Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TlsPatcher-1.1.1.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Config.Msi\66c66e.rbs
|
data
|
modified
|
||
|
C:\ProgramData\Package Cache\{fe0fc20b-fc4f-4233-98e4-e30940c5703c}\state.rsm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TLS_Patcher_v1.1.1_20241030011659.log
|
ASCII text, with very long lines (369), with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\TLS_Patcher_v1.1.1_20241030011659_000_LevelUp.Integrations.TlsPatcher.Installer_1.1.1_x64.msi.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{65096706-3665-413A-A3D6-FEF50A7ACF69}\.ba\BootstrapperApplicationData.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (639), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{65096706-3665-413A-A3D6-FEF50A7ACF69}\.ba\license.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{65096706-3665-413A-A3D6-FEF50A7ACF69}\.ba\logo.png
|
PC bitmap, Windows 3.x format, 64 x 64 x 24, image size 12290, resolution 2834 x 2834 px/m, cbSize 12344, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{65096706-3665-413A-A3D6-FEF50A7ACF69}\.ba\thm.wxl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{65096706-3665-413A-A3D6-FEF50A7ACF69}\.ba\thm.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{65096706-3665-413A-A3D6-FEF50A7ACF69}\.ba\wixstdba.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{7237ACD7-6703-4D28-844D-D93F0C6C709E}\.cr\TlsPatcher-1.1.1.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\66c66c.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: LevelUp TLS Patcher v1.1.1, Author: LevelUp, Keywords: Installer, Comments: This installer database contains
the logic and data required to install LevelUp TLS Patcher v1.1.1., Template: x64;1033, Revision Number: {64FB791B-0D06-4040-84F4-E3B4AFF5A845},
Create Time/Date: Wed May 13 21:18:44 2020, Last Saved Time/Date: Wed May 13 21:18:44 2020, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSIC7C4.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSIC852.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{114CA666-974E-4CC7-BE0E-45C1F713825B}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF050ED0814432636B.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF0DE71B30CB93E5C5.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFB3B1F03575E1DC17.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFB8C932A903BBF963.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DFBB69BE51854C45C4.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
There are 12 hidden files, click here to show them.