Analysis
-
max time kernel
210s -
max time network
222s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
08-06-2024 18:50
General
-
Target
doudou_BL_open_1__&W7378198677120137995W&B0B&ai.exe
-
Size
86.8MB
-
MD5
4545f5b311d9904fd52208d29972e9ac
-
SHA1
9d299ef64e6a3d4b1802656396e41ef859077a29
-
SHA256
7fc71026f8a0d6d90a270f91d5abbeb4d6e4066020dbd1008ba22978b7a3a728
-
SHA512
f8f922e63c0df82be3ed667e0c42936f0e11e0cfab1447e08163cfdabae942f542eee93c2c39dd1d0192764e7426d7417e16c64acfdf59189a38f1c9fe379d0a
-
SSDEEP
1572864:CE0O4UtPJkn3tgKnhGV/38V7Hf56BzAjpu/NlIu0TP4S6uVUc9b2QDO8Ei:ljtmK+4P8V7Hfi+pu/NazL4S6uVDlK+
Malware Config
Signatures
-
Executes dropped EXE 8 IoCs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 43 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 9 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 26 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\doudou_BL_open_1__&W7378198677120137995W&B0B&ai.exe"C:\Users\Admin\AppData\Local\Temp\doudou_BL_open_1__&W7378198677120137995W&B0B&ai.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\windowsdesktop-runtime-7.0.11-win-x86.exe"C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\windowsdesktop-runtime-7.0.11-win-x86.exe" /install /quiet /norestart2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\Temp\{5F47A323-7F5D-4121-84C4-7FFB4D5D45BB}\.cr\windowsdesktop-runtime-7.0.11-win-x86.exe"C:\Windows\Temp\{5F47A323-7F5D-4121-84C4-7FFB4D5D45BB}\.cr\windowsdesktop-runtime-7.0.11-win-x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\windowsdesktop-runtime-7.0.11-win-x86.exe" -burn.filehandle.attached=568 -burn.filehandle.self=508 /install /quiet /norestart3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\.be\windowsdesktop-runtime-7.0.11-win-x86.exe"C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\.be\windowsdesktop-runtime-7.0.11-win-x86.exe" -q -burn.elevated BurnPipe.{2BC0AF8E-1CA0-4264-BEC8-328AE8910E6F} {AFCCD51D-CC1C-4C83-8624-1D22AABF1BC4} 25564⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exeC:\Users\Admin\AppData\Local\doudou\DoudouAI.exe lan zh2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exeC:\Users\Admin\AppData\Local\doudou\DoudouAI.exe report install2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exeC:\Users\Admin\AppData\Local\doudou\DoudouAI.exe report_install_set 1 12⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exeC:\Users\Admin\AppData\Local\doudou\DoudouAI.exe finishinstall OnFinishRun2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe"C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe"2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --autoplay-policy=no-user-gesture-required --disable-popup-blocking --disable-web-security --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4612.3260.27147791292057987973⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x1b0,0x7ff97bff3cb8,0x7ff97bff3cc8,0x7ff97bff3cd84⤵
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2168 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2468 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3972 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 3DD9CE284AC5248B18C77055780158112⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E1959BFB81E635F2D4C76EC423AFBD692⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 79BDBF194126D5BC0234339559D2A3F32⤵
- Loads dropped DLL
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 40E3B6185B7BAEFE9DE1495AA3A178A32⤵
- Loads dropped DLL
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Config.Msi\e593300.rbsFilesize
48KB
MD5c0c9793845a38324334e2cb8af23503e
SHA1a4447b39a62fd69c12ec9f0a6c55259d296dce29
SHA256549c40b57c1c8b08d589aeca80d0bc896c8b56536def98dd2784578be960b4ee
SHA51218c6649922fe144ec7532ec87ad2e053f16451db6acd4cf53f1e5e3b6160065c70bb839d7d9e6203d7020540ba1aa7ef78611111582768dfa3e0aa4599c8b104
-
C:\Config.Msi\e593305.rbsFilesize
8KB
MD5e7c518ba43326915f753e84d291a726d
SHA10ceac200b332b2a4a6bd7bf905854d0c3a5882d7
SHA256048303743505ed23b25afe678fd4ceba3f3c849af40ebd28a7543203b2e17c2e
SHA512f05de8dfc51cbb1ce940abde0d2e071224217942a390d41b3ae3703a8392256223f50ab788ccd1b3f01cab72173d19e40aaa1ea5b102c41f9cd696db4910a31c
-
C:\Config.Msi\e59330a.rbsFilesize
9KB
MD5649b3afd31ad0fe365c4dae4981b9aed
SHA1e51c22bc18818f24bc56402581e5d6ee59111068
SHA25620ab0f911255bc885f3e7cdb2602926ebc5d06f34a965d1d6ba647a99208b70e
SHA51291d7f3c95e732cf644f75ad453d22b9710de035e7fe0ccbc8a7a68b04c827bae3de70210944845b0178964c19747e5dd9e9bd34a589196e9b2b332df9d198675
-
C:\Config.Msi\e59330f.rbsFilesize
90KB
MD5439adc627669984bb8cfb1ff23ec8412
SHA1117a3192ca2ae95fa9725addc9f448ad9e8dcc3e
SHA256944b09b62bb5882e1ba85fba61a59420f4da3a68dba687a5a84dc9cf08f9aee4
SHA51253fc16e604e3a697276efabaa01fa80d173a3b5aa91d0874539fe9d9812cf542f903d825aba66e0db802221002314e7b8688d4c58e01b6bf6cc72374aaf3c647
-
C:\Program Files (x86)\dotnet\LICENSE.txtFilesize
9KB
MD531c5a77b3c57c8c2e82b9541b00bcd5a
SHA1153d4bc14e3a2c1485006f1752e797ca8684d06d
SHA2567f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d
SHA512ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6
-
C:\Program Files (x86)\dotnet\ThirdPartyNotices.txtFilesize
85KB
MD55c13a5ea8c8cc3474240981d0ffa88ff
SHA11d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80
SHA2564f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da
SHA51232ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88
-
C:\Program Files (x86)\dotnet\host\fxr\7.0.11\hostfxr.dllFilesize
309KB
MD5a4648b8479844ef5255b5699985e9b45
SHA1b16ff8a5ba6b3fa7b77aae2b49047ae19f4b8212
SHA256785679ed0f6252596421f38bd5caa49c15ae8e0cf838317bbcd4ce8358f5a0af
SHA5128d9e00bbfbed30b41a1e36e03b823f8d5e784c2dea772a186bd57492cffc02488cbf689ad0e367319cf0034a94ffb3f869a7b13309c8b27e7d37001fb82ae8a0
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\Microsoft.NETCore.App.deps.jsonFilesize
28KB
MD5c295ae52a9876d19837496acf7a1b99f
SHA1d9397c54703a77cafe36c184716c6d54b741dc81
SHA2568f8eb163252e1bc4b9c4f543e349f93e89b3fe57cedaeba99b7c0d441fabe64d
SHA512a3214a31cf203960c7cddffa0115bbbe4c5ba0e9efd4fe3fcb6a9143b889ca708b5eac13c6655dbdea2fda86bb2c17eaf63210420a70543891cd0018feaaa017
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\Microsoft.NETCore.App.runtimeconfig.jsonFilesize
159B
MD501da0d56ab33c0ed0e7ac85e5244190f
SHA19e1e4b59e590038f769e5fa01fb326109a7f38e5
SHA2567133274dc5efab688a6efe2f43ca33e78a2498ef39efcad231b0e07ad2c26d17
SHA512e11967ba33c719da1681a7f98056d40f450788d9b7c8b2f580d8bc7998fc35a78c53fc970301b097c527fab79fd477adad4eafcd75b4bb376d33c3fece9e8926
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Private.CoreLib.dllFilesize
8.1MB
MD5bf5aa9cdaafd2a809c290b35253b7f78
SHA16e0ccc173dd475f67d0aa443646fef4314cf0dcf
SHA25694f11a01dc5c1b5a965bd087368705da8b4237dc5d5362ba28504b2e480783ac
SHA512f855131786f3dbd3c88ae5143fab3ab38ebdf091e611a5a09fa4e1759be75a962c20217e3f6dd6fc206c56d55367d5a668fe27fe64727b010219b97c739be890
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Private.CoreLib.dllFilesize
10.5MB
MD59c0c144c29a3c675454407648ec18087
SHA1c749f112304a0eaa5ee0f058f86de317a5e30df7
SHA256e6ad27652ed8f542c929048a9ace7c59818406171d6b5bfcf598a132abf96eb6
SHA512ba733f7a4ce9e523e196266446c4340de95d81ad399135ced7c463a5f4ce0a066d3ddbf9dfb5752cb061f88ea749e00c23e5fd8a6890f06727cb30841f46b2f4
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Private.Uri.dllFilesize
250KB
MD58d59529df5c3faf1fb38d29c183a947a
SHA16fb7e00d61f1f86fe774c1083b55d4410b9a007e
SHA2563e559574fe6cdafa3c755cff6f3aa3f96005e7d59349d52cdd6ce827e1858696
SHA5123730abf2050879f8d093cc9d1bb6f90b988ecaf8638f74d8d570b031029782ff31b000c20acaaaaee3220f9b57d8265371bd446c5c91ee98d353d844956f1b6b
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Runtime.Extensions.dllFilesize
17KB
MD5472dd5f3ff536eb992889feb8fb564ce
SHA1371f0e5ec0ce146516ef07da795f17dda4510dff
SHA2565fcd3419bb7f7dfefe719c4bd19e6377af81b565b51e368d87b8d159bf0c20a3
SHA51262d5b6af362475c1b9c3198d2b12c78cbcc2d3c525fb8421847a967f645206928320ecee8ae1e9e239f830f592231639b8c11e88df3e3db97700edee8e5456cd
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Runtime.InteropServices.dllFilesize
58KB
MD5f4e0ad8e18a871dd9f860c2d31867daa
SHA1d5e910670761ac51fb8756ba8cd44d9a3f03035f
SHA256df63bfeed60a73e94b4fa0833ff402c91ed95fc07692c03f913399a9ec334c73
SHA5123a0df1a3163eedbcd589b064ee177b94155a1eb2055b49558eb1c44292c2c77e26f9b2ecd39a30f52993336819a70aec9a86816cf67b05f91a5cb8ee0d526eb4
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Runtime.dllFilesize
42KB
MD545b5a85cc70810f4feba43c5d5bbc550
SHA1b1b5acbfca017b94f3762f4393b95bb981dc3f1b
SHA256e5fc18f0bb07d5a3172c1176bf085859330dd04ac64a7d7df9047152aaaa00d5
SHA5127635bbe176008bd89a096ffd883b595aec695b4de0038d2a26d0ca9f052ec42fbb7d8b8c06626bbf51f76e98a35baedefb80a8ab35fe1d24e8b325ee587fbedc
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\clrjit.dllFilesize
1.3MB
MD5cb493e870594b61b604fabff76c1ea5c
SHA13ac8a5ffec57e9fbf075ed553c9ed0e39b437160
SHA256e16ba65f1abdc427a6b25a07ac4e0d7f5dc678c4b16c1b80c84649cfc732e476
SHA512e94ef95ab671f451be242be0dff9ed0e366f68fe470da85e402643aff2c893a51c2c95a72d48bcf9938057a5115bd64b944d4f4d1363d85a76f483895e1c5f35
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\coreclr.dllFilesize
4.1MB
MD567035314cca8853cd098d82b9d2c403b
SHA12d6d27c2d6d2d2c41fb97459011bf2a6c739a047
SHA2567ee447ef0a3125c1f41162e6f8db6575dffff574e91aa1df356bcc85b21d0ec2
SHA512b0298790ba67409d441ceb0f70acad6c242e85e169864c31462613d4ebdc10a14e4d64cde1f5f86c332ecea34f6e880fc5355ae2daf9a88b96875babcc6fd649
-
C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\hostpolicy.dllFilesize
324KB
MD55df73310d9eea7432f6a398f9c3bd94b
SHA15dd0048a5256c9403f2a3af0ae3bd426a56d01a6
SHA25647fec17f5f49b897d0d75c22ebdef9edb8d7770f0bea0ae100c02776f153849c
SHA51299112c410d8d2a3ca20d770027b53217b60a8e212693137af2307a2d2c6c87e7968b8a630460a4f01c566ac566952d6642a0f462d1f7ee85c487b54bb74c86b4
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\DirectWriteForwarder.dllFilesize
498KB
MD5b262da7e61d24ec3308339b93e6ad546
SHA1a7fae2a9132daa97849e4c7a9cbb8e3eede8d60f
SHA2562154c84cc4231c106a82b203b9bd63a44d8f3842ab8fc01cc70006e191f20652
SHA512d6df3d4cba5f0d1d2b070e746118946e1546302395ca34d1302fbdc145499297f2139b62ecf22fe8852ff51f958a050c313492a161cad8373ec8b38c3ba81817
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\Microsoft.WindowsDesktop.App.deps.jsonFilesize
30KB
MD5ce5feebb09c117f6a95443b8b10e242b
SHA19af7c9224f12b070ca72e35f75c5337f5e46a099
SHA2567f5e41d78869c2e7ecb12eea1f0137d3e3346079b7bde575766581932e6c1e95
SHA512cf01249e9e780affc5e89bde70cb6200cae18d5b0d45bb95069cf6b7f80ab199696333ad6d121bd935105d307096dca37530308579f30768422fa57de36daa89
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\Microsoft.WindowsDesktop.App.runtimeconfig.jsonFilesize
289B
MD5145284e5cd24a30475e24e56c9a6447c
SHA139285d36cf8c6c7e8a642d726a0b0941932ca329
SHA2569687caa18770fc051076b4e8673a8f4cb0b48aaae44f37f4ee5227a02401f70f
SHA512c43eadd4d4013de29baf5b0882d45d0f82e71459aed78daf2cda8c7ecd2e54dde67b78a25d645bd51628885d4e233a9c2b8d3410d19633f8890fa6630c8d3aa7
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\PresentationCore.dllFilesize
7.8MB
MD5f435ce2ac41bd17cf04273cb5bd10c07
SHA1d3f77c32bd244cea2a6c9a26ad27e295d79fbb69
SHA2560924a1ccef3d8df3b92d3f526b5d76b8110f768b2a99bc455e37d1b69c50969d
SHA512cffece7218dd5287525080414bafed745939880ddf5424f83578218631efb8de54caf16fc95d78ac19aa8448a5ae9cb61c2d2ecf0e364539a9485977ca25babe
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\PresentationCore.dllFilesize
7.1MB
MD530ba9bc9cb3a1fd78afe8cf4b03b1ad2
SHA132b37b7e2eee0b436048140a22514565650dd290
SHA256c389d1dc2298b59f1361146887709decdc846b190e35acc6df75d4d46c7ef339
SHA5120612897684e7775fc5d5b8bded8b0cc5f590e54e4620452bc9492f44b2a620503611fcd00dcbe37df4a08b1c008ad0b4d1e83adf1afcd7fb4dacc3f5ae4a19b7
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\PresentationFramework.dllFilesize
14.6MB
MD5ee7eb3c35bd2d8f8cbc2becbfa87e471
SHA1821df1474234b38dcb2803cedb71ebd269ee2b29
SHA256f2f519f37dafae33797b3bdd2ee8b3ae758676e9517c4102dbe50ceb6ccf666c
SHA512ff239b1b9fb338770cb39cf4291ed462587cca9a861c68219a248c1f729981041396ef96c009ca5e4821feaa75c051908de3107f7d1c9ef8d04b2bfba8c0bdd5
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\PresentationFramework.dllFilesize
7.9MB
MD51a5af17d60f94e91f958fe71edf73f5f
SHA1b579d4fbcca71df48668618d26e53ca636e82d42
SHA2567fbd204c98d4fa35c2dd6254f06810e5c03ec402be7f9b0653bcf2c2f88933ab
SHA5125bbaf09700694a28113226dff41213e7295d325afbf55dcdf1be012b887da5719a0099ec75d8864869af34cf0f5889c1b1b0efbb9c777d5e7ccda8e8aaf07f43
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\System.IO.Packaging.dllFilesize
254KB
MD5a625ca9b9ff66bd98fc8762a55162960
SHA158106e2f9828c92577cfd19d3ea404898aec9a07
SHA25603e1a3a4997a7e2585e676387150ccec853df605b62362f1f2484737e570d52c
SHA5129b5447d3f461afc69fcab247de26e76ce8bfb8220c9aeb458e965b0ad858d0de5c95bc5f2ca624ade5d6f0abcab4a7727c345c8489d0828d44ab45bffe91ae0a
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\System.Xaml.dllFilesize
1.3MB
MD5cddd04e849cfa5c81ab4fa96e855fd85
SHA11962f7e197ffbfd2e445d5482e7092bfe1f3642d
SHA25638e505060941a6c8b48548e6bf0556d332127836738419c37db8a4a041da51a6
SHA512baacd8693a50b363ad3b3af7bd41ab2c0226a4dd816661685a6875be5a080ed961130f4c29f509206d45abb0c6541118c50fd5de566bc1d44f469aa7a2c0302c
-
C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\WindowsBase.dllFilesize
2.0MB
MD5d4b68a9b20641171174786ca29b9e7f0
SHA19c35c56922ec3a200c494e6192795623a6e9f2c7
SHA2566b67747f360666d4620b70b72d002a01f23d6d478beb98e1a1a12ead81890fd9
SHA512e0b016e6a9cb2e3153e84ff35ca82d699dd370f266bfd753184aa837a135389c92c90f4074f37caae5f124279a4543b02ee18fa010ec011e80eadd794370903a
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.11_(x86)_20240608185935_000_dotnet_runtime_7.0.11_win_x86.msi.logFilesize
3KB
MD59a0b6837797e4db871c0efef5e9baf5f
SHA1de5cd5cd320955ec6fadb1e31ef5a53e22bbab79
SHA256b49b787073b5493244b1096feda818b918be3d3036b5253c431110e1fa6459ff
SHA512fcf85b148de24c8088f91235dd317ddbcfd9615061a9aeea54842e88d374463f914dcee657a3e0019bddeae90d7c98c1bb1236739be23623f85ef1a8d4a4a1c9
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.11_(x86)_20240608185935_001_dotnet_hostfxr_7.0.11_win_x86.msi.logFilesize
2KB
MD5136867fa5643cb84ae9c22db6af89e90
SHA1ecdc9b9ebfc95b2dfdfef1f4f300a0ddeca5a46b
SHA256e3826ccbd72f70908e4e0c590833a9a0da61b8648cd185ee8f5d335c738c9a62
SHA512e819c7f891ed2fa6ec6c450b03374445ac8feae52877623101562da103b97e5a584ccede2168485ed09c06333733342ec63c7e02ca0e909d2ec3c38b3a4b65d6
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.11_(x86)_20240608185935_002_dotnet_host_7.0.11_win_x86.msi.logFilesize
2KB
MD57f62cc8a38c92e210587d4f52ab9d6d1
SHA1beb1f361f3d7b260fbfc180f8f15b5c775327a55
SHA256e794a9e1c29b77be84b5d431e107c2c1233de84f6dbda988e7886528f623bcc6
SHA512b11e11f3be7df606ddcb2c63631292bb1bf81627ca8b5da7f2c70b29d77ca8914f5cca2f78a656407d76cb4469bf25ff5774b6dd5a34d62bbc72f5530fe8cd22
-
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.11_(x86)_20240608185935_003_windowsdesktop_runtime_7.0.11_win_x86.msi.logFilesize
2KB
MD5435774c96bf099440eeb4b2a7c7c0f8a
SHA1e489c54f6a9e9cfd2aa7f6d06a8d2e29f3334dae
SHA25662436defbe8d4f0193798d582d80bdcca27f9e7abdbc133da98a6a1f841fbc38
SHA512930ea64bf2bfe0bc90138cb0a4a4658aed9308277b401df0f7af3cde282d8e15e1b05b8eee2dd4f900fb732afc8b192fc413fd89b04fb9c23d6d4eb98301b3f1
-
C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\System.dllFilesize
12KB
MD58cf2ac271d7679b1d68eefc1ae0c5618
SHA17cc1caaa747ee16dc894a600a4256f64fa65a9b8
SHA2566950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba
SHA512ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3
-
C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\nsProcessW.dllFilesize
4KB
MD5f0438a894f3a7e01a4aae8d1b5dd0289
SHA1b058e3fcfb7b550041da16bf10d8837024c38bf6
SHA25630c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11
SHA512f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7
-
C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\setupdll.dllFilesize
3.1MB
MD58473801a9762f5bfe901cb84680307ad
SHA1362f43a2d1a4dc25c1b9c42f6162c9a7bb3888ea
SHA2563860d0f62b906dd18bb7ef31b46ec8f04b1b07e6623bf607ab07907b2766c80d
SHA512cc133c7364dcd5a7151498632ccd4144f667616b398ac06578e662b186201410d792e2147115c7c3f15535f25c052782209e23b2d639809ce193704450ba3d55
-
C:\Users\Admin\AppData\Local\doudou\Assets\Audio\99999999\zh\inaudible\未识别到麦克风输入.mp3Filesize
32KB
MD5c90aef1f8f33d989eed8186031528956
SHA1106cd2a3cf80e525f1c5121792dc14cf02f03011
SHA256361bb34d00cb39fbd7bd3cb91ad3b43f063e95663493d014a9128d1eaf48e0cc
SHA512ad3bdbf1c9b8064f04662da9930bbd983fe21dbf0fc39325a7eb29379ac61ae77059f7fb4b1aed4b5ec8da88eb532b99ff9cdf33cc3678566e778d1b626f3752
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exeFilesize
8.1MB
MD56d83aac0a9c28350bc94451f2583737e
SHA10f6b6fd6d558bde833f3383e1d6eaba7b8e9a4e3
SHA2563e18f755607d5e89dee36b6ba0e275656a436cacdeb3364327ee12912c4ff416
SHA512f9635ec0dc2dc2fd899ee5b92e6db13d07472ec496382f7645d9ced34c2f0c80baefec2a9a625d6f5ee45df4b66e070e1236214788ac0552b29f8e6d1391f449
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exeFilesize
7.0MB
MD54341cb91154b5972e37ecc6c7425d6f6
SHA118c69c9e0bcdfd60a3da8d8283a98474727c8c83
SHA2565f3caa2df4265a13f040a756cdeb0ef1fb17a6f670d60c70af8c0b7548f8269b
SHA5128cc7504780b569026d90ff7e4b0c5b8e9954f431287704cb72e059644ba655fe8c1636df51cf8610bb94651f513837e55c555319c689517393b51441f1aeeed1
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exeFilesize
6.4MB
MD5e83ae89040138a7ce2a474f0acaec171
SHA14ff1ef14098aa536fe2569050bc2ae539b311a21
SHA256fd124a667f63853670cee440090116de467901824f27de1a135c1317304d35cc
SHA512347c1b41b282bdbf1f93cad0c79f1fd27d503f42ee5847ee1fdf5ef468ab248e5eee7650c7ad9c1b5409dfd6d8e289e37ec986a32440f0a0c81dd73f4b26a5b7
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\93d8781f-7a7e-4ec5-84cf-b43ed1fa6555.tmpFilesize
8KB
MD5e706d062af9da1e530a2a7bbf55259c3
SHA1474a8557d596facc123822717642fb237495526a
SHA256c00563a5ac0aabbbde2528b6a070e7dd014d683e192fe9c313c53f3af29fd55c
SHA512126f1757adb5aa8d433738c91c6d59f1b4501b4c4dec4e36c23da405e3488b5a3e809f61ae23ff45a952b81df52bc1806d5cfcc7a9a9d5922839ddaf8892bd63
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Crashpad\settings.datFilesize
152B
MD5e10f324b39cf5f8ebd7771c5f56778ef
SHA11c28259e4684f885568b7fe98da7c5eb271d9d69
SHA2568e806d309a277822a576c540a089a9b0efcfad62413e657b190455428a6a0661
SHA51225d78da04321b60796128a0c530c5d84999f6cc23d0c765a2e93928b9b99d989fe42c9be4ce03a34d13e3fe52a936d5077a1f453fa03c333186d8bb30b887c68
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Crashpad\settings.datFilesize
152B
MD558b8b1dda2fe561c051a84ba0a9aa5e5
SHA12e15e8885a38ee1d2ed439884ac603ae77f75c21
SHA256eb2440d5c1c45751e79209af8adf8161607bea3d616950672ee71d30b5732ca2
SHA51207f2fa9c7a83178ea3a090a2da13a2b0a0e169fd57e4902beac2b6273d5035d9b55fbe1c11e2a528b3e35adb613dd57398c803f9ea9fe7e28ac1ddf1d0805ae3
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Cache\data_0Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Cache\data_1Filesize
264KB
MD573b0e40e639c3fc185c0faafaea9efbf
SHA168c45a5d29153d5e920e25a2843db4287822a690
SHA2566bd45e648e5d52a1bf31bc3c22b3a3aef3422cd4c71e22a3be57cf1f51d0c9f3
SHA512fadf5b4a663010f836ec3fc5f1dbcc254fe89c39c6617addadd68e76e33ab07ddcd69d5794df4dbac82a3ed8e3e075175e342e130332b51ef8186446870a548e
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Cache\data_2Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Cache\data_3Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Local Storage\leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Network Persistent StateFilesize
299B
MD58a16c778f2ca331fa581caa6318f644d
SHA1fdfbb0e2a365d9a3004010df1097f42138054175
SHA256ee3d97c93541cdc3acf53f2bf26b9fc030d0b1cb6944e5494c18ff304b6242b6
SHA512dbba54c65c9da7f051b867838f6d71921fa21203ebfb8a01ddfa07ae054c2044397bb7272e62ad2af283a0e04bd9dd4e9db3cd4ede033d58aac0e2af867fa12b
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5a9cbe.TMPFilesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\PreferencesFilesize
4KB
MD5ab8ec2acb7f90aed4eb79b104c98bdb6
SHA18b173724bb4b0223bad6214c2966dfe0b465825a
SHA2567af7925c771ce1b87b78124799d4cfb75fb761c7b294dd80468a411365c0e52a
SHA51259031e04ec2a183e9ac77dcd182b8f9a52068ae28d888289da3f971c83f5cf24de1d2049562d9078dc3a650355065c7f4b3c4242a45d4d42d9c27a80277fe111
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Preferences~RFe5a9c8f.TMPFilesize
3KB
MD55b38d3231fbc09c7e45921a371e7b475
SHA1ecdf39730747d6a40463164dc126edaf0bea5a9e
SHA256b344a7644ed584beea337708c2b55215a33d510e8cfc2f9e3960095ceb9e9abf
SHA512476dd6be6cc0f8aa2ab7bb27a4fd6ed9e14116a79f916fcb22ee55941dbad852945deabcc1d6d705d7d9c028c811e6611bcd6bb023414b255c3a889ed3da50f7
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\doudou\xvy3rou4.newcfgFilesize
224B
MD5a113756ba149cee7a2b200cd1ad9826b
SHA1e4454695e83c85fd395f550a137922ac59aabc06
SHA256e0225d32003002be6d22d7bf509a19912ff3698eae02c455e7235d58adaa20d7
SHA51299eeb8a45d76de65340098a37d231e20ee3e8dcaacefa2b910f3666c4376fad1a2ca659b82fc604a37e48a3fd46ff22d19c40086bf5d490e9fd52c70b044ad15
-
C:\Windows\Installer\MSI3B0C.tmpFilesize
225KB
MD5d711da8a6487aea301e05003f327879f
SHA1548d3779ed3ab7309328f174bfb18d7768d27747
SHA2563d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283
SHA512c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681
-
C:\Windows\Installer\e593310.msiFilesize
10.1MB
MD5abdaf3ac2d94a41a27b19f4f7035ad0c
SHA1bd4fb8edb3da335e85207188ac8560630dec9f67
SHA256085c22136fc152a4447cbaf59b69ce9b51c8cc2d30cb1452ab2e1a9ed5359268
SHA512a89efc6838950f82312e393f02da057c7156e4a27e02a02d6dbf07861c982018eceee6f9a80f4d220cd3d70d2a0d4ccd4ea8ffb2d6ec22ac6ed63826d0162167
-
C:\Windows\Temp\{5F47A323-7F5D-4121-84C4-7FFB4D5D45BB}\.cr\windowsdesktop-runtime-7.0.11-win-x86.exeFilesize
610KB
MD5cefcea3a4572d5dad278ce5054ff6dd7
SHA12730c17fc5127d713c0acd116cb6d9f91d383612
SHA2564e663d7ab583c818239e1b5d773d110f9a3eba2492d0230b9e7028feda89330a
SHA51213a163aeaf5aa5aa5b80fd08bee2a2309640d5f804c5e493a490cea6557d36ac15103b9bcbd7cc073c238bdc8a404544eb529d6b7c7f855e66190bfde2ac67ac
-
C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\.ba\bg.pngFilesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\.ba\wixstdba.dllFilesize
197KB
MD54356ee50f0b1a878e270614780ddf095
SHA1b5c0915f023b2e4ed3e122322abc40c4437909af
SHA25641a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691
-
C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\dotnet_host_7.0.11_win_x86.msiFilesize
732KB
MD5f8e74e55a42240e7f5d670589c00d2a0
SHA16e5d59a8dd7a473cc508f88a2b9e5ef1d6d0c775
SHA256eee8fc53a6fd3a7fe339aa876ade1affc63ded3e71872e2d11b4feba93b6460f
SHA512573e94cb5e5e7bdef44fd752af32b3b1ff60e43cee4bee540e8ee2eab117b058c3dd07d849baefed1321e491a2d329cbf7dac75f0e210dd0cc963eccdb852367
-
C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\dotnet_hostfxr_7.0.11_win_x86.msiFilesize
784KB
MD5d9cfa7d6dad67e9c5a376ba322566c4e
SHA11982b0889dd7720dbf7069392fc33edd616d2a34
SHA256d39e2d102d81f94c3dbae8dbc913114dddd69da7321d0e85198e060eaf1817ae
SHA5129c1f404dcbcb8731cb9bd1308181223fe6d18a9091f629d15a5a55218b9c2d324a9fdc17db8bfee39b7a592d4fe85760182f554bdb3828a2cf23171758b865ed
-
C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\dotnet_runtime_7.0.11_win_x86.msiFilesize
23.9MB
MD5198e3a28586788d3b4099709a51a818a
SHA1e183350817267ff997654c8d2d4a40c1f04e2564
SHA256fb056491639263630aaa7627dcf4ee753f175ffe6e562f5e43a14976dae94003
SHA512e2157b02db5fe2999b7f9612177f93815c1bbbef910e3752361dac52b69afe584dfad7b13712cefd3b974c108ff7b0b0427995224b0829856464be0961aa9c73
-
C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\windowsdesktop_runtime_7.0.11_win_x86.msiFilesize
26.3MB
MD5da1cf0d013c22b88a64a2d2ea1fb3b53
SHA1ceaecb96990924ae4f7f91e26c396f902c2a4c38
SHA25615c6901cb970b0bca7abdc3e840bd3eb2504240622ae4db9430897515024b783
SHA51288859482d626631fa7bc9ef67c1b6303aa618722138413f6010994b123106b8e6a1a9c514614766c53555d4d5f7d0ee0b2ea6acc61a4e423547638b1eb5ed9bf
-
memory/1172-1236-0x00007FF980E30000-0x00007FF980E31000-memory.dmpFilesize
4KB
-
memory/2856-13-0x00000000033D0000-0x00000000033E0000-memory.dmpFilesize
64KB
-
memory/2856-12-0x00000000033D0000-0x00000000033E0000-memory.dmpFilesize
64KB
