Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    23-12-2024 15:56

General

  • Target

    https://rebrand.ly/www-roblox-com-users-1104946224-profile

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://rebrand.ly/www-roblox-com-users-1104946224-profile
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4392
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff994db3cb8,0x7ff994db3cc8,0x7ff994db3cd8
      2⤵
        PID:2740
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
        2⤵
          PID:4880
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:5228
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
          2⤵
            PID:4416
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:6100
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:5192
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
                2⤵
                  PID:3976
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
                  2⤵
                    PID:2072
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
                    2⤵
                      PID:3324
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:400
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
                      2⤵
                        PID:2648
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6964 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3836
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
                        2⤵
                          PID:5488
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
                          2⤵
                            PID:2808
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                            2⤵
                              PID:1336
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
                              2⤵
                                PID:2584
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,1778801222704807785,1031974875305708082,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2052 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:444
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3816
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3312

                                Network

                                MITRE ATT&CK Enterprise v15

                                Replay Monitor

                                Loading Replay Monitor...

                                Downloads

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  003b92b33b2eb97e6c1a0929121829b8

                                  SHA1

                                  6f18e96c7a2e07fb5a80acb3c9916748fd48827a

                                  SHA256

                                  8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

                                  SHA512

                                  18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                  Filesize

                                  152B

                                  MD5

                                  051a939f60dced99602add88b5b71f58

                                  SHA1

                                  a71acd61be911ff6ff7e5a9e5965597c8c7c0765

                                  SHA256

                                  2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

                                  SHA512

                                  a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                  Filesize

                                  4KB

                                  MD5

                                  9ea7ee9aedb3d61f53a0ab4e0897ba96

                                  SHA1

                                  2281e53229bbd5062cc15555e7857a00a68b9e69

                                  SHA256

                                  1ca6c25d79a8e6ec156b5e1d7c35e78b2e8b94ab79a4444d3b75ecbe164ec7a9

                                  SHA512

                                  8356d5f9a70cee783410682037d007c3802f0eacbf5a49308a7ef9e5996dc2f69c81d33635c097a078e0f9401b1bb23658d1b23c8df4106eee89c10a04e29468

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                  Filesize

                                  2KB

                                  MD5

                                  43de6c43c1233a005140431cb1ce3bf4

                                  SHA1

                                  387f7eca028fac1ad0eacad64dd0126a41e06fa1

                                  SHA256

                                  fb2b381bad6ac042f15d7f794a089392c2c16f60f4b289b943787d34cdff75ae

                                  SHA512

                                  987de877af214b7f7f60ee8bd4d63339a31992a70d1f103ea4fed62447815031fd3ea1331b6a9a64ff65dcccefb46fce2d313e908994041d35f395df1b4bd1ed

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  5KB

                                  MD5

                                  d81644f4e1c997a94d25cc69068c8dd7

                                  SHA1

                                  c20efc46cf2118757e6a5235aee856fb6b6baee8

                                  SHA256

                                  da9fa98f591999da45988cf33a5eb66d90d2e454082d99475894cf797cb48a1f

                                  SHA512

                                  4477f7f302f9cb852b4a6a228aeffd1d5d446a1a584a92f94d7e709a474c2cf6c701fa3a94358c21ac99cafcb29c229029b960f0b2cda06ff1093ae6f36595e6

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  af71732aed64cc45f7cc3a359e70bbd5

                                  SHA1

                                  1c5788eda75e170d639bc915a76adc91f1fec699

                                  SHA256

                                  b181a8e3c15e16921101792304dcfe517437b286dbb255383612703ef8c3fd4a

                                  SHA512

                                  d222c348dd9d7abb208d865a4478de497479f9e1d4063988e0808f227db387320e01e37a218f9f25eeaf67259c65f287a73aa26bdb78f4a73d3f7625465d505f

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                  Filesize

                                  6KB

                                  MD5

                                  1c0040a531cbbbd886445da388cc0572

                                  SHA1

                                  77777275920399d080440e028ae2cb5fd212d374

                                  SHA256

                                  2201bf949381c791437120f8ae4a4e7392857f7f64fa12f36ca2effd88ff85b4

                                  SHA512

                                  63ab7dc183e89e3b3180dd2af3919eee2e30045abdd6d07ba7cfa48678d75df969d43dfc3c246adda57500e62b14ed52958d2910ce02a4ff9395fd8b817972df

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                  Filesize

                                  72B

                                  MD5

                                  d32fd127f19d9b5dd93ed7bffa1cb544

                                  SHA1

                                  419a8d307569f659a4e8d6d31db99210c0e5efeb

                                  SHA256

                                  ee0b7b457fac0f116733c073092e85f4905c511a90faeb651e6e7ccfbe3712e3

                                  SHA512

                                  3b453bc1e8ae4b3def7eccff6e4387740fccd2f0fa801579e6d270f29b3b89608c6de64a4dd7553693c7543333a77096d3cd4383fad60bcb1a8088a4345e18b8

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e455.TMP

                                  Filesize

                                  48B

                                  MD5

                                  0e87933c491e93a6133fca83cede9c41

                                  SHA1

                                  ae6320dab1e6ecbeba654d9d630f3701c0b89ad0

                                  SHA256

                                  f0af3da958aa5d7d74271af417c6e5a7b462a6581c0e4a3a460c2a82a8ad5eaa

                                  SHA512

                                  c359100bb3f2bdb7c70862047103d541f22044d6eaeeec4cf8c2195e668ebbd7fa53448d12c7c91772247c913e070cea908a1193a1d8b3131f38f96e38681cd9

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  d90f398fb18ffdfa3a80202172bc65a6

                                  SHA1

                                  67d37beab4c63de65a5331cff5e0f81f243a95ff

                                  SHA256

                                  c15bd854470d84e597a576204386dd64812f91266fa6c8ab8b58e6192c94a4e8

                                  SHA512

                                  1aacebec558d3101adcdac08a3b44428673823f760777daa6d788da42db2783a32a6655ac00fc81687df4d41261bfe85e44b4f14423feaecd1d1379f5c80dd32

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  00009fee124f0baa41f4af6b8e1f9f48

                                  SHA1

                                  fa7e8ac300324a9eac5a6af69bb10df3ae28eddc

                                  SHA256

                                  e1cca21565c0e508799484ac4c9ec6f56d22e659eb78e1946d357b10e2fc2739

                                  SHA512

                                  de06096a3bf5e14477243cbc1d05946f2b2358d3cd577d12c0c73e7672d13cc82b8d23a5db8cc5e635394fb4d7eaf629493164ba29493588c02ebfacd6747903

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                  Filesize

                                  1KB

                                  MD5

                                  b1e85409a6bb1d534603ab3b8e1a0d47

                                  SHA1

                                  709c72e6903bd6b90ade006e53298ee67ed479e7

                                  SHA256

                                  d653c92bb73cfef38527f4f27c16bd150aa570952b7f8090facda62a5cdf3e4c

                                  SHA512

                                  34d411f6fd1e9297b8573860d923528a1680bb5981f5d87e594e43408014c5bf751670ba0ebccfb8e5ad5e6c4416865dbceaa4a872c8e99112ec2e00bfc118c2

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dd9e.TMP

                                  Filesize

                                  1KB

                                  MD5

                                  0400c87f281c25c3ee311245750a9839

                                  SHA1

                                  bce0f17ac42a079c487fa0a0285eb62004df24e5

                                  SHA256

                                  256b83687872e22a823b5c7963e7d2d960fe53e3b652d6df1d02ac527ac66548

                                  SHA512

                                  a7d4881a863b93bb9f2c7412931a4178bd6ca836b2474473816218c196b23b3d3ee847e249a7b12e1678ed011dbde1c04feb7cab058ef56a5da1ac216db9d724

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  206702161f94c5cd39fadd03f4014d98

                                  SHA1

                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                  SHA256

                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                  SHA512

                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                  Filesize

                                  16B

                                  MD5

                                  46295cac801e5d4857d09837238a6394

                                  SHA1

                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                  SHA256

                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                  SHA512

                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f1a34375-9fe3-474a-a054-eaac3a90ee2b.tmp

                                  Filesize

                                  1KB

                                  MD5

                                  97267e3816c60312492112f642a12044

                                  SHA1

                                  f68e0316c9ad7658a720d1df4de96c4069c4d250

                                  SHA256

                                  d1e18e151fc73faa3f5bb05cc86c6c0a7bb6b261af575615dd156ecaea38ea85

                                  SHA512

                                  78646f1f1356eed541487d4f75ad05d0dff56eb7bb700a20ed8b6df71f3b2c765ac1c444ed453cf3edd5e935dbdb64cc84344dcff913f903170fc16e769baf87

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  10KB

                                  MD5

                                  b762b9685582fd7d259839bb32280c6c

                                  SHA1

                                  d6a293a6c21108d1265899cdfcb08244787f6447

                                  SHA256

                                  f2e31dc8a4b4fd42a1fe957903b3d29f963ff271fc1aa0aba9e537232b37c49a

                                  SHA512

                                  fad11ce26e9305e692400a264a680a5884cc1a6aa9437f58bfea5281b17065c1f311ef55351215692b8eb1325130ce1cfce0fd930c0a7e84deda23afc3965db0

                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                  Filesize

                                  10KB

                                  MD5

                                  78b182cdbc96c8f1dde5b804647ea0e1

                                  SHA1

                                  323c722b7e076d1f6912eab0b25baa948e7589e7

                                  SHA256

                                  13fef5dfb636bc6e088777946b72f0f852bd454417ecb4f5a8186e6652c984da

                                  SHA512

                                  b842eb4879cb66e3e456975c13fa751f2bd425cfe7e8853b37f2d88ed49ba7578a8fff4458fe20df642d0c117b066c48a1c6aafdccfbd34bb78c90c35b91a515

                                • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

                                  Filesize

                                  2B

                                  MD5

                                  f3b25701fe362ec84616a93a45ce9998

                                  SHA1

                                  d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                  SHA256

                                  b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                  SHA512

                                  98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84