Analysis Overview
SHA256
bad7d78cbcfd337d88acfc3103dcb81a6ec572c4a7aca341cee073604157b5e9
Threat Level: Shows suspicious behavior
The file YoudaoDict_webdict_default.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Loads dropped DLL
Executes dropped EXE
Event Triggered Execution: Component Object Model Hijacking
Adds Run key to start application
Checks installed software on the system
Checks whether UAC is enabled
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
Enumerates physical storage devices
One or more HTTP URLs in qr code identified
Suspicious use of SetWindowsHookEx
Checks processor information in registry
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-05 09:43
Signatures
One or more HTTP URLs in qr code identified
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-05 09:43
Reported
2024-11-05 10:05
Platform
win11-20241023-en
Max time kernel
596s
Max time network
457s
Command Line
Signatures
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Run\YoudaoDict = "\"C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\YoudaoDict.exe\" -hide -autostart" | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Run\YoudaoDict = "\"C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\YoudaoDict.exe\" -hide -autostart" | C:\Users\Admin\AppData\Local\Temp\YoudaoDict_webdict_default.exe | N/A |
Checks installed software on the system
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\YodaoDict.api | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\YodaoDict.api | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cacls.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\YoudaoDict_webdict_default.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\InstallDaemon.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cacls.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\CLSID\ = "{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\Programmable | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\VersionIndependentProgID\ = "YoudaoGetWord64.Connect" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\ = "Connect Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\FLAGS | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\VersionIndependentProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\TypeLib\ = "{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\ = "Connect Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CurVer | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\FLAGS\ = "0" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\ = "Connect Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CLSID\ = "{07473267-2FBF-468D-8C7D-A9DB6211F5F2}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\VersionIndependentProgID\ = "YoudaoGetWord32.Connect" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ProgID\ = "YoudaoGetWord32.Connect.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\VersionIndependentProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord32.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0\win64 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect.1\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\TypeLib | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\0\win32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\TypeLib\ = "{55684B24-475C-4969-8C82-B498B5A53596}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0 | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\HELPDIR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\Programmable | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\FLAGS\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CurVer\ = "YoudaoGetWord64.Connect.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\ = "Connect Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ = "Connect Class" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\0 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Youdao\\Dict\\Application\\stable\\YoudaoGetWord32.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ = "Connect Class" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\FLAGS | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CLSID\ = "{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{7659C504-025E-4FB5-A9EC-8D2A42C9B2AF}\1.0\ = "YoudaoGetWord 1.0 Type Library" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2}\ProgID\ = "YoudaoGetWord64.Connect.1" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\ = "YoudaoGetWord 1.0 Type Library" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\CLSID\ = "{07473267-2FBF-468D-8C7D-A9DB6211F5F2}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CurVer | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CurVer\ = "YoudaoGetWord32.Connect.1" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{BB241B94-028A-441D-B9EB-B9AD3FDF2D9A}\ProgID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect.1\CLSID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord64.Connect | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{07473267-2FBF-468D-8C7D-A9DB6211F5F2} | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{55684B24-475C-4969-8C82-B498B5A53596}\1.0\HELPDIR | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\YoudaoGetWord32.Connect\CLSID | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\YoudaoDict_webdict_default.exe
"C:\Users\Admin\AppData\Local\Temp\YoudaoDict_webdict_default.exe"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe" "nsiinstall" "C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\install.ini" "0"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe" rundicttask * "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe" "0"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe" "exports" "C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\dict.7z" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_8.10.0.0"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_8.10.0.0\YodaoDict.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YodaoDict.exe"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_8.10.0.0\YoudaoDict.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_8.10.0.0\8.10.0.0" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe" "move" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\install_8.10.0.0\Stable" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\Stable"
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe" install "C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\install.ini" "full" 0
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord32.dll" /s
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord64.dll" /s
C:\Windows\system32\regsvr32.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord64.dll" /s
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c echo y| cacls "C:\ProgramData\Youdao\DeskDict\pluginconfig.ini" /c /g everyone:f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\SysWOW64\cacls.exe
cacls "C:\ProgramData\Youdao\DeskDict\pluginconfig.ini" /c /g everyone:f
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\InstallDaemon.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\InstallDaemon.exe" GetSoftListADC softs.ini ${BIND_SOFT_URL}
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe" "rundictnow" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe" "cleanup" "C:\Users\Admin\AppData\Local\Youdao\Dict\Application"
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictIcon.exe
"C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictIcon.exe"
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictInstaller.exe" instreport
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\YoudaoDict.exe"
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe" --type=renderer --disable-3d-apis --disable-databases --disable-file-system --disable-gpu --disable-logging --no-sandbox --touch-events --user-agent="Mozilla/5.0 (Windows NT 10.0.22000; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36 IE/11.1.22000.0 youdaodict/7.2 (jsbridge/1.0;windowspc) " --lang=en-US --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\\" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\\" --disable-webgl --disable-pepper-3d --disable-gl-multisampling --disable-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-video-decode --channel="1824.0.1459081258\1788533577" /prefetch:673131151
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c echo y| cacls "C:\ProgramData\Youdao\DeskDict\3cd06f9345bf7614be973bbd846674bd_des.xml" /c /g everyone:f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c echo y| cacls "C:\ProgramData\Youdao\DeskDict\updateinfo.ini" /c /g everyone:f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c echo y| cacls "C:\ProgramData\Youdao\DeskDict\3cd06f9345bf7614be973bbd846674bd.xml" /c /g everyone:f
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c echo y| cacls "C:\ProgramData\Youdao\DeskDict\updateinfo.ini" /c /g everyone:f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\SysWOW64\cacls.exe
cacls "C:\ProgramData\Youdao\DeskDict\3cd06f9345bf7614be973bbd846674bd.xml" /c /g everyone:f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\SysWOW64\cacls.exe
cacls "C:\ProgramData\Youdao\DeskDict\updateinfo.ini" /c /g everyone:f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\SysWOW64\cacls.exe
cacls "C:\ProgramData\Youdao\DeskDict\3cd06f9345bf7614be973bbd846674bd_des.xml" /c /g everyone:f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\SysWOW64\cacls.exe
cacls "C:\ProgramData\Youdao\DeskDict\updateinfo.ini" /c /g everyone:f
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoEH.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoEH.exe"
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoWSH.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoWSH.exe" 1824
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe
"C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YoudaoDictHelper.exe" --type=renderer --disable-3d-apis --disable-databases --disable-file-system --disable-gpu --disable-logging --no-sandbox --touch-events --user-agent="Mozilla/5.0 (Windows NT 10.0.22000; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36 IE/11.1.22000.0 youdaodict/7.2 (jsbridge/1.0;windowspc) " --lang=en-US --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\\" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\\" --disable-webgl --disable-pepper-3d --disable-gl-multisampling --disable-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-video-decode --channel="1824.1.961805253\363355369" /prefetch:673131151
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cidian.youdao.com | udp |
| US | 47.89.225.38:80 | foundation.youdao.com | tcp |
| US | 8.8.8.8:53 | 38.225.89.47.in-addr.arpa | udp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| SG | 47.237.106.171:80 | gorgon.youdao.com | tcp |
| US | 47.89.225.38:80 | dict.youdao.com | tcp |
| CN | 180.163.141.179:80 | codown.youdao.com | tcp |
| CN | 180.163.141.179:80 | codown.youdao.com | tcp |
| US | 47.88.31.216:443 | dict.youdao.com | tcp |
| CN | 111.124.200.173:2000 | uproxy.youdao.com | udp |
| GB | 163.181.154.242:80 | ocsp.digicert.cn | tcp |
| US | 8.8.8.8:53 | 242.154.181.163.in-addr.arpa | udp |
| US | 47.89.225.38:443 | dict.youdao.com | tcp |
| CN | 45.127.129.37:443 | nos.netease.com | tcp |
| CN | 45.127.129.37:443 | nos.netease.com | tcp |
| CN | 180.163.148.213:80 | codown.youdao.com | tcp |
| CN | 180.163.148.213:80 | codown.youdao.com | tcp |
| CN | 45.127.129.36:443 | nos.netease.com | tcp |
| CN | 45.127.129.36:443 | nos.netease.com | tcp |
| CN | 222.73.33.235:80 | codown.youdao.com | tcp |
| CN | 222.73.33.235:80 | codown.youdao.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\SkinBtn.dll
| MD5 | 29818862640ac659ce520c9c64e63e9e |
| SHA1 | 485e1e6cc552fa4f05fb767043b1e7c9eb80be64 |
| SHA256 | e96afa894a995a6097a405df76155a7a39962ff6cae7a59d89a25e5a34ab9eeb |
| SHA512 | ebb94eb21e060fb90ec9c86787eada42c7c9e1e7628ea4b16d3c7b414f554a94d5e4f4abe0e4ee30fddf4f904fd3002770a9b967fbd0feeca353e21079777057 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\System.dll
| MD5 | bf712f32249029466fa86756f5546950 |
| SHA1 | 75ac4dc4808ac148ddd78f6b89a51afbd4091c2e |
| SHA256 | 7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af |
| SHA512 | 13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\nsDialogs.dll
| MD5 | 4ccc4a742d4423f2f0ed744fd9c81f63 |
| SHA1 | 704f00a1acc327fd879cf75fc90d0b8f927c36bc |
| SHA256 | 416133dd86c0dff6b0fcaf1f46dfe97fdc85b37f90effb2d369164a8f7e13ae6 |
| SHA512 | 790c5eb1f8b297e45054c855b66dfc18e9f3f1b1870559014dbefa3b9d5b6d33a993a9e089202e70f51a55d859b74e8605c6f633386fd9189b6f78941bf1bfdb |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\btn_install.bmp
| MD5 | 9521f2ab5ffd201e8d18336aff17b35f |
| SHA1 | 14057ed5cd521d672e101f40c363e04566763482 |
| SHA256 | 648dfe8f47610a6a078d9cebc7da17ec577354c1877e9180fc58dff5415bc497 |
| SHA512 | 312ecaf39d973a62b3f144def64e72a7fdc532bdaf4d245b7f0475db0b84357349a9cfc4dcca261621d997bf4cdd5955daf86bac3a1d579d75c90b670d3aa93c |
memory/3588-68-0x0000000074BF4000-0x0000000074BF5000-memory.dmp
memory/3588-67-0x0000000002650000-0x0000000002651000-memory.dmp
memory/3588-70-0x0000000074BF0000-0x0000000074BF6000-memory.dmp
memory/3588-72-0x0000000074BF0000-0x0000000074BF6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\btn_agree.bmp
| MD5 | a8aad0bbeab0b6890a01ae96e021de89 |
| SHA1 | 7c6d6d23c24ce694fe453e16d65c4d030addcced |
| SHA256 | 93ddd683f0aff0d0ef83d9256d925aa4cff97bde8a19f7868946b378416fb76b |
| SHA512 | 7211b259907f46c63fa668c4534c2ee68e88ec7659052ee0d6a7398aa1513308a4ccee596cedc43ed713ac64b3307bc4ce3ac823377d64c94072e30cd7e8ff27 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\btn_disagree.bmp
| MD5 | bf79dc7f118e58a1be313a250106e277 |
| SHA1 | ed2d21493244090059225f3d47f5fc20e75f0c29 |
| SHA256 | a8507e762a8abce98c7ba16b322927243492a9ff3bcfbd0e75f05fbcec1f1439 |
| SHA512 | 59582b7484a16d10160331d60779c983587a57dbddbe318d5069299e850b8c66afc15e744e1f18f8ad5cd55f637aaeb5ee01724b571a5068a9202ce676cde94d |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\checkbox.bmp
| MD5 | 8fbdda129fc2e7f63497c33022318d05 |
| SHA1 | 480e061e9454e8b025468811d8b9919c7d08b9b4 |
| SHA256 | 4ebd1a0dbc8d25da6659013705d4d6810b2e378e176354589697ad7ce71522dc |
| SHA512 | 2e88b65e56f4642d7e506343f523a9840d58a5a4c52abdd6442ea772c536bc7a957ff9376376649acef404baeb2eba1cd1866235454b258561575f230e0a6afe |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\LockedList.dll
| MD5 | 5a94bf8916a11b5fe94aca44886c9393 |
| SHA1 | 820d9c5e3365e323d6f43d3cce26fd9d2ea48b93 |
| SHA256 | 0b1e46044b580121f30bedb2b5412d3170c6afaa7800d702ee71f7666904236d |
| SHA512 | 79cba3dcb249d88a6a6cfb4efcb65cc42a240af4edb14bcc7546d9c701a7b642362f9fe0488691a8906607ecc76f7b5ee5a4282fa057053b258eea143ac90c20 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\OP_WndProc.dll
| MD5 | 765cf74fc709fb3450fa71aac44e7f53 |
| SHA1 | b423271b4faac68f88fef15fa4697cf0149bad85 |
| SHA256 | cc46ab0bf6b19a2601cd002b06769ad08baf4ed0b14e8728973f8af96bdee57e |
| SHA512 | 0c347d9a2960a17f8ec9b78ede972bf3cf6567fd079a6aa5a6ac262ac227bfd36acc53a7a127fd7f387dec9f4509f4f3f754b10853a213e993ea1573e74ed7e6 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\nsisSlideshow.dll
| MD5 | 05555b779901f6b604ad890224a7a663 |
| SHA1 | 4e98bc415745c95aae75dfda79c78295bd3cef2c |
| SHA256 | f8d353598129877a8aeb45821dbb9845fa5b347ad51c46c640f92a418dd3f174 |
| SHA512 | 757296383f15884cb4747c9a16432598bdaa0925cbb4b06f1664138aba1aebdc49e594ad4353fce1bde620077a5851b754fa871b07f29cab40f05e208997f641 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\slide1.bmp
| MD5 | 37378d4a0c0ae6063094a52fd8e133ae |
| SHA1 | 8fad3352c4da6778fe41469fc728014a5fd1e64b |
| SHA256 | 82e6ba25a778678a3e8969a329d7dbef332cf88e42d51ca24b02dad7b675e640 |
| SHA512 | af2d9b39b549660184d5ba594d0d2222d44a90f667d7795023e37d1c4d7951e41f3a9d02db393a0c8990c76e2535e9d4856898f5e45bdaf4862b67294aabef46 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\bg.bmp
| MD5 | ad0c36807c8d566c11653d41f1a78240 |
| SHA1 | 5d2bc425a809f06c1594c0f3a9725db87590cfb0 |
| SHA256 | 1d8b406b86316a7f91238a5c7d4aeb05f4b7ddc110e7fd625bf25f74b6e95fdf |
| SHA512 | 28841f464583222db544fba0b254204fb5a15b54dc77be21e3c859abe7fc4e42f75772eb904592b3452b08eb8b24a882c06fc37fa5ef7327b30eb8bdc37b4160 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\OP_ProgressBar.dll
| MD5 | 95ecdbdf41e9450e68895cd8a51ac3b5 |
| SHA1 | 21a80e466f1bc0d7190d8c9c12f9d90476a9c2b3 |
| SHA256 | 75b9c807487764b4196eee5310ed096f74dfe585ed8318e0dff0ace2ae054e26 |
| SHA512 | 26a8b8fc05b9ca59ff32bf151f7860c609e8b8efc4aabc12801286378cd05022cceb9fbfb2cd814230eedeb1db0753da5368fb9f91b0d3b17187f520880cf884 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictInstaller.exe
| MD5 | 094626749f2917aab0a81fc7a9ed5a8d |
| SHA1 | 6ae2d13cf34cda3870ed97b8acb9de2294d1adc7 |
| SHA256 | 221caebb34656f112debe9783039d328a39c5006b0703130b487df32b9febcce |
| SHA512 | 44c6b061d0e3d49ec3159214c28bbe1055f9e5235fc665596b88e14a525a2896e65583a925cdda096adbd29351b09fabda52f6382c6d4d2b3303075aee4f2a38 |
C:\Users\Admin\AppData\Local\Yodao\DeskDict\config.ini
| MD5 | 5cec4762bff3820351b8010559c4121a |
| SHA1 | 1bf24bda719c19a27bfe3485301205e38bcb4f37 |
| SHA256 | b66074c7976363c71cb699dfd3bb95a617080e052ff834162e2d641102c3982c |
| SHA512 | e4c7bb2f591496ae489e5d58c0b1593a29bbcb0706ace2bfa70963e16148ea1c96c998ca77563f5edbc3ae543fdfcc83a3c7fc25c3d3559dc58fd24e24ac4727 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\install.ini
| MD5 | 6a8bb619e505a7a8b624a8e9cb656be3 |
| SHA1 | c43ba2345734e827b431ef0dc03b11316ef4a34f |
| SHA256 | 11381ce32061550eef6050c230f398bb6d58f41f7c31fcce653f6146de77de6b |
| SHA512 | 2bea5dbc7e7aa3cfc640628596b614f63bbb417e9168fbc1dd05c13012395ce9dcd6a58b5465283a526f97923ab2c6efdb86bd445d4e09a6feddaa97ce2df0b8 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\OP_Logging.dll
| MD5 | a72c2dca77dcc121d8a8fe8806d1f1d8 |
| SHA1 | 680308d6ae3d53913205f3dd2245cbf7125ab3de |
| SHA256 | 4a802d435fb605a78e74e5a481bf047e1017942537d0a5e526266316c1e85af4 |
| SHA512 | 14911c94d8b19a848b95d4fb0cd9f23a701b7b4396d2bc1a2a44b8ba1eadf8ba27579ef1c3caf2cfe588d609f542df021445085fa72a6f2202c5d3c405923ec5 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\InstallHelper.exe
| MD5 | 1438a3b0326cebae160ef162bdbc3f91 |
| SHA1 | 3b7183de88eba0474412c120d8d778fe09ea30d7 |
| SHA256 | 53d1fc8733af606ef53897c12c37ef2e7dc802f241fbbe5f09c7c834d00f8253 |
| SHA512 | 7ed134463237e4af74e90a209f14e1ab36470ba68c6c7f47dfc166599f03bd7320d7a9b2524eec5265e197ff658d8331d7613d0f2cb87223def5307bb19d366d |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\dict.7z
| MD5 | ea21ff8fda722027a7c393ca8dba5549 |
| SHA1 | 3854d890e82daf8860f1d9c807a434b8c8e1d434 |
| SHA256 | 6a5bb898b286f79daeb14dc5bed8fc7ca42dd779ac3b3d1956580df635e294b7 |
| SHA512 | b6b06f29986144c578da3e3cab8c016a4d00759f1e7b5ea7df2d11be21f767116f6753827522467e0894b98e436f2c2b4614eb2a2cd3eaf7d8e3c627b46701be |
memory/3588-566-0x0000000074BF4000-0x0000000074BF5000-memory.dmp
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_8.10.0.0\8.10.0.0\skins\icons\wb-sync-normal.png
| MD5 | d7dfa2a1f2ce7a079daf811116f8f631 |
| SHA1 | 1d56fa31732457fbb4c9a3e202bce7bf7443b587 |
| SHA256 | 5a4350018867ad42ef0cf79bc070bb5eb116095c2e5a2d41d060b49645b8f8e4 |
| SHA512 | 19ab8147013ded52f366d644ab419b8191c1837f8ade16e9ccabeaeea737bf8f7b362a74544c47a9c7547500f0429f3c60faf091d0c6c5366c40cc009ce526d0 |
memory/3588-1422-0x0000000074BF0000-0x0000000074BF6000-memory.dmp
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_8.10.0.0\YodaoDict.exe
| MD5 | 85e7ac8fc6d85f1e24b82b7ff9b523ad |
| SHA1 | c48154a268dd2e13a1d6318c8b21faf726ba420e |
| SHA256 | 6dfd1dce9fa3c2123aaae6ac0c98a190e0b354ac834b4457b1c3de173a60dd70 |
| SHA512 | 651b9ceb4e4a4ebe7d11e32a9d5a0b15fab2a4c35e24a38450847471f15b24a72090866baef11907eff537dfca3ec6dd2386a7788ac06d0beaf71d786d8e45f3 |
C:\Users\Admin\AppData\Local\youdao\dict\Application\install_8.10.0.0\YoudaoDict.exe
| MD5 | 5ac05f69b41cdc4efa048ac91cfe4a25 |
| SHA1 | b7c982d68036f02450c31c2490896678c0a2ba12 |
| SHA256 | 728a9e5462ee551fa264c4d1969db85bd650d3c0ddba528559898e9684988b6e |
| SHA512 | 4155afc3b3d65b4a3cf2a519cda4121fe8128a219f5f1a89a3fe0d22000ebf2e575c302f57baa9b413abf58e8628105e0b11ee3930abbd761507245e04374c2e |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\fullversions.xml
| MD5 | e51c25c5ef2a95913b9fd1b1d1d3905f |
| SHA1 | 3501ccc8d82c2660a25116af9dc6866c93ebb5fb |
| SHA256 | 453d7ae35e77cf834348116a63d2ed76c741dceab8d8c53e6b5adf72d69a8f42 |
| SHA512 | 07777117e10539e5b0d5ca413384fd4eb45b844b4058fdf1183afbd39e7a859835308b4e3d70870d1bcdc55057d9642c712d584e7de5e450b431e064ba1e8db7 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\vendor.dat
| MD5 | 1824a7c712325d80cdefa89f35534f72 |
| SHA1 | 1cf9d9816c33a044ccb8239c4949180f18ce7af4 |
| SHA256 | 8e51819946465351fda37dda42864d7b2a36cd506f36dfb0cdb6f2e875fb083e |
| SHA512 | 5409837b57fa5216f100ee58798ea5e014b506ba3e36a98bec6d0d67762abdb4ae0a2696d962195a38dcfad81611be37d7a86bfc6dd1bf1bb2bf7ab04237944e |
C:\Users\Admin\AppData\Local\Yodao\DeskDict\config.ini
| MD5 | 224151ab323b1db6cb92e94510b0a500 |
| SHA1 | a9b1131f99040410df48fa4c1a8a5975dd483135 |
| SHA256 | aa74730c072fcc84df433e8abc17abd64d0b880d992378542f86a941a6f4a837 |
| SHA512 | 453279a6a4c8724e5c72d417b7936fae709af3ec24596e8243e8723fc2810f8bcd36ba01eb9310efe4c1e74630b80d0740d50c2814103c1a2cfe882cec04d6a9 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\default_config.ini
| MD5 | 6b41123acbcaca39a961a2844a6aa40c |
| SHA1 | 60c598de13a6138fe505c16e54a16223c644b72d |
| SHA256 | 542b73e9213cb4976de9c17c23d4f75840cf65219414778ded73f62b4329329c |
| SHA512 | 1bf794c058c17ceb12ccb6424d179fde9b58915c335bd7a918e1360ac716e369e48dd7ce47cd6223a140546bceb5e0fd6f1936b0be09b37bc41fabce023a991f |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\wordaddin\YdWordAddIn.vsto
| MD5 | 07670234b1d7c5a4fd6aefb300a9fe00 |
| SHA1 | 67f2e38086bc6d4f96e80935a14eeccf5ec2bc50 |
| SHA256 | c84a5b86bf86e0d2ff38d1c8b82e11b04d884eccbbc93c9ca55a9dd7d0ba68fd |
| SHA512 | 0ef316f3dc74df605d26f7fc1a53bc6b493087650a85540454a53b23e46a59f49ab921fcad77daedc0bbba2a90e58c50f2bc4b2a178754d2d27690030548f856 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\YodaoDict.api
| MD5 | 260d438b13406700bbcdabdba2c2d43c |
| SHA1 | 7c413b4c8f96beac86895a35bc285de6f3576f07 |
| SHA256 | 4edd999c04f77ba491dbcd97d2771f7453d99507e546d99c05397f33afa9ff34 |
| SHA512 | a8187d3d29b80116fb26332ad682d4246320586132733a0a3d60d17658ddf69e6a3199dd6b94025d9753ded74a8f283af95386857b4f598142a9208efee05b18 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\stable\YoudaoGetWord32.dll
| MD5 | 920b861d8e614dabb0f72bb72125f8c4 |
| SHA1 | e74517f1b21d5bb86b34ef6940bfec8dcb0220a0 |
| SHA256 | fddf8cb68a32bd2ef1a532c4311bd9d73ca3bf15bba7897be7efaf3e32843fe2 |
| SHA512 | 79d814b032a1c01f5be2311be693c660434c020ce9554cd33b4f00d9aaf6b010c40ff8705076696a7739a2abf9bd18dd25c7918bbf6fc1cb1a895071a35d9d31 |
C:\Users\Admin\AppData\Local\youdao\dict\Application\Stable\YoudaoGetWord64.dll
| MD5 | d77f128700b372cd3802085618d83c19 |
| SHA1 | 499c94b408e76ac1750ffd1005696ecdd9233c1e |
| SHA256 | 99b8790f653ed36450e9342d337c56ac8a29ebfbe21e0da483b6649ba21cdd31 |
| SHA512 | 797f1cc6435943e9fe750112348f919d2c821bb888ff68ffb201b7e67a83685b0398a21eee3fd3d1300e52f8297ef3a421cb3cc0500ec6f60d2294daf9436163 |
C:\Users\Admin\AppData\Local\Yodao\DeskDict\config.ini
| MD5 | 39a6e3fe5a8913cbb56c2aea2a49b212 |
| SHA1 | 7f4eaed9aeb8ff369e23265a876719828122f1c8 |
| SHA256 | 1c547b3ed759ecd2cbc3f5177f752dd07fd585b3374a71e5677436e090f7f8c3 |
| SHA512 | 4b4155c18232522cd3e0762838729618130a7fb2f416cddfa020c7a05754137e33d454d79423b7e07c9fa9d38c6dc54726e1a82e2dc5463d178d95f1e9c005f3 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\yodaodictproxyuser
| MD5 | 18ba379108cd7ccc2fa0fd754ad45a25 |
| SHA1 | ba1039e8cdae53e44ac3e6185b0871f3d031a476 |
| SHA256 | eec4121f2a07b61aba16414812aa9afc39ab0a136360a5ace2240dc19b0464eb |
| SHA512 | ecc6818993ec8b0e5d679125845e03e5e28ac6a23b0143ff095ecfc9ef6d7b409bc7111a922a2768f02d0ae1c2c040fc8ca4a0bd152a65e305473e51ce1c296f |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\StdUtils.dll
| MD5 | 98a4efba4e4b566dc3d93d2d9bfcab58 |
| SHA1 | 8c54ae9fcec30b2beea8b6af4ead0a76d634a536 |
| SHA256 | e2ad7736209d62909a356248fce8e554093339b18ef3e6a989a3c278f177ad48 |
| SHA512 | 2dbc9a71e666ebf782607d3ca108fd47aa6bce1d0ac2a19183cc5187dd342307b64cb88906369784518922a54ac20f408d5a58f77c0ed410e2ccf98e4e9e39a0 |
C:\ProgramData\Youdao\DeskDict\pluginconfig.ini
| MD5 | 9682b022c9f21d5419f690b777ef2903 |
| SHA1 | ee91525fe989229b7de798cb0ab460ba0c895bd6 |
| SHA256 | 997a32ffc893c3379aa8d0c02bd5653235061c6da3107ffc3e267be82d8a66fc |
| SHA512 | f1aa7259bbebc9ac75d882234d824c963259d890f25862502737b04ec3561b2e468331bb0e38d2c2e2be2cba934d4abb0677d9f30191c2093577fd097f33d81e |
C:\Users\Admin\AppData\Local\youdao\dict\Application\8.10.0.0\InstallDaemon.exe
| MD5 | 6133bea2c2f6923a5152228899b1c756 |
| SHA1 | 580f51e94be4396fd164e5acb1942eb060e45f42 |
| SHA256 | bc7b7e49aa6b047ee4c380a606935adff48f355da8dd69a5db337a0f4a4d139c |
| SHA512 | cffccce73a412ea0590b0f69a26d7ac81edad850f291438d9be730c125ccdaf6099c3c4e9057c2874e2739589911459cdf954ad77fcfdebed4d01ffeb81e0d0f |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\softs.ini
| MD5 | 486fd50a0b8eefb39ad4d7e297e97f66 |
| SHA1 | c0a2f84263fd5826f4c41589efb250e561ec9c86 |
| SHA256 | c46b38b3c14fa171f3667964344f4562b757130045b411e92cbf65983bd497a6 |
| SHA512 | e8a251f2c9fe521e0435f7f2a1ac22685747fa483196be76811d6eb3cd8b9885e66e4c3033205df170e7404802712a7f437f464b22dd6e9f87ca7168b4e3b7ee |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\YoudaoDictIcon.exe
| MD5 | 7696652359cb9e6a8e1911557b527701 |
| SHA1 | 852037fac29b3e1783584ffaa671f1f3c7064a1c |
| SHA256 | 594d502a5ce3f97fbef43ee76c87882523bea69d3295190c0c230b4842aaef2a |
| SHA512 | d1597f47128bdc5750320cd7380daf9b6de77ab84c196211ae0b8e678a13ad9fa11571e4c0dcc6c5ec06a0a85b398c809f511bf6c397a4dcd8d15dc718def53d |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\guid.dat
| MD5 | 5e88f2b2d699fca94fd7a99b182f0e8b |
| SHA1 | 85e5f00caff9f8b2ca0cb110f3f6dd2d4669fd21 |
| SHA256 | 332cc3f54497969a2783756e93adc67b90e72581b330708630813cfa10c800f6 |
| SHA512 | a2daad07ca5d1661633e2d4ccd1b92116e6974f303bc14f945fdd893c2486910801c5461060a540fbea8b74d523628f40bd56edd167b337dc52c749a08ca9fcd |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\checkbox_null.bmp
| MD5 | 4edd651564365f8400bbb4ef28658ea4 |
| SHA1 | 8fead75659c35b1d573063daf4be86c1014cc9ea |
| SHA256 | 19cc5f64e5bbb7a93827dba7311cf6d42be2bd463b62154a65e3f688f684cfc1 |
| SHA512 | beb59b60efb8a8e9e7a02e73597929c4fb8c9507f96073fec1fea0f3cde7e7d49c303956e5b901ad24b6f192d9c9e037b7abf4257436b6e214e112adf065e42b |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\btn_close.bmp
| MD5 | 07506ad9ddbddd347d30ea00372ee1d1 |
| SHA1 | 8fa380167d70b684428f735cffcf0362091c4171 |
| SHA256 | 9c2208e9324f7d86b8769a6fd4b5d298fd2487581ae7b37db068693c4943f8a2 |
| SHA512 | de5715ce2919dc3d26821206762aa8c39c9f260fc1d8d53f1e5fe2abeab9caaa926cbebd9673af7472cd6ed3c60af08df24fbde7b254ba5652c2f8d91fbef2e7 |
C:\Users\Admin\AppData\Local\Temp\nsp79D5.tmp\bg_license.bmp
| MD5 | e81b45b4e0be2199af0cdbe06c65b2b0 |
| SHA1 | 19ce3c4613f56e9553bb785d995b3985946b30e4 |
| SHA256 | e0dea7922a48743995ee7644812f6ba5665a9f7f3c5c283fa6f7d7abbcd4f45a |
| SHA512 | d662d709218eaf087a304d499027691e5b2b7b4c99cb8f493bdfef4e9aa2fef15f5d6770a06ba591d9284a8abb3e1c149e0f7858cce5e8fc42fb3a9e9ab3c2eb |
C:\Users\Admin\AppData\Local\youdao\dict\Application\8.10.0.0\CrashRpt.dll
| MD5 | cd0fe8fbc197e2117c922b846360a84c |
| SHA1 | 2ba57560396ae8d5565716b4313cf43128404619 |
| SHA256 | f05eb5b74f04b452db58b44cad6739e8e1c546e5a01a9498725ad9a9d08ebcc2 |
| SHA512 | 0fd101dd65c856fddaf3305689ff637277e3e45f5d1b34949ee2efc00fcf24ab442eb408b6c4c6dbd459c654f06e1a18f5143b6251269ee6172c0fc1925a92ad |
C:\Users\Admin\AppData\Local\Yodao\DeskDict\tooltip_config.ini
| MD5 | f501d0648c86a0a1a2099e058b9483de |
| SHA1 | 46ecf567dd7ab1ce7c226dbd432dc99afc8341f0 |
| SHA256 | 414b72d6df0615f5869e46dd0d4cbc83f2b6c534fc4372ee1c68a62f35c90e22 |
| SHA512 | 1696787bf5e1b24b66b165b27d6dbd7a679dd77ffedfe89545938fd0a399d25e766e580a1af1ac853ff34d7c907cbddd6069e127a67570e5371a5e1b21ef8361 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\back-disabled.png
| MD5 | 349cf25ddcb6abe85eae4796f8a89dc8 |
| SHA1 | 9c238dc2fc405a5c5233b26e9ebf25e3869e6a6e |
| SHA256 | 73fda0e1c001292a1f1aa6220b064fc83c5cdf0c2edfcf57765ce26cc6e30bb5 |
| SHA512 | ff0088aaec3bd7ad74ea939b1232ff98960427e2c6c1411986c25641fa3a315d726831c475fd37c5c8c4b9ef480dda412afe5eca02b988dc9b13fb3e29abdbf7 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\back.png
| MD5 | c74a838c4099d919641508dfc225a69b |
| SHA1 | 27dc0eb7ade1a56bb6f0a4dbd7cf2cac67f0a6f2 |
| SHA256 | f6548c9b55281802d7fc060e5e959970bc826695c727f51be584465ecdf4b4e7 |
| SHA512 | 31665c123a3e9b71a5e6af89e39851393c6d105766b78f0c1936d90ede3920c5a057229df810c1a2932393b0e285ca0318b4290cf25b157e7d6e8015429f2bf7 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\back-hover.png
| MD5 | eeb1e04018ea20af2f2a1825084b2890 |
| SHA1 | 692b3d74888cfa5ef1fae750f2051534a2cda938 |
| SHA256 | 317bb7c231b8fe66cb376f7ecae2c6e17b113bac70809c9407bcffbca9c5dad4 |
| SHA512 | 53642eceaec099e1c90da1bce08d11e7a751ff120e32b1bbac35553dd8d6806b8503f27c8377ddde59b0a00f536a619d0aeef1d7a3e601f8b842620b742b9659 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\adv-vip.jpg
| MD5 | 53e5da25780bb85b6b8a37ca0ab47614 |
| SHA1 | 95878d31fa3ac15975400caccb778ac93385c776 |
| SHA256 | 6f2b3ce6988f6bac984bfba5d0b6d2bd71fc7ebca63c468bbbc0ae25d481a95f |
| SHA512 | 7f49e2a1e380a9f509940a1b38094925f8b8780df012ada0cb65f7cefbc4909f870ba5f8c0f86cac2c0a64717f69248276569abc9b3d64e05a2d711f69926d6f |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\adv-tag.png
| MD5 | 023d553f43cea656a371288ff66f8566 |
| SHA1 | c7bbf3e7713c630ae3d03686d97b5faa3ece511f |
| SHA256 | df8561d0d890a32abac18130623ac26bb9d9da22067bee5f48a092cf965c82e8 |
| SHA512 | 24a591a0d2921426beb3041c943e0789df06d3aa38b978200ddabecf912df4045f3d0751d29598db058f1e0537e1c703fbc07745460387d727ae88210336d49d |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\adv-register-vip.png
| MD5 | aedc52c123c3e5004e3caff46dd74910 |
| SHA1 | 668812f00158f628b4a5a4f69df91d290a44f873 |
| SHA256 | edbece80cd68a5dd4f805598472a778802367cdcf6c8970c25a1e3d893c0a461 |
| SHA512 | da77e3553032d061bd4ceaf665a9b77997afe2f0a89b19e6a89dc66cf3303349e4441fb70c52b9fa63c857c89efd4cb3d6a81d63c8fe0c54e39677587c84157a |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\adv-register-vip-hover.png
| MD5 | c2461679a901db8983ec7ac2171d6fc1 |
| SHA1 | cbb100baeed49f26b66df7de93f344adce899082 |
| SHA256 | 62f4791eaa1b59be9cbb201f1d769d845382ed4a3465adf4dd8509bd13f26849 |
| SHA512 | 399ee1c90e853ffb36ea2c537c1a075af586b9bba4a946cc6e54010606727a51b7d773c9d980d1a955495ad1e468d0830d7f698184452fb5ba82a28f27b60cab |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\adv-image-mask.png
| MD5 | e18e8e1e53f70249a7d766532b500409 |
| SHA1 | 86efbcd717f7515f92b21f790262ef6d338367ec |
| SHA256 | 0b0e2805f32ca7894f602ce3e5ccefef6dad22230f4c47f3e75955f28181a255 |
| SHA512 | 265b16b3264ab897d7c5bfd764d2b3430934879d5452397f5ba4709e6f5fb14b593308831d6bae9af9f86f278cb6e6f86ce540a3609880bbe0fb3a6a6d2b2af3 |
C:\Users\Admin\AppData\Local\Youdao\Dict\Application\8.10.0.0\skins\icons\adv-image-mask-hover.png
| MD5 | 1b14c97991c0bbee35136cf9c7a70ed8 |
| SHA1 | 02c326f768c3082a8e394ac9876f20e458ac2983 |
| SHA256 | e804487c32584f0b6c736fca212a19dbcfc9a231ab006261efd27e090aeaa943 |
| SHA512 | 83684a34538d0f3c166a4dabc74a8a1383c8da16e710a06ec2ec431e3e8c99b972cb4a7a33e7cf52a360a132b84fa8bf29f42aa85c0c9e31ddd4a2d233e82e3e |
memory/1824-1901-0x0000000007E90000-0x0000000007EB3000-memory.dmp
memory/4636-1924-0x000000003C400000-0x000000003C401000-memory.dmp
memory/4636-1923-0x0000000036900000-0x0000000036901000-memory.dmp
memory/4636-1922-0x000000001F300000-0x000000001F301000-memory.dmp
memory/4636-1921-0x000000000C000000-0x000000000C001000-memory.dmp
memory/4636-1920-0x000000002F100000-0x000000002F101000-memory.dmp
memory/4636-1919-0x000000003D600000-0x000000003D601000-memory.dmp
memory/2812-1948-0x0000000025300000-0x0000000025301000-memory.dmp