hxxps://osu[.]ppy[.]sh/users/create?username=ihavecancerlol&email=decosa9439@craftapk[.]com

Analysis

max time kernel
146s
max time network
140s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/10/2024, 13:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://osu.ppy.sh/users/create?username=ihavecancerlol&[email protected]

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
584	msedge.exe
584	msedge.exe
2876	msedge.exe
2876	msedge.exe
4572	msedge.exe
4572	msedge.exe
4728	identity_helper.exe
4728	identity_helper.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe
2876	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 4264	2876	msedge.exe	79
PID 2876 wrote to memory of 4264	2876	msedge.exe	79
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 4112	2876	msedge.exe	80
PID 2876 wrote to memory of 584	2876	msedge.exe	81
PID 2876 wrote to memory of 584	2876	msedge.exe	81
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82
PID 2876 wrote to memory of 4260	2876	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://osu.ppy.sh/users/create?username=ihavecancerlol&[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80b5c3cb8,0x7ff80b5c3cc8,0x7ff80b5c3cd8
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,1823530393091393581,310586222036508190,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
de4367460d1fdba48c14deb3b3b29bbf

SHA1
c1efc3295c3138dd841c5854b8abdaea892e8b28

SHA256
69dd3a6f215287cb9ef50a8fe55add1e2f4f8cca7833275e7e730bab6fea23ab

SHA512
5fb8fa8bf42a6dea376d842affd8fdad1b1adb063e38a138027ae817db9d080f656b0840b6cf99fd4cb5934095b87de9d81c375a725783a7bb85d75045a30b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
a18e9b254297f286e37f97ff42e492d0

SHA1
3025d1d0f046392efcef6b43c93f258c84172aa9

SHA256
7089ee372efe1ccb1c3074f141b99fb98f9ef88043bbc2c97cff286df0f179c5

SHA512
4a3fbd255420d4eb7523ff06ab56ee0a57e4f365db908fe0b30619c53abf11c94ce06a12bd36aeb52bbf196ec84417ae60c6c473c3d980f5f2abbf1acb61c77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
261B

MD5
66dd23a252f8a4274b98b6968d4b9605

SHA1
1f29ffc0bd23c943b004551f6f88463a3ed9d2d3

SHA256
4269c98296bc6578b40a001efd56cb5a01c85375da12abf07ea2ee6ef930aba4

SHA512
41d6683bf24127e942eda52c64db5ac172539cacbff1ba75554430cd879ab81788c3f35b0c4c7b0c419fa2a2ddeff9253e5578a825972ed9d3d753b20f63c27e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4be256f49327fc60be75afa280f96c96

SHA1
67a506389c2cbd62085dea6b818d81c4ab7f56ec

SHA256
325218676d25e264b52579abcb1d8ea7cff9e1a79232d1bcb9162437b7c89ac1

SHA512
c5395c2bea789e83464d627f7f85f8b2960ecd5b593836f63583a8db620599efae76c9429008c3931d40c7fd0d1b7f3e9878111f29e0488e270e23825a78aae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
23c6a7812c9c4de5b05e5a971883f98e

SHA1
ca625d14157503f09039a94bb259abef6ebd3b71

SHA256
047d9a52e2442172a57016ec0dabcade525f884ab401210d4e5824b0ae9ec314

SHA512
4da984bc2f4248ea0809e734ec1fc1df1a400ec2024236f4a507c48367af3da64070973e372a33a226fd6e990ed9d4d5e8a89355eb38eabf1faad7dfa9e822ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a7393429bd2b9831d8c660d27d1291a9

SHA1
29f7631f4e341b265fa7b4ca7780d1ff24ae2b49

SHA256
ad97de8ac54ced174cde87f490cde73bf8390863d69abce5d898bc7da0d2867b

SHA512
1e7d51aa2fc9c9b161a03e286f9b3d329e70790da890e28eab2e7a0e93d24be04b9017e69fee09ef6f9abc52fb8139bcc97578a011cf69015c48a17cce5812c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit