hxxps://hrportal-arm[.]com/capture[.]php?capture=kalana[.]sampath@armholding[.]ae

Resubmissions

28-11-2024 10:32

241128-mkyrva1jbj 8

28-11-2024 10:28

241128-mhxrrsvkbs 8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2024 10:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hrportal-arm.com/[email protected]

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1924	msedge.exe
1924	msedge.exe
2924	msedge.exe
2924	msedge.exe
3576	identity_helper.exe
3576	identity_helper.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe
3824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 1168	2924	msedge.exe	82
PID 2924 wrote to memory of 1168	2924	msedge.exe	82
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 2260	2924	msedge.exe	83
PID 2924 wrote to memory of 1924	2924	msedge.exe	84
PID 2924 wrote to memory of 1924	2924	msedge.exe	84
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85
PID 2924 wrote to memory of 1244	2924	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://hrportal-arm.com/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc86bc46f8,0x7ffc86bc4708,0x7ffc86bc4718
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5212068331100636929,5926366527178610325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0f99ee82-93cf-4dc0-b9be-5cd06ed21bfb.tmp

Filesize
5KB

MD5
62c18ac767845269b35ee6195c1c264b

SHA1
1246462c59424ef2ae01c80eab662dbd9bc34456

SHA256
6230a18b3588095f516d6b3be19c6c722848d7f79c5281daa04be1c8ba4cd4fe

SHA512
2e93ef033a46bf47cdac7ff7217555ae3263e02bccbbb0e52a4f7ca8f7b79c10aa266a1b5964e7bdec1f6afbbe47feb5bd0b84b00c7d2d6f5ba1486523423443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
27KB

MD5
dc654d5da1a531fdb3b1bedb619b0182

SHA1
49d3de45bea7c279cf0ffe4cbc43c24779d1877a

SHA256
b395c195a5854253500b3b210e585ec801a47b49ce7b90fa5a9717df387598fa

SHA512
38952929cbf8e103cad50007cb492c93a7feb8d9d1853773883e2771cc97e50d6a514cb6347c912e7945d126a35677cca854ce8542e2210d7e59799238bae8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
9245c4214429c13e29df5e4c0465b731

SHA1
ae87b9110bd48baacb32fbdb4abef16732bd6c32

SHA256
b6e0e7ff089215e2681a179be78b20a8220911daccd56c10c463e93c97c6dec6

SHA512
bea2510a65147317416b369f93141dbe800b258c6ca55f874ef8baca2b15b9f065bcb6218f7caeb26d59a116adb354438f9b5b49e8e8768b219ece2e71b3ef55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
394B

MD5
f51674b5c7398cd88be93ad5ed2f1541

SHA1
33bec64f8eae26c50edb159683dd4ab4260b6cf4

SHA256
92a7a3719bfeb33c90a8c9983e6ce8cc605e577a527b751716c6ad466c2856c3

SHA512
63d74fd1c971344ef315aa18d55dc5753320b064d3bf32e9a19d27c642e23e0c9901dedeb5ea8f8983cffe263333d6234e436478c7f55bb0382644d4b56e6bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dffc07e6e6c8f7f6baf341150082ce45

SHA1
179dddd267cf6f541adac66139aa5c5c264a6790

SHA256
76cfcfdaafe610e85a2723f4dc1b67056d9ca0d810420a3c3914febea4ca74af

SHA512
c131413534539e0395dd75d402e89271bf79d3a1434c2ed2a1ac32e20f721e7f45ff3327521a726f504ae0579f9cb0f76df71b64bec68740dd056fca57138e3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
05622cfecb5359883cc3406b814d10c9

SHA1
a56a496a8b37b2160c7aaf2a161e96d43dcb390b

SHA256
f8cb82e99bad7d6132080ef459ce76c72c901dbca10ed10f052348bdca5a7b0c

SHA512
cf3dccf28772e6fcfd342e891d8cb0e2f84c82d28d81113071e2c6c154f29ddc8c95c411bac63025c5b707da94b8a5e103869a65a71869df9e09229bf1a2693c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
412ab40a04d91f36c8ef78da34133781

SHA1
8d838ef0444e7799609b8ee0858660858878eda9

SHA256
0be0d8cb86ae6ab854bf96a79dbce0935abc00a3df245b12cbbaaa053245262d

SHA512
06c69cc68ea1a7af7eb98dc4a8d127942eaa96d7694fc9c0de2a7eabb70d6d93c286b07c26ea06d70df027c5de771caedf9a7a47f737441c2d8c08f32a89dee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f25b47cbbc3aebdb32c89addcd16882f

SHA1
2ad05034ffc95721e8c35751705d312a87ec18b6

SHA256
a563b90136db52dd8a0f5c7eafbb28e387059fdbba06fd70e063b71e21ad9b5b

SHA512
14ecb4ab437bfd99c19a8a4d9bfdc6b5f0443409da9c6cbe24155407f5794d84b67879977d2b5da6ac2bc8b895a78c9ee0ee18c58100c8c571835f869914047b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit