rms | 3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f

Analysis

max time kernel
143s
max time network
154s
platform
windows7_x64
resource
win7-20220414-en
submitted
03-07-2022 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
Size

4.8MB
MD5

aa631cb4aa034b7ab6898b238fd14afe
SHA1

2b3aab346fa40df68e3ccd7bd50d7fb1c0ac4c14
SHA256

3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f
SHA512

2205a82bd3e3d2438d5f78432eba0d9bc7fe281307594e41a14e8a514ce26242762207374c8591238d1d67c7fe6625cb6fc18b6b40cf36be8be9ca01cba077b0

Score

10^/10

rms evasion rat trojan upx

Malware Config

Signatures

RMS
Remote Manipulator System (RMS) is a remote access tool developed by Russian organization TektonIT.
trojan rat rms

Executes dropped EXE 8 IoCs

pid	Process
1536	drv_install(x86).exe
1952	xpsrchv.exe
960	xpsrchv.exe
864	xpsrchv.exe
1560	xpsrchv.exe
1452	WUDLicense.exe
568	WUDLicense.exe
1600	WUDLicense.exe

Sets file to hidden 1 TTPs 1 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1158

pid	Process
884	attrib.exe

Stops running service(s) 3 TTPs
evasion

Modify Existing Service
T1031

Impair Defenses
T1562

Service Stop
T1489

UPX packed file 31 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000600000001432a-90.dat	upx
behavioral1/files/0x000600000001432a-89.dat	upx
behavioral1/files/0x000600000001432a-92.dat	upx
behavioral1/files/0x000600000001432a-94.dat	upx
behavioral1/files/0x000600000001432a-95.dat	upx
behavioral1/memory/1952-96-0x0000000000400000-0x0000000000AAA000-memory.dmp	upx
behavioral1/files/0x000600000001432a-99.dat	upx
behavioral1/files/0x000600000001432a-97.dat	upx
behavioral1/files/0x000600000001432a-102.dat	upx
behavioral1/files/0x000600000001432a-101.dat	upx
behavioral1/memory/960-105-0x0000000000400000-0x0000000000AAA000-memory.dmp	upx
behavioral1/memory/960-107-0x0000000000400000-0x0000000000AAA000-memory.dmp	upx
behavioral1/files/0x000600000001432a-115.dat	upx
behavioral1/files/0x000600000001432a-117.dat	upx
behavioral1/files/0x000600000001432a-119.dat	upx
behavioral1/files/0x000600000001432a-120.dat	upx
behavioral1/files/0x000600000001432a-121.dat	upx
behavioral1/memory/864-123-0x0000000000400000-0x0000000000AAA000-memory.dmp	upx
behavioral1/memory/1560-126-0x0000000000400000-0x0000000000AAA000-memory.dmp	upx
behavioral1/files/0x00060000000142d6-133.dat	upx
behavioral1/files/0x00060000000142d6-134.dat	upx
behavioral1/files/0x00060000000142d6-136.dat	upx
behavioral1/memory/864-139-0x0000000000400000-0x0000000000AAA000-memory.dmp	upx
behavioral1/files/0x00060000000142d6-140.dat	upx
behavioral1/memory/1452-143-0x0000000000400000-0x00000000009BD000-memory.dmp	upx
behavioral1/memory/568-144-0x0000000000400000-0x00000000009BD000-memory.dmp	upx
behavioral1/files/0x00060000000142d6-146.dat	upx
behavioral1/memory/1600-148-0x0000000000400000-0x00000000009BD000-memory.dmp	upx
behavioral1/memory/1560-150-0x0000000000400000-0x0000000000AAA000-memory.dmp	upx
behavioral1/memory/1452-151-0x0000000000400000-0x00000000009BD000-memory.dmp	upx
behavioral1/memory/568-153-0x0000000000400000-0x00000000009BD000-memory.dmp	upx

Loads dropped DLL 17 IoCs

pid	Process
1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
1536	drv_install(x86).exe
1536	drv_install(x86).exe
1536	drv_install(x86).exe
1536	drv_install(x86).exe
1480	cmd.exe
1952	xpsrchv.exe
1952	xpsrchv.exe
1480	cmd.exe
960	xpsrchv.exe
960	xpsrchv.exe
1480	cmd.exe
864	xpsrchv.exe
864	xpsrchv.exe
1560	xpsrchv.exe

Drops file in Windows directory 26 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ehome\ASCON	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\Russian.lg	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\SystemInstall.bat	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\vp8encoder.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\webmmux.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\xpsrchv.exe	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\drv_install(x86).exe	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\vp8decoder.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\vp8encoder.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\WUDLicense.exe	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\xpsrchv.exe	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\drv_install(x86).exe	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\vp8decoder.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\webmvorbisencoder.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\SystemAPI.dat	drv_install(x86).exe
File opened for modification	C:\Windows\ehome\ASCON	attrib.exe
File created	C:\Windows\ehome\ASCON\WUDLicense.exe	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\__tmp_rar_sfx_access_check_7108045	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\Russian.lg	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\SystemInstall.bat	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\webmmux.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\webmvorbisdecoder.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\webmvorbisdecoder.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\webmvorbisencoder.dll	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File created	C:\Windows\ehome\ASCON\drv_set.reg	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
File opened for modification	C:\Windows\ehome\ASCON\drv_set.reg	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe

Launches sc.exe 6 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1596	sc.exe
916	sc.exe
572	sc.exe
1960	sc.exe
2032	sc.exe
568	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Kills process with taskkill 4 IoCs

evasion

pid	Process
1824	taskkill.exe
1832	taskkill.exe
1672	taskkill.exe
1204	taskkill.exe

Runs .reg file with regedit 1 IoCs

pid	Process
1332	regedit.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
1952	xpsrchv.exe
1952	xpsrchv.exe
1952	xpsrchv.exe
1952	xpsrchv.exe
960	xpsrchv.exe
960	xpsrchv.exe
864	xpsrchv.exe
864	xpsrchv.exe
1560	xpsrchv.exe
1560	xpsrchv.exe
1560	xpsrchv.exe
1560	xpsrchv.exe
1452	WUDLicense.exe

Suspicious behavior: SetClipboardViewer 1 IoCs

pid	Process
1600	WUDLicense.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1824	taskkill.exe
Token: SeDebugPrivilege	1832	taskkill.exe
Token: SeDebugPrivilege	1672	taskkill.exe
Token: SeDebugPrivilege	1204	taskkill.exe
Token: SeDebugPrivilege	1952	xpsrchv.exe
Token: SeDebugPrivilege	864	xpsrchv.exe
Token: SeTakeOwnershipPrivilege	1560	xpsrchv.exe
Token: SeTcbPrivilege	1560	xpsrchv.exe
Token: SeTcbPrivilege	1560	xpsrchv.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1952	xpsrchv.exe
960	xpsrchv.exe
864	xpsrchv.exe
1560	xpsrchv.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1536	1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe	27
PID 1276 wrote to memory of 1536	1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe	27
PID 1276 wrote to memory of 1536	1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe	27
PID 1276 wrote to memory of 1536	1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe	27
PID 1276 wrote to memory of 1536	1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe	27
PID 1276 wrote to memory of 1536	1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe	27
PID 1276 wrote to memory of 1536	1276	3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe	27
PID 1536 wrote to memory of 1480	1536	drv_install(x86).exe	28
PID 1536 wrote to memory of 1480	1536	drv_install(x86).exe	28
PID 1536 wrote to memory of 1480	1536	drv_install(x86).exe	28
PID 1536 wrote to memory of 1480	1536	drv_install(x86).exe	28
PID 1536 wrote to memory of 1480	1536	drv_install(x86).exe	28
PID 1536 wrote to memory of 1480	1536	drv_install(x86).exe	28
PID 1536 wrote to memory of 1480	1536	drv_install(x86).exe	28
PID 1480 wrote to memory of 884	1480	cmd.exe	30
PID 1480 wrote to memory of 884	1480	cmd.exe	30
PID 1480 wrote to memory of 884	1480	cmd.exe	30
PID 1480 wrote to memory of 884	1480	cmd.exe	30
PID 1480 wrote to memory of 884	1480	cmd.exe	30
PID 1480 wrote to memory of 884	1480	cmd.exe	30
PID 1480 wrote to memory of 884	1480	cmd.exe	30
PID 1480 wrote to memory of 2032	1480	cmd.exe	31
PID 1480 wrote to memory of 2032	1480	cmd.exe	31
PID 1480 wrote to memory of 2032	1480	cmd.exe	31
PID 1480 wrote to memory of 2032	1480	cmd.exe	31
PID 1480 wrote to memory of 2032	1480	cmd.exe	31
PID 1480 wrote to memory of 2032	1480	cmd.exe	31
PID 1480 wrote to memory of 2032	1480	cmd.exe	31
PID 1480 wrote to memory of 568	1480	cmd.exe	32
PID 1480 wrote to memory of 568	1480	cmd.exe	32
PID 1480 wrote to memory of 568	1480	cmd.exe	32
PID 1480 wrote to memory of 568	1480	cmd.exe	32
PID 1480 wrote to memory of 568	1480	cmd.exe	32
PID 1480 wrote to memory of 568	1480	cmd.exe	32
PID 1480 wrote to memory of 568	1480	cmd.exe	32
PID 1480 wrote to memory of 1596	1480	cmd.exe	33
PID 1480 wrote to memory of 1596	1480	cmd.exe	33
PID 1480 wrote to memory of 1596	1480	cmd.exe	33
PID 1480 wrote to memory of 1596	1480	cmd.exe	33
PID 1480 wrote to memory of 1596	1480	cmd.exe	33
PID 1480 wrote to memory of 1596	1480	cmd.exe	33
PID 1480 wrote to memory of 1596	1480	cmd.exe	33
PID 1480 wrote to memory of 916	1480	cmd.exe	34
PID 1480 wrote to memory of 916	1480	cmd.exe	34
PID 1480 wrote to memory of 916	1480	cmd.exe	34
PID 1480 wrote to memory of 916	1480	cmd.exe	34
PID 1480 wrote to memory of 916	1480	cmd.exe	34
PID 1480 wrote to memory of 916	1480	cmd.exe	34
PID 1480 wrote to memory of 916	1480	cmd.exe	34
PID 1480 wrote to memory of 1824	1480	cmd.exe	35
PID 1480 wrote to memory of 1824	1480	cmd.exe	35
PID 1480 wrote to memory of 1824	1480	cmd.exe	35
PID 1480 wrote to memory of 1824	1480	cmd.exe	35
PID 1480 wrote to memory of 1824	1480	cmd.exe	35
PID 1480 wrote to memory of 1824	1480	cmd.exe	35
PID 1480 wrote to memory of 1824	1480	cmd.exe	35
PID 1480 wrote to memory of 1832	1480	cmd.exe	37
PID 1480 wrote to memory of 1832	1480	cmd.exe	37
PID 1480 wrote to memory of 1832	1480	cmd.exe	37
PID 1480 wrote to memory of 1832	1480	cmd.exe	37
PID 1480 wrote to memory of 1832	1480	cmd.exe	37
PID 1480 wrote to memory of 1832	1480	cmd.exe	37
PID 1480 wrote to memory of 1832	1480	cmd.exe	37
PID 1480 wrote to memory of 1672	1480	cmd.exe	38

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
884	attrib.exe

C:\Users\Admin\AppData\Local\Temp\3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe
"C:\Users\Admin\AppData\Local\Temp\3c2c66b88b34ee69f3d8fe88171b0f4661765b99586c3780ed27ba8098deaa3f.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\ehome\ASCON\drv_install(x86).exe
  "C:\Windows\ehome\ASCON\drv_install(x86).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Windows\ehome\ASCON\SystemInstall.bat" "
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1480
  - - C:\Windows\SysWOW64\attrib.exe
      attrib +s +h "C:\Windows\ehome\ASCON"
      4⤵
      Sets file to hidden
      Drops file in Windows directory
      Views/modifies file attributes
      PID:884
  - - C:\Windows\SysWOW64\sc.exe
      sc stop AdobeReader
      4⤵
      Launches sc.exe
      PID:2032
  - - C:\Windows\SysWOW64\sc.exe
      sc stop RManService
      4⤵
      Launches sc.exe
      PID:568
  - - C:\Windows\SysWOW64\sc.exe
      sc delete AdobeReader
      4⤵
      Launches sc.exe
      PID:1596
  - - C:\Windows\SysWOW64\sc.exe
      sc delete RManService
      4⤵
      Launches sc.exe
      PID:916
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im rfusclient.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1824
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im rutserv.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1832
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im WUDLicense.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1672
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /im xpsrchv.exe /f
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:1204
  - - C:\Windows\SysWOW64\reg.exe
      reg delete "HKLM\SYSTEM\Hardware System\DeviceXPS" /f
      4⤵
      PID:1644
  - - C:\Windows\ehome\ASCON\xpsrchv.exe
      "C:\Windows\ehome\ASCON\xpsrchv.exe" /silentinstall
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1952
  - - C:\Windows\ehome\ASCON\xpsrchv.exe
      "C:\Windows\ehome\ASCON\xpsrchv.exe" /firewall
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:960
  - - C:\Windows\SysWOW64\regedit.exe
      regedit /s "C:\Windows\ehome\ASCON\drv_set.reg"
      4⤵
      Runs .reg file with regedit
      PID:1332
  - - C:\Windows\SysWOW64\sc.exe
      sc failure WUDLicense reset= 0 actions= restart/1000/restart/1000/restart/1000
      4⤵
      Launches sc.exe
      PID:572
  - - C:\Windows\SysWOW64\sc.exe
      sc config WUDLicense obj= LocalSystem type= interact type= own
      4⤵
      Launches sc.exe
      PID:1960
  - - C:\Windows\ehome\ASCON\xpsrchv.exe
      "C:\Windows\ehome\ASCON\xpsrchv.exe" /start
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:864

C:\Windows\ehome\ASCON\xpsrchv.exe
C:\Windows\ehome\ASCON\xpsrchv.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1560
- C:\Windows\ehome\ASCON\WUDLicense.exe
  C:\Windows\ehome\ASCON\WUDLicense.exe
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1452
- - C:\Windows\ehome\ASCON\WUDLicense.exe
    C:\Windows\ehome\ASCON\WUDLicense.exe /tray
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: SetClipboardViewer
    PID:1600
- C:\Windows\ehome\ASCON\WUDLicense.exe
  C:\Windows\ehome\ASCON\WUDLicense.exe /tray
  2⤵
  - Executes dropped EXE
  PID:568

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Impair Defenses

T1562

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\ehome\ASCON\Russian.lg

Filesize
48KB

MD5
e44e34bc285b709f08f967325d9c8be1

SHA1
e73f05c6a980ec9d006930c5343955f89579b409

SHA256
1d99a7b5f7b3daa61fa773972b1e335aa09b92411484f6ddc99d2b2894455a5b

SHA512
576b292b6e9cf022822443e050994462a6cbd9a3c60063bae9f54c78a84e75e17bb5eddf7e259a22a9d93f757cb6536c503762e2a30e75091e40c2756cde8727

Download Submit
C:\Windows\ehome\ASCON\SystemInstall.bat

Filesize
744B

MD5
c7a1b5b843094dc26cc706be17653e9a

SHA1
8fcf9a42c1ea48557fce03c731c3e197303f407f

SHA256
059c65efe42cc3e0d847157747d07f6d0ad2c32e7bf653e7325fb8531783b9c8

SHA512
9598082cc3ad5836d1c7cbf3101405ac96adcd05abd58c4cdb3b59ed22fe0cdf228edf20b946ad5fa3dcaecf7d27f63f1da3d26e920a1810ff00da53bb5236d2

Download Submit
C:\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
C:\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
C:\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
C:\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
C:\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
C:\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
C:\Windows\ehome\ASCON\drv_set.reg

Filesize
12KB

MD5
e44473729c90f5c856de475cdc137df1

SHA1
c835c3949e6a333c54c1c013616e09cdf8acaea8

SHA256
95cc6adeca1eafd60551801fe8c884732f4a6271a232c0d1decf943ee460e65c

SHA512
7dc925ff392c1e3d9a37108206ab578652c7e4330b3f2037c4c52b6d9942ce863beccad48ab3b6bbc7d66cc82b4d420538d9434b961e0024d7d3ce26d7e95192

Download Submit
C:\Windows\ehome\ASCON\vp8decoder.dll

Filesize
378KB

MD5
d43fa82fab5337ce20ad14650085c5d9

SHA1
678aa092075ff65b6815ffc2d8fdc23af8425981

SHA256
c022958429edd94bfe31f2eacfe24ff6b45d6f12747725c449a36116373de03b

SHA512
103e61a9f58df03316676a074487e50ec518479c11068df3736df139b85c7671048c65bce0ef2c55b3c50c61fde54e9e6c7d1b795aea71263ae94c91d4874e0d

Download Submit
C:\Windows\ehome\ASCON\vp8encoder.dll

Filesize
1.6MB

MD5
dab4646806dfca6d0e0b4d80fa9209d6

SHA1
8244dfe22ec2090eee89dad103e6b2002059d16a

SHA256
cb6ef96d3a66ef08ec2c8640b751a52d6d4f4530cf01162a69966f0fd5153587

SHA512
aa5eb93bf23a10de797d6fb52a55a95d36bc48927c76fedd81e0c48872745cb7f7d1b3f230eaae42fd4e79b6a59ca707e56bd6963b03644cbd5984f11e98d6e7

Download Submit
C:\Windows\ehome\ASCON\webmmux.dll

Filesize
258KB

MD5
9581f7064028a782182e8a4411e9afa5

SHA1
9356d9f62fc38a1150c3cad556b2a531cd7d430b

SHA256
320a23db8d34bd2628078903d4496d4b9320d50c13d11283f77a8c3b9ec36698

SHA512
01c5a711bd0d7cea5cae906c163b7a98c3b09b8ce5a5b52f096d806e20d7f28fe3e174eb6ba8ff630b870b1cea3d9d72905227a989d70e312d79b55644e6442c

Download Submit
C:\Windows\ehome\ASCON\webmvorbisdecoder.dll

Filesize
363KB

MD5
ec59d88c3ebda7c2ce36dcdbe4c67e5b

SHA1
8b01a5730ebda5729a57d97abec1de00c7cf0218

SHA256
54b661f2d55f5cafccd7aca334efb89e908b3f19e3e35c9aa661221b31ec60e3

SHA512
46963b390affcb1f6e5d42ae4f4a67a453d9048e8f8b825bb543a1c2031f1ece07d2f295d30eff51a6624bf096e0d10f8ba8d6516b28e63926f214eb7d7e5b84

Download Submit
C:\Windows\ehome\ASCON\webmvorbisencoder.dll

Filesize
858KB

MD5
12eba58e4c0450ccb2d9fdce22255d09

SHA1
1f88ce0834e0bcf0f61ed0557204ef05dd577b1e

SHA256
c80464f71b46411b01962b6095acd6eb2ed09ad8d6eb0a67840826a6297823b2

SHA512
08f999aeb55968de3dacb560a25174e5a1c29eb2ea95a6fc8f770c10369263e2f8cea525f93c89a0e03954ff1221b4486641fc9a892d53a8857e9cf441ec05d4

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
C:\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\WUDLicense.exe

Filesize
1.5MB

MD5
64f12becc50082532cd14498bd496a76

SHA1
a13356f88919f79fd5381eef3dd9e0b2d964a03e

SHA256
275328321b16562004a291bd7a886bcb52b3ded86ba9e146d212ca8e2296b6a9

SHA512
81fcf12028c1aa266d4158895fdbff1b29e05124749bd45e1748994ef9921bd22e721a6f3a745866b71fea2a7b24488f5d956b22db4e7d0a2203d2ede1dacd59

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\drv_install(x86).exe

Filesize
401KB

MD5
a8f7d6a03fe2b4a496368be6de61e4de

SHA1
20c7ebc1285fe9e2d0912a78914f41c5b832bc13

SHA256
a302b3f215917d955b9d3eecb248a530675a5b7680e89e3ce986f0e6ba095cff

SHA512
3ecdb8a61bff9904ca19f7078709d32099becbb8820bfd46d8af4a6001e59768fccbc311cfd98c8525fbd3b1390c16fa4e9c992f50b5715721c8cf236f8a15eb

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
\Windows\ehome\ASCON\xpsrchv.exe

Filesize
1.7MB

MD5
4dc099cee622d4269283da9259f0020f

SHA1
8af35092e8e562584c108bd401096e7ad4af83fe

SHA256
9e2b15926960c4c2ccc8850157e93675e827d417c6d4d3066d855efbdb78011e

SHA512
71cb1f8059e2e7f8679a22c3504148ac91ceb56d6d85f9cb7a6fe3346a098f992a71ed721b4d73e7dd784beed42e5bbd3dd61299c22071b6236a0db2aaf9e006

Download Submit
memory/568-144-0x0000000000400000-0x00000000009BD000-memory.dmp

Filesize
5.7MB

Download
memory/568-153-0x0000000000400000-0x00000000009BD000-memory.dmp

Filesize
5.7MB

Download
memory/864-125-0x0000000001580000-0x0000000001C2A000-memory.dmp

Filesize
6.7MB

Download
memory/864-124-0x0000000001580000-0x0000000001C2A000-memory.dmp

Filesize
6.7MB

Download
memory/864-139-0x0000000000400000-0x0000000000AAA000-memory.dmp

Filesize
6.7MB

Download
memory/864-123-0x0000000000400000-0x0000000000AAA000-memory.dmp

Filesize
6.7MB

Download
memory/864-149-0x0000000001580000-0x0000000001C2A000-memory.dmp

Filesize
6.7MB

Download
memory/960-106-0x0000000001220000-0x00000000018CA000-memory.dmp

Filesize
6.7MB

Download
memory/960-107-0x0000000000400000-0x0000000000AAA000-memory.dmp

Filesize
6.7MB

Download
memory/960-105-0x0000000000400000-0x0000000000AAA000-memory.dmp

Filesize
6.7MB

Download
memory/1276-54-0x00000000756E1000-0x00000000756E3000-memory.dmp

Filesize
8KB

Download
memory/1452-151-0x0000000000400000-0x00000000009BD000-memory.dmp

Filesize
5.7MB

Download
memory/1452-143-0x0000000000400000-0x00000000009BD000-memory.dmp

Filesize
5.7MB

Download
memory/1480-104-0x0000000002510000-0x0000000002BBA000-memory.dmp

Filesize
6.7MB

Download
memory/1480-103-0x0000000002510000-0x0000000002BBA000-memory.dmp

Filesize
6.7MB

Download
memory/1560-152-0x0000000002980000-0x0000000002F3D000-memory.dmp

Filesize
5.7MB

Download
memory/1560-150-0x0000000000400000-0x0000000000AAA000-memory.dmp

Filesize
6.7MB

Download
memory/1560-142-0x0000000002980000-0x0000000002F3D000-memory.dmp

Filesize
5.7MB

Download
memory/1560-126-0x0000000000400000-0x0000000000AAA000-memory.dmp

Filesize
6.7MB

Download
memory/1600-148-0x0000000000400000-0x00000000009BD000-memory.dmp

Filesize
5.7MB

Download
memory/1952-96-0x0000000000400000-0x0000000000AAA000-memory.dmp

Filesize
6.7MB

Download