Overview

overview

8

Static

static

3

doudou_BL_...ai.exe

windows11-21h2-x64

7

$PLUGINSDI...up.exe

windows11-21h2-x64

8

$PLUGINSDI...sW.dll

windows11-21h2-x64

3

$PLUGINSDI...86.exe

windows11-21h2-x64

7

Analysis

  • max time kernel
    210s
  • max time network
    222s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-06-2024 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    doudou_BL_open_1__&W7378198677120137995W&B0B&ai.exe

  • Size

    86.8MB

  • MD5

    4545f5b311d9904fd52208d29972e9ac

  • SHA1

    9d299ef64e6a3d4b1802656396e41ef859077a29

  • SHA256

    7fc71026f8a0d6d90a270f91d5abbeb4d6e4066020dbd1008ba22978b7a3a728

  • SHA512

    f8f922e63c0df82be3ed667e0c42936f0e11e0cfab1447e08163cfdabae942f542eee93c2c39dd1d0192764e7426d7417e16c64acfdf59189a38f1c9fe379d0a

  • SSDEEP

    1572864:CE0O4UtPJkn3tgKnhGV/38V7Hf56BzAjpu/NlIu0TP4S6uVUc9b2QDO8Ei:ljtmK+4P8V7Hfi+pu/NazL4S6uVDlK+

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Blocklisted process makes network request 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 43 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 9 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\doudou_BL_open_1__&W7378198677120137995W&B0B&ai.exe
    "C:\Users\Admin\AppData\Local\Temp\doudou_BL_open_1__&W7378198677120137995W&B0B&ai.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\windowsdesktop-runtime-7.0.11-win-x86.exe
      "C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\windowsdesktop-runtime-7.0.11-win-x86.exe" /install /quiet /norestart
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2416
      • C:\Windows\Temp\{5F47A323-7F5D-4121-84C4-7FFB4D5D45BB}\.cr\windowsdesktop-runtime-7.0.11-win-x86.exe
        "C:\Windows\Temp\{5F47A323-7F5D-4121-84C4-7FFB4D5D45BB}\.cr\windowsdesktop-runtime-7.0.11-win-x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\windowsdesktop-runtime-7.0.11-win-x86.exe" -burn.filehandle.attached=568 -burn.filehandle.self=508 /install /quiet /norestart
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2556
        • C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\.be\windowsdesktop-runtime-7.0.11-win-x86.exe
          "C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\.be\windowsdesktop-runtime-7.0.11-win-x86.exe" -q -burn.elevated BurnPipe.{2BC0AF8E-1CA0-4264-BEC8-328AE8910E6F} {AFCCD51D-CC1C-4C83-8624-1D22AABF1BC4} 2556
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          PID:3352
    • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe
      C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe lan zh
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3600
    • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe
      C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe report install
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2952
    • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe
      C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe report_install_set 1 1
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:1396
    • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe
      C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe finishinstall OnFinishRun
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4956
    • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe
      "C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4612
      • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --autoplay-policy=no-user-gesture-required --disable-popup-blocking --disable-web-security --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=4612.3260.2714779129205798797
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:3632
        • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
          "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x1b0,0x7ff97bff3cb8,0x7ff97bff3cc8,0x7ff97bff3cd8
          4⤵
            PID:2464
          • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
            "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
            4⤵
              PID:1172
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2168 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1608
            • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
              "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2468 /prefetch:8
              4⤵
                PID:1096
              • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --autoplay-policy=no-user-gesture-required --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
                4⤵
                  PID:1984
                • C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
                  "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,1762617982550119903,5749730502291331499,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView" --webview-exe-name=DoudouAI.exe --webview-exe-version=0.4.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3972 /prefetch:8
                  4⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1436
          • C:\Windows\system32\msiexec.exe
            C:\Windows\system32\msiexec.exe /V
            1⤵
            • Blocklisted process makes network request
            • Enumerates connected drives
            • Drops file in Program Files directory
            • Drops file in Windows directory
            • Modifies data under HKEY_USERS
            • Modifies registry class
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:768
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding 3DD9CE284AC5248B18C7705578015811
              2⤵
              • Loads dropped DLL
              PID:3704
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding E1959BFB81E635F2D4C76EC423AFBD69
              2⤵
              • Loads dropped DLL
              PID:4072
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding 79BDBF194126D5BC0234339559D2A3F3
              2⤵
              • Loads dropped DLL
              PID:4216
            • C:\Windows\syswow64\MsiExec.exe
              C:\Windows\syswow64\MsiExec.exe -Embedding 40E3B6185B7BAEFE9DE1495AA3A178A3
              2⤵
              • Loads dropped DLL
              PID:2968
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:3496
            • C:\Windows\System32\CompPkgSrv.exe
              C:\Windows\System32\CompPkgSrv.exe -Embedding
              1⤵
                PID:912

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Config.Msi\e593300.rbs
                Filesize

                48KB

                MD5

                c0c9793845a38324334e2cb8af23503e

                SHA1

                a4447b39a62fd69c12ec9f0a6c55259d296dce29

                SHA256

                549c40b57c1c8b08d589aeca80d0bc896c8b56536def98dd2784578be960b4ee

                SHA512

                18c6649922fe144ec7532ec87ad2e053f16451db6acd4cf53f1e5e3b6160065c70bb839d7d9e6203d7020540ba1aa7ef78611111582768dfa3e0aa4599c8b104

                Download Submit

              • C:\Config.Msi\e593305.rbs
                Filesize

                8KB

                MD5

                e7c518ba43326915f753e84d291a726d

                SHA1

                0ceac200b332b2a4a6bd7bf905854d0c3a5882d7

                SHA256

                048303743505ed23b25afe678fd4ceba3f3c849af40ebd28a7543203b2e17c2e

                SHA512

                f05de8dfc51cbb1ce940abde0d2e071224217942a390d41b3ae3703a8392256223f50ab788ccd1b3f01cab72173d19e40aaa1ea5b102c41f9cd696db4910a31c

                Download Submit

              • C:\Config.Msi\e59330a.rbs
                Filesize

                9KB

                MD5

                649b3afd31ad0fe365c4dae4981b9aed

                SHA1

                e51c22bc18818f24bc56402581e5d6ee59111068

                SHA256

                20ab0f911255bc885f3e7cdb2602926ebc5d06f34a965d1d6ba647a99208b70e

                SHA512

                91d7f3c95e732cf644f75ad453d22b9710de035e7fe0ccbc8a7a68b04c827bae3de70210944845b0178964c19747e5dd9e9bd34a589196e9b2b332df9d198675

                Download Submit

              • C:\Config.Msi\e59330f.rbs
                Filesize

                90KB

                MD5

                439adc627669984bb8cfb1ff23ec8412

                SHA1

                117a3192ca2ae95fa9725addc9f448ad9e8dcc3e

                SHA256

                944b09b62bb5882e1ba85fba61a59420f4da3a68dba687a5a84dc9cf08f9aee4

                SHA512

                53fc16e604e3a697276efabaa01fa80d173a3b5aa91d0874539fe9d9812cf542f903d825aba66e0db802221002314e7b8688d4c58e01b6bf6cc72374aaf3c647

                Download Submit

              • C:\Program Files (x86)\dotnet\LICENSE.txt
                Filesize

                9KB

                MD5

                31c5a77b3c57c8c2e82b9541b00bcd5a

                SHA1

                153d4bc14e3a2c1485006f1752e797ca8684d06d

                SHA256

                7f6839a61ce892b79c6549e2dc5a81fdbd240a0b260f8881216b45b7fda8b45d

                SHA512

                ad33e3c0c3b060ad44c5b1b712c991b2d7042f6a60dc691c014d977c922a7e3a783ba9bade1a34de853c271fde1fb75bc2c47869acd863a40be3a6c6d754c0a6

                Download Submit

              • C:\Program Files (x86)\dotnet\ThirdPartyNotices.txt
                Filesize

                85KB

                MD5

                5c13a5ea8c8cc3474240981d0ffa88ff

                SHA1

                1d8d3ce27d9dc3d9fb4fa4b06c20137d25879d80

                SHA256

                4f9bb3901879bafae3a17c6c4009ee5c15384a06fc234bed78937969079c77da

                SHA512

                32ea79ff5194d8a18e75f277aed5610b4955db15b0abbcc2664cf07f372bebfc57eb665ad078dc3da3ce5ee0d8856140c2a1bc7032b578dd103d43998d682d88

                Download Submit

              • C:\Program Files (x86)\dotnet\host\fxr\7.0.11\hostfxr.dll
                Filesize

                309KB

                MD5

                a4648b8479844ef5255b5699985e9b45

                SHA1

                b16ff8a5ba6b3fa7b77aae2b49047ae19f4b8212

                SHA256

                785679ed0f6252596421f38bd5caa49c15ae8e0cf838317bbcd4ce8358f5a0af

                SHA512

                8d9e00bbfbed30b41a1e36e03b823f8d5e784c2dea772a186bd57492cffc02488cbf689ad0e367319cf0034a94ffb3f869a7b13309c8b27e7d37001fb82ae8a0

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\Microsoft.NETCore.App.deps.json
                Filesize

                28KB

                MD5

                c295ae52a9876d19837496acf7a1b99f

                SHA1

                d9397c54703a77cafe36c184716c6d54b741dc81

                SHA256

                8f8eb163252e1bc4b9c4f543e349f93e89b3fe57cedaeba99b7c0d441fabe64d

                SHA512

                a3214a31cf203960c7cddffa0115bbbe4c5ba0e9efd4fe3fcb6a9143b889ca708b5eac13c6655dbdea2fda86bb2c17eaf63210420a70543891cd0018feaaa017

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\Microsoft.NETCore.App.runtimeconfig.json
                Filesize

                159B

                MD5

                01da0d56ab33c0ed0e7ac85e5244190f

                SHA1

                9e1e4b59e590038f769e5fa01fb326109a7f38e5

                SHA256

                7133274dc5efab688a6efe2f43ca33e78a2498ef39efcad231b0e07ad2c26d17

                SHA512

                e11967ba33c719da1681a7f98056d40f450788d9b7c8b2f580d8bc7998fc35a78c53fc970301b097c527fab79fd477adad4eafcd75b4bb376d33c3fece9e8926

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Private.CoreLib.dll
                Filesize

                8.1MB

                MD5

                bf5aa9cdaafd2a809c290b35253b7f78

                SHA1

                6e0ccc173dd475f67d0aa443646fef4314cf0dcf

                SHA256

                94f11a01dc5c1b5a965bd087368705da8b4237dc5d5362ba28504b2e480783ac

                SHA512

                f855131786f3dbd3c88ae5143fab3ab38ebdf091e611a5a09fa4e1759be75a962c20217e3f6dd6fc206c56d55367d5a668fe27fe64727b010219b97c739be890

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Private.CoreLib.dll
                Filesize

                10.5MB

                MD5

                9c0c144c29a3c675454407648ec18087

                SHA1

                c749f112304a0eaa5ee0f058f86de317a5e30df7

                SHA256

                e6ad27652ed8f542c929048a9ace7c59818406171d6b5bfcf598a132abf96eb6

                SHA512

                ba733f7a4ce9e523e196266446c4340de95d81ad399135ced7c463a5f4ce0a066d3ddbf9dfb5752cb061f88ea749e00c23e5fd8a6890f06727cb30841f46b2f4

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Private.Uri.dll
                Filesize

                250KB

                MD5

                8d59529df5c3faf1fb38d29c183a947a

                SHA1

                6fb7e00d61f1f86fe774c1083b55d4410b9a007e

                SHA256

                3e559574fe6cdafa3c755cff6f3aa3f96005e7d59349d52cdd6ce827e1858696

                SHA512

                3730abf2050879f8d093cc9d1bb6f90b988ecaf8638f74d8d570b031029782ff31b000c20acaaaaee3220f9b57d8265371bd446c5c91ee98d353d844956f1b6b

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Runtime.Extensions.dll
                Filesize

                17KB

                MD5

                472dd5f3ff536eb992889feb8fb564ce

                SHA1

                371f0e5ec0ce146516ef07da795f17dda4510dff

                SHA256

                5fcd3419bb7f7dfefe719c4bd19e6377af81b565b51e368d87b8d159bf0c20a3

                SHA512

                62d5b6af362475c1b9c3198d2b12c78cbcc2d3c525fb8421847a967f645206928320ecee8ae1e9e239f830f592231639b8c11e88df3e3db97700edee8e5456cd

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Runtime.InteropServices.dll
                Filesize

                58KB

                MD5

                f4e0ad8e18a871dd9f860c2d31867daa

                SHA1

                d5e910670761ac51fb8756ba8cd44d9a3f03035f

                SHA256

                df63bfeed60a73e94b4fa0833ff402c91ed95fc07692c03f913399a9ec334c73

                SHA512

                3a0df1a3163eedbcd589b064ee177b94155a1eb2055b49558eb1c44292c2c77e26f9b2ecd39a30f52993336819a70aec9a86816cf67b05f91a5cb8ee0d526eb4

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\System.Runtime.dll
                Filesize

                42KB

                MD5

                45b5a85cc70810f4feba43c5d5bbc550

                SHA1

                b1b5acbfca017b94f3762f4393b95bb981dc3f1b

                SHA256

                e5fc18f0bb07d5a3172c1176bf085859330dd04ac64a7d7df9047152aaaa00d5

                SHA512

                7635bbe176008bd89a096ffd883b595aec695b4de0038d2a26d0ca9f052ec42fbb7d8b8c06626bbf51f76e98a35baedefb80a8ab35fe1d24e8b325ee587fbedc

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\clrjit.dll
                Filesize

                1.3MB

                MD5

                cb493e870594b61b604fabff76c1ea5c

                SHA1

                3ac8a5ffec57e9fbf075ed553c9ed0e39b437160

                SHA256

                e16ba65f1abdc427a6b25a07ac4e0d7f5dc678c4b16c1b80c84649cfc732e476

                SHA512

                e94ef95ab671f451be242be0dff9ed0e366f68fe470da85e402643aff2c893a51c2c95a72d48bcf9938057a5115bd64b944d4f4d1363d85a76f483895e1c5f35

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\coreclr.dll
                Filesize

                4.1MB

                MD5

                67035314cca8853cd098d82b9d2c403b

                SHA1

                2d6d27c2d6d2d2c41fb97459011bf2a6c739a047

                SHA256

                7ee447ef0a3125c1f41162e6f8db6575dffff574e91aa1df356bcc85b21d0ec2

                SHA512

                b0298790ba67409d441ceb0f70acad6c242e85e169864c31462613d4ebdc10a14e4d64cde1f5f86c332ecea34f6e880fc5355ae2daf9a88b96875babcc6fd649

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.NETCore.App\7.0.11\hostpolicy.dll
                Filesize

                324KB

                MD5

                5df73310d9eea7432f6a398f9c3bd94b

                SHA1

                5dd0048a5256c9403f2a3af0ae3bd426a56d01a6

                SHA256

                47fec17f5f49b897d0d75c22ebdef9edb8d7770f0bea0ae100c02776f153849c

                SHA512

                99112c410d8d2a3ca20d770027b53217b60a8e212693137af2307a2d2c6c87e7968b8a630460a4f01c566ac566952d6642a0f462d1f7ee85c487b54bb74c86b4

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\DirectWriteForwarder.dll
                Filesize

                498KB

                MD5

                b262da7e61d24ec3308339b93e6ad546

                SHA1

                a7fae2a9132daa97849e4c7a9cbb8e3eede8d60f

                SHA256

                2154c84cc4231c106a82b203b9bd63a44d8f3842ab8fc01cc70006e191f20652

                SHA512

                d6df3d4cba5f0d1d2b070e746118946e1546302395ca34d1302fbdc145499297f2139b62ecf22fe8852ff51f958a050c313492a161cad8373ec8b38c3ba81817

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\Microsoft.WindowsDesktop.App.deps.json
                Filesize

                30KB

                MD5

                ce5feebb09c117f6a95443b8b10e242b

                SHA1

                9af7c9224f12b070ca72e35f75c5337f5e46a099

                SHA256

                7f5e41d78869c2e7ecb12eea1f0137d3e3346079b7bde575766581932e6c1e95

                SHA512

                cf01249e9e780affc5e89bde70cb6200cae18d5b0d45bb95069cf6b7f80ab199696333ad6d121bd935105d307096dca37530308579f30768422fa57de36daa89

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\Microsoft.WindowsDesktop.App.runtimeconfig.json
                Filesize

                289B

                MD5

                145284e5cd24a30475e24e56c9a6447c

                SHA1

                39285d36cf8c6c7e8a642d726a0b0941932ca329

                SHA256

                9687caa18770fc051076b4e8673a8f4cb0b48aaae44f37f4ee5227a02401f70f

                SHA512

                c43eadd4d4013de29baf5b0882d45d0f82e71459aed78daf2cda8c7ecd2e54dde67b78a25d645bd51628885d4e233a9c2b8d3410d19633f8890fa6630c8d3aa7

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\PresentationCore.dll
                Filesize

                7.8MB

                MD5

                f435ce2ac41bd17cf04273cb5bd10c07

                SHA1

                d3f77c32bd244cea2a6c9a26ad27e295d79fbb69

                SHA256

                0924a1ccef3d8df3b92d3f526b5d76b8110f768b2a99bc455e37d1b69c50969d

                SHA512

                cffece7218dd5287525080414bafed745939880ddf5424f83578218631efb8de54caf16fc95d78ac19aa8448a5ae9cb61c2d2ecf0e364539a9485977ca25babe

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\PresentationCore.dll
                Filesize

                7.1MB

                MD5

                30ba9bc9cb3a1fd78afe8cf4b03b1ad2

                SHA1

                32b37b7e2eee0b436048140a22514565650dd290

                SHA256

                c389d1dc2298b59f1361146887709decdc846b190e35acc6df75d4d46c7ef339

                SHA512

                0612897684e7775fc5d5b8bded8b0cc5f590e54e4620452bc9492f44b2a620503611fcd00dcbe37df4a08b1c008ad0b4d1e83adf1afcd7fb4dacc3f5ae4a19b7

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\PresentationFramework.dll
                Filesize

                14.6MB

                MD5

                ee7eb3c35bd2d8f8cbc2becbfa87e471

                SHA1

                821df1474234b38dcb2803cedb71ebd269ee2b29

                SHA256

                f2f519f37dafae33797b3bdd2ee8b3ae758676e9517c4102dbe50ceb6ccf666c

                SHA512

                ff239b1b9fb338770cb39cf4291ed462587cca9a861c68219a248c1f729981041396ef96c009ca5e4821feaa75c051908de3107f7d1c9ef8d04b2bfba8c0bdd5

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\PresentationFramework.dll
                Filesize

                7.9MB

                MD5

                1a5af17d60f94e91f958fe71edf73f5f

                SHA1

                b579d4fbcca71df48668618d26e53ca636e82d42

                SHA256

                7fbd204c98d4fa35c2dd6254f06810e5c03ec402be7f9b0653bcf2c2f88933ab

                SHA512

                5bbaf09700694a28113226dff41213e7295d325afbf55dcdf1be012b887da5719a0099ec75d8864869af34cf0f5889c1b1b0efbb9c777d5e7ccda8e8aaf07f43

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\System.IO.Packaging.dll
                Filesize

                254KB

                MD5

                a625ca9b9ff66bd98fc8762a55162960

                SHA1

                58106e2f9828c92577cfd19d3ea404898aec9a07

                SHA256

                03e1a3a4997a7e2585e676387150ccec853df605b62362f1f2484737e570d52c

                SHA512

                9b5447d3f461afc69fcab247de26e76ce8bfb8220c9aeb458e965b0ad858d0de5c95bc5f2ca624ade5d6f0abcab4a7727c345c8489d0828d44ab45bffe91ae0a

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\System.Xaml.dll
                Filesize

                1.3MB

                MD5

                cddd04e849cfa5c81ab4fa96e855fd85

                SHA1

                1962f7e197ffbfd2e445d5482e7092bfe1f3642d

                SHA256

                38e505060941a6c8b48548e6bf0556d332127836738419c37db8a4a041da51a6

                SHA512

                baacd8693a50b363ad3b3af7bd41ab2c0226a4dd816661685a6875be5a080ed961130f4c29f509206d45abb0c6541118c50fd5de566bc1d44f469aa7a2c0302c

                Download Submit

              • C:\Program Files (x86)\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.11\WindowsBase.dll
                Filesize

                2.0MB

                MD5

                d4b68a9b20641171174786ca29b9e7f0

                SHA1

                9c35c56922ec3a200c494e6192795623a6e9f2c7

                SHA256

                6b67747f360666d4620b70b72d002a01f23d6d478beb98e1a1a12ead81890fd9

                SHA512

                e0b016e6a9cb2e3153e84ff35ca82d699dd370f266bfd753184aa837a135389c92c90f4074f37caae5f124279a4543b02ee18fa010ec011e80eadd794370903a

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.11_(x86)_20240608185935_000_dotnet_runtime_7.0.11_win_x86.msi.log
                Filesize

                3KB

                MD5

                9a0b6837797e4db871c0efef5e9baf5f

                SHA1

                de5cd5cd320955ec6fadb1e31ef5a53e22bbab79

                SHA256

                b49b787073b5493244b1096feda818b918be3d3036b5253c431110e1fa6459ff

                SHA512

                fcf85b148de24c8088f91235dd317ddbcfd9615061a9aeea54842e88d374463f914dcee657a3e0019bddeae90d7c98c1bb1236739be23623f85ef1a8d4a4a1c9

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.11_(x86)_20240608185935_001_dotnet_hostfxr_7.0.11_win_x86.msi.log
                Filesize

                2KB

                MD5

                136867fa5643cb84ae9c22db6af89e90

                SHA1

                ecdc9b9ebfc95b2dfdfef1f4f300a0ddeca5a46b

                SHA256

                e3826ccbd72f70908e4e0c590833a9a0da61b8648cd185ee8f5d335c738c9a62

                SHA512

                e819c7f891ed2fa6ec6c450b03374445ac8feae52877623101562da103b97e5a584ccede2168485ed09c06333733342ec63c7e02ca0e909d2ec3c38b3a4b65d6

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.11_(x86)_20240608185935_002_dotnet_host_7.0.11_win_x86.msi.log
                Filesize

                2KB

                MD5

                7f62cc8a38c92e210587d4f52ab9d6d1

                SHA1

                beb1f361f3d7b260fbfc180f8f15b5c775327a55

                SHA256

                e794a9e1c29b77be84b5d431e107c2c1233de84f6dbda988e7886528f623bcc6

                SHA512

                b11e11f3be7df606ddcb2c63631292bb1bf81627ca8b5da7f2c70b29d77ca8914f5cca2f78a656407d76cb4469bf25ff5774b6dd5a34d62bbc72f5530fe8cd22

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.11_(x86)_20240608185935_003_windowsdesktop_runtime_7.0.11_win_x86.msi.log
                Filesize

                2KB

                MD5

                435774c96bf099440eeb4b2a7c7c0f8a

                SHA1

                e489c54f6a9e9cfd2aa7f6d06a8d2e29f3334dae

                SHA256

                62436defbe8d4f0193798d582d80bdcca27f9e7abdbc133da98a6a1f841fbc38

                SHA512

                930ea64bf2bfe0bc90138cb0a4a4658aed9308277b401df0f7af3cde282d8e15e1b05b8eee2dd4f900fb732afc8b192fc413fd89b04fb9c23d6d4eb98301b3f1

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\System.dll
                Filesize

                12KB

                MD5

                8cf2ac271d7679b1d68eefc1ae0c5618

                SHA1

                7cc1caaa747ee16dc894a600a4256f64fa65a9b8

                SHA256

                6950991102462d84fdc0e3b0ae30c95af8c192f77ce3d78e8d54e6b22f7c09ba

                SHA512

                ce828fb9ecd7655cc4c974f78f209d3326ba71ced60171a45a437fc3fff3bd0d69a0997adaca29265c7b5419bdea2b17f8cc8ceae1b8ce6b22b7ed9120bb5ad3

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\nsProcessW.dll
                Filesize

                4KB

                MD5

                f0438a894f3a7e01a4aae8d1b5dd0289

                SHA1

                b058e3fcfb7b550041da16bf10d8837024c38bf6

                SHA256

                30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

                SHA512

                f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\nsl7010.tmp\setupdll.dll
                Filesize

                3.1MB

                MD5

                8473801a9762f5bfe901cb84680307ad

                SHA1

                362f43a2d1a4dc25c1b9c42f6162c9a7bb3888ea

                SHA256

                3860d0f62b906dd18bb7ef31b46ec8f04b1b07e6623bf607ab07907b2766c80d

                SHA512

                cc133c7364dcd5a7151498632ccd4144f667616b398ac06578e662b186201410d792e2147115c7c3f15535f25c052782209e23b2d639809ce193704450ba3d55

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\Assets\Audio\99999999\zh\inaudible\未识别到麦克风输入.mp3
                Filesize

                32KB

                MD5

                c90aef1f8f33d989eed8186031528956

                SHA1

                106cd2a3cf80e525f1c5121792dc14cf02f03011

                SHA256

                361bb34d00cb39fbd7bd3cb91ad3b43f063e95663493d014a9128d1eaf48e0cc

                SHA512

                ad3bdbf1c9b8064f04662da9930bbd983fe21dbf0fc39325a7eb29379ac61ae77059f7fb4b1aed4b5ec8da88eb532b99ff9cdf33cc3678566e778d1b626f3752

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe
                Filesize

                8.1MB

                MD5

                6d83aac0a9c28350bc94451f2583737e

                SHA1

                0f6b6fd6d558bde833f3383e1d6eaba7b8e9a4e3

                SHA256

                3e18f755607d5e89dee36b6ba0e275656a436cacdeb3364327ee12912c4ff416

                SHA512

                f9635ec0dc2dc2fd899ee5b92e6db13d07472ec496382f7645d9ced34c2f0c80baefec2a9a625d6f5ee45df4b66e070e1236214788ac0552b29f8e6d1391f449

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe
                Filesize

                7.0MB

                MD5

                4341cb91154b5972e37ecc6c7425d6f6

                SHA1

                18c69c9e0bcdfd60a3da8d8283a98474727c8c83

                SHA256

                5f3caa2df4265a13f040a756cdeb0ef1fb17a6f670d60c70af8c0b7548f8269b

                SHA512

                8cc7504780b569026d90ff7e4b0c5b8e9954f431287704cb72e059644ba655fe8c1636df51cf8610bb94651f513837e55c555319c689517393b51441f1aeeed1

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe
                Filesize

                6.4MB

                MD5

                e83ae89040138a7ce2a474f0acaec171

                SHA1

                4ff1ef14098aa536fe2569050bc2ae539b311a21

                SHA256

                fd124a667f63853670cee440090116de467901824f27de1a135c1317304d35cc

                SHA512

                347c1b41b282bdbf1f93cad0c79f1fd27d503f42ee5847ee1fdf5ef468ab248e5eee7650c7ad9c1b5409dfd6d8e289e37ec986a32440f0a0c81dd73f4b26a5b7

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\93d8781f-7a7e-4ec5-84cf-b43ed1fa6555.tmp
                Filesize

                8KB

                MD5

                e706d062af9da1e530a2a7bbf55259c3

                SHA1

                474a8557d596facc123822717642fb237495526a

                SHA256

                c00563a5ac0aabbbde2528b6a070e7dd014d683e192fe9c313c53f3af29fd55c

                SHA512

                126f1757adb5aa8d433738c91c6d59f1b4501b4c4dec4e36c23da405e3488b5a3e809f61ae23ff45a952b81df52bc1806d5cfcc7a9a9d5922839ddaf8892bd63

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Crashpad\settings.dat
                Filesize

                152B

                MD5

                e10f324b39cf5f8ebd7771c5f56778ef

                SHA1

                1c28259e4684f885568b7fe98da7c5eb271d9d69

                SHA256

                8e806d309a277822a576c540a089a9b0efcfad62413e657b190455428a6a0661

                SHA512

                25d78da04321b60796128a0c530c5d84999f6cc23d0c765a2e93928b9b99d989fe42c9be4ce03a34d13e3fe52a936d5077a1f453fa03c333186d8bb30b887c68

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Crashpad\settings.dat
                Filesize

                152B

                MD5

                58b8b1dda2fe561c051a84ba0a9aa5e5

                SHA1

                2e15e8885a38ee1d2ed439884ac603ae77f75c21

                SHA256

                eb2440d5c1c45751e79209af8adf8161607bea3d616950672ee71d30b5732ca2

                SHA512

                07f2fa9c7a83178ea3a090a2da13a2b0a0e169fd57e4902beac2b6273d5035d9b55fbe1c11e2a528b3e35adb613dd57398c803f9ea9fe7e28ac1ddf1d0805ae3

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Cache\data_0
                Filesize

                8KB

                MD5

                cf89d16bb9107c631daabf0c0ee58efb

                SHA1

                3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

                SHA256

                d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

                SHA512

                8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Cache\data_1
                Filesize

                264KB

                MD5

                73b0e40e639c3fc185c0faafaea9efbf

                SHA1

                68c45a5d29153d5e920e25a2843db4287822a690

                SHA256

                6bd45e648e5d52a1bf31bc3c22b3a3aef3422cd4c71e22a3be57cf1f51d0c9f3

                SHA512

                fadf5b4a663010f836ec3fc5f1dbcc254fe89c39c6617addadd68e76e33ab07ddcd69d5794df4dbac82a3ed8e3e075175e342e130332b51ef8186446870a548e

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Cache\data_2
                Filesize

                8KB

                MD5

                0962291d6d367570bee5454721c17e11

                SHA1

                59d10a893ef321a706a9255176761366115bedcb

                SHA256

                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                SHA512

                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Cache\data_3
                Filesize

                8KB

                MD5

                41876349cb12d6db992f1309f22df3f0

                SHA1

                5cf26b3420fc0302cd0a71e8d029739b8765be27

                SHA256

                e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

                SHA512

                e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Local Storage\leveldb\CURRENT
                Filesize

                16B

                MD5

                46295cac801e5d4857d09837238a6394

                SHA1

                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                SHA256

                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                SHA512

                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Network Persistent State
                Filesize

                299B

                MD5

                8a16c778f2ca331fa581caa6318f644d

                SHA1

                fdfbb0e2a365d9a3004010df1097f42138054175

                SHA256

                ee3d97c93541cdc3acf53f2bf26b9fc030d0b1cb6944e5494c18ff304b6242b6

                SHA512

                dbba54c65c9da7f051b867838f6d71921fa21203ebfb8a01ddfa07ae054c2044397bb7272e62ad2af283a0e04bd9dd4e9db3cd4ede033d58aac0e2af867fa12b

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Network Persistent State~RFe5a9cbe.TMP
                Filesize

                59B

                MD5

                2800881c775077e1c4b6e06bf4676de4

                SHA1

                2873631068c8b3b9495638c865915be822442c8b

                SHA256

                226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

                SHA512

                e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Preferences
                Filesize

                4KB

                MD5

                ab8ec2acb7f90aed4eb79b104c98bdb6

                SHA1

                8b173724bb4b0223bad6214c2966dfe0b465825a

                SHA256

                7af7925c771ce1b87b78124799d4cfb75fb761c7b294dd80468a411365c0e52a

                SHA512

                59031e04ec2a183e9ac77dcd182b8f9a52068ae28d888289da3f971c83f5cf24de1d2049562d9078dc3a650355065c7f4b3c4242a45d4d42d9c27a80277fe111

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Preferences~RFe5a9c8f.TMP
                Filesize

                3KB

                MD5

                5b38d3231fbc09c7e45921a371e7b475

                SHA1

                ecdf39730747d6a40463164dc126edaf0bea5a9e

                SHA256

                b344a7644ed584beea337708c2b55215a33d510e8cfc2f9e3960095ceb9e9abf

                SHA512

                476dd6be6cc0f8aa2ab7bb27a4fd6ed9e14116a79f916fcb22ee55941dbad852945deabcc1d6d705d7d9c028c811e6611bcd6bb023414b255c3a889ed3da50f7

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001
                Filesize

                41B

                MD5

                5af87dfd673ba2115e2fcf5cfdb727ab

                SHA1

                d5b5bbf396dc291274584ef71f444f420b6056f1

                SHA256

                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                SHA512

                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\DoudouAI.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT
                Filesize

                16B

                MD5

                206702161f94c5cd39fadd03f4014d98

                SHA1

                bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                SHA256

                1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                SHA512

                0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                Download Submit

              • C:\Users\Admin\AppData\Local\doudou\xvy3rou4.newcfg
                Filesize

                224B

                MD5

                a113756ba149cee7a2b200cd1ad9826b

                SHA1

                e4454695e83c85fd395f550a137922ac59aabc06

                SHA256

                e0225d32003002be6d22d7bf509a19912ff3698eae02c455e7235d58adaa20d7

                SHA512

                99eeb8a45d76de65340098a37d231e20ee3e8dcaacefa2b910f3666c4376fad1a2ca659b82fc604a37e48a3fd46ff22d19c40086bf5d490e9fd52c70b044ad15

                Download Submit

              • C:\Windows\Installer\MSI3B0C.tmp
                Filesize

                225KB

                MD5

                d711da8a6487aea301e05003f327879f

                SHA1

                548d3779ed3ab7309328f174bfb18d7768d27747

                SHA256

                3d855b58ce7da9f24f1bef8d0673ba4a97105a7fd88433de7fb4e156b4306283

                SHA512

                c6d1c938e8a0acf080dcab1276d78237e342a98772e23ac887b87a346878c376fb0af8364e52a36c5b949005aa3218308bc6193f8b580f622ef39d9955c7c681

                Download Submit

              • C:\Windows\Installer\e593310.msi
                Filesize

                10.1MB

                MD5

                abdaf3ac2d94a41a27b19f4f7035ad0c

                SHA1

                bd4fb8edb3da335e85207188ac8560630dec9f67

                SHA256

                085c22136fc152a4447cbaf59b69ce9b51c8cc2d30cb1452ab2e1a9ed5359268

                SHA512

                a89efc6838950f82312e393f02da057c7156e4a27e02a02d6dbf07861c982018eceee6f9a80f4d220cd3d70d2a0d4ccd4ea8ffb2d6ec22ac6ed63826d0162167

                Download Submit

              • C:\Windows\Temp\{5F47A323-7F5D-4121-84C4-7FFB4D5D45BB}\.cr\windowsdesktop-runtime-7.0.11-win-x86.exe
                Filesize

                610KB

                MD5

                cefcea3a4572d5dad278ce5054ff6dd7

                SHA1

                2730c17fc5127d713c0acd116cb6d9f91d383612

                SHA256

                4e663d7ab583c818239e1b5d773d110f9a3eba2492d0230b9e7028feda89330a

                SHA512

                13a163aeaf5aa5aa5b80fd08bee2a2309640d5f804c5e493a490cea6557d36ac15103b9bcbd7cc073c238bdc8a404544eb529d6b7c7f855e66190bfde2ac67ac

                Download Submit

              • C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\.ba\bg.png
                Filesize

                4KB

                MD5

                9eb0320dfbf2bd541e6a55c01ddc9f20

                SHA1

                eb282a66d29594346531b1ff886d455e1dcd6d99

                SHA256

                9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

                SHA512

                9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

                Download Submit

              • C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\.ba\wixstdba.dll
                Filesize

                197KB

                MD5

                4356ee50f0b1a878e270614780ddf095

                SHA1

                b5c0915f023b2e4ed3e122322abc40c4437909af

                SHA256

                41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

                SHA512

                b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

                Download Submit

              • C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\dotnet_host_7.0.11_win_x86.msi
                Filesize

                732KB

                MD5

                f8e74e55a42240e7f5d670589c00d2a0

                SHA1

                6e5d59a8dd7a473cc508f88a2b9e5ef1d6d0c775

                SHA256

                eee8fc53a6fd3a7fe339aa876ade1affc63ded3e71872e2d11b4feba93b6460f

                SHA512

                573e94cb5e5e7bdef44fd752af32b3b1ff60e43cee4bee540e8ee2eab117b058c3dd07d849baefed1321e491a2d329cbf7dac75f0e210dd0cc963eccdb852367

                Download Submit

              • C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\dotnet_hostfxr_7.0.11_win_x86.msi
                Filesize

                784KB

                MD5

                d9cfa7d6dad67e9c5a376ba322566c4e

                SHA1

                1982b0889dd7720dbf7069392fc33edd616d2a34

                SHA256

                d39e2d102d81f94c3dbae8dbc913114dddd69da7321d0e85198e060eaf1817ae

                SHA512

                9c1f404dcbcb8731cb9bd1308181223fe6d18a9091f629d15a5a55218b9c2d324a9fdc17db8bfee39b7a592d4fe85760182f554bdb3828a2cf23171758b865ed

                Download Submit

              • C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\dotnet_runtime_7.0.11_win_x86.msi
                Filesize

                23.9MB

                MD5

                198e3a28586788d3b4099709a51a818a

                SHA1

                e183350817267ff997654c8d2d4a40c1f04e2564

                SHA256

                fb056491639263630aaa7627dcf4ee753f175ffe6e562f5e43a14976dae94003

                SHA512

                e2157b02db5fe2999b7f9612177f93815c1bbbef910e3752361dac52b69afe584dfad7b13712cefd3b974c108ff7b0b0427995224b0829856464be0961aa9c73

                Download Submit

              • C:\Windows\Temp\{5FD0B5B5-5B17-43AE-B478-B73F25628714}\windowsdesktop_runtime_7.0.11_win_x86.msi
                Filesize

                26.3MB

                MD5

                da1cf0d013c22b88a64a2d2ea1fb3b53

                SHA1

                ceaecb96990924ae4f7f91e26c396f902c2a4c38

                SHA256

                15c6901cb970b0bca7abdc3e840bd3eb2504240622ae4db9430897515024b783

                SHA512

                88859482d626631fa7bc9ef67c1b6303aa618722138413f6010994b123106b8e6a1a9c514614766c53555d4d5f7d0ee0b2ea6acc61a4e423547638b1eb5ed9bf

                Download Submit

              • memory/1172-1236-0x00007FF980E30000-0x00007FF980E31000-memory.dmp

                Filesize

                4KB

                Download

              • memory/2856-13-0x00000000033D0000-0x00000000033E0000-memory.dmp

                Filesize

                64KB

                Download

              • memory/2856-12-0x00000000033D0000-0x00000000033E0000-memory.dmp

                Filesize

                64KB

                Download