7344c89093abea2602075971d6092076902b3389274b11426b00f287d6b24277

Analysis

max time kernel
31s
max time network
34s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
25/08/2024, 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nitroTypeInstaller.exe
Size

25.3MB
MD5

28843579a60a229a59b4cc7264b78460
SHA1

99501756f980287f92db38592ef62f322c2f30a4
SHA256

7344c89093abea2602075971d6092076902b3389274b11426b00f287d6b24277
SHA512

f00ab5063073f5a710ff01014b5a0e060bc0d881dd7bcb4b55a6608acd06115ef9f7263c461d8a96ba290663a5fd290284b0a0b174243bfd5eae843dccf36652
SSDEEP

393216:ps0SZzsOf7rtW/hQrgw5TsEaVISGZPevhMkLm1ADA9xKbfQf+IqtOnFb9cy:TSpN7rtWmWHGFevVLm1AkKbfQf+1tm9T

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2288	nitroTypeInstaller.tmp
3312	NitroType3.exe

Loads dropped DLL 1 IoCs

pid	Process
3312	NitroType3.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
3	raw.githubusercontent.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nitroTypeInstaller.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nitroTypeInstaller.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4816	msedgewebview2.exe
2028	msedgewebview2.exe
1520	msedgewebview2.exe
3620	msedgewebview2.exe
3148	msedgewebview2.exe
3416	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2288	nitroTypeInstaller.tmp
2288	nitroTypeInstaller.tmp
3384	msedgewebview2.exe
3384	msedgewebview2.exe
1520	msedgewebview2.exe
1520	msedgewebview2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

pid	Process
3620	msedgewebview2.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
2288	nitroTypeInstaller.tmp
3620	msedgewebview2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 2288	4948	nitroTypeInstaller.exe	81
PID 4948 wrote to memory of 2288	4948	nitroTypeInstaller.exe	81
PID 4948 wrote to memory of 2288	4948	nitroTypeInstaller.exe	81
PID 2288 wrote to memory of 3312	2288	nitroTypeInstaller.tmp	83
PID 2288 wrote to memory of 3312	2288	nitroTypeInstaller.tmp	83
PID 3312 wrote to memory of 3620	3312	NitroType3.exe	84
PID 3312 wrote to memory of 3620	3312	NitroType3.exe	84
PID 3620 wrote to memory of 3148	3620	msedgewebview2.exe	85
PID 3620 wrote to memory of 3148	3620	msedgewebview2.exe	85
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3416	3620	msedgewebview2.exe	87
PID 3620 wrote to memory of 3384	3620	msedgewebview2.exe	88
PID 3620 wrote to memory of 3384	3620	msedgewebview2.exe	88
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89
PID 3620 wrote to memory of 4816	3620	msedgewebview2.exe	89

C:\Users\Admin\AppData\Local\Temp\nitroTypeInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\nitroTypeInstaller.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Users\Admin\AppData\Local\Temp\is-5HDJ3.tmp\nitroTypeInstaller.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5HDJ3.tmp\nitroTypeInstaller.tmp" /SL5="$D0068,25712624,831488,C:\Users\Admin\AppData\Local\Temp\nitroTypeInstaller.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2288
- - C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe
    "C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3312
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=NitroType3.exe --webview-exe-version=1.0.0+04fde791fd14897621b38ce6e504535f3cdede24 --user-data-dir="C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=3312.3056.16607323870921890242
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:3620
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe4,0x114,0x7fff67ae3cb8,0x7fff67ae3cc8,0x7fff67ae3cd8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3148
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1884,141253293393162776,1308310702153655460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView" --webview-exe-name=NitroType3.exe --webview-exe-version=1.0.0+04fde791fd14897621b38ce6e504535f3cdede24 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:3416
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,141253293393162776,1308310702153655460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView" --webview-exe-name=NitroType3.exe --webview-exe-version=1.0.0+04fde791fd14897621b38ce6e504535f3cdede24 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2220 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3384
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,141253293393162776,1308310702153655460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView" --webview-exe-name=NitroType3.exe --webview-exe-version=1.0.0+04fde791fd14897621b38ce6e504535f3cdede24 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2464 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4816
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1884,141253293393162776,1308310702153655460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView" --webview-exe-name=NitroType3.exe --webview-exe-version=1.0.0+04fde791fd14897621b38ce6e504535f3cdede24 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2028
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,141253293393162776,1308310702153655460,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView" --webview-exe-name=NitroType3.exe --webview-exe-version=1.0.0+04fde791fd14897621b38ce6e504535f3cdede24 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=4360 /prefetch:8
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\Microsoft.Web.WebView2.Core.dll

Filesize
557KB

MD5
b037ca44fd19b8eedb6d5b9de3e48469

SHA1
1f328389c62cf673b3de97e1869c139d2543494e

SHA256
11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

SHA512
fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\Microsoft.Web.WebView2.WinForms.dll

Filesize
37KB

MD5
8153423918c8cbf54b44acec01f1d6c2

SHA1
f0c3c5412b809725e6d4809230adb15cc7d83ad2

SHA256
5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4

SHA512
f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.deps.json

Filesize
1KB

MD5
6b7135e884cd85a9c72d70685f76c169

SHA1
8eea921dd4403a6ca4d2dffcc2a7c53428bf3372

SHA256
823f4a5977439eb3ebd59fc91363bf782ee64fbfc98851cc5de319696b382901

SHA512
f033070239af98206652ec2928322f9e14acbef6170048a022cf616307de11435ed1a545d778cdbe93d2d4d092b6670df55e44249904021cd33a7d21b98c994b

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.dll

Filesize
51KB

MD5
51425e1e51762a7d0448ca508c2b5c6a

SHA1
4eedd100d4e6d1ce19bb8aabc933e23897ac2d9c

SHA256
659e032acf8cab96f9b14b5968b7cad41200b7b386262c8fccfb56c76cfbfb7e

SHA512
65952c58ad2599a196925a48824f30d6414f94e0b7d7cd4e83d61c64fa6567f0a29038b2ead406387a63c0baf527226051059938de4f632577c7c5a881a06a8e

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.dll.config

Filesize
1KB

MD5
25fe4c0dda7cb683ff9c99f8459c79cb

SHA1
08c66413bb977d261018e04895b875e6db3617f1

SHA256
73fb38fc8fcbdfd84dfb798844f8df75a7f2a27ae1da8b9bd0bc002076a9b081

SHA512
28ac6ea86d8e8298701b934bd2e99456f3a416c7ab8c8b48b98bb1ffb60ec8190f818ad9b6ea027bb2d020e728147d004ce14038abe7ad61473b002569f115f7

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe

Filesize
139KB

MD5
85f9953996513e2c95318d2bb5250f9a

SHA1
1754e4af0a985ea13bf8700ac208610d8ccdaed3

SHA256
89096cb21591282abc2d605ae1651f80ea52ad3b5a8337a76572f66951c6db81

SHA512
a1be4d8d0eeaa1068b10cd9dfd1e441f1022bf42181ff5f8c7db8daaa9a0f6c449298c465c17864f9fb46925fa62918bd07cd16805d1ccb3861c0e5c23a52993

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
ba8e35976f21298651979226b818fd27

SHA1
36a305f9a6554d3dd8ef9dd963451e9595cb7f9d

SHA256
eed9e5ef414d51929fd9ba42f895bc1817f3e54a6f25dcce1d6252c34d5fe2b8

SHA512
44ef2c08655dc21452c284567c5c133635b61ab6c67cbd7c8c354dca80c047ecd72c2604de51f0c102149e5850bbbc0833bbd44dfa150d3d45d9437e6957a1bb

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
bdde1907b82e49d87a9a878ceab4775a

SHA1
7da219f76b0ddb9aa226f012045e16cdb7690501

SHA256
77887b505ae2a8c2c492f4d5c4b39a441150b00b49f5149d825589a29c26caca

SHA512
02cf9e6fc5f629e2d0d1226f88941490490a8ccb48e6ca5d612c94136c25d6950c310b3fbbdc1178ee7de8739568c0f86de61c8db55aa1c11fa54368bb4afe0d

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
40e624184bca72940a5db65afbad9f7b

SHA1
f39893066b11907a69df30889f02dcb0ebee110a

SHA256
248a46e902223259534b088001e4ee6d895d51d33150db3dc7a82fa69db9595e

SHA512
bd1d0ea8f63ded9c174c4c216bbf9bcfa0aca51ffdccf4e84944afe46217a2b08f1e128bf7cf08fc71c2338e3718e5adb9659f384dc25e004e39d559ec0db83a

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.exe.WebView2\EBWebView\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\NitroType3.runtimeconfig.json

Filesize
458B

MD5
07b9a30265ca4e69c7016a1b6e3ffc27

SHA1
3a4af82a2695b1423aedd8b60a5c86793c011b02

SHA256
c71152bf25e40d647b2440c5b39be157a3d356106be9d5b678ab97bb87b4e782

SHA512
efd582f8edcdba5ef48d02eee5f73d83ff35071af99b49e08e0213928568d728d0856e3b903bfcccb9237f786846cf94da83139f99e9bee86287aff2071c3f1c

Download Submit
C:\Users\Admin\AppData\Local\Programs\NitroTypeAutoTypingApplication\runtimes\win-x64\native\WebView2Loader.dll

Filesize
161KB

MD5
c5f0c46e91f354c58ecec864614157d7

SHA1
cb6f85c0b716b4fc3810deb3eb9053beb07e803c

SHA256
465a7ddfb3a0da4c3965daf2ad6ac7548513f42329b58aebc337311c10ea0a6f

SHA512
287756078aa08130907bd8601b957e9e006cef9f5c6765df25cfaa64ddd0fff7d92ffa11f10a00a4028687f3220efda8c64008dbcf205bedae5da296e3896e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5HDJ3.tmp\nitroTypeInstaller.tmp

Filesize
3.0MB

MD5
3b265d4f6b786631d03992a8b30fcec5

SHA1
7177307f0be7d48100e991b3d051ea8ef8318e84

SHA256
3f17462751a4ba257fee069ae4952b3247ca621ccac277f80fda52e8449e0daa

SHA512
bdbad97160aa2d6da7ff9c6bd40e670bdc62c6e4edc112f4305dd8048ecec5540af7492fecffc26f21e6e481fc79736e3343f66da93d7f98bb7e86e324669312

Download Submit
memory/2288-6-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2288-147-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2288-145-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/2288-144-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/3416-177-0x00007FFF8A550000-0x00007FFF8A551000-memory.dmp

Filesize
4KB

Download
memory/4948-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4948-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/4948-148-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4948-143-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download