
6c08ddf60b3964dda1acc2474c74272c

SHA1
e60dba36ff74d180dffb46afad9c99220aad09d1

SHA256
323ee9ac01836b0f60ef9ce56757a1a43ac42be98577c27cae0da5e563b9d425

SHA512
bdec7db3066e05d60809108720d82b5df5daf7b4d029fbfec0bb843ca770c3366452d16955cfb20831a879bef9778cf112ca98375341450efb18029f4b933fef

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\chrome_100_percent.pak
Filesize
619KB

MD5
af721c544cccd06c8baf0013a4c96e5b

SHA1
9cef5ab5121e3b3928ff91cb038c74104d3fc505

SHA256
8a89c3d043925014582f6cea272d33caf39b21ff0a638408d5a04ba51ad68c0d

SHA512
0f19af5367867e4ae6ba4415ca3d105640a130cbb53a2d24f92bf27f58ee85314a71872163313e04b08bb49de8bbba8af8a389ec9a0d5824b467bffa7f3dd635

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\chrome_200_percent.pak
Filesize
928KB

MD5
9ef013e26539843ac58607b8d217f438

SHA1
1d72c11269e73e7fe531684d1ac08412c5e43fb3

SHA256
e3a5d52a42140b73e742de2527e1520393c6359ece8477a9f836dc052c0a777b

SHA512
0b54a5bdf68cfac748f180fd1d7bd66ebb40740900d11be336d272154452be44034999f100671ece2f714a8cb5d1b20adaf1bd27606b23f260fbc6d4f137ba08

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\chrome_elf.dll
Filesize
990KB

MD5
ac8e76faca382d1260487414aeec50d1

SHA1
570d222dbb1723adf1d8df8e5f01ad81e211b60c

SHA256
c13cfcaf6819db2eca317e22285da031f7e837cc924ffc4eba82570a7cdffbce

SHA512
0db803c5e5fb08b98b5549a21c8c34f5b97bfacbd35d5d7bc5720fad7d3980c6b19495b1c8df66a6c37e577d40d4b4684735f78d71d8b2662fea1a22edaa41d6

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\compactversions.xml
Filesize
848B

MD5
a83d13f483b5e2593d67c13fa0adf6e6

SHA1
557591e5397aacc003a3fa5458a29c8f13c3374c

SHA256
3e67b3876078803e5e20473b50a8879a678e0569d71da85a3f2a60b536677f2b

SHA512
b4d4060cc54e4650a5052d4c205021f83f2c1a2f9fa67e3a9800a15cff7ad852b1ff68a32630030f725b9ce30ae026599ee64c38c0a4865a50a685bdadffc8a1

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\d3dcompiler_47.dll
Filesize
3.9MB

MD5
e2629782f2c293d94ac818fe97b53f17

SHA1
b0c334d82b23c2cff7837c62d8b9313b9bd81d5c

SHA256
feb5201d956c9381e6b5b9ac1f1696c1c64aef0b1c9d2fa7d5f9fc97fff59c64

SHA512
3e3d8b51f106f27b9833c6848b76f5142433e14d3d93c1619a3f3a348eb833ae4f8670c965206cd2f25e2f9a569ae224ef8795401ab7198cb563ab25741d73ef

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\default_config.ini
Filesize
36B

MD5
6b41123acbcaca39a961a2844a6aa40c

SHA1
60c598de13a6138fe505c16e54a16223c644b72d

SHA256
542b73e9213cb4976de9c17c23d4f75840cf65219414778ded73f62b4329329c

SHA512
1bf794c058c17ceb12ccb6424d179fde9b58915c335bd7a918e1360ac716e369e48dd7ce47cd6223a140546bceb5e0fd6f1936b0be09b37bc41fabce023a991f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\doc.tpl
Filesize
42KB

MD5
d42ed911e433ddccc26907667aef5a2e

SHA1
4b3f0fbb013b0099ee7261405d86e9abbc467b78

SHA256
5062a64a05edbe0ff0fd47277e1d302cee87d409298ad1b61cd9693be15b0527

SHA512
f79901edfcbd14b33e3ae7fddc8c9e333561f672e796375409008f68f29aeba2fcb7deecde0f4cd6eb579423fed22a715c9aa73ba58fac21211cca39c75747d4

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\en-US.pak
Filesize
294KB

MD5
8b27a839e9c4952b1241a250020f35be

SHA1
32eefa249ef9b384ff51cffb194c7fe7489f928a

SHA256
2c63576f9ce370b5f171d2b2e64d79184ea5b4fcef7f4d5f95647f8329c7e3f1

SHA512
6146b81cceb593b4fba15322ec33974e30b4b20a67f131f173f0b909aa3f88dd67af83c3336d6f66be2d87cd66aa1291bfd4afedd8c49b37a76ee8f2f307ee3b

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\fullversions.xml
Filesize
4KB

MD5
515815cbe0299379dae4cb210fa2f870

SHA1
c1a9c70a49a36e5031f343c8c5f319b18d539f70

SHA256
708e6dfe25d8a4984209a077fa34984468884872babae2e609807bf8bd397da4

SHA512
2d3e7e5260d2589ed88c9939b926a88704ff1fac8d672ec931098b995105f2647c82747004d80597b74592545e2711439830a9ffff181b0593737e92a56d7ffb

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\icudtl.dat
Filesize
9.7MB

MD5
2e7d2f6c3eed51f5eca878a466a1ab4e

SHA1
759bd98d218d7e392819107fab2a8fd1cfc63ddf

SHA256
b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa

SHA512
0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\libEGL.dll
Filesize
351KB

MD5
ced69721d9d4c91e3cc9a3b2686f3cb7

SHA1
cb96068b1ff91a6f17a8751bf84fec10c5c4f93c

SHA256
24f97a1248de8b6203b1b0faef8da241fda3a457f500556db3d4352e770fd734

SHA512
79d04e25ffe80fee338593036013fc33017c18d383df44f299c885bb7075115d53af7646dada3d42f7b037fe83e46b0d50444ea0c23129e4cb3891ea51191992

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\libGLESv2.dll
Filesize
5.2MB

MD5
74bee8021b9a8643d8b4d320cab1a5b0

SHA1
dd0e14d599c263210924fb558ec7cd8afde38bdb

SHA256
55fcf005a1d736c5fc1dff6d5490c4a9aa86eeb49b80efe5ba4a55613e025aef

SHA512
0f771653fce47b76a569771dc3ebbe6d2b8aa8cd185236637b9316b5cc6b19f425353fcdbbec6b965253f765f530c410146408e149c0d2aa2b1816cdbbfb20da

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\libcef.dll
Filesize
137.3MB

MD5
b7f9e2c0885dbb91896c85ee8871d78f

SHA1
44d929e5cd88dd50c50677a185591f8573bb74af

SHA256
935f19418ef8d30b2591651cf349c2b9cdb1a663df37d126af9456519d831302

SHA512
d91d010a91b339dcd390d31ead80d20f0c2f6b6961a5184b950fd3d1092ee9e90e0637ba162bc82baba7198f314474f2ddbf642015b40814817514942dcfa393

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\libjpeg.dll
Filesize
140KB

MD5
1c480472b924ea23f9428cbd6a87500f

SHA1
e609187bf0242aa77ee6df964b2b8472732bc61b

SHA256
fb558f247800426fcc8f754a05d24d384fc2dce87fc95bc7707c9b07ff81595f

SHA512
ea28b7d2e62405179ad0e59c548f864775fc71ccbb2b57ab460a0fe88ee9cec2952386106c3fa8ddf9e461f85aa9827fbfc9933b7d36c9acc1dcf8e6604d460b

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\libpng.dll
Filesize
205KB

MD5
c06f4e5228cb186123ca3b3226bceb89

SHA1
15f6be2ffca471f8c94b07a37a866c280fc5f766

SHA256
4e1a389df561c3ef75f669c7883ac58a7bb35fc3687d80bd2487b5699afd4f03

SHA512
0435081c9b0d3316e90d7dcc30a5a0e232947725a38716328b59a15f9c417cd7db7f58ddca9180422094f7020ae664276c55baa5057fc13972c9921efbc02633

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\libtiff.dll
Filesize
277KB

MD5
f6461d13921bb28953e8c4172cb5c19a

SHA1
09ecf1f42fefdf41e9061e7f972c1f4574770d1e

SHA256
ce4465a007efe3981d49a7406076bfceb841993e1f08abb253276705e83c7151

SHA512
269aedf9c3da426095705b4c18fa38e806447d54df5d0f79d1aafeb7385d87b44e50c92561e76de4ed439052c7f1627a9609e9f2d459001680b47ef09f19cb64

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\libzplay.dll
Filesize
2.3MB

MD5
6b67497f9e442cd73179ed7b1417310a

SHA1
d43ab533b4a18885ef2c87cc71b0a0eb07b18df3

SHA256
be4e897ecfc62a7d93efb940c77a64b0a308344402817fc7f47cd03c2d8120a8

SHA512
4985d71eb5105db421fd98744b93a5a49bb7831a8281d43b9770049c700485852b2533fec3384bba1b73ea07116ad8e6d5ac2e90ad26453a76cc6b3b7cb1f271

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\resources.pak
Filesize
6.8MB

MD5
c719f1433afaf31b049c69170db52f0b

SHA1
0b3b23d1ca107f03135c8a204bc8f5592bd23b66

SHA256
e9b2628e3da4621e5f7b5cb6e27f8950f183f58546397b8a8a76ebd5b73238e1

SHA512
627b526de66496040ca8a8af75c3c73221fd83d21ef0ad03f63d35af49cb44ad77836bae3ef26471a6243ef6516d4daa512353c4a805de366ade6f9b5b63a20c

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\snapshot_blob.bin
Filesize
50KB

MD5
3daa55c6ccde0bd18ae23864c1e39172

SHA1
56f0cbdc2a8d00520230edb78abee1fa269e22f8

SHA256
9f514926470d1f1c5c814ac572442621fa4ad0ff1e5e85eef67fe40cd9866409

SHA512
3773a53bf3044c21b263902e8e5ddad510cd5921a339a5f450c4c3bf20eceaa092a3b31aa5f53b67a22d4192976f253c66c71fd590ad7113ac5062160e924d0f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\v8_context_snapshot.bin
Filesize
158KB

MD5
5fa21031d873dad829e667097f66d4c2

SHA1
033dd42be52b1ac27a2b2739fe62459d07719555

SHA256
2ebefb04c33e93f5bfdc2c915367b4edecb9eb7c6c0d3b8e525286dc768171f0

SHA512
623d5081f873b8e94882b7295b03d1a5e1d987a38ccf538878ebbe132b47f04f84f241b7a3eea2245982aea28a1d67ba41fe2b9abd4a9aee448c240698b13785

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\versions.xml
Filesize
4KB

MD5
4c8b22cdb7eab12c8f86ea698e3a4310

SHA1
30ecaca4a9849577dc23e4e4a583c5d35d5a978f

SHA256
518a4a41c51d9d410ecd0add375dc3e99f187eef803c27ad86ab6ae6ba7999d5

SHA512
f17d67619454ba5664bcac3049b8ed7982339b73a2050129d0709bd91e75091914ce2468e855215607a33cc8b9e3ab342479b48e223e90fe636011f9d98b2ec5

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\yocr.dll
Filesize
6.3MB

MD5
7cadc72eaaf29713f8c05e20d003b334

SHA1
0c9cf934e1e0b37675dcf65cb3173ce5789078a4

SHA256
a221b3e8bb59473f5d8779bda6d687e5b435a6c00b40f60f56023f0e190adf8d

SHA512
4e1d3d2744df9bbc7de7c978eb6bb6e34656b71924ca317ae00f91ea503b0b7b02e74107fc4352bf699570bbfade8f6cf55ca9b4017534731afd5e2b5c91f8c5

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\9.2.0.0\zlib1.dll
Filesize
82KB

MD5
a9ac0757538c8de5d2160f771f3f4d3e

SHA1
320a652c8167ca3a5758c86c253cf9652edf4927

SHA256
593d6c93c7df5eb89a8edd9a3d4e010419b19eb203e5ab1d07ac39c9c7aa632e

SHA512
7dcb3650b1c4f0e3cd35ea666cba2a741a6f7a944efc846a5c79ea4e8e66533656955cc6e56d0a89ecb6f7959d7820167668621183e96e00dbe02979429db58c

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\YodaoDict.exe
Filesize
231KB

MD5
d7d7f5a544bb45b925e888bc66d4e349

SHA1
f4317fe31adeca7a8065f0d7f16b26f1354f68a8

SHA256
de31bbfbfa718d63fff75d81f90881529eba24cbdf993648a1a079c8139cd728

SHA512
23d11a9ca25cd335d9aa0047b46e5cdbc8f8b0c671605b04373cd8b0ffd04b5945789ff42fd5d6e24e287a540cd97bdb5e50b6d159a7ab57befae19a8263b4b7

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.2.0.0\YoudaoDict.exe
Filesize
10.4MB

MD5
0bca115f3d71c39a51a58c3aa4306962

SHA1
8e6245dc284d94733ec0bddf58ccbb18cedb3d9e

SHA256
a81faf15a547e12cae904adf74c237fc4545cbc155e30373a65bb9278199f064

SHA512
a7c6374e9653f5752f675c073c16882345ae84378802fbc3703e8561a5b2a4afb426e7ef73d7d502ae42f891afaf322e8cace06c416cf5287841d7c4f9d047dc

Download Submit
C:\Users\Admin\Desktop\网易有道词典.lnk
Filesize
1KB

MD5
3d5911843c90c68a0c1ec8a070d8316f

SHA1
9a5f9bb55b8d21d4404eaf0164f30d9f50081789

SHA256
26b39b510c11df3e3275e93864d67b7c788f2a045386ca2cbe00431c7ae2595e

SHA512
80c44a9074a243abae1be137f4411d2c0ee8a4638feecb75a1631960985b55973d0f5bee5997d417f099ffffb826042888fed5deb487a921547d31db3524d935

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\InstallHelper.exe
Filesize
151KB

MD5
a13fec8461e80fac4eb5219f8786558c

SHA1
2bf7da6c4792cc05c0ca56d5bf832add2d60951a

SHA256
d696340abc7b4f842f8cdaa4272d3898b3f1f701ef5f03081d7362265e7bd189

SHA512
31fc6d8b895406e6b01ce848c39eef741cd99647bee623b0803e5a489444084aab3d4eef005bb3bc029c5cb9f0d1d0a75c0b02f6348831637a7a75f1009b64ed

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\LockedList.dll
Filesize
95KB

MD5
5a94bf8916a11b5fe94aca44886c9393

SHA1
820d9c5e3365e323d6f43d3cce26fd9d2ea48b93

SHA256
0b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d

SHA512
79cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\LockedList.dll
Filesize
95KB

MD5
5a94bf8916a11b5fe94aca44886c9393

SHA1
820d9c5e3365e323d6f43d3cce26fd9d2ea48b93

SHA256
0b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d

SHA512
79cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\OP_Logging.dll
Filesize
45KB

MD5
a72c2dca77dcc121d8a8fe8806d1f1d8

SHA1
680308d6ae3d53913205f3dd2245cbf7125ab3de

SHA256
4a802d435fb605a78e74e5a481bf047e1017942537d0a5e526266316c1e85af4

SHA512
14911c94d8b19a848b95d4fb0cd9f23a701b7b4396d2bc1a2a44b8ba1eadf8ba27579ef1c3caf2cfe588d609f542df021445085fa72a6f2202c5d3c405923ec5

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\OP_ProgressBar.dll
Filesize
35KB

MD5
95ecdbdf41e9450e68895cd8a51ac3b5

SHA1
21a80e466f1bc0d7190d8c9c12f9d90476a9c2b3

SHA256
75b9c807487764b4196eee5310ed096f74dfe585ed8318e0dff0ace2ae054e26

SHA512
26a8b8fc05b9ca59ff32bf151f7860c609e8b8efc4aabc12801286378cd05022cceb9fbfb2cd814230eedeb1db0753da5368fb9f91b0d3b17187f520880cf884

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\OP_WndProc.dll
Filesize
48KB

MD5
765cf74fc709fb3450fa71aac44e7f53

SHA1
b423271b4faac68f88fef15fa4697cf0149bad85

SHA256
cc46ab0bf6b19a2601cd002b06769ad08baf4ed0b14e8728973f8af96bdee57e

SHA512
0c347d9a2960a17f8ec9b78ede972bf3cf6567fd079a6aa5a6ac262ac227bfd36acc53a7a127fd7f387dec9f4509f4f3f754b10853a213e993ea1573e74ed7e6

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\SkinBtn.dll
Filesize
4KB

MD5
29818862640ac659ce520c9c64e63e9e

SHA1
485e1e6cc552fa4f05fb767043b1e7c9eb80be64

SHA256
e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb

SHA512
ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\System.dll
Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
0b17027edf8fa0c29a9aa85db2f5994f

SHA1
ef08817aabf7ede8112303f7ba2aae0275067094

SHA256
241268dbab2369f12f1acca5bffa0486283e77cd8c11f2a460c51086742859ed

SHA512
77a7f4c71f43683503066028c4a8e7836fed763e720ccab059eb1ae78d55d5b31a4f0b5ea1caef7a1fa6180ad2ed57d1f37575580d45dfcfede4862d60752647

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
0b17027edf8fa0c29a9aa85db2f5994f

SHA1
ef08817aabf7ede8112303f7ba2aae0275067094

SHA256
241268dbab2369f12f1acca5bffa0486283e77cd8c11f2a460c51086742859ed

SHA512
77a7f4c71f43683503066028c4a8e7836fed763e720ccab059eb1ae78d55d5b31a4f0b5ea1caef7a1fa6180ad2ed57d1f37575580d45dfcfede4862d60752647

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\nsDialogs.dll
Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy14AC.tmp\nsisSlideshow.dll
Filesize
7KB

MD5
05555b779901f6b604ad890224a7a663

SHA1
4e98bc415745c95aae75dfda79c78295bd3cef2c

SHA256
f8d353598129877a8aeb45821dbb9845fa5b347ad51c46c640f92a418dd3f174

SHA512
757296383f15884cb4747c9a16432598bdaa0925cbb4b06f1664138aba1aebdc49e594ad4353fce1bde620077a5851b754fa871b07f29cab40f05e208997f641

Download Submit
memory/1696-160-0x0000000006820000-0x0000000006821000-memory.dmp

Filesize
4KB

Download
memory/1696-158-0x00000000067C0000-0x00000000067C1000-memory.dmp

Filesize
4KB

Download
memory/1696-159-0x0000000006810000-0x0000000006811000-memory.dmp

Filesize
4KB

Download
memory/2988-4222-0x000000000B740000-0x000000000B741000-memory.dmp

Filesize
4KB

Download
memory/2988-4114-0x000000000B740000-0x000000000B741000-memory.dmp

Filesize
4KB

Download
memory/2988-4104-0x0000000006240000-0x0000000006263000-memory.dmp

Filesize
140KB

Download