rms | 37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31

Analysis

max time kernel
144s
max time network
150s
platform
windows7_x64
resource
win7-20220414-en
submitted
18-04-2022 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
Size

4.8MB
MD5

4e0740bd0818aa0cd7d50d72bc4db2e9
SHA1

810a98b107845a1e2b3af8d387f048987142981c
SHA256

37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31
SHA512

fd057f158b4489b6271f03103e8da2a4ffe7361a85f12079ecbd8abc5246014fcbc82e0509f3b9255659e188449da351a71bd41c975f27869e5b823b6ccbc246

Score

10^/10

rms evasion rat trojan upx

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms

Executes dropped EXE 8 IoCs

pid	Process
1928	drv_install(x86).exe
1656	xpsrchv.exe
812	xpsrchv.exe
1528	xpsrchv.exe
1584	xpsrchv.exe
1164	WUDLicense.exe
1888	WUDLicense.exe
2024	WUDLicense.exe

Sets file to hidden 1 TTPs
Modifies file attributes to stop it showing in Explorer etc.
evasion

Hidden Files and Directories
T1158
Stops running service(s) 3 TTPs
evasion

Modify Existing Service
T1031

Impair Defenses
T1562

Service Stop
T1489

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00070000000139ed-89.dat	upx
behavioral1/files/0x00070000000139ed-90.dat	upx
behavioral1/files/0x00070000000139ed-92.dat	upx
behavioral1/files/0x00070000000139ed-94.dat	upx
behavioral1/files/0x00070000000139ed-95.dat	upx
behavioral1/files/0x00070000000139ed-96.dat	upx
behavioral1/files/0x00070000000139ed-98.dat	upx
behavioral1/files/0x00070000000139ed-100.dat	upx
behavioral1/files/0x00070000000139ed-101.dat	upx
behavioral1/files/0x00070000000139ed-111.dat	upx
behavioral1/files/0x00070000000139ed-109.dat	upx
behavioral1/files/0x00070000000139ed-114.dat	upx
behavioral1/files/0x00070000000139ed-113.dat	upx
behavioral1/files/0x00070000000139ed-115.dat	upx
behavioral1/files/0x0007000000013953-123.dat	upx
behavioral1/files/0x0007000000013953-124.dat	upx
behavioral1/files/0x0007000000013953-126.dat	upx
behavioral1/files/0x0007000000013953-129.dat	upx
behavioral1/files/0x0007000000013953-132.dat	upx

Loads dropped DLL 17 IoCs

pid	Process
1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
1928	drv_install(x86).exe
1928	drv_install(x86).exe
1928	drv_install(x86).exe
1928	drv_install(x86).exe
1624	cmd.exe
1656	xpsrchv.exe
1656	xpsrchv.exe
1624	cmd.exe
812	xpsrchv.exe
812	xpsrchv.exe
1624	cmd.exe
1528	xpsrchv.exe
1528	xpsrchv.exe
1584	xpsrchv.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ehome\ASCON\drv_install(x86).exe	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\WUDLicense.exe	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\xpsrchv.exe	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\SystemAPI.dat	drv_install(x86).exe
File created	C:\Windows\ehome\ASCON\webmvorbisdecoder.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\webmvorbisdecoder.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\WUDLicense.exe	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON	attrib.exe
File created	C:\Windows\ehome\ASCON\drv_install(x86).exe	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\vp8encoder.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\vp8encoder.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\webmmux.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\drv_set.reg	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\Russian.lg	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\webmvorbisencoder.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\webmvorbisencoder.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\vp8decoder.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\vp8decoder.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\webmmux.dll	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\xpsrchv.exe	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\__tmp_rar_sfx_access_check_7096516	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\Russian.lg	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File created	C:\Windows\ehome\ASCON\SystemInstall.bat	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\SystemInstall.bat	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
File opened for modification	C:\Windows\ehome\ASCON\drv_set.reg	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe

Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Kills process with taskkill 4 IoCs

evasion

pid	Process
916	taskkill.exe
1308	taskkill.exe
1096	taskkill.exe
1340	taskkill.exe

Runs .reg file with regedit 1 IoCs

pid	Process
1564	regedit.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1656	xpsrchv.exe
1656	xpsrchv.exe
1656	xpsrchv.exe
1656	xpsrchv.exe
812	xpsrchv.exe
812	xpsrchv.exe
1528	xpsrchv.exe
1528	xpsrchv.exe
1584	xpsrchv.exe
1584	xpsrchv.exe
1584	xpsrchv.exe
1584	xpsrchv.exe
1164	WUDLicense.exe

Suspicious behavior: SetClipboardViewer 1 IoCs

pid	Process
2024	WUDLicense.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	916	taskkill.exe
Token: SeDebugPrivilege	1308	taskkill.exe
Token: SeDebugPrivilege	1096	taskkill.exe
Token: SeDebugPrivilege	1340	taskkill.exe
Token: SeDebugPrivilege	1656	xpsrchv.exe
Token: SeDebugPrivilege	1528	xpsrchv.exe
Token: SeTakeOwnershipPrivilege	1584	xpsrchv.exe
Token: SeTcbPrivilege	1584	xpsrchv.exe
Token: SeTcbPrivilege	1584	xpsrchv.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1656	xpsrchv.exe
812	xpsrchv.exe
1528	xpsrchv.exe
1584	xpsrchv.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 1928	1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe	27
PID 1076 wrote to memory of 1928	1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe	27
PID 1076 wrote to memory of 1928	1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe	27
PID 1076 wrote to memory of 1928	1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe	27
PID 1076 wrote to memory of 1928	1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe	27
PID 1076 wrote to memory of 1928	1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe	27
PID 1076 wrote to memory of 1928	1076	37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe	27
PID 1928 wrote to memory of 1624	1928	drv_install(x86).exe	28
PID 1928 wrote to memory of 1624	1928	drv_install(x86).exe	28
PID 1928 wrote to memory of 1624	1928	drv_install(x86).exe	28
PID 1928 wrote to memory of 1624	1928	drv_install(x86).exe	28
PID 1928 wrote to memory of 1624	1928	drv_install(x86).exe	28
PID 1928 wrote to memory of 1624	1928	drv_install(x86).exe	28
PID 1928 wrote to memory of 1624	1928	drv_install(x86).exe	28
PID 1624 wrote to memory of 1976	1624	cmd.exe	30
PID 1624 wrote to memory of 1976	1624	cmd.exe	30
PID 1624 wrote to memory of 1976	1624	cmd.exe	30
PID 1624 wrote to memory of 1976	1624	cmd.exe	30
PID 1624 wrote to memory of 1976	1624	cmd.exe	30
PID 1624 wrote to memory of 1976	1624	cmd.exe	30
PID 1624 wrote to memory of 1976	1624	cmd.exe	30
PID 1624 wrote to memory of 1456	1624	cmd.exe	31
PID 1624 wrote to memory of 1456	1624	cmd.exe	31
PID 1624 wrote to memory of 1456	1624	cmd.exe	31
PID 1624 wrote to memory of 1456	1624	cmd.exe	31
PID 1624 wrote to memory of 1456	1624	cmd.exe	31
PID 1624 wrote to memory of 1456	1624	cmd.exe	31
PID 1624 wrote to memory of 1456	1624	cmd.exe	31
PID 1624 wrote to memory of 1860	1624	cmd.exe	32
PID 1624 wrote to memory of 1860	1624	cmd.exe	32
PID 1624 wrote to memory of 1860	1624	cmd.exe	32
PID 1624 wrote to memory of 1860	1624	cmd.exe	32
PID 1624 wrote to memory of 1860	1624	cmd.exe	32
PID 1624 wrote to memory of 1860	1624	cmd.exe	32
PID 1624 wrote to memory of 1860	1624	cmd.exe	32
PID 1624 wrote to memory of 1704	1624	cmd.exe	33
PID 1624 wrote to memory of 1704	1624	cmd.exe	33
PID 1624 wrote to memory of 1704	1624	cmd.exe	33
PID 1624 wrote to memory of 1704	1624	cmd.exe	33
PID 1624 wrote to memory of 1704	1624	cmd.exe	33
PID 1624 wrote to memory of 1704	1624	cmd.exe	33
PID 1624 wrote to memory of 1704	1624	cmd.exe	33
PID 1624 wrote to memory of 1728	1624	cmd.exe	34
PID 1624 wrote to memory of 1728	1624	cmd.exe	34
PID 1624 wrote to memory of 1728	1624	cmd.exe	34
PID 1624 wrote to memory of 1728	1624	cmd.exe	34
PID 1624 wrote to memory of 1728	1624	cmd.exe	34
PID 1624 wrote to memory of 1728	1624	cmd.exe	34
PID 1624 wrote to memory of 1728	1624	cmd.exe	34
PID 1624 wrote to memory of 916	1624	cmd.exe	35
PID 1624 wrote to memory of 916	1624	cmd.exe	35
PID 1624 wrote to memory of 916	1624	cmd.exe	35
PID 1624 wrote to memory of 916	1624	cmd.exe	35
PID 1624 wrote to memory of 916	1624	cmd.exe	35
PID 1624 wrote to memory of 916	1624	cmd.exe	35
PID 1624 wrote to memory of 916	1624	cmd.exe	35
PID 1624 wrote to memory of 1308	1624	cmd.exe	37
PID 1624 wrote to memory of 1308	1624	cmd.exe	37
PID 1624 wrote to memory of 1308	1624	cmd.exe	37
PID 1624 wrote to memory of 1308	1624	cmd.exe	37
PID 1624 wrote to memory of 1308	1624	cmd.exe	37
PID 1624 wrote to memory of 1308	1624	cmd.exe	37
PID 1624 wrote to memory of 1308	1624	cmd.exe	37
PID 1624 wrote to memory of 1096	1624	cmd.exe	38

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
1976	attrib.exe

C:\Users\Admin\AppData\Local\Temp\37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe
"C:\Users\Admin\AppData\Local\Temp\37786e00b92e5c4444c0d7d3f46ee0c6c25bfdf88f96323f40b46836b4952d31.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\ehome\ASCON\drv_install(x86).exe
  "C:\Windows\ehome\ASCON\drv_install(x86).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1928
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Windows\ehome\ASCON\SystemInstall.bat" "
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +s +h "C:\Windows\ehome\ASCON"
      4⤵
      Drops file in Windows directory
      Views/modifies file attributes
      PID:1976
  - - C:\Windows\SysWOW64\sc.exe
      sc stop AdobeReader
      4⤵
      PID:1456
  - - C:\Windows\SysWOW64\sc.exe
      sc stop RManService
      4⤵
      PID:1860
  - - C:\Windows\SysWOW64\sc.exe
      sc delete AdobeReader
      4⤵
      PID:1704
  - - C:\Windows\SysWOW64\sc.exe
      sc delete RManService
      4⤵
      PID:1728
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im rfusclient.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im rutserv.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1308
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im WUDLicense.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1096
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im xpsrchv.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1340
  - - C:\Windows\SysWOW64\reg.exe
      reg delete "HKLM\SYSTEM\Hardware System\DeviceXPS" /f
      4⤵
      PID:836
  - - C:\Windows\ehome\ASCON\xpsrchv.exe
      "C:\Windows\ehome\ASCON\xpsrchv.exe" /silentinstall
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1656
  - - C:\Windows\ehome\ASCON\xpsrchv.exe
      "C:\Windows\ehome\ASCON\xpsrchv.exe" /firewall
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:812
  - - C:\Windows\SysWOW64\regedit.exe
      regedit /s "C:\Windows\ehome\ASCON\drv_set.reg"
      4⤵
      Runs .reg file with regedit
      PID:1564
  - - C:\Windows\SysWOW64\sc.exe
      sc failure WUDLicense reset= 0 actions= restart/1000/restart/1000/restart/1000
      4⤵
      PID:1680
  - - C:\Windows\SysWOW64\sc.exe
      sc config WUDLicense obj= LocalSystem type= interact type= own
      4⤵
      PID:1808
  - - C:\Windows\ehome\ASCON\xpsrchv.exe
      "C:\Windows\ehome\ASCON\xpsrchv.exe" /start
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1528

C:\Windows\ehome\ASCON\xpsrchv.exe
C:\Windows\ehome\ASCON\xpsrchv.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1584
- C:\Windows\ehome\ASCON\WUDLicense.exe
  C:\Windows\ehome\ASCON\WUDLicense.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1164
- - C:\Windows\ehome\ASCON\WUDLicense.exe
    C:\Windows\ehome\ASCON\WUDLicense.exe /tray
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: SetClipboardViewer
    PID:2024
- C:\Windows\ehome\ASCON\WUDLicense.exe
  C:\Windows\ehome\ASCON\WUDLicense.exe /tray
  2⤵
  - Executes dropped EXE
  PID:1888

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Impair Defenses

T1562

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\ehome\ASCON\Russian.lg

Filesize
48KB

MD5
e44e34bc285b709f08f967325d9c8be1

SHA1
e73f05c6a980ec9d006930c5343955f89579b409

SHA256
1d99a7b5f7b3daa61fa773972b1e335aa09b92411484f6ddc99d2b2894455a5b

SHA512
576b292b6e9cf022822443e050994462a6cbd9a3c60063bae9f54c78a84e75e17bb5eddf7e259a22a9d93f757cb6536c503762e2a30e75091e40c2756cde8727

Download Submit
C:\Windows\ehome\ASCON\SystemInstall.bat

Filesize
744B

MD5
c7a1b5b843094dc26cc706be17653e9a

SHA1
8fcf9a42c1ea48557fce03c731c3e197303f407f

SHA256
059c65efe42cc3e0d847157747d07f6d0ad2c32e7bf653e7325fb8531783b9c8

SHA512
9598082cc3ad5836d1c7cbf3101405ac96adcd05abd58c4cdb3b59ed22fe0cdf228edf20b946ad5fa3dcaecf7d27f63f1da3d26e920a1810ff00da53bb5236d2

Download Submit
C:\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
C:\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
C:\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
C:\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
C:\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
C:\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
C:\Windows\ehome\ASCON\drv_set.reg

Filesize
12KB

MD5
549cf43073d9edb36ab2d624fce43d71

SHA1
50fec07a156c83e3009b394b042db44d9e575ec0

SHA256
398b2e5c3bdd4079b8e5a7bf1712dbbdc685c650ccef0d7fde4bd66c91dd9c77

SHA512
4395b64b65abb1218ad755a6c9a55f5e105d93758e5b4029a59dffd742a89d7908255a27c48cfb2ca2bc49a680e506c88af1e38db4399e8241a4e49ba027b8a9

Download Submit
C:\Windows\ehome\ASCON\vp8decoder.dll

Filesize
378KB

MD5
d43fa82fab5337ce20ad14650085c5d9

SHA1
678aa092075ff65b6815ffc2d8fdc23af8425981

SHA256
c022958429edd94bfe31f2eacfe24ff6b45d6f12747725c449a36116373de03b

SHA512
103e61a9f58df03316676a074487e50ec518479c11068df3736df139b85c7671048c65bce0ef2c55b3c50c61fde54e9e6c7d1b795aea71263ae94c91d4874e0d

Download Submit
C:\Windows\ehome\ASCON\vp8encoder.dll

Filesize
1.6MB

MD5
dab4646806dfca6d0e0b4d80fa9209d6

SHA1
8244dfe22ec2090eee89dad103e6b2002059d16a

SHA256
cb6ef96d3a66ef08ec2c8640b751a52d6d4f4530cf01162a69966f0fd5153587

SHA512
aa5eb93bf23a10de797d6fb52a55a95d36bc48927c76fedd81e0c48872745cb7f7d1b3f230eaae42fd4e79b6a59ca707e56bd6963b03644cbd5984f11e98d6e7

Download Submit
C:\Windows\ehome\ASCON\webmmux.dll

Filesize
258KB

MD5
9581f7064028a782182e8a4411e9afa5

SHA1
9356d9f62fc38a1150c3cad556b2a531cd7d430b

SHA256
320a23db8d34bd2628078903d4496d4b9320d50c13d11283f77a8c3b9ec36698

SHA512
01c5a711bd0d7cea5cae906c163b7a98c3b09b8ce5a5b52f096d806e20d7f28fe3e174eb6ba8ff630b870b1cea3d9d72905227a989d70e312d79b55644e6442c

Download Submit
C:\Windows\ehome\ASCON\webmvorbisdecoder.dll

Filesize
363KB

MD5
ec59d88c3ebda7c2ce36dcdbe4c67e5b

SHA1
8b01a5730ebda5729a57d97abec1de00c7cf0218

SHA256
54b661f2d55f5cafccd7aca334efb89e908b3f19e3e35c9aa661221b31ec60e3

SHA512
46963b390affcb1f6e5d42ae4f4a67a453d9048e8f8b825bb543a1c2031f1ece07d2f295d30eff51a6624bf096e0d10f8ba8d6516b28e63926f214eb7d7e5b84

Download Submit
C:\Windows\ehome\ASCON\webmvorbisencoder.dll

Filesize
858KB

MD5
12eba58e4c0450ccb2d9fdce22255d09

SHA1
1f88ce0834e0bcf0f61ed0557204ef05dd577b1e

SHA256
c80464f71b46411b01962b6095acd6eb2ed09ad8d6eb0a67840826a6297823b2

SHA512
08f999aeb55968de3dacb560a25174e5a1c29eb2ea95a6fc8f770c10369263e2f8cea525f93c89a0e03954ff1221b4486641fc9a892d53a8857e9cf441ec05d4

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
memory/1076-54-0x00000000756A1000-0x00000000756A3000-memory.dmp

Filesize
8KB

Download