1837fc18d5b779a7b47bb9163a7c93c995a7c814c2b38cc16a0cf2419bf8d2d1

Analysis

max time kernel
93s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HousecallLauncher64.exe
Size

3.5MB
MD5

418e07b780152848328a5157f6ab9f1a
SHA1

0f9fc8d36792ddac8a4b5b121665206719e7aad2
SHA256

1837fc18d5b779a7b47bb9163a7c93c995a7c814c2b38cc16a0cf2419bf8d2d1
SHA512

fdac16d696fffecb955188d020baaef8ab0b8ae41f418cfba2f90a7a0d0cfc8a56e1ec0941b20e3bd3f9f1defe66d93e2b327eb9b746a8e7ef705178e52682fc
SSDEEP

49152:8gJfAqJHqm4ekAKxJpmssTBSg1L0xQsUAinAqriB19QwP5Sd4B24uQ2Mss/pDsAu:8gCmZHJoWJ2oAqWBvQTETRWL

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

Processes:

setup.exehcpackage64.exe.tmpHousecallLauncher64.exepatch64.exehousecall.bin

description	ioc	process
File opened for modification	C:\Program Files\Trend Micro\HCBackup\hcpackage64.exe.tmp	setup.exe
File created	C:\Program Files\Trend Micro\HouseCall\interface\html\scan_steps.html	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\2\536871168\BPMNT.dll	setup.exe
File created	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\housecall810_SHA2.cert	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\3\1082130432\201300.txt	setup.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\icon_premium_service.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\img_logo_trend_16.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\html\DRSHouseCallPromotion.html	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\html\settings.html	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\js\common_content.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\ICRCHdler.dll	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\bg_share_button.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\css\images\ui-bg_glass_55_fbf9ee_1x400.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\7zSC313DF67\HouseCall_downloader.bmp	HousecallLauncher64.exe
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\bg_step.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tray\ui\jquery\jquery-ui-1.8.24.custom.min.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\ico_close.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\l10n\3rd_party_license.html	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-pl.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\tray\ui\jquery\jquery-bgiframe-2.1.1.min.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\trxhandler_log.ini	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\css\reset.css	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-bg1251.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\jquery.jqGrid.min.js	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\README.txt	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\pattern\201300.txt	patch64.exe
File created	C:\Program Files\Trend Micro\7zSC313DF67\icrc.dat	setup.exe
File created	C:\Program Files\Trend Micro\7zSC313DF67\AU\aucfg.ini	HousecallLauncher64.exe
File created	C:\Program Files\Trend Micro\HCBackup\hcversion64.xml.tmp	setup.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\img_hclogo_96.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\css\ui.jqgrid.css	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\3\1082130432\backup.000	patch64.exe
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\loading_24.gif	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\tab_right.gif	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\symsrv.dll	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\trxhandler.dll	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\jquery	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip.etag	setup.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\loading_24.gif	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\widgetLoading_white.gif	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-el.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\img_logo_trend_16.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\setting_dotted_line.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\lib\crypto-js-3.3.0.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tmfbep\b.9de91f519fb2db4032b9f3e118a81decdb68b977	housecall.bin
File created	C:\Program Files\Trend Micro\7zSC313DF67\DLConfig.xml	HousecallLauncher64.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\crypto-js-3.3.0.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\3\1208221744\HCClean.ptn	setup.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\btn_stop_scan.png	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\images\icon_premium_service.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\plugin\downloader.plugin.dll	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\pattern\ptn$agg.999	patch64.exe
File opened for modification	C:\Program Files\Trend Micro\HCLauncher.log	setup.exe
File opened for modification	C:\Program Files\Trend Micro\HouseCall\tray\ui\images\BTN_red_s.png	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\images\[email protected]	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\html\index.html	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\css\buttons.css	hcpackage64.exe.tmp
File created	C:\Program Files\Trend Micro\HouseCall\interface\css\dcn.css	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\interface\lib\jqgrid\i18n\grid.locale-fr.js	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\pattern\ar.ptn	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\trxhandler.dll	hcpackage64.exe.tmp
File opened for modification	C:\Program Files\Trend Micro\HouseCall\libexpatw.dll	housecall.bin
File opened for modification	C:\Program Files\Trend Micro\7zSC313DF67\dlstr.xml	setup.exe

Executes dropped EXE 4 IoCs

Processes:

setup.exehcpackage64.exe.tmppatch64.exehousecall.bin

pid process

4868 setup.exe
4340 hcpackage64.exe.tmp
4352 patch64.exe
3572 housecall.bin

Loads dropped DLL 22 IoCs

Processes:

setup.exehousecall.bin

pid	process
4868	setup.exe
4868	setup.exe
4868	setup.exe
4868	setup.exe
4868	setup.exe
4868	setup.exe
4868	setup.exe
4868	setup.exe
4868	setup.exe
4868	setup.exe
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin
3572	housecall.bin

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

hcpackage64.exe.tmp

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hcpackage64.exe.tmp

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	hcpackage64.exe.tmp

Modifies system certificate store 2 TTPs 13 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 5c000000010000000400000000080000190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb040000000100000010000000a7f2e41606411150306b9ce3b49cb0c920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c953000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030109000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df1400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3617e000000010000000800000000c0032f2df8d6016800000001000000000000000300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 5c000000010000000400000000080000190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e56800000001000000000000007e000000010000000800000000c0032f2df8d6011d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331336200000001000000200000009acfab7e43c8d880d06b262a94deeee4b4659989c3d0caf19baf6405e41ab7df09000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703017f000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000006300000030613021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c9040000000100000010000000cb17e431673ee209fe455793f30afa1c2000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4668000000010000000800000000409120d035d9017e0000000100000008000000000063f58926d7011d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d86200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703080b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a00650063007400290000000f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb0b000000010000002a0000005300650063007400690067006f0020002800550054004e0020004f0062006a0065006300740029000000090000000100000022000000302006082b06010505070303060a2b0601040182370a030406082b060105050703086200000001000000200000006fff78e400a70c11011cd85977c459fb5af96a3df0540820d0f4b8607875e58f140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d81d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67087e0000000100000008000000000063f58926d70168000000010000000800000000409120d035d901030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob = 5c0000000100000004000000000400007e0000000100000008000000000010c51e92d201620000000100000020000000e7685634efacf69ace939a6b255b7b4fabef42935b50a265acb5cb6027e44e7009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030119000000010000001000000091161b894b117ecdc257628db460cc04030000000100000014000000742c3192e607e424eb4549542be1bbc53e6174e21d000000010000001000000027b3517667331ce2c1e74002b5ff2298140000000100000014000000e27f7bd877d5df9e0a3f9eb4cb0e2ea9efdb69770b000000010000004600000056006500720069005300690067006e00200043006c006100730073002000330020005000750062006c006900630020005000720069006d00610072007900200043004100000004000000010000001000000010fc635df6263e0df325be5f79cd67670f0000000100000010000000d7c63be0837dbabf881d4fbf5f986ad853000000010000002400000030223020060a2b0601040182375e010130123010060a2b0601040182373c0101030200c07a000000010000000e000000300c060a2b0601040182375e010268000000010000000800000000003db65bd9d5012000000001000000400200003082023c308201a5021070bae41d10d92934b638ca7b03ccbabf300d06092a864886f70d0101020500305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479301e170d3936303132393030303030305a170d3238303830313233353935395a305f310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e31373035060355040b132e436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f7269747930819f300d06092a864886f70d010101050003818d0030818902818100c95c599ef21b8a0114b410df0440dbe357af6a45408f840c0bd133d9d911cfee02581f25f72aa84405aaec031f787f9e93b99a00aa237dd6ac85a26345c77227ccf44cc67571d239ef4f42f075df0a90c68e206f980ff8ac235f702936a4c986e7b19a20cb53a585e73dbe7d9afe244533dc7615ed0fa271644c652e816845a70203010001300d06092a864886f70d010102050003818100bb4c122bcf2c26004f1413dda6fbfc0a11848cf3281c67922f7cb6c5fadff0e895bc1d8f6c2ca851cc73d8a4c053f04ed626c076015781925e21f1d1b1ffe7d02158cd6917e3441c9c194439895cdc9c000f568d0299eda290454ce4bb10a43df032030ef1cef8e8c9518ce6629fe69fc07db7729cc9363a6b9f4ea8ff640d64	setup.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

setup.exe

pid process

4868 setup.exe
4868 setup.exe
4868 setup.exe
4868 setup.exe
4868 setup.exe
4868 setup.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

housecall.bin

pid process

3572 housecall.bin
3572 housecall.bin

pid	process
3572	housecall.bin
3572	housecall.bin

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

HousecallLauncher64.exesetup.exe

description	pid	process	target process
PID 316 wrote to memory of 4868	316	HousecallLauncher64.exe	setup.exe
PID 316 wrote to memory of 4868	316	HousecallLauncher64.exe	setup.exe
PID 4868 wrote to memory of 4340	4868	setup.exe	hcpackage64.exe.tmp
PID 4868 wrote to memory of 4340	4868	setup.exe	hcpackage64.exe.tmp
PID 4868 wrote to memory of 4340	4868	setup.exe	hcpackage64.exe.tmp
PID 4868 wrote to memory of 4352	4868	setup.exe	patch64.exe
PID 4868 wrote to memory of 4352	4868	setup.exe	patch64.exe
PID 4868 wrote to memory of 3572	4868	setup.exe	housecall.bin
PID 4868 wrote to memory of 3572	4868	setup.exe	housecall.bin

C:\Users\Admin\AppData\Local\Temp\HousecallLauncher64.exe
"C:\Users\Admin\AppData\Local\Temp\HousecallLauncher64.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:316

C:\Program Files\Trend Micro\7zSC313DF67\setup.exe
.\setup.exe
2⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4868

C:\Program Files\Trend Micro\HCBackup\hcpackage64.exe.tmp
exe.exe -y
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4340

C:\Program Files\Trend Micro\7zSC313DF67\AU\patch64.exe
"C:\Program Files\Trend Micro\7zSC313DF67\AU\patch64.exe" "C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756" 0
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
PID:4352

C:\Program Files\Trend Micro\HouseCall\housecall.bin
"housecall.bin" A9DBD0EB EF0C58AD
3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3572

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
4KB

MD5
b374497ae9578f898e6e0fd9a6633e28

SHA1
3bd5ece1c6036742d259da3e07fadf9f75aa8075

SHA256
8cb3cc2622203a1ec366ec112ab6122686a90ded3043675a54fa737cf9667928

SHA512
a6a8b6220f596d746bf00e0e1a54916d89392fc9f4070e965552fae8c0f62bfa027707605f25ba82d9052e922c77f95cd701ea2808c355c0715acd25472e3fc0

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
12KB

MD5
efe95dbb209d0aef59a2e0ad8d13c606

SHA1
ae7cd891a749d8704972337450b84c229d2ae177

SHA256
f677574ca6760fbd244181317266c1a0d5d372aaabf1c88c83129736f16a44a6

SHA512
05559db4a8fb2f5c0e62fd6bd278f170ae4c1580e0d3da65afc83110039008b5031bacbb296d96028849ba15246b81c0f137edac3e1510d8685f7e92b85a7ba4

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
25KB

MD5
4b96b6ba44394e24b71798c66ad63731

SHA1
4a272f9ae9c5b5b2b2bfdd74e95cff474463531d

SHA256
8cbf8da0589215c57dc1f3ff168af7c818176334b169b64902e02cf85e34a744

SHA512
a99223a9bc1990d8fa048ff2bf037186ad53a9a4e39bf6d06fe8ebaf6604b1869e5fc0c6f00339fb1a09985214b4fb1a91a47349e97b7fd6099e6c3c07daca82

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
629B

MD5
94e17f63eaae9f1658814c1c0618bafe

SHA1
3caa43fb4fef5cadfa6d150832951d73d8a5a5a6

SHA256
1ad85936c52c3faf72ff50ec8b84d9fdf6a6f69cf7297bd50b3298b80db48015

SHA512
c75e0d990687cf1b617ac1e54fa23d12a27b7fa2bb90153790283776623c0d4b753224bb9698cb547edaf7f2e47414e610182602b8c858729362faf8371ef258

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
1KB

MD5
06dd0bd35f07b2aaf25d5096469a777d

SHA1
40bb46f86b4bbf192d0118c4e201a143323dacde

SHA256
aadc996c4a80ebeef79153e8b171d330e209a7d412ea23e87ad7a384a3195092

SHA512
d41ad6dd15cfc18ab1ddfcf711dd392597fdb3eb6bf8ce28ab060e865841fc8130b79da0918d6b47c2be39950e76321b57e62fd5444a0df873518008e8bf2ba5

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Log\TmuDump.txt
Filesize
2KB

MD5
a3606b3ae4fc147e92c0a10f32401ca5

SHA1
20294507e6faa0a43a7acef053fbc31f47e31b9f

SHA256
f54dd1d5ee8b3291b580b967d2aaa6fbc5ae364e2d4b16b0be13a90822132e8b

SHA512
b8ab91be9a834d14df05608ec6b4ee318e15f8a6c0119b0dd9b16030cfd280d2138a3715b12f63eed9950a6930f7f024a0c49bc334c445ef3cd14a07cc39dede

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\2\1073872896\tscdll64.dll
Filesize
3.2MB

MD5
773a68df25ac20ba9678c8924871d4c4

SHA1
5e03406a025c39fb4781a63321a9dd93ddabc3a2

SHA256
b0517f7cc40557ea2d890d8ba7749ca76eb3b904de97218e278327d7d0500969

SHA512
0b9e8252c2c6bab4f4df056c1eda150229308608f29de0e47e9528ba19686c64ca670009ffd6a17827fb8b093cc66be317f0670250a018fc2ef2d64463e3d51d

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\2\536871168\BPMNT.dll
Filesize
102KB

MD5
af085509295b0bfb231aa6d22a3a4bb8

SHA1
f1c7034ee2a0a744dcb435adfa126ef32d74226b

SHA256
17a56305e48485335126b6638fdeade7cc1bf04bb2f1f685cccdc20befa21123

SHA512
5f5c9aaea16831cb7982c4a8fad4ad1d0dbe4d269e737d6006aacf1c0e87ba71ace9206f12635ea2cf6421b07312a65e1d5a5edc6bc5dbb783e81bbff11cc8b2

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\2\536871168\vsapi64.dll
Filesize
4.2MB

MD5
6f7ae6e85cdb94eca7a735901b931bbd

SHA1
a5006f02bd524ccd7f88f0f4770de4f8fd550c0a

SHA256
de40d2ac5f0efd162111a8152f8b4338eed9291976f89911b77b84b138edf5cb

SHA512
4d53a40639cd0d905f098232d91065b1cf8ad13b14a87845f9b3bd9bb76ea211867cbca2ec09990fcf9e6090ae8c1185d85a72d5e21b77fb176a4e58083271da

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\3\1082130432\tmwlchk.cat
Filesize
10KB

MD5
3207dfc8ac8a325bbc164101f8ef7b65

SHA1
c4c30a6728b23775eebd06475af5ebb1b02ef51e

SHA256
e1767c1df2452f6161a627ec2cb0f740375ebdc20993c30a9ef7dae770dcba0c

SHA512
d5b2f5235092630ecb1c8a90d4be311a3ac99a2fa154e0a3f4876c4f708919b49b04aaa86a3c21023a33380a39becfdd933d2b29e4b4b8976532296aee58c84a

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\3\1208221744\HCClean.ptn
Filesize
67KB

MD5
24b98ece0b3c87cf1d3418940d73a447

SHA1
ddfd79855e95b6dfda0b76be2982d1c6152016af

SHA256
6470aa02eff45470f854ff378ecaba73928cc6c8114ba1cedab97f46a023953e

SHA512
d88edf632623029a4c3698eb231f166a76a808b74dc2aadd967155388da8c46fbe215cc196762358e287f05a01ae5ab01b43cb77fab147aaefb9256eff71ee8e

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\3\1208221744\ptn$agg.999
Filesize
99KB

MD5
6eeaa78e1f4bee86af9614d49f6cc4ce

SHA1
849b11fa6e68a6fa7505c27fb4c44fae13b3e0aa

SHA256
19b8632699bddc4a79cce8a7e314b3a8bb78f4a035904f22e3c8ea90aee24041

SHA512
b711b7f72bbc295bcd112a8b946da5288c9765be2ce53ae00007da11d718e532ce30929e7e72be1dca997994699c7ed7004267f6a1057a2eda6ddbe46147de33

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\3\2048\tsc.ptn
Filesize
2.2MB

MD5
4a9faaf0e11cd3a1657954b0f9d2e713

SHA1
adab7f614976be5fc805da9e92a3fac574f2bbbf

SHA256
2f94c382b9b3c01e4870897e474c575490a609e9845026d007b47d8d4b5cbcd0

SHA512
4f35f70f11bfe9426af7aeb225f3a30f21094de2015f6ce5e5f54a91180a1c2e93ebde29a5d859896d99b8f9d9a7baaad27274b22f911859008a8f5814fe3309

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\AuPatch.ini
Filesize
2KB

MD5
324ba566ce29a732ec16632f10206c58

SHA1
9ce3fbb4d20c1c12487bc190919311a39cb5624f

SHA256
486663f13cd8d320f1db91ec41d33e53e6dcb633531e8e3110aff407611b4cfb

SHA512
0e154b43d432d47b4f735f76b5175e6b8edfa8fe37b25de005a81616fc56bc79d04003b9334f2b9f156457e825adac29f58be8ac9ad4f11e7af10fe3037f231b

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\AuResult.ini
Filesize
10B

MD5
31e43987691be249e68dc3135b18d329

SHA1
d6c2691d147b7662c199f420e7ec1182db2662c9

SHA256
232f2344e73ac59cfefc7972998b3cd0a4dbcee3631af2889eb5f585395dc814

SHA512
f9d022bed3ae58a19e8125d703eff48005400fae4c0640f3630dcf422661a7b4cb8a052f547755a7759fd0c685b4950680f24fc8f174b0969a4a26cf524426c6

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\AU_Data\AU_Temp\4868_3756\server.ini
Filesize
11KB

MD5
770c3ce7dd535e986361088a256d3834

SHA1
498f67098486f89343fca268b3c51886b5f6d422

SHA256
492cf07d9e0b3fc243a46dbc5c8c1e772a527ec5aafeaa6c8a08d7004b6f9730

SHA512
3c863118c145641e09567e0c791fe0ef4c9a27f359b6b945ca2ee88b11a1d9c2f43783351e4d979c6bf46d5ee61786b1dd79fdba4fa130ad827c9e594f86c927

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\GetServer.ini
Filesize
178B

MD5
8cfc333ca4e29a11b86cc03245e597c9

SHA1
025002f14e4aacd4339e01024a80441e0f26d0bd

SHA256
9d0e318a2d10dc934760909795e7e1a5c55120e501ee136362443f42ab675b88

SHA512
d18d2b21093bbc09b7a0c65c79d4590c43a769d31ce80f2095b8664cb178c0be83e8c8ce2cf123e85e35e3da19d7cd26e59e5fb6a3c5ea46581390740341ec90

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\TmUpdate64.dll
Filesize
3.6MB

MD5
b63c61906bc9aa252710cb535b47c95a

SHA1
da2303f5754a51fc87c1d74c7788fa0fdb3c025f

SHA256
a2703cd2647d6f7362ff692e904493ef5a300c82d839fd9eeaa670d66b40a7ab

SHA512
93a237547e7c0f8e5d6c0357013b3b9489dd313436d61187bf942231f09d573ce7fc8f6d7f2abba3a140d4aa184c80e5ef63e00ef32c419e5466c74d5f110849

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\aucfg.ini
Filesize
256B

MD5
af03b6da00b295f2b2dfd949b7290f53

SHA1
afa9ceadc089c98f98db3ce4856b87e1c8305285

SHA256
9808ce47e96e95c530a7b8f4afe1773c603400dc16a5085f03e44d71273e3e67

SHA512
3384635885541d65dc1ba963d72e34b653c71478ef835b80f3c1aee7d1568e9c6349e4ff1b3ba0162c41225503ee4f5c8ec5252348cc681cb0324fc31c80f31b

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\AU\patch64.exe
Filesize
1.0MB

MD5
6c552231f756555707b9aac825bac7e8

SHA1
889b760e971d5ac50c6bc69047469c8ad6266466

SHA256
b95991219d45381c2cbc8691dd7aaff710f43e66f187d3394643b075763f6a16

SHA512
7bfad529bdd2d3d50f931cb0a4180a42fbd65ce306ea834099682199c15554bc6de0620a34a4b7e5322ad4ac66df7ce95bf53f0bad8dce56f94f65bfb7e27182

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\DLConfig.xml
Filesize
1KB

MD5
0deb9afc00ea164c04e67826de4575b2

SHA1
0c045927bc96308fada0df6a36d250465ce19b24

SHA256
39fdac3a4b9e43bf1050181df2a5c659d6b7d9b4e9d919d145588c4c2fa491de

SHA512
b6f7098b600883521b3bdc6cc5d793434b1e67c00b46e83356e85dcee96985a944e38b37f8c82555948959ece14e73ccba2621115e479fc68f23b67c6bdb44bc

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\HouseCall_downloader.bmp
Filesize
250KB

MD5
50960ac419774a394710258261e2dc8b

SHA1
a7c7862392a092ba743a03dbff52b486c277dfe7

SHA256
15224bc0d04b82fba0db9ad5d7ac283ff914208b8df13e2dddc6dcdec3d127e9

SHA512
514b17583402c0f7a331e6c7478611df94bd8408d31ec49ad72abba21631538f1c2a7e8ba3190164dc29716fc367a71acac6aea58ce73286f7e1a4625ae0f99e

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\LIBEAY32.dll
Filesize
1.8MB

MD5
e71d4daf55bd190c8f33d654873edde0

SHA1
03bbac56e4e24f4533d95458d2ab0ff1ea05f2a7

SHA256
ba8cd20d40b65f346cb5a366dd06e96eee672a2511ae4c8a097000cbb4800890

SHA512
fe50e9a43593bb24cc59636fa61c7a5f53adb89f1f11cf0e13ef6e8ac70e619298ba1c4bc5f0815dcd54ad8c9813e7fbb230319ee37fd88d4b7e8a12e4658c8b

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\SSLEAY32.dll
Filesize
461KB

MD5
882e6ad0f22a8c9dbef86bbf780adbb9

SHA1
c3bffa785c9a660d95ae348bbd86d7737cffc203

SHA256
e8c3b487a1fabac82599f40af81449945b94b3f1228ca83594ce321664bebf89

SHA512
611d6269c5edb5ec0e37cd91aa8ae4807e18b4d4ef1b11778da86afc3d25a8eea245cb3a7cc4650528745ea2f1ad6d802cf4441ccee0af1ee459091803ad4cda

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\Setup.exe
Filesize
1.2MB

MD5
b820ff09ec68ab12e05d9734aeb5a39f

SHA1
b83859bad42a1950359b69b7bf6cd68bd0c3a203

SHA256
2dadd9f15a34755c145b370a3e179509d1ed035e94c5168ff7ec033cd2544ffe

SHA512
81a1ecd3379ab5c5ec0637a8b15ac86f891c5cecadd8405bcf1bafd034136b79f041095b72baaa312f3796534c7c4cd4e0dd3a60ef920cb2da9f40375f04a42b

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\curl-ca-bundle.crt
Filesize
253KB

MD5
c658d9f253217d3c010b830d05973bb7

SHA1
52b6b25d67f55a36ecc7524fd83e7e993c5b9c68

SHA256
193a35b6de7ee049ff512599dd4e8290dc30c2f47f9a3818ca8f273ffca683db

SHA512
8fc35429aa1f8f4ecb8ebeefb70e34999a438c4fef923e224a17f0af44c773cd974312b2cbf6bb0aece1e5ca737df6162d06646703c5694fe5e131b99250db83

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\dlstr.xml
Filesize
1KB

MD5
60e94a31fa1251d3aa133739d77fa17a

SHA1
59276cf0b05e40e35dc4df7c95d9b7ff1c28626a

SHA256
14e72cf1853bd1fdddb5a2fed569cfba4c406cd704e03f652323ec60dc7fe792

SHA512
10155e468ab8433f03865806529a42802500d45ee1deded25b0a4b1d29f1231362185911f10dcb6e441babc02299cd003abb5da96ea48d62ff240d8b83630711

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\icrc.dat
Filesize
1.0MB

MD5
4ca778d55ff52a2f99ffa5ec5e73e328

SHA1
9d354a695473616aec1faae843f81bd2351a57cc

SHA256
f57d7b57cf2c73f504c3b45d5e10f7e8bb07b79da8a4341ad41b6c61cfe93a0b

SHA512
4e1430355c40eac10bbbe7d0eb57b14734ba3a70c70f0c2d6970664624f15245f68dba3a9d529d6436a8b2fa51906b996145a77fa32b21fca937e22323f1d621

Download Submit
C:\Program Files\Trend Micro\7zSC313DF67\libcurl.dll
Filesize
603KB

MD5
2f93dfd34b562c722d9ce8b059f2768c

SHA1
497128d3cb9ee71ccc61adb414135c2c82892436

SHA256
c1ccaab383c9e3d0668c059a1b324a69e11439041a28688cacfa53627e7664dc

SHA512
73b57087ceb03cdcf6417f64e87c0a74052f8651fc9e52d233ea8a7961fc3462663d21b1ce424ca4d4960c9677f9aef367bf71c56e6b15695685628047c904b6

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip
Filesize
161KB

MD5
b6296232d7bc80ce7275190477622b13

SHA1
0172768fe880a8f9dbfebdbe359fdbd8af9e99c1

SHA256
79f880f33cb5a3b916c63e678d3af4524d57fe77de924c9918dceed83f339ca9

SHA512
56c05a59f68a29771902b417c93d2b28a2a6d4bf39354386b51465f125892b887c9ca5bbdf5fddf20fa053fce6dcc7da18200af4a8b5becf38d254175cbd6474

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\HCClean_113701.zip.etag
Filesize
181B

MD5
0aa9adca6f2d761ad2d971aca52d36e7

SHA1
28da02e184d51637f48a3e44b6f51a17df98a7cd

SHA256
5c225b42422882d52ba408b387cb17828ca5d00abaf923b627d08b82ba653197

SHA512
117e4d8321d5ee0f5c398e5cabbaab37527c0498ccc234705d836cb8dd1b60e04c2ca214bdbb3945fead0dfc3b32702a52889a583a39e02988f314b3151d0025

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\dce-dll-mssign-x64-v75-1035.zip
Filesize
1.3MB

MD5
727ff30f41aa7049cf44d39a48bf002a

SHA1
ab167c1264f399d54c66d830465b2a53244833b6

SHA256
885691815690b6a58a0ed3ef6a28e57f78cbbe1181cc1a067f605722569d6c7e

SHA512
e4dc64f3ce9e43675be6d74ab70b1e142d2ba6c53036857f0ca93bdedbcc2cac82f3fa03cac2d86ca7fe5ff6db0c87f7139fe630120f4fe56ac629a48d84da0d

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\dce-dll-mssign-x64-v75-1035.zip.etag
Filesize
194B

MD5
37bf27ee081299e71615da391e65ac8a

SHA1
21f4ed8ec5ba042ee686355ba995352de62c4e47

SHA256
e912af147412a71d5697f0886a9f72c5bc67011414d85e0fc93dfc455c8f31be

SHA512
ddd5fb861a33c5b4bc9063ec160669f480cd2784154bc8de09f1ffe7918f46644ae6355f0aedcc64e2a2463b6c543069ce555cc50e9c6caaf9758fedba9312ea

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v22610-1017.zip
Filesize
1.9MB

MD5
331f1d1cdfd34cb1dc3d43f031412581

SHA1
6ebc47b8deb577d3c08281e95d41d402f82d8765

SHA256
2b59378eb556faab3a87fa08786b24c72134ba8c65284a903c00cc26a64f727e

SHA512
7ea0398a4476f48058e7ba3316c6e93f528564d039e6ae314e81e70c4e2e70b3e00fea0fcec3e965f99177f3f071db5e45501e496db6e1c6903285dd9f94df43

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v22610-1017.zip.etag
Filesize
197B

MD5
75db66e759bd77d66ad88d31e373355b

SHA1
eeaf8444d18591f5cd9db5f945874aa29077634a

SHA256
3d326f15f0082530df7fe3cdae0e5748889cdcd6813771f3253ac6a451346d99

SHA512
30098679e2e986f27603b6ed0012dc4ee495a4beb8e54fba3c021e0df16e1cd3afa496507b5781d6cb14db528e6d5094658c2d113beb71f7fa83196599cc6213

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\engv_x64dll_v22610-1017.zip.etag
Filesize
197B

MD5
933c8e64152bf1e5745baff4234658b1

SHA1
6277a446afbf87e89187718fd49d316c75447472

SHA256
ef2565af26e4cffedeca523a2991492449b19009796233eab1179c5ec1dc9334

SHA512
9230d597d304e4026a13c6ed6f3a9878324e639d11c1d36d9f8076a47fa4d59d1b441a976b4a2c556c73fc62acae91d8c49cabd847542b6df14f0dfa9837e056

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip
Filesize
2KB

MD5
ae30feccd90d9065cd93b1c353e398b9

SHA1
85d99c87c12309c8452c07bb4adcad815793f1fc

SHA256
d952efcf07547acc02917d1f14aa66984d4853d981cc677d19fc8925c8bc637a

SHA512
0b724e7264b7152d1cca63c5efff084720f12edd39a5c54756f397a9b9ba1e1371f9437613a5a8de39fd500a8cf815fb500a54b118771c6c72ff1de6e05e6fcd

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ini_xml.zip.etag
Filesize
171B

MD5
40bcbca97734b2b6f71913c97b8531cb

SHA1
58d2233a44ad4405b7193a480d3a90ad8c8e9a75

SHA256
21f992a5f692d49ddee8658d3415532fa1b2f68bb6c6f2a8c6f379c47b2bcd3c

SHA512
3533fcb95e1f7ce8f185bd50714cfba1da8273e5ce7e94c67596c50b17f59f36d457c47ca5bddfb57bb6b238a2715f4c3da1b23092deed104b3abf16e58da0da

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1957500.zip
Filesize
26.9MB

MD5
dc16cb5b2c8eea29dcb8f3b621ed174a

SHA1
272750a065c5bd1f55fc074ae45cbd7f24913a76

SHA256
b7941330e3f8c88cc6907e8b8346305d5056a4fd66202aa56e0c3a2898b5c5e6

SHA512
bfdaa145879451164b1c619da3bf6a6274a6016340cb4a80d186506fb27436739d703894be7b6f7a7063283567585afc9b246482fd734248b1a5cc35e58bcd1f

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1957500.zip.etag
Filesize
192B

MD5
79603a9a3d590df9a30639321887782e

SHA1
a72716cdc93e28d679733657dd9ff3391aee7b44

SHA256
459cc8e35dae1be45ede53e478b2195be17c413767c815536eccc405148a30dd

SHA512
bd4002fd5728f63c80c43e5deca5df7dceed7b40171f92d24caad26c1c308e6c78bf77efa55abd3301ddc53cfe6ecd33e7ba79c894126426f8667e132d6a1d8e

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\ioth1957500.zip.etag
Filesize
192B

MD5
03d4b1e00b21917bebe7b62f889e21c2

SHA1
5a5e5e49b8f8957f93a9804fae999b8262aca3a7

SHA256
e8c64983e8445d50214e01f0be7a7156c793201618493c44e3fe36231f7791be

SHA512
7d9a2672190fd7a6ad2c234fd8e325f947d1030c249773c5cecb1aa77ce0b3ef64dae331e6d9c48411eb300488f0dff0571c0770150c0238ad3b29daecf0b198

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tmwlchk_201300.zip
Filesize
194KB

MD5
3c2ddae2c4e80907bce7b3d709c7abfe

SHA1
7065f040f931f9d577e880648e31a25d837e3972

SHA256
a8c51bd57264aaf7f7442b2acc50d2372ccdba25b043822ed9345993f85c8e2b

SHA512
4029d54ff3b99da18ac31d99b036a0fffe106012b5b915e6b331af1af62c41e3a55436183a52704b24441d1c108ae4112f88bd039a25c5ca1387b530039700b2

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tmwlchk_201300.zip.etag
Filesize
188B

MD5
4a3c05b7ce6bb3836fece1005d2a3fae

SHA1
855e31a90898e9653c8af243a204f0d1ce462b84

SHA256
9f151188a70bbe91f236c44e12c585c06e51549b122966477099453dbfdead92

SHA512
0e014a8e42c2760d497061dc44418397ca3f19f3edbeb52bef8d376a507d234440218360a7f0423b2eccee10957279ce0ba69ccdac61b737b1ddc20906acb6b1

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip
Filesize
2.2MB

MD5
5abadf0fd701d8f277607bffe24014b5

SHA1
21ee488eed0cfd100f96ad9154849649afe243b1

SHA256
89c9d6213c64de1cfd8b9bce8f463e01bcf143886d2944c719d0120a15fb4200

SHA512
b6685cda8f64a374da01bad2e6e44ce702873d7998f241a778ed150ff3f6550428bb3759773841c19fcfe92ed4c8a77671c29483d78508437d714ef8dad00fb4

Download Submit
C:\Program Files\Trend Micro\HCBackup\AUCache\AU_Cache\housecall-ctp-p.activeupdate.trendmicro.com\tscptn.zip.etag
Filesize
181B

MD5
d0605530f00e98a5b6ad97473b1f3a85

SHA1
949161413bc835044af349f48d5715e3afd0c3d4

SHA256
77c20cb00ab82ccc4d5a68d6b4be7838c46bb4a8be0df86bd23c403db24a4892

SHA512
bac9b2e11e07b8b0390fd97bb33e8ced5fe1be962390857c84c6ceb11c1a5ca969d2dc7b14b0f3943af5f0b93bf3507aa2c28b7d55fce58dc2a8093ed695c23c

Download Submit
C:\Program Files\Trend Micro\HCBackup\hcpackage64.exe.tmp
Filesize
18.8MB

MD5
e3f7daeb704b3667673fd799e4baaf6a

SHA1
f01f385aa74d8589b78e3de01695828e8adce0d5

SHA256
65fa74aaf30e880ce37147629c7d32a6d71320c4b68c80cee8e4873e293df37f

SHA512
ff0c54281d4fb3b7a9ab112560b37ac3472671172a5a3c9cca54b8e6adbebeb30731ddee7774a0e0b63f81e53afa6db2033302aa7753583371e6a651bcfd7b89

Download Submit
C:\Program Files\Trend Micro\HCBackup\hcversion64.xml.tmp
Filesize
310B

MD5
c19d5810b07878caffed286525f8033d

SHA1
c87d49ec9623a8d346e835c6f69a9dc8ab3594e3

SHA256
453d1b6344ce2456349f193f5333dbaa7d3a4a89ba7f5560fad5ca05737a691f

SHA512
e912bd9154028b66ac0ebfd1a9eeaff7d761815342099dfd542b3fc7e0713ec109fd15c3938b979107a8e3f2d83a810a5d09edf9eeae9fd8cc1b3422945a4a2b

Download Submit
C:\Program Files\Trend Micro\HCLauncher.log
Filesize
3KB

MD5
6c78d8f5e0c7ebe6aebed6b06738d331

SHA1
75778340fde309104ababe03f209118eff7f5a77

SHA256
c7cc391bf97e577feea1da84f1e927d505c71525c667486e05461048ea06eee9

SHA512
65ab7d0da07c410824044b6ba0428e16175cb676cc1c7d35e934bd9f28d01b0104c842816c229e680a5eef2c232ddb62790435d1387af0a75ddd3fc978017d4d

Download Submit
C:\Program Files\Trend Micro\HCLauncher.log
Filesize
4KB

MD5
fbbc43939efc7c69b7ff94c5efdeed96

SHA1
30d445c0c49dc2672ab84566106db15dca1215c4

SHA256
33a041e03e73e21a98b94952f1c0cd591731ad979b6cbfa00b6aa7ce0791d3ca

SHA512
e51b5d4bb9f4e56a4fa606fc79923bd32c9d9a20f162ae391705ccbf4dcbaec95da4b31e4cba5ff71cf914f2ff71d52369e7d46441d7102a3eb171f6f557c699

Download Submit
C:\Program Files\Trend Micro\HouseCall\AU_Backup\AuBackup.ini
Filesize
285B

MD5
1e4c88a73e59474db7d3bd36b9d749f8

SHA1
7c2ded1e35c498fa092775fbeb6fa9796c6f2149

SHA256
fb60e54e81153bf61bb5978fd805c05504a8a057c5d76ffc34d7a9bd945d324d

SHA512
607223096c14a9faa7216937da386becb25f7f9c0ce694a1fc902c09c5e3c0ba2d3c51f1d3a164f8863b215f8f090b0ccca5a56efcb6d046a982e236509e5d32

Download Submit
C:\Program Files\Trend Micro\HouseCall\ICRCHdler.dll
Filesize
2.3MB

MD5
b4930aa9bab3caf6f87491c32a354c04

SHA1
6101913f51cfaa49cb55397bab7ae051df9dc4e5

SHA256
ed6129fe266dd28656bd65edd7fe5c15d6ddeea787f764a0bd4076e2e94bf1ad

SHA512
93cf1ea5027551a99e5a4ca35662508d8e5b49c543ad4c596722abab77bc809a9b5debac2fa71eba8169b875fb11ad83c6b8934b864b3f84acfc7dafc8d03d6d

Download Submit
C:\Program Files\Trend Micro\HouseCall\config.xml
Filesize
7KB

MD5
5e16756bdc9aa06e4e6b2edf955c2f52

SHA1
55c245a6a03b8c2c2f2594c4e4819a103829a038

SHA256
aa39d77fb7457ab0803e70b93e6038c7ea804e5ba5c88cbb8f3a803de66a0386

SHA512
dfd8b99a59f4d406aafc30388b98fbe4b37becf0f6d5408aa239fdf3b59cd6ba0b2d9cdd887086ba36f2a8669104bee0e3ed577028cb9460b4b85f1424fef263

Download Submit
C:\Program Files\Trend Micro\HouseCall\hc_core.dll
Filesize
9.4MB

MD5
ff40bc651649335749f494747f6ea9d2

SHA1
031ceffc97ac6c60cea3acaafce9a08c1f05dbee

SHA256
2d6633b2e5ed61a00fe79ef92259b8e1c2204bf17139913d8e9c7de45e1f006a

SHA512
e5094b0ee609c230b03f07e8d9084b4f70c95462ad32e329ac068c30211e0dc9d27ecdfa33aa04838c39a81ae1f8dc701edf6b538798532e3e17a2e3da7ea6db

Download Submit
C:\Program Files\Trend Micro\HouseCall\housecall.bin
Filesize
4.9MB

MD5
faa6d41317eb98f19e132314f5eef03d

SHA1
3c2d6fafa1459e4254d5bad9e83f15f39d59e5db

SHA256
1a794ff4a1167d221d5cc05974dedc760ca5dfc85e2e64878d1b8ef3c83d1dd7

SHA512
577f71f95f4d9ebd0bbbf5553c0c80c3f98e264b3946c4544a53514cdc44a9a3f23ae595b0eb33836ac80f9af1132d36308444aa3546d9ef03e881c38759cac4

Download Submit
C:\Program Files\Trend Micro\HouseCall\interface\lib\jquery\jquery-1.8.2.min.js
Filesize
109KB

MD5
7eb2467956657f7e0956de142ac5d5a1

SHA1
9f579c33e616d8ed81e00b2120d4688bfe1ee914

SHA256
24a5fffb954c81990cab1fda4787afbeecf81d8f2909c930f16fbb7c2325cd0b

SHA512
ecc2e09aba341137449092569de0eafb0e0dee0f963b63ee564ac45f41b4b9472b4e28e91077998736187a507b526409a764483ab7d641b4b22d248d9ba829e2

Download Submit
C:\Program Files\Trend Micro\HouseCall\libexpatw.dll
Filesize
174KB

MD5
44cfe8a291e8ca812b9fe816636fc4e5

SHA1
dc17c179c533863d428fd5ec756ae54cb465098c

SHA256
e2dd3191b96bf310dd1ddc06aa146d5e7dbb9b9a96c92b600114ff863fdd19f3

SHA512
37d687911921ce77c7932e15d785608fa3cd16863f6f07ced5200d0ff10fa9f9f7fe425a57161eee012541ba4a64210a17a0bc22585032fcb45bec683d655cd7

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini
Filesize
45B

MD5
205ffbb75e9d74087ef66ffb2ca9d667

SHA1
128dd7784d1956b86ca03de60f868a425e31f3ed

SHA256
46c375e47cd022310fd852a1b1f3f1b7e743c520dc833a8b8d1d0648fe7d9110

SHA512
8f382e3c6482b30dfede41376ee7c061abbcb81e928f00becc8cc3ee3980af3902980dbc4b0e0c118ba2b2695dd5c34e4abc2e8340ba1b850bd72c2870645547

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini
Filesize
232B

MD5
36d7dc41e106800a506021b8b5cae9ba

SHA1
b1354cf9ef18ba82d266ddd9778ec89b73466d2f

SHA256
1b319119d3793429a785c5e5b8fceb9d51f6d073d71c838fd81edb37725ec77b

SHA512
7dd59888fb0639344f4c17d5b89c06f9a6e7b27ec6f64e7f5a872718fa747be31df739f74f211958eccb0a32b6af8b78d7c6a18fbb815615707bdecb1ce85eb2

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini
Filesize
658B

MD5
a639123017742679b46296a1c5087e8f

SHA1
a30a42feb649211992ec3fcd36783af4d76aa807

SHA256
8ba154fdca0ff79a25f415cb849815b6cb3df913fe891846794465eec74c02c5

SHA512
d9e971dffcdbf59ce367fc6c0ae58682868dedc59dfa43fea7958c192126bbc6e10708c6ad05ddf0d9836513ce1b691a11e8ecf98c4dec831e9ff0cd98e42510

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\AU_Backup\AuBackup.ini
Filesize
405B

MD5
398aa1a07575fab5d59ce9b15a468905

SHA1
00508b4b6ebc49dde9256c8f82ad2dfac905b236

SHA256
93b1fa753abbeea399fc5d591e4136e472eb6be51b97adf52653a57a8d5a85b1

SHA512
3ae36323daccd4c3a91d1f15c6541c641da99775792da58f29ceb1851401f2f713f60f9947942afe8496dcf144b5dce17a137d8cf475ef072c5e634aafd5efcb

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\HCFrs.ptn
Filesize
2KB

MD5
20a65888044255ce6dd903596f400b3c

SHA1
54012e7972320a9b6a5225d9aa57324e6b23ef0f

SHA256
3a1087c0f26b5d264c8fac6f93ece5f88048f3d3bd23a94ba48bb69ec18a6bb2

SHA512
8d5587f75597363c6d15cdfe05fe3f191f01e93c6d547e6744bce6be9eb7be6f48b348b4c238f05c28cad409c113ec37951177b19e1be4694b3117e5678a54fc

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\HCPolicy.ptn
Filesize
2KB

MD5
981b0927e343beb3e326142980297cab

SHA1
0e0f8fbda99f362b4e004b4a416092219aff727d

SHA256
ae95cb4064b76640568f453d586349a0f6d5a30e0f0fdd96d0e69d3730bdc5d8

SHA512
93729f187004d7c6a820754690fb1fa5814fcdb84a7aa6603ea84dbdab65a0d10e58f308d1433cb249852ead06c0ed43d72e7393c4b26eb22e90c9e17b8a2841

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\ar.ptn
Filesize
388B

MD5
91e37d8f58d55d96c504c10f6d5c4996

SHA1
148472d8555f8468f24ff50181fe43902b28d768

SHA256
31b935dfbda19d274610b1f3e9b998a14f258efc06d30cd0515b1aa51dd26a4b

SHA512
5aafaac338cb76e3d68acf0cb34c0c4382e9c2594bdd03ad7db54f1b78b7c8d822920d7f5ab6efb1b0a6e36cf326975701b3d44c07c6c2a0c26319851961b76f

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\blacklist.in
Filesize
28KB

MD5
9dc526a28970b1bcb4fb72ce25f3aa44

SHA1
6a8f388a5ed12441abf35da515c410b93a1da7e3

SHA256
341cd8e62bb2d8aaf1e9aef7870de30791b397b6e279fd88467f3d3a1905d45b

SHA512
7c1aee65e4af73a943047ab90d78a68a02de1cf74ff81569579b137f699c1b145b53fedb9294994e597fcf396592770a83b0cbf353a27d88f1b44c2f7587a93f

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\crcz.ptn
Filesize
36B

MD5
ba8e7d7a0aa5dabb50852213a9ff357d

SHA1
3525d499c677c3e7426b8c36ba4ddd0929c7514c

SHA256
18857c679c68cbd6089c2756ca8d0ea9a3edc288d4f981cc28e8b8fdd97c5326

SHA512
98616d713a113d0bde2ff249fcf054bf59837305070490a72c236ba7052eb39f6a89c1306c636c2014bfc06b06229ce586f59e602e79ef4c26ff50d3a9275bdc

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\ptn$agg.102
Filesize
68KB

MD5
250d5ea1a2acf20d01540a2d2b94f5dc

SHA1
3a3ee852eed78c8c75c5b69cec8b56879c8cbb4d

SHA256
db8ea99d3b2a0bd61de31c750f4cffd249b5000c45430a2a8c741dc85e69c278

SHA512
aeb81ff992de5fa2d8301b47f658b1f1a8dd7c76f516db0a082c6660f7ab800457dcb949ea78f6f388b6f641c07169c31fbb2f7013169ee1ee0918c495861619

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\smvptn.201
Filesize
1KB

MD5
81ae58f0fb504400175f88509d83ea46

SHA1
2a1dbfcf73648a3fbd8ece0510d0d894a4f549b7

SHA256
33cca57898b8d6e6f8f3a97c9923eb23b3a435e47613af3b38c7efb31be4ff92

SHA512
f8453f355b0543de4335adca51a248d1c4d9adc263a895722e2a31fd06583ee4feb5d971cbe0f16024737c2252e8178bd82d9c04de0bb070248fa0643f2a9ac0

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\tmwlchk.ptn
Filesize
183KB

MD5
d8f2dffe6eb9242f5f0a89274d5cd38c

SHA1
c0c23fb660c4182abf95c54aad26ecd60794b139

SHA256
6b5c519a8cac9feea30c61dbebae38006e14bf4563c927e5958637c75e9da579

SHA512
f689df06a54ab0e300654fb977e370d81ba025a76d0e49860e8c3ecf274af1fab56fb742940bb6fb1a3c0831fcb29966116fd5227ea75b9b03149a0b6264d408

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\tmwlchk.ptn
Filesize
16KB

MD5
bcec03bbdc050b9cfac5a4a1e02226c5

SHA1
5547661ee80ea0e00e97735359d2433b06e04647

SHA256
aae808fad2f4ed0c19d14fa3e1cf7502107a5d62658826d0fb1460d46706d5c1

SHA512
b21a3901449e9b1caa2a2c2be46e972bafa456e13addc551081690089d5a45bf3feabcabbd837c99233d067ea9a3e22c1fcbd7284aa57fea542c3afb9066b902

Download Submit
C:\Program Files\Trend Micro\HouseCall\pattern\whitelist.in
Filesize
56KB

MD5
ea01710bbd9f988adc0ab09fad474d8d

SHA1
df2a277dca3e2cc0a663484c2385768e1615270b

SHA256
3d54863449b9033bf062b2ecf5df24bffa6cc3bb9fba5fbf335a08e8b196bbf0

SHA512
58cd153f291df5adc2de0dd9a9472ac5460ca25407819f09d888fcfe6e9ee1da1ea87f27f9ca16d818c728b51938b30bf745f1ab0b91089b416e6f6f07e0e566

Download Submit
C:\Program Files\Trend Micro\HouseCall\tsc.ini
Filesize
722B

MD5
643fda4cfc799fde33bf385b5da137a6

SHA1
052e3b2ba44d10de6a20ece2b38c32c4ffef60b2

SHA256
7df443f988958d73c90614c48deefe4e1e48fc90738142026a6fba23cd2f55e2

SHA512
67445355adc2f383094efc76707b22e641772e71a3d478853705d110c9308966016d0143c9c27678e55c45d8aa6856ff56d5b47d95ad293b5d450fe95c777cd3

Download Submit

pid	process
4868	setup.exe
4340	hcpackage64.exe.tmp
4352	patch64.exe
3572	housecall.bin