lumma | 9b3f52db7b5f9109db3ca498e5aee17ee40af3a03bedeb57e2c646c8d1d19777

Resubmissions

14-03-2023 01:11

230314-bkfqgseh5t 10

13-03-2023 12:04

230313-n8lmvscc9w 7

Analysis

max time kernel
114s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-03-2023 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

YoudaoDictSetup.exe
Size

97.8MB
MD5

06093299a05c090cccd8eb53ef7573ef
SHA1

90449734ba4e2560f64b7c2fdbdc008a5b462b63
SHA256

d2b7eddbcf85c332ef1934aba66b4acfba2d52f4a9d56a9839e8a14b551f646e
SHA512

094b5025f00614a67727680916374f933f7a856b5f259e67ba526be5fde1d97d8638ac419e51c3ccc377f0087eac93beee54008f942e164756de6c4b2f205332
SSDEEP

3145728:drOQb9SdacOtStyP9cL33iRaEm33tc667ifP:dSQb9SdXWcbi8BbAY

Score

10^/10

lumma discovery persistence stealer

Malware Config

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

YoudaoDictHelper.exeYoudaoDict.exeYoudaoDictHelper.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	YoudaoDictHelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	YoudaoDict.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	YoudaoDictHelper.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	YoudaoDictInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	YoudaoDictInstaller.exe

Executes dropped EXE 24 IoCs

Processes:

YoudaoDictInstaller.exeYoudaoDictInstaller.exeInstallHelper.exeInstallHelper.exeInstallHelper.exeInstallHelper.exeInstallHelper.exeYoudaoDictInstaller.exeInstallDaemon.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictIcon.exeYoudaoDictInstaller.exeYoudaoDict.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoWSH.exeYoudaoDictHelper.exe

pid	process
2092	YoudaoDictInstaller.exe
3804	YoudaoDictInstaller.exe
1532	InstallHelper.exe
1600	InstallHelper.exe
2332	InstallHelper.exe
4296	InstallHelper.exe
3056	InstallHelper.exe
2848	YoudaoDictInstaller.exe
4552	InstallDaemon.exe
4804	YoudaoDictInstaller.exe
216	YoudaoDictInstaller.exe
2056	YoudaoDictIcon.exe
1624	YoudaoDictInstaller.exe
1880	YoudaoDict.exe
3620	YoudaoDictHelper.exe
1904	YoudaoDictHelper.exe
2932	YoudaoDictHelper.exe
2260	YoudaoDictHelper.exe
4208	YoudaoDictHelper.exe
2120	YoudaoDictHelper.exe
3968	YoudaoWSH.exe
2960
2860
4316	YoudaoDictHelper.exe

Loads dropped DLL 44 IoCs

Processes:

YoudaoDictSetup.exeregsvr32.exeregsvr32.exeregsvr32.exeYoudaoDict.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoWSH.exeYoudaoDictHelper.exe

pid	process
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
4344	YoudaoDictSetup.exe
1276	regsvr32.exe
4352	regsvr32.exe
2292	regsvr32.exe
4344	YoudaoDictSetup.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
3620	YoudaoDictHelper.exe
3620	YoudaoDictHelper.exe
2932	YoudaoDictHelper.exe
2932	YoudaoDictHelper.exe
1904	YoudaoDictHelper.exe
3620	YoudaoDictHelper.exe
3620	YoudaoDictHelper.exe
3620	YoudaoDictHelper.exe
1904	YoudaoDictHelper.exe
2260	YoudaoDictHelper.exe
2260	YoudaoDictHelper.exe
2260	YoudaoDictHelper.exe
2120	YoudaoDictHelper.exe
2120	YoudaoDictHelper.exe
1880	YoudaoDict.exe
3968	YoudaoWSH.exe
1880	YoudaoDict.exe
3196
4316	YoudaoDictHelper.exe
4316	YoudaoDictHelper.exe
4316	YoudaoDictHelper.exe
4316	YoudaoDictHelper.exe
3672
4668

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Processes:

regsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

YoudaoDictInstaller.exeYoudaoDictSetup.exeYoudaoDictInstaller.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YoudaoDict = "\"C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\YoudaoDict.exe\" -hide -autostart"	YoudaoDictInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	YoudaoDictSetup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\YoudaoDict = "\"C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\YoudaoDict.exe\" -hide -autostart"	YoudaoDictSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	YoudaoDictInstaller.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	YoudaoDictInstaller.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

Processes:

YoudaoDictInstaller.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\YodaoDict.api	YoudaoDictInstaller.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\YodaoDict.api	YoudaoDictInstaller.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\TypeLib\ = "{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\ = "YoudaoGetWord 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\ = "Connect Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CurVer	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\TypeLib\ = "{55684B24-475C-4969-8C82-B498B5A53596}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\CLSID\ = "{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\FLAGS\ = "0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord32.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ProgID\ = "YoudaoGetWord64.Connect.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0\win64	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\CLSID\ = "{07473267-2FBF-468D-8C7D-A9DB6211F5F2}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\VersionIndependentProgID\ = "YoudaoGetWord64.Connect"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ProgID\ = "YoudaoGetWord32.Connect.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ = "Connect Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CLSID\ = "{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CurVer\ = "YoudaoGetWord64.Connect.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord32.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\ = "Connect Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ = "Connect Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\ = "Connect Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\VersionIndependentProgID\ = "YoudaoGetWord32.Connect"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\ = "YoudaoGetWord 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\ = "Connect Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CurVer\ = "YoudaoGetWord32.Connect.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CLSID\ = "{07473267-2FBF-468D-8C7D-A9DB6211F5F2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}	regsvr32.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

YoudaoDictInstaller.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exeYoudaoDictHelper.exe

pid	process
2848	YoudaoDictInstaller.exe
2848	YoudaoDictInstaller.exe
3620	YoudaoDictHelper.exe
3620	YoudaoDictHelper.exe
1904	YoudaoDictHelper.exe
1904	YoudaoDictHelper.exe
2260	YoudaoDictHelper.exe
2260	YoudaoDictHelper.exe
2932	YoudaoDictHelper.exe
2932	YoudaoDictHelper.exe
2120	YoudaoDictHelper.exe
2120	YoudaoDictHelper.exe
4316	YoudaoDictHelper.exe
4316	YoudaoDictHelper.exe

Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

YoudaoDict.exe

pid process

1880 YoudaoDict.exe
1880 YoudaoDict.exe
1880 YoudaoDict.exe
1880 YoudaoDict.exe
1880 YoudaoDict.exe
1880 YoudaoDict.exe
1880 YoudaoDict.exe
Suspicious use of SendNotifyMessage 4 IoCs

Processes:

YoudaoDict.exe

pid process

1880 YoudaoDict.exe
1880 YoudaoDict.exe
1880 YoudaoDict.exe
1880 YoudaoDict.exe

pid	process
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe

pid	process
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe

Suspicious use of SetWindowsHookEx 15 IoCs

Processes:

YoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDictInstaller.exeYoudaoDict.exeYoudaoWSH.exe

pid	process
2092	YoudaoDictInstaller.exe
3804	YoudaoDictInstaller.exe
3804	YoudaoDictInstaller.exe
2848	YoudaoDictInstaller.exe
4804	YoudaoDictInstaller.exe
216	YoudaoDictInstaller.exe
1624	YoudaoDictInstaller.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
1880	YoudaoDict.exe
3968	YoudaoWSH.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

YoudaoDictSetup.exeYoudaoDictInstaller.exeregsvr32.execmd.exeYoudaoDictInstaller.exeYoudaoDict.exe

description	pid	process	target process
PID 4344 wrote to memory of 2092	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 2092	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 2092	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 3804	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 3804	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 3804	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 1532	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 1532	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 1532	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 1600	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 1600	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 1600	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 2332	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 2332	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 2332	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 4296	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 4296	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 4296	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 3056	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 3056	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 3056	4344	YoudaoDictSetup.exe	InstallHelper.exe
PID 4344 wrote to memory of 2848	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 2848	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 2848	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 2848 wrote to memory of 1276	2848	YoudaoDictInstaller.exe	regsvr32.exe
PID 2848 wrote to memory of 1276	2848	YoudaoDictInstaller.exe	regsvr32.exe
PID 2848 wrote to memory of 1276	2848	YoudaoDictInstaller.exe	regsvr32.exe
PID 2848 wrote to memory of 4352	2848	YoudaoDictInstaller.exe	regsvr32.exe
PID 2848 wrote to memory of 4352	2848	YoudaoDictInstaller.exe	regsvr32.exe
PID 2848 wrote to memory of 4352	2848	YoudaoDictInstaller.exe	regsvr32.exe
PID 4352 wrote to memory of 2292	4352	regsvr32.exe	regsvr32.exe
PID 4352 wrote to memory of 2292	4352	regsvr32.exe	regsvr32.exe
PID 2848 wrote to memory of 3892	2848	YoudaoDictInstaller.exe	cmd.exe
PID 2848 wrote to memory of 3892	2848	YoudaoDictInstaller.exe	cmd.exe
PID 2848 wrote to memory of 3892	2848	YoudaoDictInstaller.exe	cmd.exe
PID 3892 wrote to memory of 4744	3892	cmd.exe	cmd.exe
PID 3892 wrote to memory of 4744	3892	cmd.exe	cmd.exe
PID 3892 wrote to memory of 4744	3892	cmd.exe	cmd.exe
PID 3892 wrote to memory of 460	3892	cmd.exe	cacls.exe
PID 3892 wrote to memory of 460	3892	cmd.exe	cacls.exe
PID 3892 wrote to memory of 460	3892	cmd.exe	cacls.exe
PID 4344 wrote to memory of 4552	4344	YoudaoDictSetup.exe	InstallDaemon.exe
PID 4344 wrote to memory of 4552	4344	YoudaoDictSetup.exe	InstallDaemon.exe
PID 4344 wrote to memory of 4552	4344	YoudaoDictSetup.exe	InstallDaemon.exe
PID 4344 wrote to memory of 216	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 216	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 216	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 4804	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 4804	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 4804	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 1624	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 1624	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 4344 wrote to memory of 1624	4344	YoudaoDictSetup.exe	YoudaoDictInstaller.exe
PID 3804 wrote to memory of 1880	3804	YoudaoDictInstaller.exe	YoudaoDict.exe
PID 3804 wrote to memory of 1880	3804	YoudaoDictInstaller.exe	YoudaoDict.exe
PID 3804 wrote to memory of 1880	3804	YoudaoDictInstaller.exe	YoudaoDict.exe
PID 1880 wrote to memory of 3620	1880	YoudaoDict.exe	YoudaoDictHelper.exe
PID 1880 wrote to memory of 3620	1880	YoudaoDict.exe	YoudaoDictHelper.exe
PID 1880 wrote to memory of 3620	1880	YoudaoDict.exe	YoudaoDictHelper.exe
PID 1880 wrote to memory of 1904	1880	YoudaoDict.exe	YoudaoDictHelper.exe
PID 1880 wrote to memory of 1904	1880	YoudaoDict.exe	YoudaoDictHelper.exe
PID 1880 wrote to memory of 1904	1880	YoudaoDict.exe	YoudaoDictHelper.exe
PID 1880 wrote to memory of 2932	1880	YoudaoDict.exe	YoudaoDictHelper.exe
PID 1880 wrote to memory of 2932	1880	YoudaoDict.exe	YoudaoDictHelper.exe

C:\Users\Admin\AppData\Local\Temp\YoudaoDictSetup.exe
"C:\Users\Admin\AppData\Local\Temp\YoudaoDictSetup.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4344

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe" "nsiinstall" "C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\install.ini" "0"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe" rundicttask * "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe" "0"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3804

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1880

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe" --type=gpu-process --field-trial-handle=4468,2549832812789996344,9457105364901369671,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --disable-logging --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --user-agent="Mozilla/5.0 (Windows NT 10.0.19041; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4476 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3620

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=4468,2549832812789996344,9457105364901369671,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=none --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --user-agent="Mozilla/5.0 (Windows NT 10.0.19041; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4844 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2932

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --user-agent="Mozilla/5.0 (Windows NT 10.0.19041; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4468,2549832812789996344,9457105364901369671,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=5312 /prefetch:1
4⤵
- Executes dropped EXE
PID:4208

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --user-agent="Mozilla/5.0 (Windows NT 10.0.19041; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4468,2549832812789996344,9457105364901369671,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=5216 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2260

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=4468,2549832812789996344,9457105364901369671,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --lang=en-US --service-sandbox-type=utility --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --user-agent="Mozilla/5.0 (Windows NT 10.0.19041; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4808 /prefetch:8
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1904

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe" --type=gpu-process --field-trial-handle=4468,2549832812789996344,9457105364901369671,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --no-sandbox --disable-logging --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --user-agent="Mozilla/5.0 (Windows NT 10.0.19041; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --mojo-platform-channel-handle=4644 /prefetch:2
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2120

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoWSH.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoWSH.exe" 1880
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3968

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictHelper.exe" --type=renderer --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0" --user-agent="Mozilla/5.0 (Windows NT 10.0.19041; WOW64) Chrome/97.0.4692.99 youdaodict/9.1.2 (jsbridge/1.0;windowspc) YDUIStyle/Light" --uncaught-exception-stack-size=3 --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --disable-databases --disable-file-system --disable-logging --log-file="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\debug.log" --remote-debugging-port=65123 --touch-events --js-flags=--jitless --field-trial-handle=4468,2549832812789996344,9457105364901369671,131072 --disable-features=CalculateNativeWinOcclusion,WinUseBrowserSpellChecker --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5824 /prefetch:1
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4316

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe" "exports" "C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\dict.7z" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.1.9.0"
2⤵
- Executes dropped EXE
PID:1532

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.1.9.0\YodaoDict.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YodaoDict.exe"
2⤵
- Executes dropped EXE
PID:1600

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.1.9.0\YoudaoDict.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
2⤵
- Executes dropped EXE
PID:2332

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.1.9.0\9.1.9.0" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0"
2⤵
- Executes dropped EXE
PID:4296

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_9.1.9.0\Stable" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\Stable"
2⤵
- Executes dropped EXE
PID:3056

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictInstaller.exe" install "C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\install.ini" "full" 0
2⤵
- Checks computer location settings
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord32.dll" /s
3⤵
- Loads dropped DLL
- Modifies registry class
PID:1276

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord64.dll" /s
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4352

C:\Windows\system32\regsvr32.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord64.dll" /s
4⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:2292

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c echo y| cacls "C:\ProgramData\Youdao\DeskDict\pluginconfig.ini" /c /g everyone:f
3⤵
- Suspicious use of WriteProcessMemory
PID:3892

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
4⤵
PID:4744

C:\Windows\SysWOW64\cacls.exe
cacls "C:\ProgramData\Youdao\DeskDict\pluginconfig.ini" /c /g everyone:f
4⤵
PID:460

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\InstallDaemon.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\InstallDaemon.exe" GetSoftListADC softs.ini ${BIND_SOFT_URL}
2⤵
- Executes dropped EXE
PID:4552

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe" "rundictnow" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:216

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe" "cleanup" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4804

C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictIcon.exe
"C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictIcon.exe"
2⤵
- Executes dropped EXE
PID:2056

C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\9.1.9.0\YoudaoDictInstaller.exe" instreport
2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:1624

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\YodaoDict.api
Filesize
176KB

MD5
260d438b13406700bbcdabdba2c2d43c

SHA1
7c413b4c8f96beac86895a35bc285de6f3576f07

SHA256
4edd999c04f77ba491dbcd97d2771f7453d99507e546d99c05397f33afa9ff34

SHA512
a8187d3d29b80116fb26332ad682d4246320586132733a0a3d60d17658ddf69e6a3199dd6b94025d9753ded74a8f283af95386857b4f598142a9208efee05b18

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
Filesize
151KB

MD5
9dab65b697def87856a7a0da55806afc

SHA1
c18a1d536388dc3c4b2d08e825fe2542974472d1

SHA256
2203f825ea28ffd41ba747f965e25ee24325f3419f25efe996d745ebedc3f869

SHA512
bbf57b81134e669bc5525dab9c5dd9d26b17599f9657a8dc7c6d2baa7bd1d5482ee201e4de38dc81dd79bf891bf205766d221e695c6563f7203595adf9fa6bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
Filesize
151KB

MD5
9dab65b697def87856a7a0da55806afc

SHA1
c18a1d536388dc3c4b2d08e825fe2542974472d1

SHA256
2203f825ea28ffd41ba747f965e25ee24325f3419f25efe996d745ebedc3f869

SHA512
bbf57b81134e669bc5525dab9c5dd9d26b17599f9657a8dc7c6d2baa7bd1d5482ee201e4de38dc81dd79bf891bf205766d221e695c6563f7203595adf9fa6bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
Filesize
151KB

MD5
9dab65b697def87856a7a0da55806afc

SHA1
c18a1d536388dc3c4b2d08e825fe2542974472d1

SHA256
2203f825ea28ffd41ba747f965e25ee24325f3419f25efe996d745ebedc3f869

SHA512
bbf57b81134e669bc5525dab9c5dd9d26b17599f9657a8dc7c6d2baa7bd1d5482ee201e4de38dc81dd79bf891bf205766d221e695c6563f7203595adf9fa6bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
Filesize
151KB

MD5
9dab65b697def87856a7a0da55806afc

SHA1
c18a1d536388dc3c4b2d08e825fe2542974472d1

SHA256
2203f825ea28ffd41ba747f965e25ee24325f3419f25efe996d745ebedc3f869

SHA512
bbf57b81134e669bc5525dab9c5dd9d26b17599f9657a8dc7c6d2baa7bd1d5482ee201e4de38dc81dd79bf891bf205766d221e695c6563f7203595adf9fa6bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\InstallHelper.exe
Filesize
151KB

MD5
9dab65b697def87856a7a0da55806afc

SHA1
c18a1d536388dc3c4b2d08e825fe2542974472d1

SHA256
2203f825ea28ffd41ba747f965e25ee24325f3419f25efe996d745ebedc3f869

SHA512
bbf57b81134e669bc5525dab9c5dd9d26b17599f9657a8dc7c6d2baa7bd1d5482ee201e4de38dc81dd79bf891bf205766d221e695c6563f7203595adf9fa6bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\LockedList.dll
Filesize
95KB

MD5
5a94bf8916a11b5fe94aca44886c9393

SHA1
820d9c5e3365e323d6f43d3cce26fd9d2ea48b93

SHA256
0b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d

SHA512
79cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\LockedList.dll
Filesize
95KB

MD5
5a94bf8916a11b5fe94aca44886c9393

SHA1
820d9c5e3365e323d6f43d3cce26fd9d2ea48b93

SHA256
0b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d

SHA512
79cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\LockedList.dll
Filesize
95KB

MD5
5a94bf8916a11b5fe94aca44886c9393

SHA1
820d9c5e3365e323d6f43d3cce26fd9d2ea48b93

SHA256
0b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d

SHA512
79cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\OP_Logging.dll
Filesize
45KB

MD5
a72c2dca77dcc121d8a8fe8806d1f1d8

SHA1
680308d6ae3d53913205f3dd2245cbf7125ab3de

SHA256
4a802d435fb605a78e74e5a481bf047e1017942537d0a5e526266316c1e85af4

SHA512
14911c94d8b19a848b95d4fb0cd9f23a701b7b4396d2bc1a2a44b8ba1eadf8ba27579ef1c3caf2cfe588d609f542df021445085fa72a6f2202c5d3c405923ec5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\OP_Logging.dll
Filesize
45KB

MD5
a72c2dca77dcc121d8a8fe8806d1f1d8

SHA1
680308d6ae3d53913205f3dd2245cbf7125ab3de

SHA256
4a802d435fb605a78e74e5a481bf047e1017942537d0a5e526266316c1e85af4

SHA512
14911c94d8b19a848b95d4fb0cd9f23a701b7b4396d2bc1a2a44b8ba1eadf8ba27579ef1c3caf2cfe588d609f542df021445085fa72a6f2202c5d3c405923ec5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\OP_ProgressBar.dll
Filesize
35KB

MD5
95ecdbdf41e9450e68895cd8a51ac3b5

SHA1
21a80e466f1bc0d7190d8c9c12f9d90476a9c2b3

SHA256
75b9c807487764b4196eee5310ed096f74dfe585ed8318e0dff0ace2ae054e26

SHA512
26a8b8fc05b9ca59ff32bf151f7860c609e8b8efc4aabc12801286378cd05022cceb9fbfb2cd814230eedeb1db0753da5368fb9f91b0d3b17187f520880cf884

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\OP_ProgressBar.dll
Filesize
35KB

MD5
95ecdbdf41e9450e68895cd8a51ac3b5

SHA1
21a80e466f1bc0d7190d8c9c12f9d90476a9c2b3

SHA256
75b9c807487764b4196eee5310ed096f74dfe585ed8318e0dff0ace2ae054e26

SHA512
26a8b8fc05b9ca59ff32bf151f7860c609e8b8efc4aabc12801286378cd05022cceb9fbfb2cd814230eedeb1db0753da5368fb9f91b0d3b17187f520880cf884

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\OP_WndProc.dll
Filesize
48KB

MD5
765cf74fc709fb3450fa71aac44e7f53

SHA1
b423271b4faac68f88fef15fa4697cf0149bad85

SHA256
cc46ab0bf6b19a2601cd002b06769ad08baf4ed0b14e8728973f8af96bdee57e

SHA512
0c347d9a2960a17f8ec9b78ede972bf3cf6567fd079a6aa5a6ac262ac227bfd36acc53a7a127fd7f387dec9f4509f4f3f754b10853a213e993ea1573e74ed7e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\OP_WndProc.dll
Filesize
48KB

MD5
765cf74fc709fb3450fa71aac44e7f53

SHA1
b423271b4faac68f88fef15fa4697cf0149bad85

SHA256
cc46ab0bf6b19a2601cd002b06769ad08baf4ed0b14e8728973f8af96bdee57e

SHA512
0c347d9a2960a17f8ec9b78ede972bf3cf6567fd079a6aa5a6ac262ac227bfd36acc53a7a127fd7f387dec9f4509f4f3f754b10853a213e993ea1573e74ed7e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\SkinBtn.dll
Filesize
4KB

MD5
29818862640ac659ce520c9c64e63e9e

SHA1
485e1e6cc552fa4f05fb767043b1e7c9eb80be64

SHA256
e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb

SHA512
ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\SkinBtn.dll
Filesize
4KB

MD5
29818862640ac659ce520c9c64e63e9e

SHA1
485e1e6cc552fa4f05fb767043b1e7c9eb80be64

SHA256
e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb

SHA512
ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\StdUtils.dll
Filesize
99KB

MD5
98a4efba4e4b566dc3d93d2d9bfcab58

SHA1
8c54ae9fcec30b2beea8b6af4ead0a76d634a536

SHA256
e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48

SHA512
2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\System.dll
Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\System.dll
Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
c790069b2bf5b08ebaf9eb1dce845d49

SHA1
8260067e605adf74c4c9c16a99fbd548e8a68b63

SHA256
0b0bf706b704174610de52d0d27f2cc95393fea40eaffa109aaf59d201880092

SHA512
27255cd55efde60516487de79ffbab88b35e257923451abe2cdd9e2fc335d34b301bd11b857ce9078385031ef97f33abeff804873b6603e294b012d16dec4c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
c790069b2bf5b08ebaf9eb1dce845d49

SHA1
8260067e605adf74c4c9c16a99fbd548e8a68b63

SHA256
0b0bf706b704174610de52d0d27f2cc95393fea40eaffa109aaf59d201880092

SHA512
27255cd55efde60516487de79ffbab88b35e257923451abe2cdd9e2fc335d34b301bd11b857ce9078385031ef97f33abeff804873b6603e294b012d16dec4c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
c790069b2bf5b08ebaf9eb1dce845d49

SHA1
8260067e605adf74c4c9c16a99fbd548e8a68b63

SHA256
0b0bf706b704174610de52d0d27f2cc95393fea40eaffa109aaf59d201880092

SHA512
27255cd55efde60516487de79ffbab88b35e257923451abe2cdd9e2fc335d34b301bd11b857ce9078385031ef97f33abeff804873b6603e294b012d16dec4c05

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\bg.bmp
Filesize
697KB

MD5
ad0c36807c8d566c11653d41f1a78240

SHA1
5d2bc425a809f06c1594c0f3a9725db87590cfb0

SHA256
1d8b406b86316a7f91238a5c7d4aeb05f4b7ddc110e7fd625bf25f74b6e95fdf

SHA512
28841f464583222db544fba0b254204fb5a15b54dc77be21e3c859abe7fc4e42f75772eb904592b3452b08eb8b24a882c06fc37fa5ef7327b30eb8bdc37b4160

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\bg_license.bmp
Filesize
697KB

MD5
e81b45b4e0be2199af0cdbe06c65b2b0

SHA1
19ce3c4613f56e9553bb785d995b3985946b30e4

SHA256
e0dea7922a48743995ee7644812f6ba5665a9f7f3c5c283fa6f7d7abbcd4f45a

SHA512
d662d709218eaf087a304d499027691e5b2b7b4c99cb8f493bdfef4e9aa2fef15f5d6770a06ba591d9284a8abb3e1c149e0f7858cce5e8fc42fb3a9e9ab3c2eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\btn_agree.bmp
Filesize
38KB

MD5
a8aad0bbeab0b6890a01ae96e021de89

SHA1
7c6d6d23c24ce694fe453e16d65c4d030addcced

SHA256
93ddd683f0aff0d0ef83d9256d925aa4cff97bde8a19f7868946b378416fb76b

SHA512
7211b259907f46c63fa668c4534c2ee68e88ec7659052ee0d6a7398aa1513308a4ccee596cedc43ed713ac64b3307bc4ce3ac823377d64c94072e30cd7e8ff27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\btn_close.bmp
Filesize
5KB

MD5
07506ad9ddbddd347d30ea00372ee1d1

SHA1
8fa380167d70b684428f735cffcf0362091c4171

SHA256
9c2208e9324f7d86b8769a6fd4b5d298fd2487581ae7b37db068693c4943f8a2

SHA512
de5715ce2919dc3d26821206762aa8c39c9f260fc1d8d53f1e5fe2abeab9caaa926cbebd9673af7472cd6ed3c60af08df24fbde7b254ba5652c2f8d91fbef2e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\btn_disagree.bmp
Filesize
38KB

MD5
bf79dc7f118e58a1be313a250106e277

SHA1
ed2d21493244090059225f3d47f5fc20e75f0c29

SHA256
a8507e762a8abce98c7ba16b322927243492a9ff3bcfbd0e75f05fbcec1f1439

SHA512
59582b7484a16d10160331d60779c983587a57dbddbe318d5069299e850b8c66afc15e744e1f18f8ad5cd55f637aaeb5ee01724b571a5068a9202ce676cde94d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\btn_install.bmp
Filesize
116KB

MD5
9521f2ab5ffd201e8d18336aff17b35f

SHA1
14057ed5cd521d672e101f40c363e04566763482

SHA256
648dfe8f47610a6a078d9cebc7da17ec577354c1877e9180fc58dff5415bc497

SHA512
312ecaf39d973a62b3f144def64e72a7fdc532bdaf4d245b7f0475db0b84357349a9cfc4dcca261621d997bf4cdd5955daf86bac3a1d579d75c90b670d3aa93c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\checkbox.bmp
Filesize
3KB

MD5
8fbdda129fc2e7f63497c33022318d05

SHA1
480e061e9454e8b025468811d8b9919c7d08b9b4

SHA256
4ebd1a0dbc8d25da6659013705d4d6810b2e378e176354589697ad7ce71522dc

SHA512
2e88b65e56f4642d7e506343f523a9840d58a5a4c52abdd6442ea772c536bc7a957ff9376376649acef404baeb2eba1cd1866235454b258561575f230e0a6afe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\checkbox_null.bmp
Filesize
3KB

MD5
4edd651564365f8400bbb4ef28658ea4

SHA1
8fead75659c35b1d573063daf4be86c1014cc9ea

SHA256
19cc5f64e5bbb7a93827dba7311cf6d42be2bd463b62154a65e3f688f684cfc1

SHA512
beb59b60efb8a8e9e7a02e73597929c4fb8c9507f96073fec1fea0f3cde7e7d49c303956e5b901ad24b6f192d9c9e037b7abf4257436b6e214e112adf065e42b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\dict.7z
Filesize
93.6MB

MD5
76aa7d24ca87cbe305958539faff153a

SHA1
0a466b4fcdc61ac3dd4406904586216186f13a20

SHA256
06c06eb2a3429a95dc988ec95e8eae651b4c78396d454f94c989853caa110867

SHA512
bb4a9f1bcc2724c1b02d59b96c7f29abd2b792505121ecc17e7853e002498446416c8fed5152fec7f8d70049fa71ecb1a28b87871f052255fbc88f63e4faf3cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\install.ini
Filesize
194B

MD5
1646927621f7069d84a7eb724282b16a

SHA1
1fb830d4ce235dc29e2ae0fb83e6471499401e67

SHA256
f4bbc4a2f6a022c2cbf9cde15724dd97e7cc0a45c0a9d5323d84f741d5ea72dc

SHA512
f4d8e736d143fb5944e490e53fec38ea9ced7557b8d4c93c1ae7f5b2b34ddc0be3eb0f39980ea29be98c3381dd818e8ba8a9af146c00a451d7dfb89f2334b133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\nsDialogs.dll
Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\nsDialogs.dll
Filesize
9KB

MD5
4ccc4a742d4423f2f0ed744fd9c81f63

SHA1
704f00a1acc327fd879cf75fc90d0b8f927c36bc

SHA256
416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6

SHA512
790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\nsisSlideshow.dll
Filesize
7KB

MD5
05555b779901f6b604ad890224a7a663

SHA1
4e98bc415745c95aae75dfda79c78295bd3cef2c

SHA256
f8d353598129877a8aeb45821dbb9845fa5b347ad51c46c640f92a418dd3f174

SHA512
757296383f15884cb4747c9a16432598bdaa0925cbb4b06f1664138aba1aebdc49e594ad4353fce1bde620077a5851b754fa871b07f29cab40f05e208997f641

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\nsisSlideshow.dll
Filesize
7KB

MD5
05555b779901f6b604ad890224a7a663

SHA1
4e98bc415745c95aae75dfda79c78295bd3cef2c

SHA256
f8d353598129877a8aeb45821dbb9845fa5b347ad51c46c640f92a418dd3f174

SHA512
757296383f15884cb4747c9a16432598bdaa0925cbb4b06f1664138aba1aebdc49e594ad4353fce1bde620077a5851b754fa871b07f29cab40f05e208997f641

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\nsisSlideshow.dll
Filesize
7KB

MD5
05555b779901f6b604ad890224a7a663

SHA1
4e98bc415745c95aae75dfda79c78295bd3cef2c

SHA256
f8d353598129877a8aeb45821dbb9845fa5b347ad51c46c640f92a418dd3f174

SHA512
757296383f15884cb4747c9a16432598bdaa0925cbb4b06f1664138aba1aebdc49e594ad4353fce1bde620077a5851b754fa871b07f29cab40f05e208997f641

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsv8A45.tmp\slide1.bmp
Filesize
908KB

MD5
d93f75bde196b8d30a72dd23afbba684

SHA1
c62fbe6d5056ab6507767ceb578b9db30446fe69

SHA256
9ec48169c33cdfc202fbdaacebbb279a439d8ee15e723644d1f3db5e697d584c

SHA512
9ef80d921a5c082aedc97d6c6ad023c7285c2becf053ce0789d9dfc1a87f830ee5771f0663b6f11e419378241919a114ed0e6496883f513b09d718b0379c8ebc

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\config.ini
Filesize
1KB

MD5
29d96faf0d1220cda4488e6de742fe56

SHA1
8d39a1655c02f238564e0cce1cad2f2315303519

SHA256
2f93a8493273a135015698605fb13fa46f7e280dd49d2ad11060f3c92580cf03

SHA512
54b387c3054408c8ef9059f295ddf714e63ee62c409f0faaf3e260406f35fa31f1b617ba16172fc6b321d5d913c077a2a3e5b58c6850991c9047c9642f795ee6

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\config.ini
Filesize
2KB

MD5
ad6d50a606c0cb614c9cd99dc5936dae

SHA1
0a6421d0e472b86c6f6187f05ab5db144d790ddc

SHA256
cf57364008382f4aa3e0a2d82367e1176277d21168fcfd0b050408bc034c3569

SHA512
040eed71d90fbba191df94bc5e9c4aeb043914ca7c702e962efa2cf03128183330ff2115d3afe4713d1b68b1c286344b1d772b1a2bd8f0a95cd8a2911229441d

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Local Storage\leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Yodao\DeskDict\dict.cache\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\InstallDaemon.exe
Filesize
97KB

MD5
6133bea2c2f6923a5152228899b1c756

SHA1
580f51e94be4396fd164e5acb1942eb060e45f42

SHA256
bc7b7e49aa6b047ee4c380a606935adff48f355da8dd69a5db337a0f4a4d139c

SHA512
cffccce73a412ea0590b0f69a26d7ac81edad850f291438d9be730c125ccdaf6099c3c4e9057c2874e2739589911459cdf954ad77fcfdebed4d01ffeb81e0d0f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\YoudaoDictHelper.exe
Filesize
3.2MB

MD5
d49ff89ea3a91e976873d5cc94f1cdbf

SHA1
560650f5e6cb346607f7163112fe00f80eea5bfe

SHA256
0a9cf4d1bed5efd4e798b8597b12b94042346f7269044bcd8565a2d422c03d10

SHA512
56941033726d8784c10643fe396dda76a929ac99c797461d131d66c3e905c4d8fd845631b682711a016f6f57ae908bb1e0cef1208761df8196271fc5b008148a

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\YoudaoDictInstaller.exe
Filesize
3.1MB

MD5
c790069b2bf5b08ebaf9eb1dce845d49

SHA1
8260067e605adf74c4c9c16a99fbd548e8a68b63

SHA256
0b0bf706b704174610de52d0d27f2cc95393fea40eaffa109aaf59d201880092

SHA512
27255cd55efde60516487de79ffbab88b35e257923451abe2cdd9e2fc335d34b301bd11b857ce9078385031ef97f33abeff804873b6603e294b012d16dec4c05

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\YoudaoWSH.exe
Filesize
253KB

MD5
684e7ed82dffe671d504854beb98804f

SHA1
dc217fcae09039a43bd4cc05f5ef43a5f778601a

SHA256
55d0cbbef282fd873622ffd70dce1a3c4d23b79a4e819a6495f9a0fe879074d5

SHA512
b1905ef7bc33a99cbdd77cf077615b76691df356f0be8a60e9a03a2f09cb3a53da0bda55974edce2a4ba5dc2b22bf297f0d7583b8e5606405892bf8dc13c8588

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\otherskins\simisent\css\s-search-2.png
Filesize
134B

MD5
4cf33e947d4690872c10997813c47453

SHA1
ddc0d10c850367211bfee534f395c793a4cd9561

SHA256
827696048e9e9f6406e75835aed917946db147cbb783d6380da5096f475406c2

SHA512
2485599e9574110547c79c7742e0a817d6d87bdcfc4f936f1196bd732995819fc556f393cdd5d83ff63b1dceeb5b3fb1a66d481d6d372c7ee5c6e7cac4d96262

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\resultui\fonts\AvertaStd-Semibold.ttf
Filesize
171KB

MD5
aef2da2daa6e15be44ff1a2706cc61a1

SHA1
65ab937099da5272f9349e478561b597c3775cf9

SHA256
27c7c6820cd15bb81940efc7c14eff9311585df09b49d50c19b589b8994e6eb8

SHA512
71c01b8100952056ae7542306f49286f66c0337d57e0ddc95508ec6ba1ea95839f9d314dfb875cd71bc2a4cb1a3c501872c992be83ac64c9d71677e3228e7fc0

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\resultui\img\doctran-loading.gif
Filesize
29KB

MD5
f2b60488681c68eb21bf21259b87a6cc

SHA1
a8d14ea0233eb5a73bb1cee97fa51da84f2234a4

SHA256
80bc57fd5f2059ecc2ffdeaa735b6fb64af3aca8ecc5e353e26eaa50585ff3dd

SHA512
9d5fc21968686e99f51008bb8050e8c84142462e975b5dcf2e731d4653150af56933d610006560892f6d53b944c105513e9922af23ab64cf2e8871a764ddb32f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\resultui\img\ic_file_fail.png
Filesize
631B

MD5
43acd065a549358fa08b39475cc60473

SHA1
0adc6021f4aad95db355f2f0a5c5ff486475d631

SHA256
7eca65b5fd7c93b9e7088a91638ff692099f0cee9acfde7ce6cf369ab94a7f1f

SHA512
98100f055436c2b2f2797d9382dce8fc2cc95b8ef474e32338aae7cad63564bce38809ff2db7be4fd37d06042c8dae2e8ae3ed491b4d3d131029b1dab9eddad4

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\resultui\img\ic_network_error.png
Filesize
690B

MD5
29d6befbe4bacdd0cf93be84715160f2

SHA1
b3a479ce1b57e693cc1951cae95a6fa622be865e

SHA256
b9cf3017835b3284e748e75116454f2f6cb8280a77956b6ef2ea7daeeb2c333f

SHA512
f5e25d51e4d0677bb381fcc9235ebf79248531d261d46aa109c031c46b435b7f217c46d848916c008a81ea71332548c07c58900507f2bd4592e7c2b373c153c4

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\resultui\img\ic_play_voice.png
Filesize
674B

MD5
b75b9dfabb25e1192e65ee98745fc237

SHA1
0740bdc00df4eab2b83250127d300af6ac148ea0

SHA256
2954c081ed5dd775fa3c1218c209b80771c2db75fa7af60f18abed1cffde5557

SHA512
7f0e6bc409ee465b866fd7aaf44a11039affabce73e8dfb159d4871832047ca6e63b9387b51129bd2d0bf31bc7b0e1197910efedc60870245a9b182ad56a304d

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\resultui\img\ic_question2.png
Filesize
762B

MD5
7c0659907ee4cd6fc943732c0ec509b3

SHA1
b5c0fe394bb53ace43a0615bc2da379d61fb5e60

SHA256
ec0ecfec8e4235eb1ab44aaac34013566df90b81c3e3ecbb1016d2a25a19bb51

SHA512
a9c0563dda469b8dd016ebb4c7b1ad3cf338a01338620730d81cdfb135f714275dde7baa5b1b47ae9cbee24c0f5964cc20518129dab5ea0361f2718e8d46750a

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\resultui\img\ic_translate_history.png
Filesize
759B

MD5
30af4a589da202cc9ff6ddd2f820c3a2

SHA1
ec6c5fa21610fd8cd82d90a25f6aa5c4542b6157

SHA256
e92eaba58489c25660bb56d4b054f601c1b9f42c4c68ecb6b7b0460ad75dc1d8

SHA512
b9db2c2b1377ca971e77191d9b69eaada32b4d2770dd30376d97034192406935bd8b48d15b4b57a6acb5b57cdc2391182796fc4b91a9af1a1e76413b69e4c42c

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\resultui\img\ic_translate_human_translation.png
Filesize
884B

MD5
0db3ea936c424b76c7b3dbc69427b998

SHA1
7761197ca26277ab8ab62f8cd216f2f22d63392f

SHA256
e30b9806526c1a6da19828a354f437122244f03c2d3e4ec749aac0e004549677

SHA512
ea2a99b04150a734dd65ce8d89364df1817eb56f48e932d27730fac5423087ac1ea21fefc9914add056972dc61ee75484a52f99fe35994d0d90988ed83328740

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\skins\icons\doc-error-toast.png
Filesize
1KB

MD5
00e4f507d735711f169edacf6027c98a

SHA1
21db5cd84ea8b5f36c9db3c51ac2eedc37ec9c69

SHA256
65260a848437f9ebaf322c2feef021197a650770a7bef9480958fb1070475cd5

SHA512
0f7c1a3e7167bc8c462290bc2ad875c8e88adb9e1c7ccdfb9e27c039176e65f8d525700eb27997a3deae728ac75cdc7c1fef663acb60a18382cfdda0ecb6ab86

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\skins\icons\document-gay.png
Filesize
1KB

MD5
ba0a6aa0ccb00e8417454cae30be1768

SHA1
4dad002a53a36de0d29b74916c93f6eb46f9c019

SHA256
5dbb089e1fcc07c9bba2acd8638c076b81a89c956cfb0e30257031446ecdff0b

SHA512
8a68c2e127f19c34ce3570faf09c60ef4377ed97cc73e566f9d72f98ab3535d9d4776771fed3f36ed3d0beed5a90dc9cf7f956066feefa1bb31848265b9d04ab

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\skins\icons\lang-drop-click-dark.png
Filesize
296B

MD5
4934e433a50ad444edc977d029222bdd

SHA1
393202fe0563be884e839d07baef52f4e6780478

SHA256
d0b0eab41fce58cd6e71c8dc4922e7ca3600457edbd1ee82f71c2fa13caa88bc

SHA512
023ee3223788ef7091e3d64013d57562eac181d0e68df83047db881c63f0c3b3212aa090c71fc6cfb04b65eb1f41bba95cc64efba74f0d301c506f038ab89315

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\skins\icons\mini-close-dark.png
Filesize
584B

MD5
4c00a7ce8ebbf792abe15279450d3627

SHA1
5c205cbc89f9c413caf71ad341dbd53db31f1298

SHA256
efa0b0769650081ddfdfa2140535ab9650696ea595e5264a427fa9e7152e66ae

SHA512
f5b49b517eb5016e84aa0f17c190d7b757fe28e4897e41f0a60f7ee76b794878f43497657f2949ff8b8fd445d91c57abca051a427751a2f34ce69cd92eb26908

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\skins\icons\mini-more-dark.png
Filesize
463B

MD5
0da1cef20a89fac58b53362547107854

SHA1
f04d0bb0ad32857962d42ac290b618d57f2cf253

SHA256
13161872734adc174fe6a9ec84cd3a3b860ea0e42e13041533436ce3bb07b7a5

SHA512
0b4f1b50d3f7632dc5212d32b27a0b5385ca393357fcdb4af31da3d6b4c3e87e213294fd8ae8ba1fdc9ab63e23523df98fff0ef771be493df0656651cbffb91e

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\skins\icons\mini-open-main-wnd-dark.png
Filesize
549B

MD5
02074d46065d5bb7295b1c92e48dd56a

SHA1
53df07ea147d32a39bb660987280dd99d22a29dd

SHA256
228f618d1050ab3a4e030e25aa7aa52f2bdddc15ead9dc52ea7747c98d631e0d

SHA512
4f29ad944caf140fdd97ff9afb4a0f86ae05bd5bc764d9c58511b69a95a27045717dbc168d3ea684376cb62aafbd2eefb6ea55938584d29d54af75cc90089c53

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\skins\icons\mini-sprig-dark.png
Filesize
982B

MD5
9e363d4879a63481ac28f350ea5b4c26

SHA1
da780cb482c10ed5f5af9512c9200d9e48904699

SHA256
ace141c765a60a4a872e1eba75266f58e1e77715ee8eb3fc80267c84a0a8d643

SHA512
5eae13a7434596deb3f87ab6f381793a2d27c869ef0950e65e23cae7959cf1af22a2ce022d12229a4046eb1fcee1c9b7bf12a85e9e84a4230468dea8a74b09a8

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\9.1.9.0\skins\icons\wb-sync-1.png
Filesize
1KB

MD5
f7a6f61b4dbbc90bf35715db6b740ec8

SHA1
7731403d0cc92f6353aa6d5c8b8a6871133ca60c

SHA256
59cb8b78d9e1f62a11162faad7c8544b80b9697f8ee96bd6da0db56ddc834149

SHA512
e78a9065a1aee62c7c85f94960a57ddec86eab379aaafcd3dd4ea561ab03bc10e33e097fdc051346a5921f441e80e0bfb9d68d320dc096b3cb89c7890bed5bbc

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\CrashRpt.dll
Filesize
123KB

MD5
36d2c33b4d1c89015e56de1fd9b1dc74

SHA1
43373310f856e2043da649f26cdc0c391b709d42

SHA256
b5af87456d2cea7b4b399a1adafcf00646a0a278982cd4680a3abca50444a9e0

SHA512
15fcbab968e3dc41aaac8a5f22ecdef533e65d2695426d61a760d5af21ec691ebc0d235b68180a79add778f337aa5462ad83867e8b03123dbb91b4139de1ad85

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\Monitor.exe
Filesize
288KB

MD5
cf43db420bf46f68e6817d3333e952ef

SHA1
ef733b7b90da02d3d8ccf4b029bfc72e965eee67

SHA256
07886aa31b83b49ed5cb92418c5f7102b36556856a6696afcc65f37a1c8a2928

SHA512
fc0c17bce43954740cc272ca36449552c4d868713752708c4cd6eab3c2ddabb00a06a9fb055b0896eba4751ff271f23936d738973cc3fbfa99082cd1c39f29c6

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\OcrInfo.xml
Filesize
1KB

MD5
76f997632b746f7089e5f4634692a626

SHA1
ea906e11ab8e1ce8447bcd90827a780aa4ffa273

SHA256
2d91b312fdcd60f8c997339d29c462f7a7058a06a5206dce2a8a7c92522bf140

SHA512
a80ba8147ba36be640d92257b3ca3674be11ce0406821eb75722b74ad4501da4b6155b47ba45f332bb2e303e6be904e49deaa4e644b058b046443340a8d18793

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\TextExtractorImpl32.dll
Filesize
2.1MB

MD5
609014f18d381349632ca3d2b5db0630

SHA1
995292fc127cfe86843aca36f0f3921243e395ca

SHA256
b57127c02ff4a6c5bb21c4c54949a8f3d3911757c410bf734122f2be07b4565c

SHA512
3c37dbd1378041bb5080ccd1c93146c8f7c4b1d90fd66eb73c780ed6f8b62d88f21762ac0ccef8340183d1e5195e567d9fabba6f16ae445573682006a4f86d25

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\TextExtractorImpl64.dll
Filesize
2.6MB

MD5
1bdd2316f06ac861dca25d0832a0264c

SHA1
c172be0d91cdfaf9732e11b422d998dda72e27be

SHA256
d95dbdfb8159427ef7d74c000ec13c5aa49add29f2e2405555fe72b51389b0d6

SHA512
e431b995c0dc42ec2df2cfb8427b1536af0ebe63da2ac209f82db90fb10918a5a3a709d1f85a695d3afbb3009c9450ede3093647824850ba67105c03bab62726

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\WordStrokeHelper32.dll
Filesize
103KB

MD5
00b0956dce44c29dbd891d020ad8722b

SHA1
1bb2a4bb51cd0da429eb5578fe882d4cec547bb9

SHA256
956479d4d4387c9e9476dcabdfc7f0f326c45db6d76dff5b23af77aa27d012aa

SHA512
06390b08648ba354ce6607f23faf8ffa0d0ade59403bf67d9d0fa21ccd258ddad47c025db1f6786dd48b1d93f65ea5e43cc9d0822da8e186bec8e7b40b6660da

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\WordStrokeHelper64.dll
Filesize
136KB

MD5
7f1d93d99de44eddebe8279c0be58004

SHA1
db42cb4b28343a94fc28f1d82ededb74ebd4c255

SHA256
6b078c853ad97229b959ceaf970176f3db89a7f95df7ad15663431241f1ab2bf

SHA512
827d0edfc7edf082a6658702c64e4ab53edd81a34b0b41aabe9865bd2addaa6acf9c934e469752b31607a8012ec502237812c4c0a4bdad51450d7a24f6517e71

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\XDLL.dll
Filesize
136KB

MD5
94123ded41a18a1782bd9f628a92a1b1

SHA1
71e057ca108bd73c84fb15eae2ebe8c199cd9812

SHA256
c135b236fbf0eef4d1f9c2fd1f950344c8000dccffdeb8c892a4817e03611b7f

SHA512
f005f28ca17821a475988f9780c0003b41beafd3645bfabe0b341c4fedce9a9b6228a255cb7e0791b9b42023aa21b4135b65d1425aaa2af458a91213a3e4662d

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\YodaoDict.api
Filesize
176KB

MD5
260d438b13406700bbcdabdba2c2d43c

SHA1
7c413b4c8f96beac86895a35bc285de6f3576f07

SHA256
4edd999c04f77ba491dbcd97d2771f7453d99507e546d99c05397f33afa9ff34

SHA512
a8187d3d29b80116fb26332ad682d4246320586132733a0a3d60d17658ddf69e6a3199dd6b94025d9753ded74a8f283af95386857b4f598142a9208efee05b18

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\YodaoDict7.api
Filesize
176KB

MD5
4eca618c99ae526787e310d8178746e4

SHA1
078167eeacadd0b676e05d798d588528b6f0c68d

SHA256
1b3c86f7136bf11a9f71871ad49e3b0e4f5f6c704e9f3df39a1ee2013b8f79bc

SHA512
d23ddd7b774a22db348ce05288f23bcf446e615a0763bf2ea4033af7b37ea1404f48316a07fcc3534b1257c37c2a8e63ea5bb1e34c9ca95239ac35b9f54a428d

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\YoudaoCookieAssist.exe
Filesize
65KB

MD5
cbec926eb62180548812b34b88dd70a7

SHA1
05bc446a39db8223b4da63eed4a540f6728bac57

SHA256
eaa1f6b0635a916a95d6fa9ba4d44aef2438b1f28fdf667252a90c2408255436

SHA512
3b0139a613b96aeca9df18afeed55e87e95b456b113a7dee8ac999215b5d06c22c8240d024e3571a5b056b513070afb2d72d26492d07599c03fe0325b54255a0

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\YoudaoDictHelper.exe
Filesize
3.2MB

MD5
d49ff89ea3a91e976873d5cc94f1cdbf

SHA1
560650f5e6cb346607f7163112fe00f80eea5bfe

SHA256
0a9cf4d1bed5efd4e798b8597b12b94042346f7269044bcd8565a2d422c03d10

SHA512
56941033726d8784c10643fe396dda76a929ac99c797461d131d66c3e905c4d8fd845631b682711a016f6f57ae908bb1e0cef1208761df8196271fc5b008148a

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\YoudaoDictPlugin.mxaddon
Filesize
21KB

MD5
fda5fee7824b4923f7816d88e87c5427

SHA1
3b3c4ccc0e687a1103851a78a95c35e8173bd1e4

SHA256
3c1c85cb21599818460ca3777e97d55669d6d4912d08ac0c8ff716915c1a151f

SHA512
f5aed3368f06ddb6d99f87d6d4fbd70692fd37d7c97ae0798226c742030acd0b44f81dedecc4a5c6d793d0b21eeed5a7ef66c3b5ab4270794eb93ccb61a4bc60

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\YoudaoEH.exe
Filesize
2.7MB

MD5
37c3548933eb4a8357828d49dff4dd8e

SHA1
6a566ae718bebf76533309576133c520e0acaf06

SHA256
6761b79b0bb32c32bdeaa01dc580686d90d47dc91a3203044b87dbd52499d914

SHA512
b558381fbf026e6d11039408345507d5e2cf67741872b5e3e3e9d0753ebffd55882ea14a32e38693bab2d1e04aeef0e9636ab2874429546af81b6bcbdebdd6ac

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\YoudaoOcr.exe
Filesize
3.7MB

MD5
f33fd67f4469dea8eed0b70da1d3fae7

SHA1
fb2f03f15ad1c0956e0be964c85bfbe3887e0e55

SHA256
d367685531645a0149ab0023c0a7ed2c95c8317e7ebcbdf4cb32dd62d6d3d6f6

SHA512
019d4de9213e9c2503258a5d2a3889aa0319b4a2b270b8279006cee2b27bd8ce16e071603509c84eb593cf3a7c46d044d49d627ee8630748875ff80d9a6a65b8

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\YoudaoWSH.exe
Filesize
253KB

MD5
684e7ed82dffe671d504854beb98804f

SHA1
dc217fcae09039a43bd4cc05f5ef43a5f778601a

SHA256
55d0cbbef282fd873622ffd70dce1a3c4d23b79a4e819a6495f9a0fe879074d5

SHA512
b1905ef7bc33a99cbdd77cf077615b76691df356f0be8a60e9a03a2f09cb3a53da0bda55974edce2a4ba5dc2b22bf297f0d7583b8e5606405892bf8dc13c8588

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\chrome_100_percent.pak
Filesize
619KB

MD5
af721c544cccd06c8baf0013a4c96e5b

SHA1
9cef5ab5121e3b3928ff91cb038c74104d3fc505

SHA256
8a89c3d043925014582f6cea272d33caf39b21ff0a638408d5a04ba51ad68c0d

SHA512
0f19af5367867e4ae6ba4415ca3d105640a130cbb53a2d24f92bf27f58ee85314a71872163313e04b08bb49de8bbba8af8a389ec9a0d5824b467bffa7f3dd635

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\chrome_200_percent.pak
Filesize
928KB

MD5
9ef013e26539843ac58607b8d217f438

SHA1
1d72c11269e73e7fe531684d1ac08412c5e43fb3

SHA256
e3a5d52a42140b73e742de2527e1520393c6359ece8477a9f836dc052c0a777b

SHA512
0b54a5bdf68cfac748f180fd1d7bd66ebb40740900d11be336d272154452be44034999f100671ece2f714a8cb5d1b20adaf1bd27606b23f260fbc6d4f137ba08

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\chrome_elf.dll
Filesize
990KB

MD5
01d0eaae9172f890de0a01a9473dbc7f

SHA1
1041ec52d4e1cf886216a0617ad3bfe9b1692422

SHA256
d5cee0030488348c16675a0405fdac8a1d983ce2097183f70a317908436eeb83

SHA512
afdef9eea30d54af8279e99027a162dabc11e1f9807de58c654b02302cc12aee4f48c5ed58e38396c3d6007dc61854e089cc2ee19bdd88c7fbc89cf48c2b6ada

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\compactversions.xml
Filesize
848B

MD5
a83d13f483b5e2593d67c13fa0adf6e6

SHA1
557591e5397aacc003a3fa5458a29c8f13c3374c

SHA256
3e67b3876078803e5e20473b50a8879a678e0569d71da85a3f2a60b536677f2b

SHA512
b4d4060cc54e4650a5052d4c205021f83f2c1a2f9fa67e3a9800a15cff7ad852b1ff68a32630030f725b9ce30ae026599ee64c38c0a4865a50a685bdadffc8a1

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\d3dcompiler_47.dll
Filesize
3.9MB

MD5
7f9d15638619d2b0decc1b6e4b4c665b

SHA1
2fc00b13812430379a42c2eb4d684505e0ca1f54

SHA256
dee9210442d0b2834f84c539928ba17523d92e04eff2b283c67a278f3ebf3998

SHA512
99090871c6be6d0dc61edddcfe4f4535530562e710f902325603cf7cd3613fa8952ee30149b64ef00197bb98b9df82cd46c2ed8d47792bb08f2736cfa0751d1e

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\default_config.ini
Filesize
36B

MD5
6b41123acbcaca39a961a2844a6aa40c

SHA1
60c598de13a6138fe505c16e54a16223c644b72d

SHA256
542b73e9213cb4976de9c17c23d4f75840cf65219414778ded73f62b4329329c

SHA512
1bf794c058c17ceb12ccb6424d179fde9b58915c335bd7a918e1360ac716e369e48dd7ce47cd6223a140546bceb5e0fd6f1936b0be09b37bc41fabce023a991f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\doc.tpl
Filesize
42KB

MD5
d42ed911e433ddccc26907667aef5a2e

SHA1
4b3f0fbb013b0099ee7261405d86e9abbc467b78

SHA256
5062a64a05edbe0ff0fd47277e1d302cee87d409298ad1b61cd9693be15b0527

SHA512
f79901edfcbd14b33e3ae7fddc8c9e333561f672e796375409008f68f29aeba2fcb7deecde0f4cd6eb579423fed22a715c9aa73ba58fac21211cca39c75747d4

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\en-US.pak
Filesize
294KB

MD5
8b27a839e9c4952b1241a250020f35be

SHA1
32eefa249ef9b384ff51cffb194c7fe7489f928a

SHA256
2c63576f9ce370b5f171d2b2e64d79184ea5b4fcef7f4d5f95647f8329c7e3f1

SHA512
6146b81cceb593b4fba15322ec33974e30b4b20a67f131f173f0b909aa3f88dd67af83c3336d6f66be2d87cd66aa1291bfd4afedd8c49b37a76ee8f2f307ee3b

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\fullversions.xml
Filesize
4KB

MD5
9a39ecddf926b9b554c9212744b48991

SHA1
33aa64a25982b1a92bcfe511ebbb4549c80e7d71

SHA256
64680b635125043a31648da838f96bb9d294acb07cb0b0f5d9470a647b66c9fe

SHA512
b7ceef210e1ce0e9634c1f7311045289d43ed98c0b15e08b17fd460f308a9bd7b34c56776105f134dbc99b939bd15a04f1873a66c09e51895269596774d5a69f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\icudtl.dat
Filesize
9.7MB

MD5
2e7d2f6c3eed51f5eca878a466a1ab4e

SHA1
759bd98d218d7e392819107fab2a8fd1cfc63ddf

SHA256
b62b7240837172959299dc3be44fffa83dc374353154eca1612e1bde330aa8fa

SHA512
0f1465e8efe32b0eaba628a30bbb21254a05d80f4407a1434120a55fb928cf575b3879e1b7cf754cd19b23c262ae715fa84a8049073563cb38f1855be7db1124

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\libEGL.dll
Filesize
351KB

MD5
baf0616f9174a0559aa5f98292165d66

SHA1
14520585f30d480b2e96610280da2701526ac681

SHA256
d287f3ae070f51af0aac11a4e903094aadf535604d0c97a44a5f3081ec4e652f

SHA512
21129919a63a9b316b95dc14f91afe6f69dc34e2b84a681f8bb65144a556d827fdb2f9867ba0d8a99b695edb86a041e0362239660346fce40815dbe0377238e0

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\libGLESv2.dll
Filesize
5.2MB

MD5
fac8d2abec4aa7db0d88b9286c70acce

SHA1
821fa1aeebe1313ee9e796f8c0d71d81dc8a1040

SHA256
12339786aafd513772e5e51fbaa9bc5da34fb39efd785cc306da02010f0783dc

SHA512
c0347bf9e9baf84ddda81eeacbe6f8ef07b1033ff8596b67ef0ccf04eb20ba108928f1e158d3136ac6b74236ce8b9131410ae6641b39cecd06e5bd6d6c6f6020

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\libcef.dll
Filesize
137.3MB

MD5
1cd0342dcc00ae694338563403f325df

SHA1
46d016799a20c483be8ca59b6847c40446d074f1

SHA256
2980b4c2fdb91951ec6eb5d7fe7e6c4853b43fe8598f92f6cd01baa8c27ac301

SHA512
2198ac0f2adc8f2ef5e73f4a183044a57f7b7f604a8cf1e038f3f30d92b9c9dee00ef2af25996956d3a326c66ee0f6ea79379fce147d56a2bfd6b50ff118378d

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\libjpeg.dll
Filesize
140KB

MD5
db8f431c99fa161ef05b8ace4c7a2d59

SHA1
b92f561fd32108df0cb65386300ddae0f3031af6

SHA256
e61b9412db3ca1887cab9fd5fdd8423bed210de76a42cad63b2e1dd48988ab12

SHA512
6734d31ebae2b5fc9a05a22b71b9b7482442c92f88c43dc5874df39516931a43a1b98b2b039b9175df96b4d619417f769a4d0d69c4c9a86c435cff2e75daf1c5

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\libpng.dll
Filesize
205KB

MD5
4bc713888c283a734f9ff21084e7987a

SHA1
9f7def395bd222adb478914a9d2617f62ae145df

SHA256
2e0914c9d9ad0ad4beb9aa53c5f0253edeb3193ef0ad22fe83180613bbf01919

SHA512
c1765ae41015cc94920f6e24616625bdcc7171c91163cdae8f85247de43a2f733e26d8b0febee2dc9ae6846db5088c9f774e51fec28a8fac32f5ba2cffb0c76a

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\libtiff.dll
Filesize
277KB

MD5
f8a2cd0f0acfa64eb66d062752555c83

SHA1
69a234884e50a498175ddbadad5610001473b592

SHA256
74e507e0aba094b26b9a0affc008a83d9f8ba1ab3141b1acb9578d8ef0708e75

SHA512
9d86ee1881ac7efbe68d68089f4dec9fd56a03fb7bacbfe84ae0f7ba9972e6bb860336e8d4d88681f6cc18c047bb9d5bac529c32e163e2ee18261db41ce2e716

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\libzplay.dll
Filesize
2.3MB

MD5
99df0c3018d0c977f23bb47a237fcd63

SHA1
cf9f916e4131f460493f0989d7504c51b7dd2570

SHA256
66d4eb066db43e832f112153c81d7f02da39e18f481eb348c65d50afebbd59c3

SHA512
e6d0c8eb5b5fed3d058c4d46d3d55c9026a44ac336b061e8e5988c6857af1a47caa7389410e72b56e86af35ce68d578a0c69f58b2e38a28c8b6bed2f49b4570a

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\localdicts\dictde.db
Filesize
1.9MB

MD5
5164186781191017c86b4242991a46f7

SHA1
46a8f9e55e50cb6205370ee921fcfba746785865

SHA256
df5e876c62f68ef42362cfde32a1cc94856c34bc8fbfef430fb8d9efbea12b09

SHA512
0717315bab4bae481bfba2352ffa7fd8f69442be8624db7a3ac4f81cc46fffc368811845e3b38218a48dc8c5f48dc457ea5b1d202c16d393cb824621060ad35d

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\localdicts\dicten.db
Filesize
8.6MB

MD5
33621a00c265a6f63df5dc78e0cb9794

SHA1
1b2ccdf13a58c6e1ba84b3705fd87e72f6f024dc

SHA256
a989f41d6d30332273813aadc54797df9afc68b3018768e6245c4f7b6c9ed1b7

SHA512
70ab43eed6f10ede85386c2714e31fcd919486b39d3683c8ccfc735f29d03e3773bdec3957d465d6b37cc50e98fac3ee531785e8d4c44cf3c4072110ee49123e

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\localdicts\dictes.db
Filesize
1.9MB

MD5
981ffc65522b2b46cbd09efd1dc0f617

SHA1
9291946ff747651486fe2200c5e0ce160dddfa72

SHA256
6d6d92dca3dd24b947a84b6e50d2412ac639bc293f994c7b85a63b3434c7833d

SHA512
b406280b01b4a3f4f1310cd6f5d526785a5e2767ef0bf04c3570249cbda9e2853ff1b05008d3849a35e92d680a0d85f86f6fc0bc1e842e47959a6a59a00b8a66

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\resources.pak
Filesize
6.8MB

MD5
c719f1433afaf31b049c69170db52f0b

SHA1
0b3b23d1ca107f03135c8a204bc8f5592bd23b66

SHA256
e9b2628e3da4621e5f7b5cb6e27f8950f183f58546397b8a8a76ebd5b73238e1

SHA512
627b526de66496040ca8a8af75c3c73221fd83d21ef0ad03f63d35af49cb44ad77836bae3ef26471a6243ef6516d4daa512353c4a805de366ade6f9b5b63a20c

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\snapshot_blob.bin
Filesize
50KB

MD5
3daa55c6ccde0bd18ae23864c1e39172

SHA1
56f0cbdc2a8d00520230edb78abee1fa269e22f8

SHA256
9f514926470d1f1c5c814ac572442621fa4ad0ff1e5e85eef67fe40cd9866409

SHA512
3773a53bf3044c21b263902e8e5ddad510cd5921a339a5f450c4c3bf20eceaa092a3b31aa5f53b67a22d4192976f253c66c71fd590ad7113ac5062160e924d0f

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\v8_context_snapshot.bin
Filesize
158KB

MD5
5fa21031d873dad829e667097f66d4c2

SHA1
033dd42be52b1ac27a2b2739fe62459d07719555

SHA256
2ebefb04c33e93f5bfdc2c915367b4edecb9eb7c6c0d3b8e525286dc768171f0

SHA512
623d5081f873b8e94882b7295b03d1a5e1d987a38ccf538878ebbe132b47f04f84f241b7a3eea2245982aea28a1d67ba41fe2b9abd4a9aee448c240698b13785

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\versions.xml
Filesize
4KB

MD5
21113403463fc12ce472ce4fe1f7b6d8

SHA1
40d6f5019af322761e367ee5719f72fe573fcc00

SHA256
6639dd10c99581f4e4d915b8ecad3f46ffdca88889bc816d43825ca9e619bdb2

SHA512
d6d1bcce120d539c4d35c8e56c12ead9c2671217710b6150c728b53aa738985db5441ff448db88b0c9213300638dc03189cd18f38c4aed712855dbdda96596c1

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\yocr.dll
Filesize
6.3MB

MD5
383085d448f674c3fa3cedf942cbb4e6

SHA1
663aa63eebc2e5d768ab209677b8a951bef53ffb

SHA256
14fe8b4e28f092ac3430a1120da352a2aa54b42c05b3f92a1ac67427a9ee6c19

SHA512
a765ceacf957714ddf0357c49e895d89df784b6efbde2568bb85c34f403abde27a54c6f3bce3f57fe5609afc56d464c5795cd6b25456ebabdd7a7b663757fc81

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\9.1.9.0\zlib1.dll
Filesize
82KB

MD5
7324c7d039c3e9c5f55c23ae3e7bfb8a

SHA1
325594a22c62bad1f13791d39eb63d28d5a9ae9a

SHA256
73fe92327c8e0c58615efc3eea6add27b74315d875b3a55b49d0306fda0a7c74

SHA512
476419c06c269ef44114ee5b3e8a6cd3164e7f56abbbc2071c491b1928a01eaf4ee594a454e63dc3cdb54aa7dbc72ef6878030c7fed9c3a961da9d018e18986e

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\YodaoDict.exe
Filesize
231KB

MD5
6901c2cd5a28ce786e979737d780f904

SHA1
4b00d236f3efc12b23020fb6b03d3f99902d9543

SHA256
249e1e869eba16f1d267def026fa5f4823958dd423067366dd0cf48b4e122ff1

SHA512
ce2e98274886b33af3519d8eb24a43f580cd2a1015f0407d9ec5a7b815b884388ba67c8ab3ff405b25ba57fa1f9e55e207c8546e9447ad3652d69e7814785106

Download Submit
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_9.1.9.0\YoudaoDict.exe
Filesize
10.4MB

MD5
b863f84841348040b7956e6962c3fb81

SHA1
d298910316a5b67ce9586d9fedda10082c316d99

SHA256
8150b1148742156316463d2bdc961784fcaa86df0d6ca1e50278bc20d252c28b

SHA512
381f3814e2e53ba19a51a1310b5a379c980a7994e1f299ac7786f4f5a93bec09f37d08e3a043fd9dd4260e31e9f39f34221b07e51daddc9e639341d8e820b945

Download Submit
memory/1880-4143-0x0000000006A70000-0x0000000006A93000-memory.dmp

Filesize
140KB

Download
memory/4344-235-0x0000000008B70000-0x0000000008B71000-memory.dmp

Filesize
4KB

Download
memory/4344-234-0x0000000008B60000-0x0000000008B61000-memory.dmp

Filesize
4KB

Download
memory/4344-233-0x00000000077B0000-0x00000000077B1000-memory.dmp

Filesize
4KB

Download