If they were dictionary words, or a similarly constrained search space, fed through SHA, this is exactly how it works. The information given after one guess excludes a whole lot of guesses as being possible solutions.

Here, there's 91.7 bits of entropy in what goes into the hash function. Each guess shaves off more than 10 bits of entropy. After 9 guesses, only one password conforming to the generation format will be possible... yes, it will be very (impractically) hard to find this password, but the rest could be done offline to find the 10th value and solve it in 10 guesses.

e.g. Make 9 random guesses.

Then, for each of the 2^92 possible input strings:

1. Hash it.

2. See if the hash matches the things we know about the hash from the previous guesses.

Sure it is, dictionary attacks are extremely efficient, if the password is made out of dictionary words.