Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
TlsPatcher-1.1.1.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
initial sample
|
||
|
C:\Config.Msi\6d73a9.rbs
|
data
|
modified
|
||
|
C:\ProgramData\Package Cache\{fe0fc20b-fc4f-4233-98e4-e30940c5703c}\LevelUp.Integrations.TlsPatcher.Bootstrapper.exe (copy)
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\ProgramData\Package Cache\{fe0fc20b-fc4f-4233-98e4-e30940c5703c}\state.rsm
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\TLS_Patcher_v1.1.1_20241030012147.log
|
ASCII text, with very long lines (369), with CRLF line terminators
|
modified
|
||
|
C:\Users\user\AppData\Local\Temp\{F1724056-37B1-4B0D-BC4A-FDF68DC088E5}\.ba\BootstrapperApplicationData.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with very long lines (639), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F1724056-37B1-4B0D-BC4A-FDF68DC088E5}\.ba\license.rtf
|
Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F1724056-37B1-4B0D-BC4A-FDF68DC088E5}\.ba\logo.png
|
PC bitmap, Windows 3.x format, 64 x 64 x 24, image size 12290, resolution 2834 x 2834 px/m, cbSize 12344, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F1724056-37B1-4B0D-BC4A-FDF68DC088E5}\.ba\thm.wxl
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F1724056-37B1-4B0D-BC4A-FDF68DC088E5}\.ba\thm.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F1724056-37B1-4B0D-BC4A-FDF68DC088E5}\.ba\wixstdba.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\{F1724056-37B1-4B0D-BC4A-FDF68DC088E5}\.be\LevelUp.Integrations.TlsPatcher.Bootstrapper.exe
|
PE32 executable (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\6d73a7.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: LevelUp TLS Patcher v1.1.1, Author: LevelUp, Keywords: Installer, Comments: This installer database contains
the logic and data required to install LevelUp TLS Patcher v1.1.1., Template: x64;1033, Revision Number: {64FB791B-0D06-4040-84F4-E3B4AFF5A845},
Create Time/Date: Wed May 13 21:18:44 2020, Last Saved Time/Date: Wed May 13 21:18:44 2020, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.11.0.1701), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSI74D0.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Windows\Installer\MSI758C.tmp
|
data
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF242310B318C3C5B5.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF27F84C821E7418BB.TMP
|
data
|
dropped
|
There are 8 hidden files, click here to show them.