IOC Report
FreeFileSync_12.5_Windows_Setup.exe

C:\Program Files\FreeFileSync\Install.dat (copy)

data

dropped

C:\Program Files\FreeFileSync\Install.dat.1dfe.tmp

data

dropped

C:\Program Files\FreeFileSync\Install.dat.88e3.tmp

data

dropped

C:\Program Files\FreeFileSync\License.txt (copy)

ASCII text, with CRLF line terminators

dropped

C:\Program Files\FreeFileSync\RealTimeSync.exe (copy)

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files\FreeFileSync\Resources\Animal.dat

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, comment: "", progressive, precision 8, 640x338, components 3

dropped

C:\Program Files\FreeFileSync\Resources\Icons.zip (copy)

Zip archive data, at least v2.0 to extract, compression method=deflate

dropped

C:\Program Files\FreeFileSync\Resources\Languages.zip (copy)

Zip archive data, at least v2.0 to extract, compression method=deflate

dropped

C:\Program Files\FreeFileSync\Resources\bell.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\bell2.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\cacert.pem (copy)

Unicode text, UTF-8 text

dropped

C:\Program Files\FreeFileSync\Resources\ding.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\fail.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\fail2.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 24000 Hz

dropped

C:\Program Files\FreeFileSync\Resources\gong.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\harp.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-1OFO0.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-91RG2.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 24000 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-EVQBS.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-GE6FV.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-GQ4OL.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-JFKPM.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 24000 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-MRQNC.tmp

Zip archive data, at least v2.0 to extract, compression method=deflate

dropped

C:\Program Files\FreeFileSync\Resources\is-NVRQ9.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-SOD14.tmp

Zip archive data, at least v2.0 to extract, compression method=deflate

dropped

C:\Program Files\FreeFileSync\Resources\is-TLOPS.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-TU1LO.tmp

Unicode text, UTF-8 text

dropped

C:\Program Files\FreeFileSync\Resources\is-VG36L.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\is-VNSPP.tmp

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\notify.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\notify2.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz

dropped

C:\Program Files\FreeFileSync\Resources\remind.wav (copy)

RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 24000 Hz

dropped

C:\Program Files\FreeFileSync\Uninstall\is-0H8IG.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files\FreeFileSync\Uninstall\unins000.dat

InnoSetup Log \001\342\200\214F\342\200\214r\342\200\214e\342\200\214e\342\200\214F\342\200\214i\342\200\214l\342\200\214e\342\200\214S\342\200\214y\342\200\214n\342\200\214c, version 0x418, 57633 bytes, 899552\37\user\3, C:\Program Files\FreeFileSync\376\377\377\

dropped

C:\Program Files\FreeFileSync\Uninstall\unins000.exe (copy)

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files\FreeFileSync\Uninstall\unins000.msg

InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation

dropped

C:\Program Files\FreeFileSync\User Manual.pdf (copy)

PDF document, version 1.4, 0 pages

dropped

C:\Program Files\FreeFileSync\is-2FTJM.tmp

Unicode text, UTF-8 text, with CRLF, LF line terminators

dropped

C:\Program Files\FreeFileSync\is-402ER.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files\FreeFileSync\is-AETUR.tmp

PDF document, version 1.4, 0 pages

dropped

C:\Program Files\FreeFileSync\is-PJRGV.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Program Files\FreeFileSync\is-RACKB.tmp

ASCII text, with CRLF line terminators

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Sat Sep 9 01:54:50 2023, mtime=Sat Sep 9 01:54:55 2023, atime=Fri Jul 21 12:24:38 2023, length=694024, window=hide

dropped

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Sat Sep 9 01:54:50 2023, mtime=Sat Sep 9 01:54:55 2023, atime=Fri Jul 21 12:24:30 2023, length=409864, window=hide

dropped

C:\Users\Public\Desktop\FreeFileSync.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Sat Sep 9 01:54:50 2023, mtime=Sat Sep 9 01:54:50 2023, atime=Fri Jul 21 12:24:38 2023, length=694024, window=hide

dropped

C:\Users\Public\Desktop\RealTimeSync.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Sat Sep 9 01:54:50 2023, mtime=Sat Sep 9 01:54:50 2023, atime=Fri Jul 21 12:24:30 2023, length=409864, window=hide

dropped

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

data

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1fol5mco.mbo.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5wn1btdb.q5o.ps1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aoqbcddj.e4a.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xzzu3wte.ku3.psm1

ASCII text, with no line terminators

dropped

C:\Users\user\AppData\Local\Temp\is-21LIO.tmp\FreeFileSync.exe

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-21LIO.tmp\_isetup\_setup64.tmp

PE32+ executable (console) x86-64, for MS Windows

dropped

C:\Users\user\AppData\Local\Temp\is-21LIO.tmp\img_8.bmp

PC bitmap, Windows 3.x format, 640 x 338 x 24, resolution 2835 x 2835 px/m, cbSize 649014, bits offset 54

dropped

C:\Users\user\AppData\Local\Temp\is-21LIO.tmp\img_8.jpg

JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, comment: "", progressive, precision 8, 640x338, components 3

dropped

C:\Users\user\AppData\Local\Temp\is-K4S5Q.tmp\FreeFileSync_12.5_Windows_Setup.tmp

PE32 executable (GUI) Intel 80386, for MS Windows

dropped

C:\Users\user\AppData\Roaming\FreeFileSync\Logs\2023-09-09 063955.149.html

HTML document, Unicode text, UTF-8 text

modified

C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\FreeFileSync.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Sat Sep 9 01:54:50 2023, mtime=Sat Sep 9 01:54:55 2023, atime=Fri Jul 21 12:24:38 2023, length=694024, window=hide

dropped

C:\Users\user\Desktop\ZGGKNSUKOP\sync.ffs_db (copy)

data

dropped

C:\Users\user\Desktop\ZGGKNSUKOP\sync.ffs_db.fe2f.ffs_tmp

data

dropped

C:\Users\user\Desktop\ZGGKNSUKOP\sync.ffs_lock

data

dropped

C:\Users\user\Documents\KLIZUSIQEN\sync.ffs_db (copy)

data

dropped

C:\Users\user\Documents\KLIZUSIQEN\sync.ffs_db.6e3f.ffs_tmp

data

dropped

C:\Users\user\Documents\KLIZUSIQEN\sync.ffs_lock

data

dropped