hxxps://g4u[.]to/

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://g4u.to/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
2800	msedge.exe
2800	msedge.exe
4256	identity_helper.exe
4256	identity_helper.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe
2800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 724	2800	msedge.exe	85
PID 2800 wrote to memory of 724	2800	msedge.exe	85
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 4244	2800	msedge.exe	86
PID 2800 wrote to memory of 3776	2800	msedge.exe	87
PID 2800 wrote to memory of 3776	2800	msedge.exe	87
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88
PID 2800 wrote to memory of 2040	2800	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://g4u.to/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7076893736929413307,12614407639952913413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4808 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
23f5ab614c3e229fe0501a580232ca1b

SHA1
05702f8ee680cdae6e5638dab23e7c6e85375e0f

SHA256
5e132edffc2801a18c7f3e05ef617422aa3d257088f16c10234f13d4ba671646

SHA512
67e19c56232eb685f6d3e77ece2ac056b577a4426d91c87755b09a0b21a75282f71a96a3a97201a2235953c76910db8c346f3134dd63b3b9a646d8edefe525c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
318B

MD5
470e5b4bebd3f8691a3e3ed678031dad

SHA1
65a5ed9a51355f9b0008f20226677a6ce83adb39

SHA256
33a4fbf4be86e3c0ce499f864a7ba23325e28d26fca3c19a1b7a4778ee6d9931

SHA512
8d1b561affde2ff68cb04246ecbabeaa54220085e78bb36cfe3cca22409e191f42f516a2fb65bcbc148ea4e16731c8dca9117639a01dd732b4383b715edd7560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf85b4467b1a167f351de43e88d58f51

SHA1
bcde977d344352bdf43ab22c40d48c20f4fa5b1a

SHA256
520e6f5362f064e252e0a8caa0f73df220dc4af41912e2ec5f5f645d4fcbf48d

SHA512
742c735b85a2d27e536757545b7cb81364d414585ca8890c4a954eb2f3f11c984781bd96ac3e83afd0b0fed788aa087ed737f255fe8794fa3c55323731006414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39c1c81642c349b8a02acd1e03de85bf

SHA1
21501ff074ee1ab985458284bd97645d8c666d0a

SHA256
070558496f58c52a19ed41d56cc104061c1deea63ab3d9241ad32ec30b4560d4

SHA512
bede430da20b896de8f13c1f275ea0fa5bfde614a8c40c63a9a49700e43eaf6bbb9d98c586f3ddc1f352004373aff88b84505daf606f0ac32dcea9d9b45787c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7386abde5cdce6980fc950e1d2a06fa5

SHA1
0f77365206d82b2ecc6c43a5a6352a13afbb38eb

SHA256
e342b896e20becaf8420175f2e0efdee6eff6ab7fb37840d490b54173d93b5cb

SHA512
45deb4bf598bff54d26c7301fb515761ad69305b95f9485fceab05465da3191d6b1e6f245919ff6947c1e9594dec335be94b96959cf8aefaca26ce982ea27a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0b9cff0708dfc37dafe32f1aecfbd549

SHA1
d5eab3ad13302cc66dfb8afbec092dd0cac37c2d

SHA256
2435514fca8a397a411fad118fa89d2e843589a61e12e35c3b14d2cbf3c1766f

SHA512
48d02b6a5220dc63b4dbb34e3b5afbfb6a41885eee1bdf1cae6ed8bb4bca2014e42b684f9cad2537b28b51c5586d9f0c1aa1bd2a5ebef4a3c86560f070f1113c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a81cd10b18e8df9cb02d8541ccbe0c0

SHA1
78fef9156f0682daf35ed5ea1dcbc479e66c1248

SHA256
c4df6960568bd067edc7f43879336545b2e0eb80edcbd0f25ebc9379269bd664

SHA512
0f7f613bc8e488d7f4081130341d2154daf607152fbdf8681f0835e2ea9f1061c3d64a50cdda0e4d25bfe55b039e28b3dc027792ec40daf6a44a09a33778a010

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit