0049ff8214d96fe8a7f5dd40934dad318226ef6b7222aea2a730b7983734816a

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 06:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BBA Launcher.exe
Size

168.1MB
MD5

69ba8c5f1933cbd68f4a53b3633d6ad4
SHA1

743128ea353a60d1db06eeacec9f4c38f9a78d73
SHA256

963c4e4a24bcb04da89c66c8b4c63469c7806556a48125ce5d17491f233c6c4f
SHA512

b37aa402fc099192f14c9fdf06a0d91014897ee8e499443305295edb5472faf932714fff0bfaf5e5de8265dd87ec3297609c91a5509ab1f96fa8ef6cb8e68f6b
SSDEEP

1572864:+QqT4eFUirK1e2zSQ5Rcw/N5cae/bHhrPdacyodvcPSBoHESUlyAzl/:4BKRcAMyAzB

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BBA Launcher.exeBBA Launcher.exeBBA Launcher.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	BBA Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	BBA Launcher.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000\Control Panel\International\Geo\Nation	BBA Launcher.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

14 raw.githubusercontent.com
15 raw.githubusercontent.com
22 raw.githubusercontent.com
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

BBA Launcher.exe

pid process

3716 BBA Launcher.exe
3716 BBA Launcher.exe

flow	ioc
14	raw.githubusercontent.com
15	raw.githubusercontent.com
22	raw.githubusercontent.com

pid	process
3716	BBA Launcher.exe
3716	BBA Launcher.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BBA Launcher.exe

description	pid	process
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe
Token: SeShutdownPrivilege	3716	BBA Launcher.exe
Token: SeCreatePagefilePrivilege	3716	BBA Launcher.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BBA Launcher.exe

description	pid	process	target process
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 1408	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 3056	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 3056	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 4492	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 4492	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe
PID 3716 wrote to memory of 2760	3716	BBA Launcher.exe	BBA Launcher.exe

C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
"C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3716
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1716 --field-trial-handle=1720,i,7921587168200202315,10212824599844651300,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:2
  2⤵
  PID:1408
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --mojo-platform-channel-handle=2116 --field-trial-handle=1720,i,7921587168200202315,10212824599844651300,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:3
  2⤵
  PID:3056
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --no-sandbox --no-zygote --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2976 --field-trial-handle=1720,i,7921587168200202315,10212824599844651300,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Checks computer location settings
  PID:4492
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1720,i,7921587168200202315,10212824599844651300,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:1
  2⤵
  - Checks computer location settings
  PID:2760
- C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe
  "C:\Users\Admin\AppData\Local\Temp\BBA Launcher.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\BBA Launcher" --mojo-platform-channel-handle=3152 --field-trial-handle=1720,i,7921587168200202315,10212824599844651300,262144 --enable-features=kWebSQLAccess --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:8
  2⤵
  PID:2272

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x244
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\BBA Launcher\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d5f7e54460096173b1ae6269d0120ec7

SHA1
48c6203d8af47fa81e93ec858312347d177ea2b4

SHA256
89a41f81447de2ed39a923ea27527141afcfd5a456bf94f1e25e49ff489b2808

SHA512
e95b8cb650ab66c2513741bb2340fdf20bff685c33ba50e9762a84f3c85ac57f6b2439cfcff06f71604e2010d82fd2a95b233277a67fcbf512ffea8a434bc788

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\Code Cache\js\index-dir\the-real-index~RFe57db4c.TMP

Filesize
48B

MD5
24d33c9e0b3f84aa1a0c8762d400817e

SHA1
3cb4ba484a491ce3abe9ff827dd52916acf58f85

SHA256
33315b6c7cdf87e2437ea1f5e6bc348b60c8289f03f3d9815b8e7b851d2a3a2f

SHA512
cb562c7be72e44f7b4f2be472b329cdc30db33dc538648106476e07a04986072493f1ca9015bc77ad110ee8cd70d7d5bc430aa393b7ecb973c5cd0c54996b23b

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\Network\Network Persistent State

Filesize
1KB

MD5
0af4f4d041b17560f19dd315bf5266f2

SHA1
fafe8e14094ae7f4024e97bb38ec1760d0a625e6

SHA256
63776b54b51df67b6121ea85fa7a43b637d8fd25f1f06187ab38c46b14c7def4

SHA512
636bbfeef1bd47bd05cc941ee1faeaa9919b2ec16d69ef4104a32f65c8fb35ac5a1997c543d4e2d2be4dcd425c1eedcf690ca90e8780f68445e85ebbf7e9e9d5

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\Network\Network Persistent State~RFe589d93.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\BBA Launcher\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/2760-85-0x00007FFDF7EA0000-0x00007FFDF7EA1000-memory.dmp

Filesize
4KB

Download
memory/2760-84-0x00007FFDF8260000-0x00007FFDF8261000-memory.dmp

Filesize
4KB

Download