1837fc18d5b779a7b47bb9163a7c93c995a7c814c2b38cc16a0cf2419bf8d2d1

Analysis

max time kernel
133s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HousecallLauncher64.exe
Size

3.5MB
MD5

418e07b780152848328a5157f6ab9f1a
SHA1

0f9fc8d36792ddac8a4b5b121665206719e7aad2
SHA256

1837fc18d5b779a7b47bb9163a7c93c995a7c814c2b38cc16a0cf2419bf8d2d1
SHA512

fdac16d696fffecb955188d020baaef8ab0b8ae41f418cfba2f90a7a0d0cfc8a56e1ec0941b20e3bd3f9f1defe66d93e2b327eb9b746a8e7ef705178e52682fc
SSDEEP

49152:8gJfAqJHqm4ekAKxJpmssTBSg1L0xQsUAinAqriB19QwP5Sd4B24uQ2Mss/pDsAu:8gCmZHJoWJ2oAqWBvQTETRWL

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

Processes:

hcpackage64.exe.tmpsetup.exehousecall.binHousecallLauncher64.exepatch64.exe

description	ioc	process
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\bg_step.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\tray\HouseCallTray.exe	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\atse64.dll	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\css\settingtab.css	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\License.txt	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-en.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\TisEzIns.exe	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\config.xml	setup.exe
File created	C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\2\1073872896\tscdll64.dll	setup.exe
File created	C:\Program Files\Trend Micro\HouseCall\pattern\ptn$agg.102	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\HouseCallX.exe	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\tmfbeng.dll	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\hc_core.dll	housecall.bin
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tray\ui\js\common.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HCBackup\hcversion64.xml.tmp	setup.exe
File created	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-el.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\housecall.xml	housecall.bin
File opened for modification	C:\Program Files\Trend Micro\7zS0E3B4E07\AU\ciussi64.dll	HousecallLauncher64.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-nl.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag	setup.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\ico_settings.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\housecall800.cert	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\pattern\icrc$oth.219	patch64.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\css\images\ui-icons_cd0a0a_256x240.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip	setup.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tray\ui\css\reset.css	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-tr.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\smv64.dll	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\3\1082130432\tmwlchk.ptn	setup.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\bg_console.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\js\settings.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\pattern\tsc.ptn	patch64.exe
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\img_hclogo_96.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\js\tabcontent.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\ic_trendmicro_logo.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\js\restore_threats.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\README.txt	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\icon_feedback.gif	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tray\ui\images\BTN_red_s.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip.etag	setup.exe
File created	C:\Program Files\Trend Micro\7zS0E3B4E07\libeay32.dll	HousecallLauncher64.exe
File created	C:\Program Files\Trend Micro\HouseCall\interface\l10n\eula_content.html	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\discount.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\icon_setting.gif	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\curl-ca-bundle.crt	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini	patch64.exe
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tray\ui\css\style.css	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-cs.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\icon_log.gif	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\tray\ui\jquery\jquery-ui-1.8.24.custom.min.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tscdll64.dll	patch64.exe
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\bg_inputbox_l.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-fi.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tray\ui\jquery\jquery-bgiframe-2.1.1.min.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\tmwlutil.dll	hcpackage64.exe.tmp

Executes dropped EXE 4 IoCs

Processes:

setup.exehcpackage64.exe.tmppatch64.exehousecall.bin

pid process

2188 setup.exe
3932 hcpackage64.exe.tmp
3036 patch64.exe
1896 housecall.bin

Loads dropped DLL 22 IoCs

Processes:

setup.exehousecall.bin

pid	process
2188	setup.exe
2188	setup.exe
2188	setup.exe
2188	setup.exe
2188	setup.exe
2188	setup.exe
2188	setup.exe
2188	setup.exe
2188	setup.exe
2188	setup.exe
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin
1896	housecall.bin

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	setup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

setup.exe

pid process

2188 setup.exe
2188 setup.exe
2188 setup.exe
2188 setup.exe
2188 setup.exe
2188 setup.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

housecall.bin

pid process

1896 housecall.bin
1896 housecall.bin

pid	process
1896	housecall.bin
1896	housecall.bin

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

HousecallLauncher64.exesetup.exe

description	pid	process	target process
PID 5088 wrote to memory of 2188	5088	HousecallLauncher64.exe	setup.exe
PID 5088 wrote to memory of 2188	5088	HousecallLauncher64.exe	setup.exe
PID 2188 wrote to memory of 3932	2188	setup.exe	hcpackage64.exe.tmp
PID 2188 wrote to memory of 3932	2188	setup.exe	hcpackage64.exe.tmp
PID 2188 wrote to memory of 3932	2188	setup.exe	hcpackage64.exe.tmp
PID 2188 wrote to memory of 3036	2188	setup.exe	patch64.exe
PID 2188 wrote to memory of 3036	2188	setup.exe	patch64.exe
PID 2188 wrote to memory of 1896	2188	setup.exe	housecall.bin
PID 2188 wrote to memory of 1896	2188	setup.exe	housecall.bin

C:\Users\Admin\AppData\Local\Temp\HousecallLauncher64.exe
"C:\Users\Admin\AppData\Local\Temp\HousecallLauncher64.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:5088

C:\Program Files\Trend Micro\7zS0E3B4E07\setup.exe
.\setup.exe
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2188

C:\Program Files\Trend Micro\HCBackup\hcpackage64.exe.tmp
exe.exe -y
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
PID:3932

C:\Program Files\Trend Micro\7zS0E3B4E07\AU\patch64.exe
"C:\Program Files\Trend Micro\7zS0E3B4E07\AU\patch64.exe" "C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924" 0
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
PID:3036

C:\Program Files\Trend Micro\HouseCall\housecall.bin
"housecall.bin" A9DAA622 FF37F33D
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1896

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
4KB

MD5
4503e22aa191b553455a787aaba264b0

SHA1
453daea5df215a0a357040eb650ab8a036269493

SHA256
d582b1f5c0d50033645bce62edc2c98112a87df42c37de9170ebc9eeb6f94968

SHA512
d2da1212e6d9f8af3542f70c02c20e6c40883708f7e9b2244ff1124d0e868cb0da14ac42cb9e4ec0f295928678e70ef6986bdc77c6ea2785bb76c0901c3c3c8f

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
11KB

MD5
ce619e272798b21ff1f482531f141960

SHA1
8f91d9df7a9349079f1dff84a2207a7fce3dc96f

SHA256
1c6cfd39c29e89b9eb21bea440ac23945f4a6e136f4fd01c942ac50fe1a8d65a

SHA512
0bf4538c35aeca9a66793d8012163247ac34c0600bfb9219a108fbf6c7938d22a785ec08bcd15dba93e0c44b23f5adb03c1bac2fc81c2c1a87323bbe58fb2629

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
25KB

MD5
f1afaee7fd83e019f190b829a45ac1d4

SHA1
5eb731429dd3649fd55c8f24c81513a291642f94

SHA256
e9a37157642d608c4c5b4d3988071d3cd033aa975eebcaad5f3e47d4d6dcd5fe

SHA512
a803e77b57d6f431b5c7c5173bd7c4e2409da9b217d578b88b5f0e769015c789a189b6574315db997c6f0a0be937204a6eb93bb297892dec43f3373fa49ee92e

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\2\1073872896\tscdll64.dll
Filesize
3.2MB

MD5
773a68df25ac20ba9678c8924871d4c4

SHA1
5e03406a025c39fb4781a63321a9dd93ddabc3a2

SHA256
b0517f7cc40557ea2d890d8ba7749ca76eb3b904de97218e278327d7d0500969

SHA512
0b9e8252c2c6bab4f4df056c1eda150229308608f29de0e47e9528ba19686c64ca670009ffd6a17827fb8b093cc66be317f0670250a018fc2ef2d64463e3d51d

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\2\536871168\BPMNT.dll
Filesize
102KB

MD5
af085509295b0bfb231aa6d22a3a4bb8

SHA1
f1c7034ee2a0a744dcb435adfa126ef32d74226b

SHA256
17a56305e48485335126b6638fdeade7cc1bf04bb2f1f685cccdc20befa21123

SHA512
5f5c9aaea16831cb7982c4a8fad4ad1d0dbe4d269e737d6006aacf1c0e87ba71ace9206f12635ea2cf6421b07312a65e1d5a5edc6bc5dbb783e81bbff11cc8b2

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\2\536871168\vsapi64.dll
Filesize
4.2MB

MD5
6f7ae6e85cdb94eca7a735901b931bbd

SHA1
a5006f02bd524ccd7f88f0f4770de4f8fd550c0a

SHA256
de40d2ac5f0efd162111a8152f8b4338eed9291976f89911b77b84b138edf5cb

SHA512
4d53a40639cd0d905f098232d91065b1cf8ad13b14a87845f9b3bd9bb76ea211867cbca2ec09990fcf9e6090ae8c1185d85a72d5e21b77fb176a4e58083271da

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\3\1082130432\tmwlchk.cat
Filesize
10KB

MD5
2c612b3764aa93e306e319e1da42bbf1

SHA1
fe8342a3779b2cd96dea46309d2b3576c997d680

SHA256
2de9bc4769514c07a8f4d89789ef526ca4cb1165b9ece39d7fb1d3cf8a6c2537

SHA512
639c2a283412f02851ec960e65b76a1ccdd8ae3c4233f04b80775f07717f9e476b1579156e854a88db6f41892211b9a8dda6ab23c8c0ebed7df1dc4d71c3b6a2

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\3\1208090624\icrc$oth.219
Filesize
4.3MB

MD5
77e3963be354d7b99a4a51fc1951c4b2

SHA1
73d59e54dc3c95919c5b4de247332aeffb9d5ea0

SHA256
347a08694b5ac90e81a611ddf56dfa237ff7e9622ce6b69b3a3a1de9d8822933

SHA512
0f55ec080d62eb88881bc855021f6f55201f347005933cd3c6f89dcbe03b55aa6a39a20b402efd31bf821ba155795057037251835421b4cb12d8b7129208983a

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\3\1208221744\HCClean.ptn
Filesize
67KB

MD5
24b98ece0b3c87cf1d3418940d73a447

SHA1
ddfd79855e95b6dfda0b76be2982d1c6152016af

SHA256
6470aa02eff45470f854ff378ecaba73928cc6c8114ba1cedab97f46a023953e

SHA512
d88edf632623029a4c3698eb231f166a76a808b74dc2aadd967155388da8c46fbe215cc196762358e287f05a01ae5ab01b43cb77fab147aaefb9256eff71ee8e

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\3\1208221744\ptn$agg.999
Filesize
99KB

MD5
6eeaa78e1f4bee86af9614d49f6cc4ce

SHA1
849b11fa6e68a6fa7505c27fb4c44fae13b3e0aa

SHA256
19b8632699bddc4a79cce8a7e314b3a8bb78f4a035904f22e3c8ea90aee24041

SHA512
b711b7f72bbc295bcd112a8b946da5288c9765be2ce53ae00007da11d718e532ce30929e7e72be1dca997994699c7ed7004267f6a1057a2eda6ddbe46147de33

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\3\2048\tsc.ptn
Filesize
2.2MB

MD5
5bfbe067248554c3e9a98c2a2335f7e9

SHA1
ec56892815467d15219699a97f7da8ab5ac652a4

SHA256
d603f05a14c222dc5ce2df6149b33fa65201689f70ea2a70d869b34b08e03acd

SHA512
53a3162b2b369db1bbae7a4b5fb162b4421f66a6ed44646359c25e521b59b3cb133141b1700336edf5bc2d0e812cbacbd14fcd26a5ef6a3a8f27ef8a4100de9c

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\AuPatch.ini
Filesize
2KB

MD5
9eb316b71c206cdf49382e1201e92c24

SHA1
fd0914b586d212974a72e6d0a33f2b54972baeac

SHA256
8a29767ef601d1c02cef31af6659210d7c9b765c9b262808e925cd54a3c62df0

SHA512
e2446560d8913f1d59e8c7e75e0486441587b39032cbb121bf72e729e66938582aa7babede032974b3784772c144068dd0c70504f500832109a7ed09f4730513

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\AuResult.ini
Filesize
10B

MD5
31e43987691be249e68dc3135b18d329

SHA1
d6c2691d147b7662c199f420e7ec1182db2662c9

SHA256
232f2344e73ac59cfefc7972998b3cd0a4dbcee3631af2889eb5f585395dc814

SHA512
f9d022bed3ae58a19e8125d703eff48005400fae4c0640f3630dcf422661a7b4cb8a052f547755a7759fd0c685b4950680f24fc8f174b0969a4a26cf524426c6

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\AU_Data\AU_Temp\2188_3924\server.ini
Filesize
11KB

MD5
924ca331ae04c79505648731c085d6f7

SHA1
dd1d6532971943db64744b52625e168a679874e0

SHA256
c846266672d5ad7a352a04d04b15436542b37238bf5f99d033d806b2c51bbd4e

SHA512
178fb95e57a604f61204e757652ac6fad22831a752aa5fd499fb9f72b9c3f3d01404fedc077fda3e0db6c570ba9e36e9ace9d453a2b0030dd67631ffada6c855

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\GetServer.ini
Filesize
178B

MD5
8cfc333ca4e29a11b86cc03245e597c9

SHA1
025002f14e4aacd4339e01024a80441e0f26d0bd

SHA256
9d0e318a2d10dc934760909795e7e1a5c55120e501ee136362443f42ab675b88

SHA512
d18d2b21093bbc09b7a0c65c79d4590c43a769d31ce80f2095b8664cb178c0be83e8c8ce2cf123e85e35e3da19d7cd26e59e5fb6a3c5ea46581390740341ec90

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\TmUpdate64.dll
Filesize
3.6MB

MD5
b63c61906bc9aa252710cb535b47c95a

SHA1
da2303f5754a51fc87c1d74c7788fa0fdb3c025f

SHA256
a2703cd2647d6f7362ff692e904493ef5a300c82d839fd9eeaa670d66b40a7ab

SHA512
93a237547e7c0f8e5d6c0357013b3b9489dd313436d61187bf942231f09d573ce7fc8f6d7f2abba3a140d4aa184c80e5ef63e00ef32c419e5466c74d5f110849

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\aucfg.ini
Filesize
256B

MD5
af03b6da00b295f2b2dfd949b7290f53

SHA1
afa9ceadc089c98f98db3ce4856b87e1c8305285

SHA256
9808ce47e96e95c530a7b8f4afe1773c603400dc16a5085f03e44d71273e3e67

SHA512
3384635885541d65dc1ba963d72e34b653c71478ef835b80f3c1aee7d1568e9c6349e4ff1b3ba0162c41225503ee4f5c8ec5252348cc681cb0324fc31c80f31b

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\AU\patch64.exe
Filesize
1.0MB

MD5
6c552231f756555707b9aac825bac7e8

SHA1
889b760e971d5ac50c6bc69047469c8ad6266466

SHA256
b95991219d45381c2cbc8691dd7aaff710f43e66f187d3394643b075763f6a16

SHA512
7bfad529bdd2d3d50f931cb0a4180a42fbd65ce306ea834099682199c15554bc6de0620a34a4b7e5322ad4ac66df7ce95bf53f0bad8dce56f94f65bfb7e27182

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\DLConfig.xml
Filesize
1KB

MD5
0deb9afc00ea164c04e67826de4575b2

SHA1
0c045927bc96308fada0df6a36d250465ce19b24

SHA256
39fdac3a4b9e43bf1050181df2a5c659d6b7d9b4e9d919d145588c4c2fa491de

SHA512
b6f7098b600883521b3bdc6cc5d793434b1e67c00b46e83356e85dcee96985a944e38b37f8c82555948959ece14e73ccba2621115e479fc68f23b67c6bdb44bc

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\HouseCall_downloader.bmp
Filesize
250KB

MD5
50960ac419774a394710258261e2dc8b

SHA1
a7c7862392a092ba743a03dbff52b486c277dfe7

SHA256
15224bc0d04b82fba0db9ad5d7ac283ff914208b8df13e2dddc6dcdec3d127e9

SHA512
514b17583402c0f7a331e6c7478611df94bd8408d31ec49ad72abba21631538f1c2a7e8ba3190164dc29716fc367a71acac6aea58ce73286f7e1a4625ae0f99e

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\LIBEAY32.dll
Filesize
628KB

MD5
0fc9e744038f0eb3eaa05126556d714c

SHA1
ffb63fb5666312e298fc64fa918417c01e6a0b67

SHA256
318bc2410a0ed456819155dfb0a2093f43fff3962a8f4e9f6591417615914f2b

SHA512
90fe4d59df6cac1a75ae059920d7af6b2c03750cbbf31802d5b934014692d139e5e182041e62327eea1e782e15d664d6e8dba6aec25acb912f04b6cf682b962f

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\SSLEAY32.dll
Filesize
461KB

MD5
882e6ad0f22a8c9dbef86bbf780adbb9

SHA1
c3bffa785c9a660d95ae348bbd86d7737cffc203

SHA256
e8c3b487a1fabac82599f40af81449945b94b3f1228ca83594ce321664bebf89

SHA512
611d6269c5edb5ec0e37cd91aa8ae4807e18b4d4ef1b11778da86afc3d25a8eea245cb3a7cc4650528745ea2f1ad6d802cf4441ccee0af1ee459091803ad4cda

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\Setup.exe
Filesize
1.2MB

MD5
b820ff09ec68ab12e05d9734aeb5a39f

SHA1
b83859bad42a1950359b69b7bf6cd68bd0c3a203

SHA256
2dadd9f15a34755c145b370a3e179509d1ed035e94c5168ff7ec033cd2544ffe

SHA512
81a1ecd3379ab5c5ec0637a8b15ac86f891c5cecadd8405bcf1bafd034136b79f041095b72baaa312f3796534c7c4cd4e0dd3a60ef920cb2da9f40375f04a42b

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\curl-ca-bundle.crt
Filesize
253KB

MD5
c658d9f253217d3c010b830d05973bb7

SHA1
52b6b25d67f55a36ecc7524fd83e7e993c5b9c68

SHA256
193a35b6de7ee049ff512599dd4e8290dc30c2f47f9a3818ca8f273ffca683db

SHA512
8fc35429aa1f8f4ecb8ebeefb70e34999a438c4fef923e224a17f0af44c773cd974312b2cbf6bb0aece1e5ca737df6162d06646703c5694fe5e131b99250db83

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\dlstr.xml
Filesize
1KB

MD5
60e94a31fa1251d3aa133739d77fa17a

SHA1
59276cf0b05e40e35dc4df7c95d9b7ff1c28626a

SHA256
14e72cf1853bd1fdddb5a2fed569cfba4c406cd704e03f652323ec60dc7fe792

SHA512
10155e468ab8433f03865806529a42802500d45ee1deded25b0a4b1d29f1231362185911f10dcb6e441babc02299cd003abb5da96ea48d62ff240d8b83630711

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\icrc.dat
Filesize
1.0MB

MD5
8b3f88f6aec178253eb62653e1149274

SHA1
6076923fc24f1353856a11e5368640d2b43c0f7e

SHA256
02db0e84cc849b90d3f7612585a1bf4234c562eac17419cf37dbe6c80a3d8960

SHA512
a009114841003e387c9b39bac0c3ef320f707caf33fd63a4548c467ffaef28e2d1d853208bf782c23d7653de180ab83e2c1ab6cc7eb6eef1e93ed76fd9823e07

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\libcurl.dll
Filesize
603KB

MD5
2f93dfd34b562c722d9ce8b059f2768c

SHA1
497128d3cb9ee71ccc61adb414135c2c82892436

SHA256
c1ccaab383c9e3d0668c059a1b324a69e11439041a28688cacfa53627e7664dc

SHA512
73b57087ceb03cdcf6417f64e87c0a74052f8651fc9e52d233ea8a7961fc3462663d21b1ce424ca4d4960c9677f9aef367bf71c56e6b15695685628047c904b6

Download Submit
C:\Program Files\Trend Micro\7zS0E3B4E07\libeay32.dll
Filesize
540KB

MD5
ca0e0970575be3133ed5e679df5657d3

SHA1
05236f1577729220554c632665ff3f46b267a37c

SHA256
f56a5a51aeab07d7ab37afe3daa59445c2215edd69048aab4f62944d54ac7731

SHA512
d3d1d23b5c4c030073eb994c551a1d79e702fae8a6ec02678aba9cab3ead2c58746494c56dffe047f9051bd0671a2e5d7da0ea664bfbb6564bd4e001251e9ff1

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip
Filesize
161KB

MD5
b6296232d7bc80ce7275190477622b13

SHA1
0172768fe880a8f9dbfebdbe359fdbd8af9e99c1

SHA256
79f880f33cb5a3b916c63e678d3af4524d57fe77de924c9918dceed83f339ca9

SHA512
56c05a59f68a29771902b417c93d2b28a2a6d4bf39354386b51465f125892b887c9ca5bbdf5fddf20fa053fce6dcc7da18200af4a8b5becf38d254175cbd6474

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip.etag
Filesize
181B

MD5
0aa9adca6f2d761ad2d971aca52d36e7

SHA1
28da02e184d51637f48a3e44b6f51a17df98a7cd

SHA256
5c225b42422882d52ba408b387cb17828ca5d00abaf923b627d08b82ba653197

SHA512
117e4d8321d5ee0f5c398e5cabbaab37527c0498ccc234705d836cb8dd1b60e04c2ca214bdbb3945fead0dfc3b32702a52889a583a39e02988f314b3151d0025

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\dce-dll-mssign-x64-v75-1035.zip
Filesize
1.3MB

MD5
727ff30f41aa7049cf44d39a48bf002a

SHA1
ab167c1264f399d54c66d830465b2a53244833b6

SHA256
885691815690b6a58a0ed3ef6a28e57f78cbbe1181cc1a067f605722569d6c7e

SHA512
e4dc64f3ce9e43675be6d74ab70b1e142d2ba6c53036857f0ca93bdedbcc2cac82f3fa03cac2d86ca7fe5ff6db0c87f7139fe630120f4fe56ac629a48d84da0d

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\dce-dll-mssign-x64-v75-1035.zip.etag
Filesize
194B

MD5
37bf27ee081299e71615da391e65ac8a

SHA1
21f4ed8ec5ba042ee686355ba995352de62c4e47

SHA256
e912af147412a71d5697f0886a9f72c5bc67011414d85e0fc93dfc455c8f31be

SHA512
ddd5fb861a33c5b4bc9063ec160669f480cd2784154bc8de09f1ffe7918f46644ae6355f0aedcc64e2a2463b6c543069ce555cc50e9c6caaf9758fedba9312ea

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v22610-1017.zip
Filesize
1.9MB

MD5
331f1d1cdfd34cb1dc3d43f031412581

SHA1
6ebc47b8deb577d3c08281e95d41d402f82d8765

SHA256
2b59378eb556faab3a87fa08786b24c72134ba8c65284a903c00cc26a64f727e

SHA512
7ea0398a4476f48058e7ba3316c6e93f528564d039e6ae314e81e70c4e2e70b3e00fea0fcec3e965f99177f3f071db5e45501e496db6e1c6903285dd9f94df43

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v22610-1017.zip.etag
Filesize
197B

MD5
75db66e759bd77d66ad88d31e373355b

SHA1
eeaf8444d18591f5cd9db5f945874aa29077634a

SHA256
3d326f15f0082530df7fe3cdae0e5748889cdcd6813771f3253ac6a451346d99

SHA512
30098679e2e986f27603b6ed0012dc4ee495a4beb8e54fba3c021e0df16e1cd3afa496507b5781d6cb14db528e6d5094658c2d113beb71f7fa83196599cc6213

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
Filesize
2KB

MD5
4dc3555f9499a179bde2ba4462ed6fdb

SHA1
461d0b33088846f3548d3a45a363eca64e5d0106

SHA256
3bf8273ddc36752f597a6b7462c59b1858c4d7c0afc64bd4e1bdfa6ef2c52c4c

SHA512
b145981a366ee2065154d089994d253b657e3af4a9f1ab418832950225627f6222ed53f6b56bf7b75e908cf47710e5093091a066dc12c4d1144fbb8b1fcffabe

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip.etag
Filesize
171B

MD5
0dbcb1b57439fb3ecc0a6634b86f354d

SHA1
b4808c924de5b2a86aca195d88c4687cfbd2a006

SHA256
80e7f0da6fecd0b18b9afaf7e4bf8078c12daa3678462ecd47069e22213137bb

SHA512
dc24ef4f83df8d75b0a0e686ffd84c5cf1f4d74d24bd289d4cccbcec0b0ee44265220eb88922f1be1eeb471a10499979a1223e54ffde8f9d791d9d4a3672c596

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip
Filesize
5.5MB

MD5
243f4993eb575ecf40f3ef13005ccaee

SHA1
8eb283460d4b589f4c512c3d1ab05c6c1dee62f9

SHA256
91a7c9bb38bc6abc811ed8271d77636f9d591b49f81aa7c4aed69185c2e0af32

SHA512
ad0da33413f4f0603a8fa62f2fab2b2ca0d115f1179cf32ee31d238622e57e9973ce82b1f26d1b0ba0b240446af65b1be4ae207d621d8b78e5c6bcff154a2026

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag
Filesize
190B

MD5
35ffe62fc3dc83374417f40fb53d28f8

SHA1
275fe45f86de7f45e2ce21d69fd68a73eed00b2a

SHA256
5ad5f206a01503f8a050c9f01f4cc2eb51a181b20d80368a721c7ae0f3a1883d

SHA512
b6831996872dfe6e52b781f1d36e34d6acdfd15d1f323f109420a4ac348bfa887344674c37c403e7b74a833230d5ef8c0da192b1e0367f4667eb363d525aa99c

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag
Filesize
191B

MD5
72f20c24f8c0b01be05b7799d1aa37b7

SHA1
845c242d53409f7ba0296c71ba6c8dc9331804c4

SHA256
1e76b94ddca4b47013493593389787563f2fd209edcee19e6769b3931f9ef0e5

SHA512
d863ac8bcfbe1110e37a6ae41ac68f37cf53b48be412f04cb09297e777763b86ac4d7614b21a364dcf9915b0b6c6cb78b900cdd03d10c83dd88753dfbdf3890f

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag
Filesize
191B

MD5
92f178174a40ce114acd5a9ad6a0e78f

SHA1
5cec36449bded2cff67206181f88708d7cf1bc32

SHA256
c96545c68b28723096953adf6936eab5e77e1fe968a03d4b7e33e8fdfd311c0a

SHA512
afa650a40e8fdf6bd8625b633befb035c76d847cabb5f112b60fbd7c4e6d949a65e5c746ca2636c12d41fce398da001f21936f475e629c6af548bdbf6f56b9cf

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag
Filesize
191B

MD5
29a1d7a9f147fc7bd8417e335ec605e2

SHA1
7ee69c1d6788a483e9b0f3df1490dbd83ca20d21

SHA256
b27cfde0ad5cd823a5d93629c19e7b53eca8314936e6f13077de1711ba0dc3bb

SHA512
993eac529f7cb821cb6fbcf46dc55d440b15e4e821ccab3154b441785d41055eae6fa5d3704964c5440432da4606b8469a8fe20f5869a07c81f44416459a9142

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag
Filesize
192B

MD5
1fd9f3f749d169793309cbca0433e064

SHA1
20fb805eb96a7a096dcd87d56fb17e8d738c0400

SHA256
a729ead8160911fe01e15a9bca31e4abba6f5da384c97aa28d744622eaa16b40

SHA512
12956cf93876e8aeed70d4f642c96c566c3d9cd775cffc8b9ca015e780e7d0d4af7a6782ff3182e3f0ddc87b335515ad29d9a54be64b3ba169819c82281de3c7

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag
Filesize
192B

MD5
55570e602067988ea1567c0730adda9a

SHA1
8ee112546d0ae70fcb3a6d69ed4517479c50254b

SHA256
aa273a843d2c176137fbbf585011359a676c768a18fa5a8d2b64b1e8a4ba90d6

SHA512
0d85916fef83c2b511396c6568dbe10514707f8d15db1bc5345a2f3bf0cafbb6c413c543f249a51ecaa4208b3720e3b4d32063c965acb2b100afded22b2fb2b4

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag
Filesize
192B

MD5
0271e51d9f2e2e1428dcc0fadaa5cb2f

SHA1
d0a18b43ec88c279b701ce1385517c8e6d31e5db

SHA256
b7903ea9ad49799e6e29e48bce79e5f0eafbda7d14a4bb2a14febc1c2d136971

SHA512
eb07eb61a022cd529e9d1f599b58c3b7b263c17d4f1a91aff602f1c3c319d72eeb70458ec056dab8f8419969fd62f086cd1a34c7e9df9b7915152ef7656f38a0

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1921900.zip.etag
Filesize
192B

MD5
c61d8a83113a8f3364a4ed01d6c382a0

SHA1
a3e68c469879d918c247d5653c1ce142af289cc3

SHA256
23994179a8f05dc2b3eaa4094cf7c18a3991c87887749ab81256d1c695ec0971

SHA512
85d5528056659f50fd63a8d793925f733c1081a35f420d93f976db67d700014f9f7b297e82250f8f84e2544781d3c22e696f228ee322d1a7cfbf94fddaea2a1b

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tmwlchk_198800.zip
Filesize
183KB

MD5
0ca89350998b6d0e6e0d5991f3e87bc6

SHA1
ca5ef2fc7277cb64930ad2b605576f1330336098

SHA256
dfc7ef809187e5f501745a7832f61de6cd38aabac1e2ef2d783e14277e366228

SHA512
d08ec13f5c68e96c1a6050454a8c25e45d3afced992e4b8ea2b26a8334c97207ed46a76fa0bd64f620c42c4b616728b08452889511447c9607ee30e257737927

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tmwlchk_198800.zip.etag
Filesize
188B

MD5
d98d6fa3c4899322fe1e503a38c0557b

SHA1
f2d34b3e757074796ba78edbd89480438c727d9a

SHA256
d8aa94d09554d02d836780a57a5b06abb5c903b6211ad9eb6fb6413fce57e86c

SHA512
0a948cff3a2c41586e62ac80da5383f8a9b25101e37e38131e4faa90b703d949d1b6eaecca0183fb5df3411d70a0a0b40666542a8536ec9586bdaab814373fe6

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip
Filesize
2.2MB

MD5
63ad6bc70c296a1731c52b7f1f2dec94

SHA1
9d91d0123e9134df73b38cc800803831393a1d6b

SHA256
7e250e09ade09bb06d76a19167a9b82c3966f36bcd496e350b9b13fbf676aad6

SHA512
b0878861359f59c7acff3847747f9743610bc8973117288a8e957144d512596427982479f2703bd97445ea7fc2331f952bd51bda350d269f1d6c9d45d5be5811

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip.etag
Filesize
181B

MD5
3b4c443c47e2d5d2fcba99984ecd5b99

SHA1
5650ee64ce4cade95186dc20daf499d420d84c4e

SHA256
c0b3c675e8c31e2e6daecccbe5e884e3fc8f2084a2fd1f88830605e49e616222

SHA512
542685714849be7d1d6faaa8d30ab4010ce1b2fe00ac648ab27d2475c194d6475794e2b582f22f08ccfc315becd3277ad675bbfbec91d19574a283fd1034815d

Download Submit
C:\Program Files\Trend Micro\HCBackup\hcpackage64.exe.tmp
Filesize
9.0MB

MD5
a0d5d0b5ab4bb0b1aa6684f8b4e9502d

SHA1
970e35b971846355897f53df992bd6c6aee289d5

SHA256
478b696414af121df3a35b861eb379db1a94c89af87d7cf458f4d0f7cd6c1d62

SHA512
4221cdd91ff033b5eae5df0aac7868f7e48b9f06118a7ad31ccfd5d85bc5688eb584616781bb85351c86622e626c6a21b2375001cdb6b736543fd9e5c0c78dd3

Download Submit
C:\Program Files\Trend Micro\HCBackup\hcpackage64.exe.tmp
Filesize
7.2MB

MD5
1faabea5dc8f4c6f5d1f4853e3b28427

SHA1
518bebea4262ddaff155d3cd2ae19c56cf0bba2a

SHA256
1950c6ca2bf3c5644d45348162c3d5365538612d0c2cbe55489c6dc865c7a15f

SHA512
2dda2cf1742bc92c1c3eb4b93e2222034dd9d967e77b218ac9ff67a6447162e6bc4425185c7d1a36b4165aac5bfded92dccbb8cec8bf0331b24c643b45868178

Download Submit
C:\Program Files\Trend Micro\HCBackup\hcpackage64.exe.tmp
Filesize
7.6MB

MD5
ad781bda106dbbe48cee60d474b10cdf

SHA1
4349d75d047b44c9827678aeb1a6e0dee4a1462b

SHA256
9ecd71fbc3e573aa0efbefef1eb54a949f3c72f4c0065b0279e7491eb756d833

SHA512
94183a9ad5850da6deab4dcda6bcd1a9e57cfcd2172b98534eff43deb0e7fa8c929caa6005a5889f0d52e2d486aac20f40ea49c97521ab61c71315e39d87d6ec

Download Submit
C:\Program Files\Trend Micro\HCBackup\hcversion64.xml.tmp
Filesize
310B

MD5
c19d5810b07878caffed286525f8033d

SHA1
c87d49ec9623a8d346e835c6f69a9dc8ab3594e3

SHA256
453d1b6344ce2456349f193f5333dbaa7d3a4a89ba7f5560fad5ca05737a691f

SHA512
e912bd9154028b66ac0ebfd1a9eeaff7d761815342099dfd542b3fc7e0713ec109fd15c3938b979107a8e3f2d83a810a5d09edf9eeae9fd8cc1b3422945a4a2b

Download Submit
C:\Program Files\Trend Micro\HCLauncher.log
Filesize
4KB

MD5
8c2b07853bfda70ea9b79d9762a7f43c

SHA1
b7a8af893e50ef4d5eebcf61170ed47f76a51394

SHA256
a68e67277b80f3039c2f3f54ea9e966dd672bdd6a7d337d9880c6d55efbe8451

SHA512
f1d86afaa78346a3ff538ffd92ee18d26e7551125edd17b4d76a76c50b0929ba908de3ed32a991cd50fca8c396141f080bd613a1bbc6ae89f3bd899e14b179dd

Download Submit
C:\Program Files\Trend Micro\HCLauncher.log
Filesize
4KB

MD5
1d2dc830112b511a3f1addd7f5472f89

SHA1
909b61f4fee892123fa5c5d5a8ac24970efee7cc

SHA256
1da1c6a90fc579716de74547085cbd445100547e82ede8948a3c7edb42203c0a

SHA512
c1f19ea29417e6271965797c96252fba8e57809fe1d24de574f913dba57f716ac19a09a827fc5d176f71c2ccd7a827549677000975e10d8066fd173f71102b48

Download Submit
C:\Program Files\Trend Micro\HouseCall\AU_Backup\AuBackup.ini
Filesize
285B

MD5
1e4c88a73e59474db7d3bd36b9d749f8

SHA1
7c2ded1e35c498fa092775fbeb6fa9796c6f2149

SHA256
fb60e54e81153bf61bb5978fd805c05504a8a057c5d76ffc34d7a9bd945d324d

SHA512
607223096c14a9faa7216937da386becb25f7f9c0ce694a1fc902c09c5e3c0ba2d3c51f1d3a164f8863b215f8f090b0ccca5a56efcb6d046a982e236509e5d32

Download Submit
C:\Program Files\Trend Micro\HouseCall\ICRCHdler.dll
Filesize
2.0MB

MD5
dcebade313826f48a50f93fad7125ea5

SHA1
998f74f7d48b391aff363989dc933f965f4a7bf0

SHA256
76cc682ca44aa782d7602e782d23ae319b367699df94d406111b01f6dd05aa28

SHA512
933fbc80118ce9df8d42a87879e7eac4af8c651f7e74421767e0854bb0f67886e8431c91754fe15422d548af203499077566be9894fd9e07af8827c1e4d2805e

Download Submit
C:\Program Files\Trend Micro\HouseCall\ICRCHdler.dll
Filesize
2.3MB

MD5
b4930aa9bab3caf6f87491c32a354c04

SHA1
6101913f51cfaa49cb55397bab7ae051df9dc4e5

SHA256
ed6129fe266dd28656bd65edd7fe5c15d6ddeea787f764a0bd4076e2e94bf1ad

SHA512
93cf1ea5027551a99e5a4ca35662508d8e5b49c543ad4c596722abab77bc809a9b5debac2fa71eba8169b875fb11ad83c6b8934b864b3f84acfc7dafc8d03d6d

Download Submit
C:\Program Files\Trend Micro\HouseCall\config.xml
Filesize
7KB

MD5
5e16756bdc9aa06e4e6b2edf955c2f52

SHA1
55c245a6a03b8c2c2f2594c4e4819a103829a038

SHA256
aa39d77fb7457ab0803e70b93e6038c7ea804e5ba5c88cbb8f3a803de66a0386

SHA512
dfd8b99a59f4d406aafc30388b98fbe4b37becf0f6d5408aa239fdf3b59cd6ba0b2d9cdd887086ba36f2a8669104bee0e3ed577028cb9460b4b85f1424fef263

Download Submit
C:\Program Files\Trend Micro\HouseCall\hc_core.dll
Filesize
3.2MB

MD5
20df389a73c23ec732075749a14520c2

SHA1
20edf4f850cda37193c2d8fb6c3c0abb647ea8c8

SHA256
a4447f4ef1cfb2e4c5e4698aba40d8932d6ecb721e09723cd36ea805d98d3d56

SHA512
fefe05b829f7a675d63bba9384b70a12ae169f9e1136bee3a747d759a4107fe5b659b5c6600f476f4972ff7f98fdafcbb0ce8955b4cff4bc8eb0037679ccfbd5

Download Submit
C:\Program Files\Trend Micro\HouseCall\hc_core.dll
Filesize
2.9MB

MD5
e1160575b72efaa5b701f44110bf7539

SHA1
62b72342674cb81a125053d652b0a943457ad3fa

SHA256
bbd018eacb8396200e61c4901d1d3894279febdf539a56bd9f488282f58dbbcf

SHA512
beb57d888da740364b6130142c2def17b7e726f2a787e0cfe72fc96390427333d73c1ed14e2f76d724e1e329a0d6a5faa694a0ea5b2da47b64a656a6704af90e

Download Submit
C:\Program Files\Trend Micro\HouseCall\housecall.bin
Filesize
3.2MB

MD5
13c8a6b80fcba9ba8e041343f7689265

SHA1
5a0a81e4e259092b827f1fade135b0a5de3afcc0

SHA256
04a648072b2844c2eef1dd7ee0b0046348a52bae6edc13634b844b45ff8e4f7e

SHA512
f4ebbdb1ef91b7d2c320abb52b1f9968ee3b2506d6738a156da244314f2130c216923cbabcad59d8cb61bcb9be5156e32cd01f8a75b3bb70d59614c651ebb8ef

Download Submit
C:\Program Files\Trend Micro\HouseCall\housecall.bin
Filesize
3.3MB

MD5
8edce4e131396c0875179921ff26a497

SHA1
8d8bc8b78b31244a882789853124387f2f7fa77b

SHA256
1f40b348ccfb5718562df3fb23862f43e5aafd13defba583af4bf6e75e9a7393

SHA512
04a8aed497abd423a00a1213fd3872836764bd87026b1bc42e15d1ca3685f518615be763c1c66776a2ff212fc67e01557f2bbe06713e94b74021abc2f2fd57c5

Download Submit
C:\Program Files\Trend Micro\HouseCall\interface\lib\jquery\jquery-1.8.2.min.js
Filesize
109KB

MD5
7eb2467956657f7e0956de142ac5d5a1

SHA1
9f579c33e616d8ed81e00b2120d4688bfe1ee914

SHA256
24a5fffb954c81990cab1fda4787afbeecf81d8f2909c930f16fbb7c2325cd0b

SHA512
ecc2e09aba341137449092569de0eafb0e0dee0f963b63ee564ac45f41b4b9472b4e28e91077998736187a507b526409a764483ab7d641b4b22d248d9ba829e2

Download Submit
C:\Program Files\Trend Micro\HouseCall\libexpatw.dll
Filesize
174KB

MD5
44cfe8a291e8ca812b9fe816636fc4e5

SHA1
dc17c179c533863d428fd5ec756ae54cb465098c

SHA256
e2dd3191b96bf310dd1ddc06aa146d5e7dbb9b9a96c92b600114ff863fdd19f3

SHA512
37d687911921ce77c7932e15d785608fa3cd16863f6f07ced5200d0ff10fa9f9f7fe425a57161eee012541ba4a64210a17a0bc22585032fcb45bec683d655cd7

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini
Filesize
45B

MD5
205ffbb75e9d74087ef66ffb2ca9d667

SHA1
128dd7784d1956b86ca03de60f868a425e31f3ed

SHA256
46c375e47cd022310fd852a1b1f3f1b7e743c520dc833a8b8d1d0648fe7d9110

SHA512
8f382e3c6482b30dfede41376ee7c061abbcb81e928f00becc8cc3ee3980af3902980dbc4b0e0c118ba2b2695dd5c34e4abc2e8340ba1b850bd72c2870645547

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini
Filesize
232B

MD5
ee0cdafeba03200ecdbfef16652b86fb

SHA1
650698da466398b297feadfcdec00f6ba24be565

SHA256
e0216d1907a95fdda1bc8416667a0fcde68f3b705d568301dfa0ffa3553b3d90

SHA512
5d5c847b3c9485f3a79caabdb945f5bdd5990ed0605d36c95a3aa8972d9958da5f0a0769cc8b0ec527474ca6fba80f7e5cf9fe358f519204ebbd49c1d5858f1b

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini
Filesize
405B

MD5
f57d41436cc8b3d889c1a40b5d0b5f46

SHA1
d102160a41e245ee691679847f3b7a09520ef35e

SHA256
3a51265faf33b8649c703497da04e77fde9b83c4ebbfc5a03fc3dd27a1259d14

SHA512
6c228ce640e9f00a58df3f17e73c0bf201e6fe354fddf79d57d920312cbe8627a65a9b7306cd23ad381344ee719360b518fc24fc7c208c7208e218a133f3e123

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini
Filesize
658B

MD5
d8c6222a63d655f1db9db6a24dae10cc

SHA1
92a31aea1382da9a115a174a29c3f0cc4b9c9640

SHA256
3b51b4131efb7884955af3b4e366154d860734481c70fdc480593978739ee284

SHA512
f83c28374e757e263855b0a7db8f8a39ee106c27a8dbf11c52fdbc3dab5bd86eaed5d903125c7878b5d3a099bd757577f779d3edcb3a02450ac1c74a1a81d53e

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\HCFrs.ptn
Filesize
2KB

MD5
20a65888044255ce6dd903596f400b3c

SHA1
54012e7972320a9b6a5225d9aa57324e6b23ef0f

SHA256
3a1087c0f26b5d264c8fac6f93ece5f88048f3d3bd23a94ba48bb69ec18a6bb2

SHA512
8d5587f75597363c6d15cdfe05fe3f191f01e93c6d547e6744bce6be9eb7be6f48b348b4c238f05c28cad409c113ec37951177b19e1be4694b3117e5678a54fc

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\HCPolicy.ptn
Filesize
2KB

MD5
981b0927e343beb3e326142980297cab

SHA1
0e0f8fbda99f362b4e004b4a416092219aff727d

SHA256
ae95cb4064b76640568f453d586349a0f6d5a30e0f0fdd96d0e69d3730bdc5d8

SHA512
93729f187004d7c6a820754690fb1fa5814fcdb84a7aa6603ea84dbdab65a0d10e58f308d1433cb249852ead06c0ed43d72e7393c4b26eb22e90c9e17b8a2841

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\ar.ptn
Filesize
388B

MD5
91e37d8f58d55d96c504c10f6d5c4996

SHA1
148472d8555f8468f24ff50181fe43902b28d768

SHA256
31b935dfbda19d274610b1f3e9b998a14f258efc06d30cd0515b1aa51dd26a4b

SHA512
5aafaac338cb76e3d68acf0cb34c0c4382e9c2594bdd03ad7db54f1b78b7c8d822920d7f5ab6efb1b0a6e36cf326975701b3d44c07c6c2a0c26319851961b76f

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\blacklist.in
Filesize
28KB

MD5
9dc526a28970b1bcb4fb72ce25f3aa44

SHA1
6a8f388a5ed12441abf35da515c410b93a1da7e3

SHA256
341cd8e62bb2d8aaf1e9aef7870de30791b397b6e279fd88467f3d3a1905d45b

SHA512
7c1aee65e4af73a943047ab90d78a68a02de1cf74ff81569579b137f699c1b145b53fedb9294994e597fcf396592770a83b0cbf353a27d88f1b44c2f7587a93f

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\crcz.ptn
Filesize
36B

MD5
ba8e7d7a0aa5dabb50852213a9ff357d

SHA1
3525d499c677c3e7426b8c36ba4ddd0929c7514c

SHA256
18857c679c68cbd6089c2756ca8d0ea9a3edc288d4f981cc28e8b8fdd97c5326

SHA512
98616d713a113d0bde2ff249fcf054bf59837305070490a72c236ba7052eb39f6a89c1306c636c2014bfc06b06229ce586f59e602e79ef4c26ff50d3a9275bdc

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\icrc$oth.219
Filesize
3.6MB

MD5
c022d46a289f28db1bd50850ef676ec9

SHA1
383d2267dea62c529bef763aa3c09830c8e3eb54

SHA256
165e8d9811f50ffc742645ac6f134f5c280fc33b1dcfeae7021907b6abafe76e

SHA512
cf96a1d9efbc47986631f1aff4a57d06a6f9835b7cd9acfeaa80f4309031269b3d3759fc8235d468e9a661d15c1396b645b9454b3be30dd45c101e67fa04029d

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\ptn$agg.102
Filesize
68KB

MD5
250d5ea1a2acf20d01540a2d2b94f5dc

SHA1
3a3ee852eed78c8c75c5b69cec8b56879c8cbb4d

SHA256
db8ea99d3b2a0bd61de31c750f4cffd249b5000c45430a2a8c741dc85e69c278

SHA512
aeb81ff992de5fa2d8301b47f658b1f1a8dd7c76f516db0a082c6660f7ab800457dcb949ea78f6f388b6f641c07169c31fbb2f7013169ee1ee0918c495861619

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\smvptn.201
Filesize
1KB

MD5
81ae58f0fb504400175f88509d83ea46

SHA1
2a1dbfcf73648a3fbd8ece0510d0d894a4f549b7

SHA256
33cca57898b8d6e6f8f3a97c9923eb23b3a435e47613af3b38c7efb31be4ff92

SHA512
f8453f355b0543de4335adca51a248d1c4d9adc263a895722e2a31fd06583ee4feb5d971cbe0f16024737c2252e8178bd82d9c04de0bb070248fa0643f2a9ac0

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\tmwlchk.ptn
Filesize
172KB

MD5
2308208a0cdd42dbaa5183412aa3d36c

SHA1
c95c43bc439d8f807636626541a3504e0203edf9

SHA256
b4847997180d0f0fc9fe589299c8958afd8d8ad760fd1a468773e3a4f6589d78

SHA512
116bb0fcfae69ae913b52b1bcd511f473e37ac97f2767f8e42044be9d410138025be5780c025dbba373d5d0c081bf918dd28a7e1ccaae02d9c07f24d9a800fc8

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\tmwlchk.ptn
Filesize
16KB

MD5
bcec03bbdc050b9cfac5a4a1e02226c5

SHA1
5547661ee80ea0e00e97735359d2433b06e04647

SHA256
aae808fad2f4ed0c19d14fa3e1cf7502107a5d62658826d0fb1460d46706d5c1

SHA512
b21a3901449e9b1caa2a2c2be46e972bafa456e13addc551081690089d5a45bf3feabcabbd837c99233d067ea9a3e22c1fcbd7284aa57fea542c3afb9066b902

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\tsc.ptn
Filesize
2.0MB

MD5
e7348b4210663019d95b5432e9a55d89

SHA1
ecb83e44ec1085d739db9dfe396206c13941d995

SHA256
f4d73d0515e752d43d9cdf2fcdc08ea54f831528b4778d8e82812c7c3306fd68

SHA512
16ab8eb76a846d38ef4a8ecca786ec99e8fc97306d8197feae74c02bad935e517a3583424a1c072e344acf9d427ef56beac4a234ce6aea5ebb5f1a4400317340

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\whitelist.in
Filesize
56KB

MD5
ea01710bbd9f988adc0ab09fad474d8d

SHA1
df2a277dca3e2cc0a663484c2385768e1615270b

SHA256
3d54863449b9033bf062b2ecf5df24bffa6cc3bb9fba5fbf335a08e8b196bbf0

SHA512
58cd153f291df5adc2de0dd9a9472ac5460ca25407819f09d888fcfe6e9ee1da1ea87f27f9ca16d818c728b51938b30bf745f1ab0b91089b416e6f6f07e0e566

Download Submit
C:\Program Files\Trend Micro\HouseCall\tsc.ini
Filesize
722B

MD5
643fda4cfc799fde33bf385b5da137a6

SHA1
052e3b2ba44d10de6a20ece2b38c32c4ffef60b2

SHA256
7df443f988958d73c90614c48deefe4e1e48fc90738142026a6fba23cd2f55e2

SHA512
67445355adc2f383094efc76707b22e641772e71a3d478853705d110c9308966016d0143c9c27678e55c45d8aa6856ff56d5b47d95ad293b5d450fe95c777cd3

Download Submit
C:\Program Files\Trend Micro\HouseCall\tscdll64.dll
Filesize
2.6MB

MD5
edd4a106967d831e25d882a130a00a95

SHA1
eceb0f60e7f660cd6b615737f2d3e4a0a9444429

SHA256
caa5cc11245ff8a908910d8a4b391895719c00b5b7766d021ee7b04eb6c06839

SHA512
35414a3b1fe0dd11ab0f3743dbbdb9b97fc5e03a13ba7248daab172f1f2502d2a64f8e2ddf1572001db8a9bfcd34a748636d5e8c8186dd8dd348eadc8fab1dcc

Download Submit
C:\Program Files\Trend Micro\HouseCall\vsapi64.dll
Filesize
3.6MB

MD5
c65e1281bd1bb86ac6a5a7e2d67c13be

SHA1
8e1ea79299874ecd5024b6efc57ab4f63412ebe9

SHA256
50e130da3418133651eb5c630c97fe3319de37292d555eafe6ed284f244da117

SHA512
79dae05c74bc9d11dba30cda5adb455253a6edca0e86273b0c3bd9d38bba1193f2d9a971a90f2ce642c3ef18f342b58729003b3b843d6b0882fe1d6da843a9a1

Download Submit

pid	process
2188	setup.exe
3932	hcpackage64.exe.tmp
3036	patch64.exe
1896	housecall.bin