Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
26/07/2024, 00:52
Behavioral task
behavioral1
Sample
11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe
Resource
win10v2004-20240709-en
General
-
Target
11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe
-
Size
1.4MB
-
MD5
1cc74844307cf6107573ba85de10527d
-
SHA1
ed45d720ecb10dc22c0ae7471742f427d5760651
-
SHA256
11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812
-
SHA512
4bd56f7fe21ec565006e666e3145bbc3fe33d034122d654dc39904c33f8584e57a20fa41819b63ee47bcda89820d3a5089a8955867e643ee0362e71c5a828951
-
SSDEEP
24576:UAzhR80qqyFKk6VLVy0pWnUatmKfPx/Y1vxIqb+YIwQd74Z9Ruvywr0:BU161Vy0pIjtRZY1vxTaYIwlbRuvX0
Malware Config
Signatures
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion CiscoCollabHost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key value queried \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation CiscoCollabHost.exe -
Executes dropped EXE 2 IoCs
pid Process 1548 CiscoCollabHost.exe 1196 CiscoCollabHost.exe -
Loads dropped DLL 64 IoCs
pid Process 4144 MsiExec.exe 4144 MsiExec.exe 1548 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe -
resource yara_rule behavioral2/memory/3388-0-0x00000000007F0000-0x0000000000BDC000-memory.dmp upx behavioral2/memory/3388-48-0x00000000007F0000-0x0000000000BDC000-memory.dmp upx behavioral2/memory/3388-575-0x00000000007F0000-0x0000000000BDC000-memory.dmp upx behavioral2/memory/3388-785-0x00000000007F0000-0x0000000000BDC000-memory.dmp upx behavioral2/memory/3388-967-0x00000000007F0000-0x0000000000BDC000-memory.dmp upx -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CiscoSpark = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Webex\\Webex.lnk /minimized /autostartedWithWindows=true" msiexec.exe -
Blocklisted process makes network request 3 IoCs
flow pid Process 23 1160 msiexec.exe 24 1160 msiexec.exe 27 1160 msiexec.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\T: msiexec.exe -
Drops file in Windows directory 10 IoCs
description ioc Process File opened for modification C:\Windows\Installer\MSI9ED1.tmp msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File opened for modification C:\Windows\Installer\MSIA0E5.tmp msiexec.exe File opened for modification C:\Windows\Installer\MSI9E72.tmp msiexec.exe File opened for modification C:\Windows\Installer\e579af8.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe File created C:\Windows\Installer\SourceHash{3F9B1AB5-2521-521E-8703-87D71A454DD7} msiexec.exe File created C:\Windows\Installer\e579afc.msi msiexec.exe File created C:\Windows\Installer\e579af8.msi msiexec.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language msiexec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MsiExec.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskkill.exe -
Enumerates system info in registry 2 TTPs 8 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer CiscoCollabHost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion CiscoCollabHost.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS CiscoCollabHost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName CiscoCollabHost.exe -
Kills process with taskkill 1 IoCs
pid Process 3672 taskkill.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED55221F-CF41-4829-9DED-8312B04F88DE} 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\webex msiexec.exe Set value (int) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\webex\WarnOnOpen = "0" msiexec.exe Set value (int) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\webex\WarnOnOpen = "0" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED55221F-CF41-4829-9DED-8312B04F88DE}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (int) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED55221F-CF41-4829-9DED-8312B04F88DE}\Policy = "3" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\webex\ msiexec.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\webex 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED55221F-CF41-4829-9DED-8312B04F88DE}\AppName = "CiscoCollabHost.exe" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe -
Modifies registry class 32 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\URL Protocol msiexec.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell\open msiexec.exe Key deleted \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell\open\command 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\CiscoWebexTeamsProtocol\shell\open\command 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\Local Settings 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell msiexec.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\URL Protocol 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\.webex 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\CiscoWebexTeamsProtocol\shell 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (int) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\CiscoWebexTeamsProtocol\UseOriginalUrlEncoding = "1" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex msiexec.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell\open\command msiexec.exe Key deleted \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\CiscoCollabHost.exe" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\.webex\ = "webex" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell\open\command 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\CiscoCollabHost.exe /protocolUri=\"%1\"" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\CiscoWebexTeamsProtocol\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\CiscoCollabHost.exe /protocolUri=\"%1\"" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (int) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\UseOriginalUrlEncoding = "1" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\MIME\Database\Content Type\application/webex 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\CiscoWebexTeamsProtocol\shell\open 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\CiscoCollabHost.exe /protocolUri=\"%1\"" msiexec.exe Key deleted \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell\open 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key deleted \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\shell\open 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\CiscoCollabHost.exe" msiexec.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\ = "URL: webex protocol" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Key created \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\CiscoWebexTeamsProtocol 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe Set value (int) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\webex\UseOriginalUrlEncoding = "1" msiexec.exe Set value (str) \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000_Classes\MIME\Database\Content Type\application/webex\Extension = ".webex" 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 1196 CiscoCollabHost.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1160 msiexec.exe 1160 msiexec.exe 1196 CiscoCollabHost.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3324 msiexec.exe Token: SeIncreaseQuotaPrivilege 3324 msiexec.exe Token: SeSecurityPrivilege 1160 msiexec.exe Token: SeCreateTokenPrivilege 3324 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3324 msiexec.exe Token: SeLockMemoryPrivilege 3324 msiexec.exe Token: SeIncreaseQuotaPrivilege 3324 msiexec.exe Token: SeMachineAccountPrivilege 3324 msiexec.exe Token: SeTcbPrivilege 3324 msiexec.exe Token: SeSecurityPrivilege 3324 msiexec.exe Token: SeTakeOwnershipPrivilege 3324 msiexec.exe Token: SeLoadDriverPrivilege 3324 msiexec.exe Token: SeSystemProfilePrivilege 3324 msiexec.exe Token: SeSystemtimePrivilege 3324 msiexec.exe Token: SeProfSingleProcessPrivilege 3324 msiexec.exe Token: SeIncBasePriorityPrivilege 3324 msiexec.exe Token: SeCreatePagefilePrivilege 3324 msiexec.exe Token: SeCreatePermanentPrivilege 3324 msiexec.exe Token: SeBackupPrivilege 3324 msiexec.exe Token: SeRestorePrivilege 3324 msiexec.exe Token: SeShutdownPrivilege 3324 msiexec.exe Token: SeDebugPrivilege 3324 msiexec.exe Token: SeAuditPrivilege 3324 msiexec.exe Token: SeSystemEnvironmentPrivilege 3324 msiexec.exe Token: SeChangeNotifyPrivilege 3324 msiexec.exe Token: SeRemoteShutdownPrivilege 3324 msiexec.exe Token: SeUndockPrivilege 3324 msiexec.exe Token: SeSyncAgentPrivilege 3324 msiexec.exe Token: SeEnableDelegationPrivilege 3324 msiexec.exe Token: SeManageVolumePrivilege 3324 msiexec.exe Token: SeImpersonatePrivilege 3324 msiexec.exe Token: SeCreateGlobalPrivilege 3324 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeDebugPrivilege 3672 taskkill.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe Token: SeTakeOwnershipPrivilege 1160 msiexec.exe Token: SeRestorePrivilege 1160 msiexec.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1196 CiscoCollabHost.exe 1196 CiscoCollabHost.exe -
Suspicious use of WriteProcessMemory 15 IoCs
description pid Process procid_target PID 3388 wrote to memory of 3324 3388 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe 87 PID 3388 wrote to memory of 3324 3388 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe 87 PID 3388 wrote to memory of 3324 3388 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe 87 PID 1160 wrote to memory of 4144 1160 msiexec.exe 90 PID 1160 wrote to memory of 4144 1160 msiexec.exe 90 PID 1160 wrote to memory of 4144 1160 msiexec.exe 90 PID 4144 wrote to memory of 3672 4144 MsiExec.exe 91 PID 4144 wrote to memory of 3672 4144 MsiExec.exe 91 PID 4144 wrote to memory of 3672 4144 MsiExec.exe 91 PID 1160 wrote to memory of 1520 1160 msiexec.exe 96 PID 1160 wrote to memory of 1520 1160 msiexec.exe 96 PID 3388 wrote to memory of 1548 3388 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe 103 PID 3388 wrote to memory of 1548 3388 11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe 103 PID 1548 wrote to memory of 1196 1548 CiscoCollabHost.exe 104 PID 1548 wrote to memory of 1196 1548 CiscoCollabHost.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe"C:\Users\Admin\AppData\Local\Temp\11fd50497d65182202764cf5cc13a6bcbbdb77ae0cc103b98e5f43ff87c41812.exe"1⤵
- Checks BIOS information in registry
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3388 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe /i "C:\Users\Admin\AppData\Local\Temp\7d0d5de1-e0c4-453e-9287-89553318312c.msi" /quiet /norestart2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3324
-
-
C:\Users\Admin\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe"C:\Users\Admin\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe" /protocolUri="webex:///"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\CiscoCollabHost.exe"C:\Users\Admin\AppData\Local\CiscoSparkLauncher\CiscoCollabHost.exe" "C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f" spark-windows-app.dll /Hosted=true "C:\Users\Admin\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe" /protocolUri="webex:///"3⤵
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1196
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Adds Run key to start application
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1160 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 19E762DB5FCBB40144F8F65D679205BE2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4144 -
C:\Windows\SysWOW64\taskkill.exe"C:\Windows\system32\\taskkill.exe" /F /IM CiscoCollabHost.exe /T3⤵
- System Location Discovery: System Language Discovery
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3672
-
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding F063626456BE6E9B961ABCD4CBC8E9BB2⤵PID:1520
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
24KB
MD5a65ecc71e733502893c9eed81f21f6ff
SHA10737fa24b796117a321921640999d1e3a460fc52
SHA256d97d58a98ff892c81832fdab3ee31ea109aa3f549272c41591ce77cd277dead6
SHA5121cc0f702c011b4fc84c2064d128808f72f01ea628aee6c61b1e55757b70387f76a0e0d3be2b569ad864513f03b2d708a0f54a29877db707eacc1bdbad1eedca5
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\EventBus.dll
Filesize64KB
MD524185b5f403243698b02498f18f07005
SHA102457e0a97585acac9f67c2e41b3d9b5a8d9855e
SHA256b2bd87c8c4129c033b9d6aa717a93325da9be6ab61de54eac8fe5c78f533428f
SHA51235544ec6358e422b39762504d89c527a68f3c1c362b23901ee78155447c59e39cf4e11d6e59c3f3d7ccffef8428e3dfccf33c45d1768a86e6a260a89de3d8ecd
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\KF5SyntaxHighlighting.dll
Filesize1.7MB
MD5d8bfdec029ea1c2b9648da25b7dd3cb8
SHA18cfaa6aabb6a0e66221fd2461257c94844274f07
SHA256aa9c37ed2f324f32925edfd7adf83fdb99cc0c05c2bf6239514f2ab5cb12fbf2
SHA5125204b00003aeebcfc3982eedeadc983702de8ec12770ee9cd677729a141e77d560730137251a33d876fb10b12a72b097504e6b5ecef0a181c009dc791ed2a2d2
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\LambdaThreadSwitcher.dll
Filesize27KB
MD56f51161a064257cff0d5a0459b9e83d8
SHA1e34df9c34fda0facefe2f0efacc4519532477f91
SHA25630700ca073e64599e4725294b175fce95dd1a78599c6121f699c76bdf533421d
SHA512646815dcb407098f565b2740805b252e756ae10dae8786f046cad56871114fb13a5085de2df18a7b2f9b02e8409a0527d134430c2af8a9b7eea1d4aa73fd19af
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\MeetingContainerActivityStreamType.dll
Filesize18KB
MD5c1c6521f49f8e13710948639b44f0c47
SHA14c04506b92096e9b0a99f7eb439848b240ce176b
SHA2569c5eb977efd4cc062b54b6f218fc52c6ca153ada4f2a3d4e8ddf03e6f927e144
SHA5121b83288d92e7b0276a649739b0b41b5e3abc0d114611377158ea7b5cf90b848a2796e6b2ffd181e48f66ec8e41eaabf73fcc18a12a4710818c48d0a75c6ec3b0
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\QmlBase.dll
Filesize106KB
MD5769543a42b3dd011100471cf127e28c5
SHA1dbab9b025f57ea09eaf2b952aa22b25c07b72cec
SHA256e0ddf69bafb162ac758abf4ecafae7586c77cd4e268fca0d8df0d05ba3203dd6
SHA5128c1db502176f0cef82c708fbb1999749e7781282472ce81a83c267453f602d2488f15d47e00c7b0149bbe639eace82687f971a42adaa3a38666ce81536817cb0
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\Qt5Core.dll
Filesize6.2MB
MD5a82c139b1bf661bcb71357ca088fcf11
SHA1c798afa943f98168310333e1abf575801d962650
SHA25660fba4ea4d8ece7291891c83cea5d55cead8d593a12fd23d1e6e0c45e602ee29
SHA51266f448435ed9813ad95e70b81d1ea509c42c021530c45b4aa22d8a8aaa07834ea3248130573479fbff4a99482ce9293291172d74ee5ee21bb8a53a257ea3dd81
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\Qt5Gui.dll
Filesize6.9MB
MD5a8e9e3f4703304fd54f0f57c1e3d5d77
SHA1a4c974ea3288fc9fea9da3bf8c9bc02684b1280f
SHA25660b216541d8071d29de57cc427646b365ce15720537d83687d918276e30f7ad9
SHA512892726e4340c75150e91af11378d8f5517c9d3ad1e6a7e9c9f79e53a5931f68eef3fc35f67f8f3247d1f75c01d81eaf795340aec81e21140715857caf956bcf1
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\Qt5Network.dll
Filesize1.1MB
MD50826fd88c73466ff6b8cf47dab13e4b9
SHA1b6b21643da59be03ffbb4e736077e185c39de6bb
SHA256758beefcc5d4cbb4e5e25924458b46d6c786425ab2367b0da0f4dbd86cad459e
SHA5129d281fa82099d778e7b1440d4adc32cb9edb97ccecd5f4a810349babd5f4c8ffd2b4c2cbe38e24ebc362f394d222b785767a0838f9ce6df92b916a2ad5d5f13a
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\Qt5Qml.dll
Filesize3.5MB
MD54249e751e664faaa5e2da17c11a59f53
SHA190aaead901872b99402d2fdef638da7c58c9c31d
SHA25608684bebfc18c402001f091a55ba984c1e24dababf139caa8144bc117a441d0f
SHA51205c33756154c92f3368ab3c4b41e7b30847c9e76e8c2135ac1eaf4ad1b93f9c245b64797dfab55cc44d717a6fe2eadd9596c52f6f15595305c1c1ee5e3ddce51
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\Qt5Quick.dll
Filesize4.1MB
MD51ddbb41900edfa17646ca30ac7d21500
SHA1b8c602b04337b515e7bc5b6e05a908ea58930d73
SHA2569d15671c3578ddd9664fbf1fadd4306478d92c83a8f2d2b5a30d1c6c52acf6af
SHA512e378614c1805b63b99d7d6c1bdfd8baefddcb6edd5400d5e1e6ea6aae528dd9b9e6a5f9e1131dd3f0b56decd990977ba145b5b50f3e251233bbd2702bf94050e
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\Qt5QuickWidgets.dll
Filesize91KB
MD5ce80619faddffc43b7b8beaa1603e89d
SHA17fe85a899dfe64466315d12ec8ea1679931115b1
SHA256d46d1af4d1988300863bfe09ab1d5a8754298a11d6b95b33552126eca54fef8c
SHA512103e0035a655e1683339fb7efa2de4173f3c2d276c58da4c6b66050fd467947864aaa0cb072b5a92d2dbd5aff592dd79ba1d2d3d689914f105003001d3350625
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\Qt5Svg.dll
Filesize332KB
MD525f49f9d2ccd5d93c8f7879b5f936bfb
SHA13492ec44bf0ec35645bd45a5a0e9b55defb1b822
SHA25631c6dca1fdc9767149516ec7790aa24d93931cdf1d1f7065dba19cbd3e1e5fd1
SHA5125aa3c0a8db7b3a46da13bed183a88b9e6cbee5f505e51ba8c5c4b33007fcaf474cdd6e51453e534ea5f6d24997fc6709589629fa8e214a42a5485dcb93540e73
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\Qt5Widgets.dll
Filesize5.5MB
MD5806ad42e12d8a725fc88e761668ffc1a
SHA1276cee74217cd21357682310689216d9025195a1
SHA2568b27f35a4528c45761e05c40ae428088774855ecb09218834e367dd0affea191
SHA51297e9d0893b534d61adc4a74d847d14e2b13418fedd8396e950db3e5fd2ef1325683e9f8c8bded20f2f9f95a63cf4e2251993259fbeb0a6aa193c77e941784dd7
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\ServicesSignalEmitters.dll
Filesize399KB
MD5c5145e202cfe83ff491433f85b3f95e1
SHA15d77a74ed8fd9f6b41e1a248b2d399edb03c5310
SHA25677603b0be9ada7b42dfe87e9e9e27a1970b8a3685ce82e1d15e15a30656504e2
SHA512b082470398121c90eec2f524b4d9391257babb1eb0b0d4364e9beb8a23275bb714c32817333d9759dca494245eaa4490f723dbbd479b5af5f6bacfeb66e654b4
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\SparkPrtDll.dll
Filesize1.3MB
MD5390abd93f694837cf99d123e67117c5b
SHA114f2d46de934380a905b78bca6d682f2071a39cc
SHA25662c5765c1b4245b5b95683110b1445017f5ed8ef35cdbb3c783f5278f6d39797
SHA5129fffef25c0db7959f1ac756a689f817ddfd9c77d9aa3047d29c1baa764ecefe7f668871a39e69b5ba77fb0090d8da6b1118aceadf0e2682b647497e88559433f
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\UIToolkit.dll
Filesize730KB
MD56e97791bc1c656ab064d7c3e86006d7b
SHA1b3e991a772058a71444aba4d2a96f92fa861433f
SHA256c7175d8c719a8c95bad91f26eb22e90b3f3e0deb27f6366591038ee0de190995
SHA5120eeb51c06ba644ea1b23b179e645b3a08092fcc3fae0734f2b6fbc9aa83f0a503f75124bb5f7ed2ef5e94e5dcb1a9eee16c40ec1dc3d7ae7b5176d498d8759d2
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\VCRUNTIME140.dll
Filesize96KB
MD59fbacc6830481b1105cb7228ed7fad69
SHA16c198c255d23771c164659185a4b072608385286
SHA2561c6e3876bc85cb229bbcbf508971db218c77d3b582c7ad1ae69dc2cec13c4f6d
SHA512e20f189554cf185603d25aef2eb4ac94e72c82e52336ae83fc4c208eaeb9decf5d1e1a49c1d8d7a3c9d1a64a6880775cc9c33eacf2793e668e20ba92d4092652
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\d3dcompiler_47.dll
Filesize4.7MB
MD52191e768cc2e19009dad20dc999135a3
SHA1f49a46ba0e954e657aaed1c9019a53d194272b6a
SHA2567353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d
SHA5125adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\hunspell.dll
Filesize416KB
MD5159b3e31cb2b3f90dd5e9fa85ab69581
SHA1f758d5fd252bb32a8acdc75a237f4e5e60ee74e2
SHA256239ee3315fc85ce00323b811cb1da9b081c86fe7853f3cc3276853f0188cb3ea
SHA512dce5ae7bb7c4ee019da663deec01dd41cd7ef25815aa80baf72ed749f2a74354c47e1d749fb024543c1e832f0f8829667de7338b189ec746e861a05199a2e8c6
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\libcrypto-1_1-x64.dll
Filesize3.2MB
MD5b5509d214ff178724ebb59712064f50e
SHA1b215a837dec5ecbae21b0412122726af7c7d951f
SHA256fece37f66d93f62b3550a1328322f342545404ab6b60655cd7082ea98c775cf3
SHA512e674fda8bfbac252975489088de7a4a62c12410f90b65ca226b1a74873a6130c781a69ae2bb6aa9e89d3c78caac8a214efbcbe6d74533df469b61730258a0171
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\libcurl.dll
Filesize804KB
MD568b222d16935e748741daceff2cf1d88
SHA15508d8e94a541f81d796f31aec1c081bbd340e19
SHA256255a9bad11ae0773c54017070142e6dc84f5f4597b1dc5645fbccfa383c5fc23
SHA5127e60919b7227211f4de28e2d9a27018e9c7ea24bcd49cddb30c8ece661d60a309ad299ff03919ba0fd701a4bd09457d294a3db122d1550e925d764ffe43cb11f
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\libssl-1_1-x64.dll
Filesize670KB
MD5b9cabd441d0e5bc8155e818a064fe7a7
SHA1af24ec2327f5d306508ae15a6b8a7f536364846d
SHA256bb59ea96f75d91873ca4364d9bfdd909bceec04d5d1fc7d26a1fd45edfb1c419
SHA5125d818a7f27965141d090cb43ce200d77373b783d4bc497394de655bb1688f66417e8f7899c7c48384d0cb4421d697bbd9b732a15c055fe307023a215d8719193
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\spark-windows-app-impl.dll
Filesize20KB
MD52b25d3b4670f3d01bce00f03f6955deb
SHA12b6d32febd30eba3c1d383918620449cb023fd61
SHA256f7077b57d5adf49648d647886a1ae21375d166af91157eca71d88c1078168991
SHA512ae62ba1a73d898176256fcde8bcf5667e139d771536740f1589e8140401dc7224a91d86c4651b2134bd4170bb6f3830d4009d3b6527b2b5e5c23c46acb55e38b
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\spark-windows-desktop-ui-rcc.dll
Filesize21.0MB
MD5f47d6fd47f50f0c02fb191dd6f1f2c78
SHA11414e747408617f2ea1d4ee25f354159a50d4aec
SHA256a7e44684e96955187730319805d6ea49f6af1638a3f76eb27f15b2704abf13da
SHA512ba44628e3e7a70e64565fbf36653dc6a7f7fa000766c0fa0a87c9c1914e83b3bc123145ebb26fa6e91efeb0bbce9d803c20177b10df2acbc72f6656e8c51bb68
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\dependencies\windows-os-integrations.dll
Filesize486KB
MD58c775486f56d7db063cdcfbb24af6d10
SHA1f55b74ae07472e87da5168db54025054a283ddce
SHA256de7a2c314444f7a165a4356f22e092cdbd3066eb519d9d842190c16ae6dfdd53
SHA51289909f3a406b50a098520438ed3294ef9d246eb90ee53f1b9c88f03fcb6bc57ea1e9c2c30aa0c4d84f715a8c20da1351d348f7a2332921372c324106db12895e
-
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.7.0.30285_e46710d9-7d78-4765-9a97-0a5bad42223f\spark-windows-app.dll
Filesize23KB
MD5fd76faaf7bfa561eb684e135c67bf8ed
SHA1a3c505bb060e0e4a9b1f56ac89eb3cd6c1dbde92
SHA256f8ec5e433a9d633920c05d67f0ebe8fba734449101292148ac60729fb5bd481b
SHA51231826c372cdd5563dda744c35b284c2c6ba656a134bac149dacaf8509374cf37b11de559890455901604efdeb9ba9b9d1ac457427221b64fb64cb8512f339b68
-
Filesize
2.6MB
MD56169a4ef41c5e7d278e2e9622926fa7c
SHA1bd3694365c7abbf227c91f0006ba1401cbf187fa
SHA256d9f15478b12042103e8ecf26660b1d53c6522b113e6ac0a0b69475d787378cfd
SHA512c1d50fe592246941bc630b68d0567f09f8e990f7275d4c20af4fb68657493db42c25597831144437e827991de66175c9571edfb1612f5ad7d64a950270ba9886
-
Filesize
119KB
MD5f14ee7958d8796967f877f7560ab0330
SHA18c9139752d3668c858ef192c8f4405e1c7230e73
SHA256d18a3a04f3381d718b3ba3d106aa1db14009b00071f378ab42707a9f173d629a
SHA512c963c934e8d3126139fccb8aaa6d76efb0dae6826734ed62d12fd1f49b38a8fb9dcde3e8c00a4de80e18eda104ed9f620e921438f9b60c870a0061958d5df412
-
Filesize
1.0MB
MD5f525cfc72cd1cc55c9c69d11cef27613
SHA17d9163ca81e89a69f9e8bbea05bc5d8c602a93f0
SHA256ad8f04a096035a676448a6182915e9e0d147e05f3fac3f69899c0ef4736e2c55
SHA51255323e17d2542e421d2de40b5d48ee8a93abea1ca78730c6c8a304a0690b53fc2a0fedfe8e0d9cea773c0580d35d48d87184ee62fc81a51e9dd7308687fbf303
-
Filesize
211KB
MD5a3ae5d86ecf38db9427359ea37a5f646
SHA1eb4cb5ff520717038adadcc5e1ef8f7c24b27a90
SHA256c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74
SHA51296ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0