e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Size

1.6MB
MD5

6e256abc8ded6122f9607b9fca1c169e
SHA1

d990346e6640beff7c9fee66688fc3929373fdda
SHA256

e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749
SHA512

ead5e220b427884545424cb8b37bc9db92709f80edea5a8faa559c4fb112f0c7686edc3d1758aaaf95d58832b623bdb41157f821795e5787e36ee9bf3c68c10c
SSDEEP

49152:JNoVRxh1ugvM64Qv9ckVgxWjRLkrOVlEe+m8iUlLx:PwRvM64QvikaxFCVlj+XzLx

Score

7^/10

discovery persistence upx

Malware Config

Signatures

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	CiscoCollabHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	CiscoCollabHost.exe

Executes dropped EXE 2 IoCs

pid	Process
2392	CiscoCollabHost.exe
4844	CiscoCollabHost.exe

Loads dropped DLL 64 IoCs

pid	Process
2392	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CiscoSpark = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Webex\\Webex.lnk\" /minimized /autostartedWithWindows=true"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2600-0-0x0000000000B20000-0x0000000000FAA000-memory.dmp	upx
behavioral2/memory/2600-5-0x0000000000B20000-0x0000000000FAA000-memory.dmp	upx
behavioral2/memory/2600-8-0x0000000000B20000-0x0000000000FAA000-memory.dmp	upx
behavioral2/memory/2600-535-0x0000000000B20000-0x0000000000FAA000-memory.dmp	upx
behavioral2/memory/2600-933-0x0000000000B20000-0x0000000000FAA000-memory.dmp	upx
behavioral2/memory/2600-955-0x0000000000B20000-0x0000000000FAA000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	CiscoCollabHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	CiscoCollabHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	CiscoCollabHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	CiscoCollabHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED55221F-CF41-4829-9DED-8312B04F88DE}	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED55221F-CF41-4829-9DED-8312B04F88DE}\AppName = "CiscoCollabHost.exe"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\webex	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\webex\	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute\webex\WarnOnOpen = "0"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED55221F-CF41-4829-9DED-8312B04F88DE}\AppPath = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ED55221F-CF41-4829-9DED-8312B04F88DE}\Policy = "3"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\CiscoCollabHost.exe"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\shell\open\command	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\.webex\ = "webex"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CiscoWebexTeamsProtocol\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\CiscoCollabHost.exe /protocolUri=\"%1\""	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CiscoWebexTeamsProtocol\UseOriginalUrlEncoding = "1"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\shell	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\shell\open	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\shell\open\command	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\shell\open	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\shell	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CiscoWebexTeamsProtocol\shell\open\command	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CiscoWebexTeamsProtocol\shell\open	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\URL Protocol	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\UseOriginalUrlEncoding = "1"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Cisco Spark\\CiscoCollabHost.exe /protocolUri=\"%1\""	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CiscoWebexTeamsProtocol	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\webex\ = "URL: webex protocol"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\MIME\Database\Content Type\application/webex	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\MIME\Database\Content Type\application/webex\Extension = ".webex"	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\.webex	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\CiscoWebexTeamsProtocol\shell	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4844	CiscoCollabHost.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4844	CiscoCollabHost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4844	CiscoCollabHost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4844	CiscoCollabHost.exe
4844	CiscoCollabHost.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2392	2600	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe	95
PID 2600 wrote to memory of 2392	2600	e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe	95
PID 2392 wrote to memory of 4844	2392	CiscoCollabHost.exe	96
PID 2392 wrote to memory of 4844	2392	CiscoCollabHost.exe	96

C:\Users\Admin\AppData\Local\Temp\e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe
"C:\Users\Admin\AppData\Local\Temp\e1e92da9ca6edb1ddb3671aad3e67f581a9af77b9202c28c313dc8bf6eb2c749.exe"
1⤵
- Checks BIOS information in registry
- Checks computer location settings
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Users\Admin\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe
  "C:\Users\Admin\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe" /protocolUri="webex:///"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Users\Admin\AppData\Local\CiscoSparkLauncher\CiscoCollabHost.exe
    "C:\Users\Admin\AppData\Local\CiscoSparkLauncher\CiscoCollabHost.exe" "C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8" spark-windows-app.dll /Hosted=true "C:\Users\Admin\AppData\Local\Programs\Cisco Spark\CiscoCollabHost.exe" /protocolUri="webex:///"
    3⤵
    - Checks BIOS information in registry
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates system info in registry
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\CiscoCollabHost.exe

Filesize
121KB

MD5
3d527e850f088bd16c3e16d1d48ae946

SHA1
b964de4daf83e534b7417602f6646990797dfe6c

SHA256
5622ffc1c9c9f2ad4f0a559f2d877e46af081e72be5b3052114ebd20bdf7ddb3

SHA512
c8f3adf3b1fb1d246dde5d5b2077cdcbdb390dba876657cb38a6a33afcb7f69a63e33fd907ce2089a49456d4213bf97197daf01ddea4cdf61faac0d3d0c32b89

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\EventBus.dll

Filesize
70KB

MD5
1ab7a65519f0d558bc6848f0d70a27c6

SHA1
2c0e36d90cb31386aaa91de49dd77851fd3140af

SHA256
398f11cf5f30125bd01f685230fe47793054ae65615702eddc11a6e191ca6377

SHA512
068737bfff14044dcd2b21bcb4a00a562f208c2c18b77c331482a075e653d3b62c6591e06f2624dcc6f69d511fa8e33ab2006c5f9ce5995ac272b63548f5a2a3

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\KF5SyntaxHighlighting.dll

Filesize
1.7MB

MD5
b1d1998c277445eb2a879242e6986bf6

SHA1
2820f40d0203924e83e21e3d7b0dfac583621a4c

SHA256
e4df75448a7473094e298f09b37e64b2ca3f697c99fc47a840a6f621ab7a0447

SHA512
b80ad7fe1e73b2d28a0713f84e26de8d7b25a95b0c8561838b68e08eb5aed9cb8426cddc58fdb032d5dde4087b44b42b8c2f84301bebd087f13b970a87c65aac

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\LambdaThreadSwitcher.dll

Filesize
29KB

MD5
dfebf68b6a7a6aac2e227c8cf560417c

SHA1
3e0038c45b46c6e8565a64c8c27497af3d8b3550

SHA256
71cc5f734479ed2c4c79e267995fdc6fd431a597d6b0e414419b80d9a9c36ce2

SHA512
1443ac6bd8327cdf378d4a7b2132124b5cb255e07c5f4959a87d8e8ffb59d667967344c5b177f7b91bcc015607308b4034cda216bee47e2d3d17fce78d49a4ef

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\QmlBase.dll

Filesize
100KB

MD5
a2019c310666e3a5b5f18ec92e7d4350

SHA1
8380e2c83aa16c5ca0e002e1f6bc5256f7f4ac14

SHA256
1ec3c9592cc2f702d7fbcce1304d6e74bea931118d5400758c7202602ffd22b2

SHA512
e487fd86721a86aed5764d1d219abb62f952d6e16b9b627a18d712f0fe576015cfe09d71c672ac38a45a512b2be7eac6310c728eb913ad656ee0d59334a76c3f

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5Core.dll

Filesize
6.2MB

MD5
c5ca9fa6f5b920fe51c6035ef88e6315

SHA1
3b8d2772f48b2edc409a0b41eff9a8c8079330d0

SHA256
673dde407682df85dc51e00c851176f4bbaaae568bca108d792a369dc4f2faee

SHA512
f2b96fb3fdc22896a29ad8b004a181481102404efe9b21ca359dba662669e45080ce73e2cf64e3f74175a4be0cc131d8a35826e4ccd626a23995ac190ce805c1

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5Gui.dll

Filesize
6.9MB

MD5
c84310e53bd2f2da48576487304594fb

SHA1
8ef6d8f4fa0a72f792f821662eeda519080dbda7

SHA256
d63c3aaecd0dea98289ae2610355bd8734812530392752c81dd8277f630dda4d

SHA512
f1c0436dd5a39778617165a6e42c233b6b4fa889b20306c9680d76fff8683ecc3ed7cef115ca63f5e9b49186bfc310b7da13948f98dd891fec2095e18d1013f6

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5MultimediaWidgets.dll

Filesize
106KB

MD5
d9b7797f4579dac9ea00e5a0521caafd

SHA1
050fd773df6e7e69b61df305b117ded7f634ce9c

SHA256
1be1a0e61454d6352335ce35ecb757fbd52fc0a3e7bbdd4c67ca6987db1ee60f

SHA512
ac647e04bff64e31e9d27e4768099ca6d56bb4284283d74fc52c5e85f6e7b5a3389b1317623bc4566caecced28ea36377915a350c74d8d6c266b7c1a011d99cc

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5Network.dll

Filesize
1.1MB

MD5
4637a0f573cef71bcd7e2e32bdac00f4

SHA1
014ab9c3ec106d821f8c81237bf3c035a4bc0350

SHA256
303d22a40d5f0cf510333dc434e2ecf9b195adbd0e33a8fb5f9f10c08aeee28d

SHA512
739fda2beb9632ecb5856d0ec8fdfebaa561022fe3c7f403441d3d6b85dd91ae9c3a45ad378d3659967c050e1b7f9cbc25481203ba33fd40af639d823ae0eaab

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5Qml.dll

Filesize
3.5MB

MD5
c54fc5b044d0f8edc49c5bb86603f604

SHA1
c1bf7a228f895a2acec0ad59dee90f273a630753

SHA256
c7f00d0d78d263c5e7aaa26a2fb46991878d0266e8038ce96028e81a77a32a45

SHA512
1d043c402657ef0faf7f582f9c458c3fb05dd814431b798c622ab9867e7f835d16693a67a45871e3917e457bab091e20a51bc21e5558a5326d1e1244a5f45e29

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5Quick.dll

Filesize
4.1MB

MD5
96a76ebcb26a2d359381600bb742a224

SHA1
b51a8f126c1e5719d639f28bd0ff69dc803a7ff5

SHA256
8b5baac9a4f2e78177ebb49f668119fbd2f6d43370eab8c356cb6447468fedeb

SHA512
00cd340aa0248a8be18d4d842a7ad7232525d911e1b21e8e16dfaa3484499da788d2b0bdd1e2898dbca3e9f00a5cd6206e2f683b58b776bdbb27a216704cfcf2

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5QuickWidgets.dll

Filesize
91KB

MD5
6ee58f7e27a1a4c3d9256a96f49dbb5b

SHA1
73a6697c4389dc3aa0e4c2f88ef4968e49406431

SHA256
b3ed8d8a2085526b1bc4e42de48d4aae59d4f7626b8cbf1b7312f427705a26c6

SHA512
40e94eb211fc41460e3e466c41c6ff68501b717ace520e74fdce1094434f911421e99ad595f4290582599767baf6fd0c7dd98506ae95e4df68ba1523cabf4de2

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5Svg.dll

Filesize
332KB

MD5
9fecda249b0d6e293b210b3398aa5c60

SHA1
8be52e0414be38b7345b91fe7544e547d28feaba

SHA256
a388689d6b95c9d7768af38f239fd2971b8381e6e478ff36e095c39c3d217f37

SHA512
2d13f361e338377ac1e5ecdb00112fe4b05ecbd275bf4d3c99585417217288fe676d3b6dc421e468121d65b4e00552c0c54502c083273e4a2a9ba8f6e5280b2d

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5Widgets.dll

Filesize
5.5MB

MD5
073f475a97cd82af31fe251833eb76b7

SHA1
6f0161134292c33e3cd6f9edba3aa335816fd589

SHA256
a7f9832df59b294c800cc10e7c30e42979a4fbf39f885c4c003ca7a6483bb1f8

SHA512
17a22cff6a8782159ced86a6799b3b22b73570135e9c2398d162ffbaefe8e847cc3f1526ca78239f9111ab48f7af1ca26f1eff977e75222650bb764410b08571

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\Qt5WinExtras.dll

Filesize
264KB

MD5
025360d2497ff861881975008a1f5c5b

SHA1
7a0764568e2f00fe414e98d5bb07ebf3583aa8fc

SHA256
6408ef03d8e94fc1ef18ee0e6d176d18001c0cb748347d378d33cf3c8154cf58

SHA512
16521b81f01409f50a55cb3076b34b48ae8d9549411581c8872522f75c9a6fdb5b772ad7b87db0fc94ed73ee4d22aa99707924c9a4637350d82ef6a93ce9fd71

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\ServicesSignalEmitters.dll

Filesize
412KB

MD5
5dad10f995d3cd45c1e2401f959a11eb

SHA1
b5fc66baa0f83f4466063f9ca5141c82c2f7b7b4

SHA256
b6e46dcb042f55a27c854c3831000f9766a5520d6469bacbcf9262736061418d

SHA512
7242bb7024d98f7a4b9095e46ca7b38d2f83c73e4386989b7469c5094d5e27f046f7474a109d561942e0c700b8b1d40c7c9170cafb776575f3bfa6da43928cc0

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\SparkPrtDll.dll

Filesize
1.3MB

MD5
aee3094a8a93af83280de75bf26f3def

SHA1
310aace84a0ea3ce6a3868800337d97f20c16177

SHA256
74f7b48364b1671e5675052a37a4ce7367691233b65da50cb0c429aa819def5e

SHA512
2b99f60888782971300cbb85bab053bead85eb0861a8fe290401a67a56a809444138fe68b531bc49f30b154e94c8c013f5d06c8cda53b57f12d372fd2fb2ea01

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\ThreadIds.dll

Filesize
29KB

MD5
48d02dabcdc4e34e9975cca5dbd935e7

SHA1
297d2b4a46018835e1c88482e57555c1538e0d3e

SHA256
cb38ab31e8630b23418c1e5dbb7c06d8216e98d7ac37a3f20fb4f981c6d3d754

SHA512
581b19028889a276b735f1f0b805b42c4d8bb91896dab3395d129a24ae3a4e8028769c46e2f329b360bb9f682fa3fe69bf07b1cbbf5d0a13d6a350877f4f0d4e

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\UIToolkit.dll

Filesize
838KB

MD5
9fd8e5d98410b633500b3c40bed5b83e

SHA1
be0219f95350b6b646f7d28ba8649ae5c9c70a02

SHA256
96180f6688212ee367c17d943c9a052bb6870d7faa9541a419e07435cb9ebd90

SHA512
927fa740a0e7c87433fa6eb289377b0ed951aa31b534fd076035bcd08686de0d6fb357aed304aa1c746b2595352d7f885f298cfbb034112eff176d4754ef7fb1

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\UiElements.dll

Filesize
1.1MB

MD5
f2cf89fb5198c7274f22a47132d0468a

SHA1
7b695103f16032c10902027f1f398f143bb4c0a8

SHA256
37ceeeae6002c1263fb1d61ef059fb26de4e740f29343f7a9e28fb5b0b5d0284

SHA512
ff3624d177ba9f9c93afcaf04bf035a9125a1cddeaa47ea76a19ece394f9ff1c588de332e5f3f90aa3369bc913729b48b2faec437b5f85f323c6d3a3540b8b84

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\WebView2Loader.dll

Filesize
158KB

MD5
aee20ef43cf692c9080c5973b1b79855

SHA1
b3885791b0e122f8360d6fb7c0e0ac7fe4fa14fb

SHA256
31423e905e29c8a40a483e81dae1491990805fa066634d218b35bb96692bef0d

SHA512
eab6684095c0a7555d921fb1a2e136fa1d761c5766c48571000a97403e6d437a3a4833c571f86c039aa8307fb2fc3fae1acffd63085ae9d2ea0d9e7f9ec1ace6

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\hunspell.dll

Filesize
418KB

MD5
92707007c526a1f75d4e6dc6d2b6eab5

SHA1
d7b2ec6276d2e91557646fc918198cebad70e16a

SHA256
bfbae9fec356cbcc404d707ec2a5ebbb9192c863b86b27ce0aaf9bb8986c78fe

SHA512
6bd51afc86687e3dfd08374b8c643bc9c53de84b6d6753df890fb587b8eee036eec3ffb981a073649a42d205012f5bc077167ba2a45795f7fa7240e40c18bd6f

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\libcrypto-1_1-x64.dll

Filesize
3.2MB

MD5
6acdd140cf293162c64504146314b106

SHA1
57187a45a3b1dbc03f703f1ea4da8160d0e19ca6

SHA256
63c528ba7f6ff41523a3bd641a0cfe9f2d5265a51c50f10e0b0e50d9b6ba8332

SHA512
a08d187aa7bd1a66efcfd8af67968fc7dec234b7278c1442fc52025af7d6e0f65404b717a078c2f0a563a3aff2b83e63726fc36377b4855ed8e7b8737e6a3e7c

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\libcurl.dll

Filesize
852KB

MD5
f730cff9a448d4e466dbf3cd068b0921

SHA1
bf566792be6959d64b71e0da782c5214d89bd8bc

SHA256
75b372b06e8e99b69d2fe197d6372bc78fc48ff78889a94ab720cb51f811dd2b

SHA512
91ddd3b5ddf565b63f1e7d47d1e01ac08c8c5c41061ff41e785815693af3189fe04addba472a64fa8b767657f17d7d9b7aa11f58b08ff663d009b01be7db9d50

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\libssl-1_1-x64.dll

Filesize
674KB

MD5
a064a4509248450d88ba845c4a08ac52

SHA1
c638367bfed860584949c0af2e796aeb9e61ddc5

SHA256
f5f7b690ed5b2982d87a9fb577a9b515c17eb85f374c044ec29a6fae0bd59324

SHA512
f71d4a660d0c647cc8788d9a14d2d0122894ce91be153c12ebab5c64c71e4406cdd663f22e67a02907c1f9402b3272f8a0bb50001ef557693f00b6d36f34783a

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\spark-windows-app-impl.dll

Filesize
22KB

MD5
2d44546945701f122afc1d392a3172fd

SHA1
a0262ff7e8bbad96eb7b7e795d6755ce280078b0

SHA256
55f5e61c942125418e8161232ce628bb79ef8a62fb89dbb5135c3731cfc44d26

SHA512
26655bfc9700cafe37af2e7e89b4edb07b69c88c62e3fba25fe91f911374f9773ceedb3021a248de8c94fed789acbabdcc88ced72e37938fe961ad76abc49751

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\spark-windows-desktop-ui-rcc.dll

Filesize
21.1MB

MD5
993eecd82b4d20a8301d82b9d4bbf0e0

SHA1
76f367880fa553a97aa814e3f1397af6d6ba6197

SHA256
bbcd6868a15890c60f33c4cb0998f544b89632492aac6b993b95ec589ca45146

SHA512
49acc237893d5087f2f0a4f522cf141a8a81162748710bffe5edfe4837b0a9bad9a90bb641b48eef62b4745abaf87f665039a7e4c0515d8583bcda1aca1dd73b

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\vcruntime140.dll

Filesize
96KB

MD5
9fbacc6830481b1105cb7228ed7fad69

SHA1
6c198c255d23771c164659185a4b072608385286

SHA256
1c6e3876bc85cb229bbcbf508971db218c77d3b582c7ad1ae69dc2cec13c4f6d

SHA512
e20f189554cf185603d25aef2eb4ac94e72c82e52336ae83fc4c208eaeb9decf5d1e1a49c1d8d7a3c9d1a64a6880775cc9c33eacf2793e668e20ba92d4092652

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\dependencies\windows-os-integrations.dll

Filesize
493KB

MD5
d579e3ff7aa1d12f8c2f555bb30b0d65

SHA1
77321b44b9e51c9f34b790edda1cb9df56afc0f1

SHA256
d56e02ed2400b63a6f9539f88053c02a1f5a85f5eca3499caa37aa82ef371e3b

SHA512
d83ca4c5d77507e5827c652e1c606ba719d071e97c0eb268ab2f366a9aa52c56dfbd93bcc28c86a969b1ad3032002376d4a2f880e2dc56cfce26ed23f824d2ad

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\44.10.1.31028_5c906f8b-45c9-451b-8be0-b024b5d4c9e8\spark-windows-app.dll

Filesize
25KB

MD5
3a2fab010386a789e784b94bd03c3b0e

SHA1
074cba68c09d2609303375162f9c43392475f5c9

SHA256
4b28602d3eaa8501acb3101919b9b7948c6ed504931d5a9b1a69e1f25ff01a3f

SHA512
12d8b1c81cb689e1c063b0ad7b564b39b956053a0eeb0d5359e3058765358fa8b66568fe477bbafe609f187978f79ec5d128e8abfaa1f323c891507b8f9b0992

Download Submit
C:\Users\Admin\AppData\Local\CiscoSparkLauncher\CiscoSparkLauncher.dll

Filesize
2.6MB

MD5
4bd821fcb0ed33764179aa18535deaab

SHA1
7d34783470fb3c140347079e0357b90a980693ae

SHA256
7f2a0196054013a2c901d2153875b449f54286bc7fae0b9f0e354e28139b59e2

SHA512
beaa5deb4fd2c605af90494630b7deda6770c91ae7f140a205d76d78353a0b34a42ea4156e9a9db2834e4d877dd0790d403ff9fa77b292310b5720708c4723e7

Download Submit
memory/2600-535-0x0000000000B20000-0x0000000000FAA000-memory.dmp

Filesize
4.5MB

Download
memory/2600-8-0x0000000000B20000-0x0000000000FAA000-memory.dmp

Filesize
4.5MB

Download
memory/2600-5-0x0000000000B20000-0x0000000000FAA000-memory.dmp

Filesize
4.5MB

Download
memory/2600-0-0x0000000000B20000-0x0000000000FAA000-memory.dmp

Filesize
4.5MB

Download
memory/2600-933-0x0000000000B20000-0x0000000000FAA000-memory.dmp

Filesize
4.5MB

Download
memory/2600-955-0x0000000000B20000-0x0000000000FAA000-memory.dmp

Filesize
4.5MB

Download
memory/4844-930-0x00007FF99CAB0000-0x00007FF99CECB000-memory.dmp

Filesize
4.1MB

Download
memory/4844-931-0x00007FF99F130000-0x00007FF99F6B5000-memory.dmp

Filesize
5.5MB

Download
memory/4844-932-0x00007FF980100000-0x00007FF981100000-memory.dmp

Filesize
16.0MB

Download