Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip

Overview

General Information

Sample name:MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip
Analysis ID:1583316
MD5:040e4e96b3c71169e5706b579862bb8c
SHA1:f9da50db010b8704a5246d42d2cd1e898a244b3f
SHA256:03691405dc49eed57372ef1877d246c3464453aa26ed49966cae495bb5fb95dd
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Loading BitLocker PowerShell Module
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Adds / modifies Windows certificates
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 2740 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • FreeFileSync_13.9_Windows_Setup.exe (PID: 3564 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" MD5: 954CEE0E02BAC777F4DB7A05EE8BDA65)
    • FreeFileSync_13.9_Windows_Setup.tmp (PID: 2748 cmdline: "C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$80024,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" MD5: AFC70B74FF6456A1DB47AA6A5480A389)
      • FreeFileSync_13.9_Windows_Setup.exe (PID: 6468 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024 MD5: 954CEE0E02BAC777F4DB7A05EE8BDA65)
        • FreeFileSync_13.9_Windows_Setup.tmp (PID: 6504 cmdline: "C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$7036C,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024 MD5: AFC70B74FF6456A1DB47AA6A5480A389)
          • FreeFileSync.exe (PID: 3024 cmdline: "C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe" ffs_setup_convert_jpg_to_bmp "C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\img_47.jpg" MD5: DD8779C4A9D2F47F3C9279F6F7786E69)
          • powershell.exe (PID: 5868 cmdline: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
            • conhost.exe (PID: 3992 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • WmiPrvSE.exe (PID: 980 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
          • FreeFileSync.exe (PID: 5996 cmdline: "C:\Program Files\FreeFileSync\FreeFileSync.exe" ffs_setup_finalize MD5: DD8779C4A9D2F47F3C9279F6F7786E69)
            • FreeFileSync_x64.exe (PID: 5508 cmdline: "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe" ffs_setup_finalize MD5: 9C31F370631A40917DF397F40C0772DB)
  • FreeFileSync.exe (PID: 4780 cmdline: "C:\Program Files\FreeFileSync\FreeFileSync.exe" MD5: DD8779C4A9D2F47F3C9279F6F7786E69)
    • FreeFileSync_x64.exe (PID: 5768 cmdline: "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe" MD5: 9C31F370631A40917DF397F40C0772DB)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", CommandLine: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", CommandLine|base64offset|contains: )f, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$7036C,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024 , ParentImage: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp, ParentProcessId: 6504, ParentProcessName: FreeFileSync_13.9_Windows_Setup.tmp, ProcessCommandLine: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", ProcessId: 5868, ProcessName: powershell.exe
Sigma detected: Powershell Defender Exclusion
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", CommandLine: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", CommandLine|base64offset|contains: )f, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$7036C,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024 , ParentImage: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp, ParentProcessId: 6504, ParentProcessName: FreeFileSync_13.9_Windows_Setup.tmp, ProcessCommandLine: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", ProcessId: 5868, ProcessName: powershell.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", CommandLine: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", CommandLine|base64offset|contains: )f, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$7036C,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024 , ParentImage: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp, ParentProcessId: 6504, ParentProcessName: FreeFileSync_13.9_Windows_Setup.tmp, ProcessCommandLine: "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'", ProcessId: 5868, ProcessName: powershell.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-01-02T13:24:07.106671+010020283713Unknown Traffic192.168.2.1649709104.21.2.160443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_432cba77-2
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSyncJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\UninstallJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Uninstall\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Uninstall\is-NGOJS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-0RARI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-9EHB8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-UNI7V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-F80UQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-5Q5L9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\ResourcesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-E0CQP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-4M70H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-V71GJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-G9413.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-61EKV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-8A1UJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-7E1DU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-O61MR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-OMPGL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-IR8JU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-9FKFJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-TUPI7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-QPBOH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\BinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Bin\is-19AM9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Bin\is-NN12B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Bin\is-SG3IV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Bin\is-6GLBB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Uninstall\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\Animal.datJump to behavior
Source: unknownHTTPS traffic detected: 104.21.2.160:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.2.160:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\RealTimeSync.pdb source: is-F80UQ.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\FreeFileSync.pdbB source: FreeFileSync.exe, 0000000F.00000000.1422622164.0000000000866000.00000002.00000001.01000000.0000000A.sdmp, FreeFileSync.exe, 00000012.00000000.1542565037.0000000000452000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -arch:IA32 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: is-19AM9.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\Bin\FreeFileSync_x64.pdb source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\RealTimeSync.pdb< source: is-F80UQ.tmp.14.dr
Source: Binary string: ..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\v3_purp.csetup_dpossl_x509v3_cache_extensionsALLRANDCIPHERSDIGESTSPKEYPKEY_CRYPTOPKEY_ASN1ENGINE_set_default_string..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\engine\eng_fat.cstr=%s..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x509_cmp.cossl_x509_add_cert_newX509_add_certX509_add_certs-fipsX509_check_private_keyossl_x509_check_private_key0123456789ABCDEFcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -arch:IA32 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.0 22 Oct 20243.4.0built on: Thu Oct 24 07:45:30 2024 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Data\Projects\OpenSSL\Build\msvc_v143_win32_release\lib\engines-3"MODULESDIR: "C:\Data\Projects\OpenSSL\Build\msvc_v143_win32_release\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot available..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x_all.cSHA512SHAKE256SHA256X509_CRL_digest..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\pem\pem_info.cPEM_X509_INFO_read_bio_exX509 CERTIFICATETRUSTED CERTIFICATE source: is-19AM9.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\Bin\RealTimeSync_x64.pdb source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\engine\tb_rand.c..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x509_obj.cNO X509_NAMEX509_NAME_onelinecompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";os-specificCPUINFO: ..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\asn1\a_d2i_fp.casn1_d2i_read_biotimed out source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\FreeFileSync.pdb source: FreeFileSync.exe, 0000000F.00000000.1422622164.0000000000866000.00000002.00000001.01000000.0000000A.sdmp, FreeFileSync.exe, 00000012.00000000.1542565037.0000000000452000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: ..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\v3_purp.csetup_dpossl_x509v3_cache_extensionsALLRANDCIPHERSDIGESTSPKEYPKEY_CRYPTOPKEY_ASN1ENGINE_set_default_string..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\engine\eng_fat.cstr=%s..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x509_cmp.cossl_x509_add_cert_newX509_add_certX509_add_certs-fipsX509_check_private_keyossl_x509_check_private_key0123456789ABCDEFcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.0 22 Oct 20243.4.0built on: Thu Oct 24 07:45:18 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Data\Projects\OpenSSL\Build\msvc_v143_x64_release\lib\engines-3"MODULESDIR: "C:\Data\Projects\OpenSSL\Build\msvc_v143_x64_release\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot available..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x_all.cSHA512SHAKE256SHA256X509_CRL_digest..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\pem\pem_info.cPEM_X509_INFO_read_bio_exX509 CERTIFICATETRUSTED CERTIFICATE source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr
Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49709 -> 104.21.2.160:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: api.freefilesync.org
Source: unknownHTTP traffic detected: POST /new_installation HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencoded; Charset=UTF-8Accept: */*User-Agent: FFS-InstallerContent-Length: 180Host: api.freefilesync.org
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: http://127.0.0.1:
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: http://127.0.0.1:GETacceptHTTP/1.0
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1586350336.0000020E67960000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1570207827.0000020E67BD2000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://ccsca2021.crl.certum.pl/ccsca2021.crl0s
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1586350336.0000020E67960000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1570207827.0000020E67BD2000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://ccsca2021.ocsp-certum.com05
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C13000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://crl.certum.pl/ctnca2.crl0l
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1587344038.0000020E67A07000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://crl.certum.pl/ctsca2021.crl0o
Source: FreeFileSync_x64.exe, 00000017.00000002.2447281041.000001BE6817D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429409422.0000000001013000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635636229.0000000005F99000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429712476.000000000102F000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1511341815.0000000001025000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429305752.0000000001047000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1646369437.0000000005FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fsf.org/
Source: FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.cert
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1586350336.0000020E67960000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1570207827.0000020E67BD2000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://repository.certum.pl/ccsca2021.cer0
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64FEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnc
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64FEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.certum.pl/ctnc2.cer09
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C13000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://repository.certum.pl/ctnca2.cer09
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1587344038.0000020E67A07000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://repository.certum.pl/ctsca2021.cer0A
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://subca.ocsp-certum.com01
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C13000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://subca.ocsp-certum.com02
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1587344038.0000020E67A07000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://subca.ocsp-certum.com05
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64FEF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ww.cert
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676FE000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C13000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: http://www.certum.pl/CPS0
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.0000000002753000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1638117997.0000000003D32000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dk-soft.org/
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr, is-19AM9.tmp.14.drString found in binary or memory: http://www.wxwidgets.org
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1668531360.0000000002F46000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.0000000002856000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://FreeFileSync.org
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1668531360.0000000002F5C000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.000000000286C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://FreeFileSync.org/manual.php)
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1655652651.0000000002E7C000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://FreeFileSync.org/manual.php1
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://FreeFileSync.orgFhttps://FreeFileSync.org/manual.php
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth?
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://accounts.google.com/o/oauth2/v2/auth?login_hintMESSAGE_PLACEHOLDERYou
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE652F5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2446502871.000001BE68004000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.freefilesync.org/
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://api.freefilesync.org/activate_installationvenosdusrmodzadf%231d34kjjfInstall.datosffsRequire
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://api.freefilesync.org/email_notifystatusokServer
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://api.freefilesync.org/latest_changes?
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://api.freefilesync.org/latest_changes?https://freefilesync.org/faq.php#donation-editionInvalid
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651E3000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2435439535.000001BE64D36000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2446502871.000001BE67FE7000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.freefilesync.org/latest_version
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.freefilesync.org/latest_version7
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://api.freefilesync.org/latest_versionUnexpected
Source: FreeFileSync_x64.exe, 00000017.00000002.2435439535.000001BE64D36000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.freefilesync.org/latest_versionnbwk
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.00000000027FB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1644740164.000000000109F000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635701887.0000000001049000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635342417.000000000109C000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1644177837.000000000105B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.freefilesync.org/new_installation
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://curl.se/docs/alt-svc.html
Source: is-NN12B.tmp.14.drString found in binary or memory: https://curl.se/docs/hsts.html
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://drive.google.com/drive/folders/Item
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/activate-installation.php?
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/activate-installation.php?Failed
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/business.php?
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/business.php?Invalid
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.00000000027FB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636655629.0000000003AE6000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1638117997.0000000003D15000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65321000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/donate
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65321000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/donateDovk
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/donateSupport
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65321000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/donateglWj
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.00000000027FB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636148881.000000000102E000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1643974409.000000000102E000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636655629.0000000003AE6000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429409422.0000000001013000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635636229.0000000005F99000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429712476.000000000102F000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1511341815.0000000001025000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429305752.0000000001047000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1646369437.0000000005FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/faq.php#business
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.00000000027FB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636148881.000000000102E000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1643974409.000000000102E000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636655629.0000000003AE6000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429409422.0000000001013000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635636229.0000000005F99000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429712476.000000000102F000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1511341815.0000000001025000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429305752.0000000001047000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1646369437.0000000005FA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/faq.php#donation-edition
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65321000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/forum
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/forum1.Activate
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/get_latest.phpos_version64ffs_variantos_namedip_scaleffs_lang32os_archDonat
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/FreeFileSync.png
Source: is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/log/
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/log/Items
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/log/clock.png
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/log/email_short_txtemail_short_htmlsync_resultprocessed_itemsprocess
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/log/file.png
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/log/log.png
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/log/msg-error.png
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/images/log/msg-warning.png
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=comparison-settingsHandle
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=daylight-saving-time1
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=exclude-filesInclude:Local
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=expert-settingsA
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/manual.php?topic=expert-settingsAvmSnd.dllFailed
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=expert-settingsThe
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/manual.php?topic=expert-settingsfreefilesync.org
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=external-applicationsParent
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=freefilesync
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=ftp-setupAccess
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=performanceParallel
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://freefilesync.org/manual.php?topic=realtimesync&View
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=schedule-a-batch-job&CancelThe
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=synchronization-settingsDetect
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/manual.php?topic=versioningMove
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/thank-you.php?
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://freefilesync.org/thank-you.php?Invalid
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://github.com/keymanapp/keyman/issues/1723The
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/keymanapp/keyman/issues/1723keyman64.dllFailed
Source: FreeFileSync_13.9_Windows_Setup.exeString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429409422.0000000001013000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429305752.0000000001047000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.apache.org/licenses/
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1586350336.0000020E67960000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1587344038.0000020E67A07000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1570207827.0000020E67BD2000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drString found in binary or memory: https://www.certum.pl/CPS0
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://www.google.com/Multiple
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://www.googleapis.com/
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://www.googleapis.com//upload/drive/v3/files?googleapis.comInvalid
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://www.googleapis.com/auth/drive
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drString found in binary or memory: https://www.googleapis.com/auth/driveresponse_typecode_challengescopeUnexpected
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EC0B000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000000.1404285047.0000000000291000.00000020.00000001.01000000.00000007.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000000.1416063112.00000000007ED000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.innosetup.com/
Source: FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EC0B000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000000.1404285047.0000000000291000.00000020.00000001.01000000.00000007.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000000.1416063112.00000000007ED000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: https://www.remobjects.com/ps
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownHTTPS traffic detected: 104.21.2.160:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 104.21.2.160:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: FreeFileSync_13.9_Windows_Setup.tmp.9.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: FreeFileSync_13.9_Windows_Setup.tmp.13.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-NGOJS.tmp.14.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: FreeFileSync_13.9_Windows_Setup.tmp.13.drStatic PE information: Number of sections : 11 > 10
Source: FreeFileSync_13.9_Windows_Setup.tmp.9.drStatic PE information: Number of sections : 11 > 10
Source: is-NGOJS.tmp.14.drStatic PE information: Number of sections : 11 > 10
Source: is-NN12B.tmp.14.drBinary string: \\?\GLOBALROOT\Device\
Source: is-NN12B.tmp.14.drBinary string: \Device\
Source: is-NN12B.tmp.14.drBinary string: .tmpContract error: getFileInfoBuffered() called after close().CloseHandleCannot open file %x.Assertion failed: "fileSize.QuadPart >= 0"Contract error: close() called more than once.Invalid file name %x ends with a dot character.SetFileInformationByHandleC:\Data\Projects\zen\file_io.cppAssertion failed: "bytesRead <= bytesToRead"C:\Data\Projects\zen\serialize.h\\?\\\?\UNC\\\CompareStringOrdinal\\?\GLOBALROOT\Device\\\?\UNC\C:\Data\Projects\zen\file_path.cpp\\?\GLOBALROOT\Device\Unexpected return value: ] Error comparing strings:\??\UNC\\SystemRoot\\\?\Volume{SystemRoot\Device\
Source: classification engineClassification label: mal52.evad.winZIP@20/68@1/1
Source: is-9EHB8.tmp.14.drInitial sample: https://devblogs.microsoft.com/oldnewthing/?p=6563
Source: is-9EHB8.tmp.14.drInitial sample: https://freefilesync.org/manual.php?topic=schedule-batch-jobs
Source: is-9EHB8.tmp.14.drInitial sample: https://freefilesync.org/manual.php?topic=macros
Source: is-9EHB8.tmp.14.drInitial sample: https://freefilesync.org/manual.php?topic=command-line
Source: is-9EHB8.tmp.14.drInitial sample: https://freefilesync.org/manual.php?topic=expert-settings
Source: is-9EHB8.tmp.14.drInitial sample: https://winmerge.org/
Source: is-9EHB8.tmp.14.drInitial sample: https://freefilesync.org/manual.php?topic=ftp-setup
Source: is-9EHB8.tmp.14.drInitial sample: https://freefilesync.org/tutorials.php
Source: is-9EHB8.tmp.14.drInitial sample: https://www.codeproject.com/Articles/1144/Beating-the-Daylight-Savings-Time-bug-and-getting
Source: is-9EHB8.tmp.14.drInitial sample: https://www.codeproject.com/articles/1144/beating-the-daylight-savings-time-bug-and-getting
Source: is-9EHB8.tmp.14.drInitial sample: https://freefilesync.org/manual.php?topic=variable-drive-letters
Source: is-9EHB8.tmp.14.drInitial sample: https://freefilesync.org/manual.php?topic=comparison-settings
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSyncJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Users\Public\Desktop\FreeFileSync.lnkJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3992:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeFile created: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: FreeFileSync_13.9_Windows_Setup.exeString found in binary or memory: /LOADINF="filename"
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeFile read: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp "C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$80024,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe"
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess created: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe "C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp "C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$7036C,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe "C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe" ffs_setup_convert_jpg_to_bmp "C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\img_47.jpg"
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'"
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess created: C:\Program Files\FreeFileSync\FreeFileSync.exe "C:\Program Files\FreeFileSync\FreeFileSync.exe" ffs_setup_finalize
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeProcess created: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe" ffs_setup_finalize
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: unknownProcess created: C:\Program Files\FreeFileSync\FreeFileSync.exe "C:\Program Files\FreeFileSync\FreeFileSync.exe"
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeProcess created: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe"
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp "C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$80024,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp "C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$7036C,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess created: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe "C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe" ffs_setup_convert_jpg_to_bmp "C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\img_47.jpg"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess created: C:\Program Files\FreeFileSync\FreeFileSync.exe "C:\Program Files\FreeFileSync\FreeFileSync.exe" ffs_setup_finalizeJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeProcess created: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe" ffs_setup_finalizeJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeProcess created: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: slc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: msftedit.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: windows.globalization.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: bcp47mrm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: globinputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: windows.ui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: inputhost.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: winhttpcom.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: webio.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: mpr.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: msimg32.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: oleacc.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: uxtheme.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: mpr.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: propsys.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: version.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: msimg32.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: msasn1.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: windows.storage.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: wldp.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: iphlpapi.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: windowscodecs.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: profapi.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: linkinfo.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: cryptsp.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: rsaenh.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: cryptbase.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: msisip.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: wshext.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: appxsip.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: opcservices.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: esdsip.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: gpapi.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: textshaping.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: thumbcache.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: policymanager.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: dataexchange.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: d3d11.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: dcomp.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: dxgi.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: textinputframework.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: coremessaging.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: ntmarta.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: wintypes.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: wintypes.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: wintypes.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: wininet.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: iertutil.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: sspicli.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: winhttp.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: mswsock.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: winnsi.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: urlmon.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: srvcli.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: netutils.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: dnsapi.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: rasadhlp.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: schannel.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: ntasn1.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: dpapi.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: ncrypt.dll
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeSection loaded: ncryptsslp.dll
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: FreeFileSync.lnk.14.drLNK file: ..\..\..\Program Files\FreeFileSync\FreeFileSync.exe
Source: RealTimeSync.lnk.14.drLNK file: ..\..\..\Program Files\FreeFileSync\RealTimeSync.exe
Source: FreeFileSync.lnk0.14.drLNK file: ..\..\..\..\..\Program Files\FreeFileSync\FreeFileSync.exe
Source: RealTimeSync.lnk0.14.drLNK file: ..\..\..\..\..\Program Files\FreeFileSync\RealTimeSync.exe
Source: FreeFileSync.lnk1.14.drLNK file: ..\..\..\..\..\..\..\Program Files\FreeFileSync\FreeFileSync.exe
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpWindow found: window name: TMainFormJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile opened: C:\Windows\SysWOW64\MSFTEDIT.DLLJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeWindow detected: Number of UI elements: 52
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSyncJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\UninstallJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Uninstall\unins000.datJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Uninstall\is-NGOJS.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-0RARI.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-9EHB8.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-UNI7V.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-F80UQ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\is-5Q5L9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\ResourcesJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-E0CQP.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-4M70H.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-V71GJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-G9413.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-61EKV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-8A1UJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-7E1DU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-O61MR.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-OMPGL.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-IR8JU.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-9FKFJ.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-TUPI7.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\is-QPBOH.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\BinJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Bin\is-19AM9.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Bin\is-NN12B.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Bin\is-SG3IV.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Bin\is-6GLBB.tmpJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Uninstall\unins000.msgJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDirectory created: C:\Program Files\FreeFileSync\Resources\Animal.datJump to behavior
Source: MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zipStatic file information: File size 20159091 > 1048576
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\RealTimeSync.pdb source: is-F80UQ.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\FreeFileSync.pdbB source: FreeFileSync.exe, 0000000F.00000000.1422622164.0000000000866000.00000002.00000001.01000000.0000000A.sdmp, FreeFileSync.exe, 00000012.00000000.1542565037.0000000000452000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -arch:IA32 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: is-19AM9.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\Bin\FreeFileSync_x64.pdb source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\RealTimeSync.pdb< source: is-F80UQ.tmp.14.dr
Source: Binary string: ..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\v3_purp.csetup_dpossl_x509v3_cache_extensionsALLRANDCIPHERSDIGESTSPKEYPKEY_CRYPTOPKEY_ASN1ENGINE_set_default_string..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\engine\eng_fat.cstr=%s..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x509_cmp.cossl_x509_add_cert_newX509_add_certX509_add_certs-fipsX509_check_private_keyossl_x509_check_private_key0123456789ABCDEFcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -arch:IA32 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.0 22 Oct 20243.4.0built on: Thu Oct 24 07:45:30 2024 UTCplatform: VC-WIN32OPENSSLDIR: "C:\Program Files (x86)\Common Files\SSL"ENGINESDIR: "C:\Data\Projects\OpenSSL\Build\msvc_v143_win32_release\lib\engines-3"MODULESDIR: "C:\Data\Projects\OpenSSL\Build\msvc_v143_win32_release\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot available..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x_all.cSHA512SHAKE256SHA256X509_CRL_digest..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\pem\pem_info.cPEM_X509_INFO_read_bio_exX509 CERTIFICATETRUSTED CERTIFICATE source: is-19AM9.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\Bin\RealTimeSync_x64.pdb source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp
Source: Binary string: ..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\engine\tb_rand.c..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x509_obj.cNO X509_NAMEX509_NAME_onelinecompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";os-specificCPUINFO: ..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\asn1\a_d2i_fp.casn1_d2i_read_biotimed out source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr
Source: Binary string: C:\Data\Projects\FreeFileSync\Build\FreeFileSync.pdb source: FreeFileSync.exe, 0000000F.00000000.1422622164.0000000000866000.00000002.00000001.01000000.0000000A.sdmp, FreeFileSync.exe, 00000012.00000000.1542565037.0000000000452000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: ..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\v3_purp.csetup_dpossl_x509v3_cache_extensionsALLRANDCIPHERSDIGESTSPKEYPKEY_CRYPTOPKEY_ASN1ENGINE_set_default_string..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\engine\eng_fat.cstr=%s..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x509_cmp.cossl_x509_add_cert_newX509_add_certX509_add_certs-fipsX509_check_private_keyossl_x509_check_private_key0123456789ABCDEFcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.4.0 22 Oct 20243.4.0built on: Thu Oct 24 07:45:18 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Data\Projects\OpenSSL\Build\msvc_v143_x64_release\lib\engines-3"MODULESDIR: "C:\Data\Projects\OpenSSL\Build\msvc_v143_x64_release\lib\ossl-modules"CPUINFO: N/AOSSL_WINCTX: Undefinednot available..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\x509\x_all.cSHA512SHAKE256SHA256X509_CRL_digest..\..\..\..\..\..\Data\Projects\OpenSSL\Source\crypto\pem\pem_info.cPEM_X509_INFO_read_bio_exX509 CERTIFICATETRUSTED CERTIFICATE source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr
Source: FreeFileSync_13.9_Windows_Setup.tmp.9.drStatic PE information: section name: .didata
Source: FreeFileSync_13.9_Windows_Setup.tmp.13.drStatic PE information: section name: .didata
Source: is-NGOJS.tmp.14.drStatic PE information: section name: .didata
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\is-F80UQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Bin\FreeFileSync_Win32.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Uninstall\unins000.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exeJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Bin\RealTimeSync_x64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\is-UNI7V.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Uninstall\is-NGOJS.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Bin\is-SG3IV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Bin\is-6GLBB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeFile created: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Bin\is-19AM9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Bin\is-NN12B.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\RealTimeSync.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeFile created: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\Bin\RealTimeSync_Win32.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Program Files\FreeFileSync\FreeFileSync.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnkJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnkJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Loading BitLocker PowerShell Module
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drBinary or memory string: IN ORDER TO AVOID CRASHING, EITHER UNINSTALL "NVIDIA NVIEW DESKTOP MANAGER" VERSION 148.47, OR UPDATE YOUR NVIDIA GRAPHICS CARD DRIVERS TO A NEWER VERSION.) WAS FOUND ON YOUR SYSTEM AND APPARENTLY CAUSED FREEFILESYNC TO CRASH.FAILED TO GET CRASH INFO FOR "VSFILEHANDLER_64.DLL": ASWHOOK.DLLVSFILEHANDLER_64.DLL
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: IN ORDER TO AVOID CRASHING, EITHER UNINSTALL "VISUAL STUDIO 2022 PREVIEW", OR UPDATE TO A NEWER VERSION.WINMM.DLLASWHOOK.DLLTHE AVAST VIRUS SCANNER WAS FOUND ON YOUR SYSTEM (%X) AND APPARENTLY CAUSED FREEFILESYNC TO CRASH DURING SOUND PLAYBACK.
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 3. SEND THE LINKFAILED TO GET FILE INFO FOR "ASWHOOK.DLL": A CRASH DUMP FILE WAS WRITTEN:
Source: FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drBinary or memory string: IN ORDER TO AVOID CRASHING, EITHER UNINSTALL "VISUAL STUDIO 2022 PREVIEW", OR UPDATE TO A NEWER VERSION.THE AVAST VIRUS SCANNER WAS FOUND ON YOUR SYSTEM (%X) AND APPARENTLY CAUSED FREEFILESYNC TO CRASH DURING SOUND PLAYBACK.FAILED TO GET FILE INFO FOR "ASWHOOK.DLL": WINMM.DLL
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4207Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5591Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Program Files\FreeFileSync\Bin\FreeFileSync_Win32.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Program Files\FreeFileSync\is-F80UQ.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Program Files\FreeFileSync\Bin\RealTimeSync_x64.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Program Files\FreeFileSync\Bin\is-SG3IV.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Program Files\FreeFileSync\Bin\is-6GLBB.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Program Files\FreeFileSync\Bin\is-19AM9.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Program Files\FreeFileSync\RealTimeSync.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Program Files\FreeFileSync\Bin\RealTimeSync_Win32.exe (copy)Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\_isetup\_setup64.tmpJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp TID: 6180Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1472Thread sleep time: -1844674407370954s >= -30000sJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: FreeFileSync_13.9_Windows_Setup.exeBinary or memory string: 7xwVMcI
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1645797246.0000000005F60000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2446502871.000001BE67FE7000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2447281041.000001BE6816C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635701887.000000000106E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(9
Source: FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000002.1662463563.000000000126D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
Source: FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65036000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE65035000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:um
Source: FreeFileSync_x64.exe, 00000017.00000002.2430102962.000001BE62D26000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
Source: FreeFileSync_x64.exe, 00000013.00000002.1581905189.0000020E6559F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeProcess token adjusted: DebugJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeProcess created: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe" ffs_setup_finalizeJump to behavior
Source: C:\Program Files\FreeFileSync\FreeFileSync.exeProcess created: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe" Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp "c:\users\user\appdata\local\temp\is-90tt2.tmp\freefilesync_13.9_windows_setup.tmp" /sl5="$7036c,19508176,913920,c:\users\user\appdata\local\temp\temp1_mde_file_sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\freefilesync_13.9_windows_setup.exe" /spawnwnd=$302a8 /notifywnd=$80024
Source: C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp "c:\users\user\appdata\local\temp\is-90tt2.tmp\freefilesync_13.9_windows_setup.tmp" /sl5="$7036c,19508176,913920,c:\users\user\appdata\local\temp\temp1_mde_file_sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\freefilesync_13.9_windows_setup.exe" /spawnwnd=$302a8 /notifywnd=$80024 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmpQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exeQueries volume information: C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\img_47.jpg VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Management.Infrastructure\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.3031.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeQueries volume information: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe VolumeInformationJump to behavior
Source: C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E BlobJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Spearphishing Link		12
Command and Scripting Interpreter		1
Registry Run Keys / Startup Folder		11
Process Injection		3
Masquerading		OS Credential Dumping111
Security Software Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Disable or Modify Tools		LSASS Memory1
Process Discovery		Remote Desktop ProtocolData from Removable Media2
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		31
Virtualization/Sandbox Evasion		Security Account Manager31
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Rundll32		LSA Secrets2
System Owner/User Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync22
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583316 Sample: MDE_File_Sample_017466bb6ff... Startdate: 02/01/2025 Architecture: WINDOWS Score: 52 56 api.freefilesync.org 2->56 60 Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet 2->60 11 FreeFileSync_13.9_Windows_Setup.exe 2 2->11         started        14 FreeFileSync.exe 2->14         started        16 rundll32.exe 2->16         started        signatures3 process4 file5 54 C:\...\FreeFileSync_13.9_Windows_Setup.tmp, PE32 11->54 dropped 18 FreeFileSync_13.9_Windows_Setup.tmp 1 11->18         started        20 FreeFileSync_x64.exe 14->20         started        process6 process7 22 FreeFileSync_13.9_Windows_Setup.exe 2 18->22         started        file8 44 C:\...\FreeFileSync_13.9_Windows_Setup.tmp, PE32 22->44 dropped 25 FreeFileSync_13.9_Windows_Setup.tmp 50 41 22->25         started        process9 dnsIp10 58 api.freefilesync.org 104.21.2.160, 443, 49709, 49711 CLOUDFLARENETUS United States 25->58 46 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 25->46 dropped 48 C:\Users\user\AppData\...\FreeFileSync.exe, PE32 25->48 dropped 50 C:\Program Files\FreeFileSync\is-UNI7V.tmp, PE32 25->50 dropped 52 13 other files (none is malicious) 25->52 dropped 64 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 25->64 30 powershell.exe 23 25->30         started        33 FreeFileSync.exe 25->33         started        35 FreeFileSync.exe 1 25->35         started        file11 signatures12 process13 signatures14 66 Loading BitLocker PowerShell Module 30->66 37 conhost.exe 30->37         started        39 WmiPrvSE.exe 30->39         started        41 FreeFileSync_x64.exe 6 33->41         started        process15 signatures16 62 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 41->62

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files\FreeFileSync\Bin\FreeFileSync_Win32.exe (copy)0%ReversingLabs
C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe (copy)0%ReversingLabs
C:\Program Files\FreeFileSync\Bin\RealTimeSync_Win32.exe (copy)0%ReversingLabs
C:\Program Files\FreeFileSync\Bin\RealTimeSync_x64.exe (copy)0%ReversingLabs
C:\Program Files\FreeFileSync\Bin\is-19AM9.tmp0%ReversingLabs
C:\Program Files\FreeFileSync\Bin\is-6GLBB.tmp0%ReversingLabs
C:\Program Files\FreeFileSync\Bin\is-NN12B.tmp0%ReversingLabs
C:\Program Files\FreeFileSync\Bin\is-SG3IV.tmp0%ReversingLabs
C:\Program Files\FreeFileSync\FreeFileSync.exe (copy)0%ReversingLabs
C:\Program Files\FreeFileSync\RealTimeSync.exe (copy)0%ReversingLabs
C:\Program Files\FreeFileSync\Uninstall\is-NGOJS.tmp0%ReversingLabs
C:\Program Files\FreeFileSync\Uninstall\unins000.exe (copy)0%ReversingLabs
C:\Program Files\FreeFileSync\is-F80UQ.tmp0%ReversingLabs
C:\Program Files\FreeFileSync\is-UNI7V.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\_isetup\_setup64.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp0%ReversingLabs
C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://127.0.0.1:GETacceptHTTP/1.00%Avira URL Cloudsafe
https://api.freefilesync.org/latest_versionnbwk0%Avira URL Cloudsafe
https://api.freefilesync.org/latest_version70%Avira URL Cloudsafe
http://repository.cert0%Avira URL Cloudsafe
https://api.freefilesync.org/0%Avira URL Cloudsafe
https://api.freefilesync.org/latest_changes?https://freefilesync.org/faq.php#donation-editionInvalid0%Avira URL Cloudsafe
http://www.wxwidgets.org0%Avira URL Cloudsafe
https://api.freefilesync.org/email_notifystatusokServer0%Avira URL Cloudsafe
https://api.freefilesync.org/latest_version0%Avira URL Cloudsafe
https://api.freefilesync.org/activate_installationvenosdusrmodzadf%231d34kjjfInstall.datosffsRequire0%Avira URL Cloudsafe
https://api.freefilesync.org/latest_changes?0%Avira URL Cloudsafe
https://api.freefilesync.org/new_installation0%Avira URL Cloudsafe
https://FreeFileSync.orgFhttps://FreeFileSync.org/manual.php0%Avira URL Cloudsafe
http://ww.cert0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
api.freefilesync.org
104.21.2.160
truefalse
    		unknown

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://api.freefilesync.org/latest_versionfalse
    • Avira URL Cloud: safe
    		unknown
    https://api.freefilesync.org/new_installationfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://freefilesync.org/manual.php?topic=ftp-setupAccessFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
      		high
      https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUFreeFileSync_13.9_Windows_Setup.exefalse
        		high
        http://repository.certum.pl/ctsca2021.cer0AFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1587344038.0000020E67A07000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
          		high
          http://crl.certum.pl/ctsca2021.crl0oFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1587344038.0000020E67A07000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
            		high
            https://freefilesync.org/business.php?InvalidFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
              		high
              http://crl.microsoftFreeFileSync_x64.exe, 00000017.00000002.2447281041.000001BE6817D000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://drive.google.com/drive/folders/ItemFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                  		high
                  https://freefilesync.org/images/log/msg-warning.pngFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                    		high
                    http://ccsca2021.crl.certum.pl/ccsca2021.crl0sFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1586350336.0000020E67960000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1570207827.0000020E67BD2000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                      		high
                      https://api.freefilesync.org/latest_versionnbwkFreeFileSync_x64.exe, 00000017.00000002.2435439535.000001BE64D36000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://127.0.0.1:GETacceptHTTP/1.0FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://freefilesync.org/images/log/clock.pngFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                        		high
                        http://repository.certum.pl/ccsca2021.cer0FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1586350336.0000020E67960000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1570207827.0000020E67BD2000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                          		high
                          https://freefilesync.org/images/log/ItemsFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                            		high
                            https://api.freefilesync.org/FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE652F5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2446502871.000001BE68004000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://freefilesync.org/manual.php?topic=schedule-a-batch-job&CancelTheFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                              		high
                              https://curl.se/docs/hsts.htmlis-NN12B.tmp.14.drfalse
                                		high
                                https://github.com/keymanapp/keyman/issues/1723keyman64.dllFailedFreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.wxwidgets.orgFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.dr, is-19AM9.tmp.14.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://freefilesync.org/donateDovkFreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65321000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://freefilesync.org/manual.php?topic=realtimesync&ViewFreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      http://subca.ocsp-certum.com05FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1587344038.0000020E67A07000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                        		high
                                        https://www.remobjects.com/psFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EC0B000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000000.1404285047.0000000000291000.00000020.00000001.01000000.00000007.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000000.1416063112.00000000007ED000.00000020.00000001.01000000.00000009.sdmpfalse
                                          		high
                                          https://github.com/keymanapp/keyman/issues/1723TheFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                            		high
                                            http://subca.ocsp-certum.com02FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C13000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                              		high
                                              http://subca.ocsp-certum.com01FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                                		high
                                                https://www.innosetup.com/FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EC0B000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000000.1404285047.0000000000291000.00000020.00000001.01000000.00000007.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000000.1416063112.00000000007ED000.00000020.00000001.01000000.00000009.sdmpfalse
                                                  		high
                                                  http://crl.certum.pl/ctnca2.crl0lFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C13000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                                    		high
                                                    http://repository.certum.pl/ctnca2.cer09FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C13000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                                      		high
                                                      https://freefilesync.org/donateglWjFreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65321000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://ccsca2021.ocsp-certum.com05FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1586350336.0000020E67960000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1570207827.0000020E67BD2000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                                          		high
                                                          https://FreeFileSync.orgFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1668531360.0000000002F46000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.0000000002856000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://freefilesync.org/manual.php?topic=external-applicationsParentFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                              		high
                                                              http://repository.certFreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.certum.pl/CPS0FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676FE000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C13000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                                                		high
                                                                https://freefilesync.org/images/log/is-NN12B.tmp.14.drfalse
                                                                  		high
                                                                  https://freefilesync.org/manual.php?topic=freefilesyncFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                    		high
                                                                    https://api.freefilesync.org/latest_version7FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://freefilesync.org/images/log/file.pngFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                      		high
                                                                      https://freefilesync.org/donateFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.00000000027FB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636655629.0000000003AE6000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1638117997.0000000003D15000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65321000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://freefilesync.org/manual.php?topic=daylight-saving-time1FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                          		high
                                                                          https://api.freefilesync.org/latest_changes?https://freefilesync.org/faq.php#donation-editionInvalidFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://repository.certum.pl/ctnca.cer09FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                                                            		high
                                                                            https://api.freefilesync.org/email_notifystatusokServerFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://repository.certum.pl/ctncFreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64FEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://freefilesync.org/images/log/email_short_txtemail_short_htmlsync_resultprocessed_itemsprocessFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                		high
                                                                                http://crl.certum.pl/ctnca.crl0kFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                                                                  		high
                                                                                  https://freefilesync.org/forum1.ActivateFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                    		high
                                                                                    https://freefilesync.org/images/log/msg-error.pngFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                      		high
                                                                                      https://freefilesync.org/manual.php?topic=versioningMoveFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                        		high
                                                                                        https://www.apache.org/licenses/FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429409422.0000000001013000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429305752.0000000001047000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://FreeFileSync.org/manual.php)FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1668531360.0000000002F5C000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.000000000286C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://curl.se/docs/alt-svc.htmlFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                              		high
                                                                                              https://www.certum.pl/CPS0FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402000889.000000000350F000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1402595345.000000007EEFB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1642873728.0000000000CED000.00000004.00000010.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1625079404.0000000005540000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583132018.0000020E658B5000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67C03000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1586350336.0000020E67960000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1580889654.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1587344038.0000020E67A07000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000002.1583343232.0000020E676BF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1572796634.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1574148092.0000020E67A06000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000013.00000003.1570207827.0000020E67BD2000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE64FDF000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64F97000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE651CC000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_x64.exe, 00000017.00000003.1667830981.000001BE651A2000.00000004.00000020.00020000.00000000.sdmp, is-F80UQ.tmp.14.dr, is-NN12B.tmp.14.drfalse
                                                                                                		high
                                                                                                https://freefilesync.org/manual.php?topic=comparison-settingsHandleFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                  		high
                                                                                                  https://freefilesync.org/faq.php#donation-editionFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.00000000027FB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636148881.000000000102E000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1643974409.000000000102E000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636655629.0000000003AE6000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429409422.0000000001013000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635636229.0000000005F99000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429712476.000000000102F000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1511341815.0000000001025000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429305752.0000000001047000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1646369437.0000000005FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://freefilesync.org/manual.php?topic=performanceParallelFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                      		high
                                                                                                      https://FreeFileSync.org/manual.php1FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1655652651.0000000002E7C000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002BB4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.dk-soft.org/FreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.0000000002753000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1638117997.0000000003D32000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://freefilesync.org/donateSupportFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                            		high
                                                                                                            https://freefilesync.org/manual.php?topic=exclude-filesInclude:LocalFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                              		high
                                                                                                              https://freefilesync.org/get_latest.phpos_version64ffs_variantos_namedip_scaleffs_lang32os_archDonatFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                		high
                                                                                                                http://127.0.0.1:FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                  		high
                                                                                                                  https://freefilesync.org/forumFreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE65321000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://freefilesync.org/faq.php#businessFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.exe, 0000000D.00000003.1648037054.00000000027FB000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636148881.000000000102E000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1643974409.000000000102E000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1636655629.0000000003AE6000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429409422.0000000001013000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635636229.0000000005F99000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429712476.000000000102F000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1511341815.0000000001025000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429305752.0000000001047000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1646369437.0000000005FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://freefilesync.org/images/log/log.pngFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                        		high
                                                                                                                        https://freefilesync.org/thank-you.php?InvalidFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                          		high
                                                                                                                          https://api.freefilesync.org/activate_installationvenosdusrmodzadf%231d34kjjfInstall.datosffsRequireFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://api.freefilesync.org/latest_changes?FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://freefilesync.org/business.php?FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                            		high
                                                                                                                            https://freefilesync.org/manual.php?topic=synchronization-settingsDetectFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                              		high
                                                                                                                              http://repository.certum.pl/ctnc2.cer09FreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64FEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://FreeFileSync.orgFhttps://FreeFileSync.org/manual.phpFreeFileSync_13.9_Windows_Setup.exe, 00000009.00000003.1400691931.0000000003400000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000A.00000003.1406173284.0000000003D70000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://freefilesync.org/activate-installation.php?FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                                  		high
                                                                                                                                  https://freefilesync.org/thank-you.php?FreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                                    		high
                                                                                                                                    https://freefilesync.org/images/FreeFileSync.pngFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                                      		high
                                                                                                                                      http://fsf.org/FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1639795374.0000000002AF9000.00000004.00001000.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429409422.0000000001013000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1635636229.0000000005F99000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429712476.000000000102F000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1511341815.0000000001025000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000003.1429305752.0000000001047000.00000004.00000020.00020000.00000000.sdmp, FreeFileSync_13.9_Windows_Setup.tmp, 0000000E.00000002.1646369437.0000000005FA0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://freefilesync.org/activate-installation.php?FailedFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                                          		high
                                                                                                                                          http://ww.certFreeFileSync_x64.exe, 00000017.00000002.2441355406.000001BE64FEF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://www.google.com/MultipleFreeFileSync_x64.exe, 00000013.00000000.1554092443.00007FF63929E000.00000002.00000001.01000000.0000000D.sdmp, is-NN12B.tmp.14.drfalse
                                                                                                                                            		high

                                                                                                                                            World Map of Contacted IPs

                                                                                                                                            • No. of IPs < 25%
                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                            • 75% < No. of IPs

                                                                                                                                            Public IPs

                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                            104.21.2.160
                                                                                                                                            		api.freefilesync.orgUnited States
                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                            General Information

                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                            Analysis ID:1583316
                                                                                                                                            Start date and time:2025-01-02 13:22:49 +01:00
                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                            Overall analysis duration:0h 6m 5s
                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                            Report type:full
                                                                                                                                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                            Number of analysed new started processes analysed:25
                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                            Number of injected processes analysed:1
                                                                                                                                            Technologies:
                                                                                                                                            • EGA enabled
                                                                                                                                            • AMSI enabled
                                                                                                                                            Analysis Mode:default
                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                            Sample name:MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip
                                                                                                                                            Detection:MAL
                                                                                                                                            Classification:mal52.evad.winZIP@20/68@1/1
                                                                                                                                            Cookbook Comments:
                                                                                                                                            • Found application associated with file extension: .zip

                                                                                                                                            Warnings

                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                            • Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.175.87.197
                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                            Simulations

                                                                                                                                            Behavior and APIs

                                                                                                                                            TimeTypeDescription
                                                                                                                                            07:23:58API Interceptor12x Sleep call for process: powershell.exe modified
                                                                                                                                            07:24:06API Interceptor2x Sleep call for process: FreeFileSync_13.9_Windows_Setup.tmp modified

                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                            IPs

                                                                                                                                            No context

                                                                                                                                            Domains

                                                                                                                                            No context

                                                                                                                                            ASNs

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            CLOUDFLARENETUShttps://www.ecorfan.org/Get hashmaliciousUnknownBrowse
                                                                                                                                            • 104.17.24.14
                                                                                                                                            https://debeeyardelia.pages.devGet hashmaliciousUnknownBrowse
                                                                                                                                            • 188.114.96.3
                                                                                                                                            Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                            • 172.64.41.3
                                                                                                                                            http://www.johnlewis-partnerships.comGet hashmaliciousUnknownBrowse
                                                                                                                                            • 104.18.43.2
                                                                                                                                            https://gldkzr-lpqw.buzz/script/ut.js?cb%5C=1735764124690Get hashmaliciousUnknownBrowse
                                                                                                                                            • 104.21.0.170
                                                                                                                                            1.ps1Get hashmaliciousCobaltStrike, MetasploitBrowse
                                                                                                                                            • 104.21.96.1
                                                                                                                                            random(4).exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                            • 172.67.129.178
                                                                                                                                            inv#12180.exeGet hashmaliciousFormBookBrowse
                                                                                                                                            • 172.67.182.198
                                                                                                                                            dGhlYXB0Z3JvdXA=-free.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 188.114.97.3

                                                                                                                                            JA3 Fingerprints

                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                            a0e9f5d64349fb13191bc781f81f42e1Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            176.113.115.170.ps1Get hashmaliciousLummaCBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            ETVk1yP43q.exeGet hashmaliciousAZORultBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            UhsjR3ZFTD.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            KRNL.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            web44.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            37f463bf4616ecd445d4a1937da06e19Setup.exe.7zGet hashmaliciousUnknownBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            45631.exeGet hashmaliciousNitolBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            45631.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            1734098836319.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            ETVk1yP43q.exeGet hashmaliciousAZORultBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            16oApcahEa.exeGet hashmaliciousBabuk, DjvuBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            6a7e35.msiGet hashmaliciousUnknownBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            ipmsg5.6.18_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 104.21.2.160
                                                                                                                                            OXoeX1Ii3x.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            • 104.21.2.160

                                                                                                                                            Dropped Files

                                                                                                                                            No context

                                                                                                                                            Created / dropped Files

                                                                                                                                            C:\Program Files\FreeFileSync\Bin\FreeFileSync_Win32.exe (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15743600
                                                                                                                                            Entropy (8bit):6.676478492192778
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:393216:lK+Z2WzDVJMtn6w81osfhZGuOzmo1UPBQba:lK3WzDVJg6ZPfauOmeUC
                                                                                                                                            MD5:6EAD4B37E3E54E11161907B7A8946F8B
                                                                                                                                            SHA1:3AFAA2CE6D8662F1EE8841D08C11EB4AEAA851CA
                                                                                                                                            SHA-256:7DEC5B9507A5EE363CD2BB66D7AED183702FCE29291AEED4B75838126810D9CB
                                                                                                                                            SHA-512:0650E364110B3F7D8887545E374B7B5D172A188C57E52F847046032C323AE69F9027EFC3EB61D485368319666A15AFD0C27EE683348632F4EFD1DBE15595FECA
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........5w..[$..[$..[$..X%..[$..\%..[$.9.$..[$.9_%..[$.9X%..[$.9^%..[$..^%..[$.._%..[$..]%..[$..Z%..[$..Z$.[$.:_%.[$.:_%.[$.:^%..[$.9R%@.[$.9.$..[$.9Y%..[$Rich..[$................PE..L.....Tg...............*.8...<J.....xH.......P....@.......................................@..................................5...........j..............p(......<....J..T....................K......(...@............P......H0.. ....................text...h6.......8.................. ..`.rdata...'0..P...(0..<..............@..@.data................d..............@....rsrc....j.......l..................@..@.reloc..<............^..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17732208
                                                                                                                                            Entropy (8bit):6.5078627737248596
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:393216:W7ndm7EDXrvLbAu/DziINa8ocKlq7RCKJ:W707EDZ7
                                                                                                                                            MD5:9C31F370631A40917DF397F40C0772DB
                                                                                                                                            SHA1:FF7C84DD75DAF2C3B9D44113D8D6303E1F8AC9CB
                                                                                                                                            SHA-256:022C26BA9B5E3FE6B8B3290B4C4B939D6DD766E425BBD3AD99FBFAE739E911E3
                                                                                                                                            SHA-512:F6BAA74EBBB713422807C49C5EA31D3A61656E7750AC42F35BF7629D5FCA71BECB4DB1DAC447194DC78B7909ADB357754E291FD0DFCED6D2B9DABB225E0D2C7E
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......p.J44.$g4.$g4.$g..'f..$g..#f5.$g%P.g<.$g%P f .$g%P'f:.$g%P!f^.$g..!f..$g.. f..$g.."f5.$g..%f..$g4.%gb.$g.S fk.$g|S f|.$g|S!f_.$g.P-f..$g.P.g5.$g.P&f5.$gRich4.$g........................PE..d.....Tg.........."....*....r[................@.............................`......6.....`.................................................p?.......p...j......,....j..p(......$v..l...T.......................(.......@..............0...t8.. ....................text...I.......................... ..`.rdata..^.@......@................@..@.data...i?.......r...v..............@....pdata..,...........................@..@.rsrc....j...p...l..................@..@.reloc..$v.......x..................@..B........................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Bin\RealTimeSync_Win32.exe (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7277680
                                                                                                                                            Entropy (8bit):6.6027141847884945
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:196608:F3cuVDkD08cv6+JFLUdKreojYmI+v+i/FZBTa:BVJfv6+PT/LI+2KFm
                                                                                                                                            MD5:51DDC8386A8E2038D5B161A827518334
                                                                                                                                            SHA1:0DF90D95CB4896DE91AC89390B73FA496E2684A5
                                                                                                                                            SHA-256:2F5873807C4260C7A30DB0BB87AA59D36D755E9E5041B10C4302AE3B28E6E0D9
                                                                                                                                            SHA-512:BFDF7F83B2D098CC75FA3F48079556ADB8400BD858FBC4AAF4E65ED088E3E73723BF06732EA93E74EDEA60D188F0A27321AB57032DB365488A06D23EA50D3B78
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........k.q...q...q.......q......tq.......q.......q.......q.......q.......q.......q...q..cs.......q.......p..-....q..-....q..-....q..Rich.q..........................PE..L.....Tg...............*..L...&.....sl=...... L...@..........................@r.......o...@...................................d.......i...............n.p(....k..F..Ht].T....................t]......s].@............ L..............................text.....L.......L................. ..`.rdata....... L.......L.............@..@.data...p.... e.......e.............@....rsrc.........i.......f.............@..@.reloc...F....k..H....h.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Bin\RealTimeSync_x64.exe (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7765104
                                                                                                                                            Entropy (8bit):6.495639480068131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:196608:5iL+17hE7wVd3kpdwnnziRUXP2Ry9sLIBa:AL+17hE7wVd3kD
                                                                                                                                            MD5:730CE133466E06C8E7A3089053A53979
                                                                                                                                            SHA1:5BD7C9513C81E3B1F86BF9D008CD2D9684867476
                                                                                                                                            SHA-256:D5BA33ACDC6316E3BFDC0085D7BC5C60EA69F56BC9AD0A9B6115B279D6EA3B14
                                                                                                                                            SHA-512:4F58EE5745168314D046B2EF84C45D153C29C1FBB04BE884A5EC77D8DB6D8C48FA9BA701B461BA961C784B8535A2564402FC6F2B8FA0E380D1611994074CE333
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........d..............}......}..1..................................}......}......}..........3................h.......h.......h.......Rich............................PE..d.....Tg.........."....*.`M..j,.......A........@..............................y.....Q_w...`.................................................t+m.......u.......r.\....Tv.p(....x.T.....b.T.....................b.(...@.b.@............pM.p............................text....^M......`M................. ..`.rdata..`....pM......dM.............@..@.data...|n...pm......bm.............@....pdata..\.....r......Xo.............@..@.rsrc.........u......dr.............@..@.reloc..T.....x......|t.............@..B........................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Bin\is-19AM9.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):15743600
                                                                                                                                            Entropy (8bit):6.676478492192778
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:393216:lK+Z2WzDVJMtn6w81osfhZGuOzmo1UPBQba:lK3WzDVJg6ZPfauOmeUC
                                                                                                                                            MD5:6EAD4B37E3E54E11161907B7A8946F8B
                                                                                                                                            SHA1:3AFAA2CE6D8662F1EE8841D08C11EB4AEAA851CA
                                                                                                                                            SHA-256:7DEC5B9507A5EE363CD2BB66D7AED183702FCE29291AEED4B75838126810D9CB
                                                                                                                                            SHA-512:0650E364110B3F7D8887545E374B7B5D172A188C57E52F847046032C323AE69F9027EFC3EB61D485368319666A15AFD0C27EE683348632F4EFD1DBE15595FECA
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.........5w..[$..[$..[$..X%..[$..\%..[$.9.$..[$.9_%..[$.9X%..[$.9^%..[$..^%..[$.._%..[$..]%..[$..Z%..[$..Z$.[$.:_%.[$.:_%.[$.:^%..[$.9R%@.[$.9.$..[$.9Y%..[$Rich..[$................PE..L.....Tg...............*.8...<J.....xH.......P....@.......................................@..................................5...........j..............p(......<....J..T....................K......(...@............P......H0.. ....................text...h6.......8.................. ..`.rdata...'0..P...(0..<..............@..@.data................d..............@....rsrc....j.......l..................@..@.reloc..<............^..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Bin\is-6GLBB.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7765104
                                                                                                                                            Entropy (8bit):6.495639480068131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:196608:5iL+17hE7wVd3kpdwnnziRUXP2Ry9sLIBa:AL+17hE7wVd3kD
                                                                                                                                            MD5:730CE133466E06C8E7A3089053A53979
                                                                                                                                            SHA1:5BD7C9513C81E3B1F86BF9D008CD2D9684867476
                                                                                                                                            SHA-256:D5BA33ACDC6316E3BFDC0085D7BC5C60EA69F56BC9AD0A9B6115B279D6EA3B14
                                                                                                                                            SHA-512:4F58EE5745168314D046B2EF84C45D153C29C1FBB04BE884A5EC77D8DB6D8C48FA9BA701B461BA961C784B8535A2564402FC6F2B8FA0E380D1611994074CE333
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........d..............}......}..1..................................}......}......}..........3................h.......h.......h.......Rich............................PE..d.....Tg.........."....*.`M..j,.......A........@..............................y.....Q_w...`.................................................t+m.......u.......r.\....Tv.p(....x.T.....b.T.....................b.(...@.b.@............pM.p............................text....^M......`M................. ..`.rdata..`....pM......dM.............@..@.data...|n...pm......bm.............@....pdata..\.....r......Xo.............@..@.rsrc.........u......dr.............@..@.reloc..T.....x......|t.............@..B........................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Bin\is-NN12B.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):17732208
                                                                                                                                            Entropy (8bit):6.5078627737248596
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:393216:W7ndm7EDXrvLbAu/DziINa8ocKlq7RCKJ:W707EDZ7
                                                                                                                                            MD5:9C31F370631A40917DF397F40C0772DB
                                                                                                                                            SHA1:FF7C84DD75DAF2C3B9D44113D8D6303E1F8AC9CB
                                                                                                                                            SHA-256:022C26BA9B5E3FE6B8B3290B4C4B939D6DD766E425BBD3AD99FBFAE739E911E3
                                                                                                                                            SHA-512:F6BAA74EBBB713422807C49C5EA31D3A61656E7750AC42F35BF7629D5FCA71BECB4DB1DAC447194DC78B7909ADB357754E291FD0DFCED6D2B9DABB225E0D2C7E
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......p.J44.$g4.$g4.$g..'f..$g..#f5.$g%P.g<.$g%P f .$g%P'f:.$g%P!f^.$g..!f..$g.. f..$g.."f5.$g..%f..$g4.%gb.$g.S fk.$g|S f|.$g|S!f_.$g.P-f..$g.P.g5.$g.P&f5.$gRich4.$g........................PE..d.....Tg.........."....*....r[................@.............................`......6.....`.................................................p?.......p...j......,....j..p(......$v..l...T.......................(.......@..............0...t8.. ....................text...I.......................... ..`.rdata..^.@......@................@..@.data...i?.......r...v..............@....pdata..,...........................@..@.rsrc....j...p...l..................@..@.reloc..$v.......x..................@..B........................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Bin\is-SG3IV.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):7277680
                                                                                                                                            Entropy (8bit):6.6027141847884945
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:196608:F3cuVDkD08cv6+JFLUdKreojYmI+v+i/FZBTa:BVJfv6+PT/LI+2KFm
                                                                                                                                            MD5:51DDC8386A8E2038D5B161A827518334
                                                                                                                                            SHA1:0DF90D95CB4896DE91AC89390B73FA496E2684A5
                                                                                                                                            SHA-256:2F5873807C4260C7A30DB0BB87AA59D36D755E9E5041B10C4302AE3B28E6E0D9
                                                                                                                                            SHA-512:BFDF7F83B2D098CC75FA3F48079556ADB8400BD858FBC4AAF4E65ED088E3E73723BF06732EA93E74EDEA60D188F0A27321AB57032DB365488A06D23EA50D3B78
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........k.q...q...q.......q......tq.......q.......q.......q.......q.......q.......q...q..cs.......q.......p..-....q..-....q..-....q..Rich.q..........................PE..L.....Tg...............*..L...&.....sl=...... L...@..........................@r.......o...@...................................d.......i...............n.p(....k..F..Ht].T....................t]......s].@............ L..............................text.....L.......L................. ..`.rdata....... L.......L.............@..@.data...p.... e.......e.............@....rsrc.........i.......f.............@..@.reloc...F....k..H....h.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Changelog.txt (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):147223
                                                                                                                                            Entropy (8bit):4.884422991548549
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:njjdQgWoXi9Wpsy8tLd3oXU91w28OvY+KlAd7J:TTmy2oks+KAd7J
                                                                                                                                            MD5:6E6DBAD61ECC2B74C8150A227CD51FB5
                                                                                                                                            SHA1:746924D5F98F9B4428A17CE36FA02B0459E9BC09
                                                                                                                                            SHA-256:CF47B6710F5ADD5EB9BF4A4455507A123E17BE212D64A266ED57E1539ACB3EBB
                                                                                                                                            SHA-512:A95B93CB659282B978271389681C63964DD85E3E21F42C678A6932E1073D8BBB7A1269898C4CA3FB7017A8FE7496CB11B4A54F043D5C6FC1FB33F2C675C42646
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:FreeFileSync 13.9 [2024-12-07]..------------------------------..Fixed CURLE_SEND_ERROR: OpenSSL SSL_write: SSL_ERROR_SYSCALL, errno 0..Added comparison and sync context menu options for multiple folder pairs..Show file include/exclude filter directly in tooltip..Fixed file not found error when cancelling file up-/download..Fixed showing cancelled config log status after nothing to sync..Updated translation files......FreeFileSync 13.8 [2024-11-04]..------------------------------..Support raw IPv6 server address for (S)FTP..RealTimeSync: Fixed scrollbar when adding/removing folders..Don't set sync direction for partial folder pairs..Uniquely identify partial folder pairs in error message..Fixed network login prompt not showing in Windows 11 24H2......FreeFileSync 13.7 [2024-06-23]..------------------------------..Support copying symlinks between SFTP devices..Fixed input focus not being restored after comparison/sync..Fixed log file pruning not considering selected configuration..Show s

                                                                                                                                            C:\Program Files\FreeFileSync\FreeFileSync.exe (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):676464
                                                                                                                                            Entropy (8bit):6.18963251148129
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:e+LGHv4E3fx+XjXh0vdb514ocPAwYf7krBl:e+Lov42x+X6lb51+ifwrL
                                                                                                                                            MD5:DD8779C4A9D2F47F3C9279F6F7786E69
                                                                                                                                            SHA1:6E288BE940E0035DDD3240537EDEEE3991A665A4
                                                                                                                                            SHA-256:919322547B2E2D19BED839B8889A204A3E34742648736E2114F565751FD32351
                                                                                                                                            SHA-512:4D710A8D95C7CFFC786743E0DA26D5A1B7CB4C9407EDD789EFA390BB2BA4A1CE670E98484E75BEFBBAF3367CE81B007CD3395F9B4F8ED2900FA086CEA7C995EC
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|.c/.c/.c/..`..c/..f.C.c/..`...c/..g...c/..f...c/..g...c/..e..c/..b...c/.b/..c/o.j..c/o../.c/o.a..c/Rich.c/................PE..L.....Tg...............*.D...2......c........`....@.................................A.....@..................................}...........j...........*..p(...p...1...3..T....................3......P2..@............`..T............................text...jB.......D.................. ..`.rdata...,...`.......H..............@..@.data....e...........v..............@....rsrc....j.......l..................@..@.reloc...1...p...2..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Install.dat (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22
                                                                                                                                            Entropy (8bit):4.459431618637295
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:aI:aI
                                                                                                                                            MD5:C810DE60BF6CA1BE2501318BD584C3C3
                                                                                                                                            SHA1:95583218CE67FF1702C723EC230A07B26F6A6DA0
                                                                                                                                            SHA-256:CAEA72923531102B93E1EACDB25568C4228E138FBCF2D7F31EE65F0A4E00EE5D
                                                                                                                                            SHA-512:035E56E3F7AE4CD62D5C0A746041803EC0B8F8F181FB35F19AE86D9C4848ED730CAF0A03B2AFA0E1304E21B43B82E62A96E0CA52EEBB692D3253CA4B3BD15474
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Z....c.,.......1..a.^

                                                                                                                                            C:\Program Files\FreeFileSync\Install.dat.10fa.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):30
                                                                                                                                            Entropy (8bit):4.773557262275186
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:asSD8p:asSDo
                                                                                                                                            MD5:88E87F269D9E99B88C57910F212B7D05
                                                                                                                                            SHA1:1D2DD82F9BCFD2BA61A4FE149BE23CA3D4237A55
                                                                                                                                            SHA-256:DF25766EBCB7BDCBE246E04B8162A7CCF8D344A8FB85B31B251009A2288CA791
                                                                                                                                            SHA-512:3AD87576F93906AAE14F478A90C1B30CE75DC06961890482C35A115FE2C2E2BEB4FE9BCCC2955F27558B99FFBBD698364F6AE6210632F46C334E8E18A203421D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Z...-.~.l.%_O.v%....{...U....

                                                                                                                                            C:\Program Files\FreeFileSync\Install.dat.8f63.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):22
                                                                                                                                            Entropy (8bit):4.459431618637295
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:aI:aI
                                                                                                                                            MD5:C810DE60BF6CA1BE2501318BD584C3C3
                                                                                                                                            SHA1:95583218CE67FF1702C723EC230A07B26F6A6DA0
                                                                                                                                            SHA-256:CAEA72923531102B93E1EACDB25568C4228E138FBCF2D7F31EE65F0A4E00EE5D
                                                                                                                                            SHA-512:035E56E3F7AE4CD62D5C0A746041803EC0B8F8F181FB35F19AE86D9C4848ED730CAF0A03B2AFA0E1304E21B43B82E62A96E0CA52EEBB692D3253CA4B3BD15474
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Z....c.,.......1..a.^

                                                                                                                                            C:\Program Files\FreeFileSync\License.rtf (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52941
                                                                                                                                            Entropy (8bit):4.834889561469989
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:4IwnwOuD+WlljeKquwIx0i5D/e1iHdTcoPhpkYp/T/FXOx0Bpm3APzB4D:j1OuljeMr5DGwxUETy0Bpm3Al4D
                                                                                                                                            MD5:EE9B7FD879D57A35B5F0F575A1755F71
                                                                                                                                            SHA1:D3CA973EAA0EC74845E2E7851A6837AE08906E67
                                                                                                                                            SHA-256:ADC61454C4F9DA3C500501D33E2949EC5B0B857C57B3CF2FD172FBFF2BF76CDB
                                                                                                                                            SHA-512:D32DBF8B3AB9155F008F1283D4F37225E8B66A71F3E58BC1FED566EA8FC3618773DD73A677C772BE0EA4854D75264A8765EB0A3C480418A73060ED93D4B502CF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deftab709{\fonttbl{\f0\fswiss\fprq2\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;\red0\green0\blue128;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\nowidctlpar\hyphpar0\qc\kerning1\f0\fs26\lang1031 FreeFileSync: Terms of Use\par....\pard\nowidctlpar\hyphpar0\fs22\par..The FreeFileSync standard and {{\field{\*\fldinst{HYPERLINK "https://freefilesync.org/faq.php#donation-edition" }}{\fldrslt{\ul\cf1\cf2\ul Donation\~Edition}}}}\f0\fs22 are for \b private\~use\b0 only.\par..\b\fs11\par..\fs22 Commercial use\b0 requires buying\b \b0 the {{\field{\*\fldinst{HYPERLINK "https://freefilesync.org/faq.php#business" }}{\fldrslt{\ul\cf1\cf2\ul FreeFileSync\~Business\~Edition}}}}\f0\fs22 . This also applies to government organizations.\par....\pard\nowidctlpar\hyphpar0\qc _____________________________________________________________\par....\pard\nowidctlpar\hyphpar0\par..A. GNU General Public License\par..B. wxWidgets License\par

                                                                                                                                            C:\Program Files\FreeFileSync\RealTimeSync.exe (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):390256
                                                                                                                                            Entropy (8bit):6.134884165717768
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:B5EBllbJaaRqWCMjtIj2UpComPU8kmz7ia0oQhX:BiBllVfRqWCMYQUzeNLQh
                                                                                                                                            MD5:93B8B77BAE7AF0FA64E9F59F8C15351E
                                                                                                                                            SHA1:A01661073A1E0BB9EC697645EA2F5D36DDD66530
                                                                                                                                            SHA-256:F4D1BBDBB75ED4017ADCEF6295DB223D5B633B9AFD88FD016E86434EDB97A262
                                                                                                                                            SHA-512:FA804AA8E41647330512F00BDFA70BC6020C6CDC1AF24C2788D65CE7BD495B7007C9D4B119C9CBE571BF9089CF5843A5118690ED3956A2684403638251473D51
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$b..E...E...E...=...E...=..AE...=...E.......E.......E.......E...=...E...=...E...E.. E..l....E..l...E..l....E..Rich.E..................PE..L.....Tg...............*..........................@..........................P...........@....................................P.......................p(... ...%...d..T....................d......Xc..@............................................text...$........................... ..`.rdata..b...........................@..@.data....^...........~..............@....rsrc...............................@..@.reloc...%... ...&..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\Animal.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 640x338, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33621
                                                                                                                                            Entropy (8bit):7.934038609528603
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:kCKdDSyqoZkfFErqHijjeDv8k0BtHl6bARLF+nAxzfxPvsa:kDpBwFE+ij+w+ecAxd
                                                                                                                                            MD5:A211FB5B8F907555139B50A102CE0322
                                                                                                                                            SHA1:FD64AA773532861675924DECFA55B69BF626FA26
                                                                                                                                            SHA-256:602DDB322E7697856D2B0E561954E5DEE4B6C37FF412459970923FF2E7A7B1F1
                                                                                                                                            SHA-512:166F660D170CCC728253DCA0D67A495203EA760F670F93547467B34C1899669DA9BC43B3DACCC7B6A0929406BCC11C1C7FBCDE6E719BF9E508E392E9FDDF7FC6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....,.,.....C....................................................................C.......................................................................R...............................................................................................................................X.Lu.M..y5e.s...M..}#.4.............................f.wB..^..J...t.M...r.......M.|...]2.......................o&..5}'...oC..Ff.K/=7.b.........7.g>....j.%..d........a.2.................Eu..{.e.mn....*\....[sU..}a.;D.....[T.t.i...x..yo+..[..........k.m.....................?....U..,s=%n4...Z^....E.Y.C;x=.K.^9.....&.D..}...N8......s....@....gcloc\G. ...............R...~n..?.^......i....-....~x.5idf/[....B...v.@..it.,|....sz...5...o).Blk......;.w.X..X............m...Z?A..ZF.._.z.x.4....a.9.>.F.=z.+.......=.9m......K......#.<=......;...k.y..>e.t.........>..U..............,.......X.i{..g.u......y.9.n;I:...;+PmVKi([_.M.V.;.Z......r.xg.......Ob.6|.....s.`....e..I..5.......

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\Icons.zip (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):351747
                                                                                                                                            Entropy (8bit):7.899316585167089
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:CAQnMm4AzR2iT0BeyMcEMHeBs/bhkS/vQQbOY+LX8d3pukVMQyP:CNX0iIBeyf+Bsdkg4yymuhfP
                                                                                                                                            MD5:EB2B74B48971C9EE1F8739C047AEC356
                                                                                                                                            SHA1:11B2576621F710513B34CCEDC33E86C6DBBE82BF
                                                                                                                                            SHA-256:BD77639AE7610479AC31B66534A5AB8B84A3497DFC9DD2007FED40A565E0E7E8
                                                                                                                                            SHA-512:D49E6F4F88C700BA6C821B8D20D1745EA456362675E8253307B8CC5B0467AE8506E53DFADDA4A4E1F7FD8D8F4DB0BBA369E4DCB194D3EDAA03A1058F76E4635C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:PK........y..V................about.png.PNG........IHDR... ... .....szz.....tIME.....+2...%....pHYs...#...#.x.?v....gAMA......a.....IDATx...XTW../]1&k,.$&F,.((F.5.P. ....C..3 ...v...Q....m..A...!.A1.V..Q......!Fe....~.{.....=...!.... .W.G'..7.G.<Z.&..-Uy...e....Dg.)......#.OP....u.,^...H...9.K....J~x....].G.`.{.V|]s.i.-]k...;k.m.N.$..........H..^I..;N.E.4c...".o"8.........A.u...D@.u......"s..7..O^.}i........\....]..E.........d6.y..p.8f\...~.e.mo.-e.7..i..x.....n[E....2y.._2.+Sh.Dl..P.=..dbM..v...`.~.V__....n;..wu....X.v..(....4..KS.a......X./m....S...j@&K.t...k.S...M.,.j.....*.x..<...q...<~.....q..*._.a.....,.;.9..k..d.9._..I.c..M.ry.Z.....*..5...{.X....a~..f....t....x....C'.0;.{|..3C.8.a.|..).1.o..~a...4...0..).Ib.f....ST..[.._....x......Zw.3.y...^.$....#..>*:....d........n.....p....G.G0j.i..........MtL\....by..V...Z....e.H[..k $B>c....3WW.Hv............>.<h.....L.9.i.J.C)..c..$...6.o.%.q.....+..6....*.....!..~.?......A.AL.d...1..

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\Languages.zip (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):524890
                                                                                                                                            Entropy (8bit):7.998477275593787
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:12288:tHWwVw5n/cZGaKwH3OPaLBu5dTz/QoFk3mTiJYEyRLrO0NOwbVFEL:t2wVw5n63KwHeSLBurtC1a2sDQ
                                                                                                                                            MD5:49DF22A8504B30AC0E66D0A8521BEFF2
                                                                                                                                            SHA1:2ACDA03760A6EC4D1196197CF83A61FBB8965952
                                                                                                                                            SHA-256:AF05178F06ECD3F8E8235DE53A91AAE011D75E6F78772B700D7C6B40D5B60479
                                                                                                                                            SHA-512:EAFD5C5DCE9CF45B5DDA23DF702E73F60FDF6DBD163103D17C6D96179F70327896642EE89E071E6980308F0E5E60964F056D2DF86C0F5689BD35B1D0BCC8522C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:PK.........}uY...!zF...T......bulgarian.lng.]_o.Gr.>.....D.@\E. ...c[....8...h...........'.:.....F..l'.`..+....3.(]U.3=..3.. @.......U..Uu.....7z...~..`/.{.....?.....$...e...~.../~..'~....]..}...{<.xy...?.i.l...8..x...[,`......b...=.$.A..$.....~.y...w....q.F}..wx.....o..l.w....x[.=7yS<a..l....9.&,...e...l.....d..evI....G.4p.Gn?q..{_.,.e.O8..1.p.2(.0......L.9.. .....(.x....~8.w.?.-...I.......-.O..:...]Wa.....<..E]..Fn4..X.u.z...`..^~,...Z.G..0.k.M.?..8X....t4.#X..79p.9....A..w..Q...43.#.JHuB.,@.G(...,;........-.s.?V+.)>.5,0.........?.X.*...../.6.F..j......q..ks1.,......L.z.d...N..3..V..4........U.....t......g.....9..R.;.u.. ....q..../...p..7..q}.f...p...*..<J;I.6..8.Y6..{...8.&<n.q...t<X.0.9-F.,.....Gc...;..........B.t...S.IOq...M.Gh....T`.`k...i.{..3/..4.._....yL..e.dF.ff3............7.17...Y.?.b..3.......%(..C&..{f.......h..I...C.'k..~.....AxP..M.;.`.2b....B....v.}!.n.a.'.hw\..G..7d....S.[....TD..r.1...wWlw=xp..s..[-.E....=UA.M...k.z.-..

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\bell.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):102500
                                                                                                                                            Entropy (8bit):6.555433845117635
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:DZbfe8QjDm2KS6RZD1FKtHNXM7g4dCJulvE7+O3zTPDOcxuVyyqqLYET7GLpQM8f:DVf2h6RVSmdE0xO3Hb9uMdVLJA
                                                                                                                                            MD5:39A54BA919BA15551573DB2D39BA7440
                                                                                                                                            SHA1:E595DA7379327C5AFABCE031B75C6573D0A0206A
                                                                                                                                            SHA-256:F7EBAF259755C2F7DDBFE48E0D5351EDA8DC974C1C7A954D25EBE97BBF1CEF4A
                                                                                                                                            SHA-512:15BF3DBFC055C27AD5AEA4C34874A850A9C97AB24C12E3C2428AC9A7C683E221FF2CA7C6283493272D7B37FA541F4EBC564316186CBDEC8F5F193EA3E3B7915E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF\...WAVEfmt ........D....X......data8...r...!...........j.+...'...=...9.X.0...N...C...R.......+............./...6.l.J...f...........;.5...U.U.......t.....Z.=...B.........9...j...@.>.......1.....W.a.....C.........................1.......+.....0.............................7...4.I...........a.....f.............P...............+.V.2...p.|... ...{.....C.X.<.....N.....^.............].....N........x...........{.........3.............{.....D...{..._.).x./...;.o.Z..... ...`.<.............5.............3.......;.....$...X..X...,...j...O.?.....W...2...o.w.!...%...m.:.y...-.&...G.....................f.|.....\.|.s.....=...........;.O.......d...n...c.$...p...S...............(.............%.................^."...t.g.c.q.........r...9.........................Q.2.....?.Y...$.l...W.......*.....s.....D.....A.....B.H.U.M...|...d.N...b...........7.......'...}.d.......h.......(. .x.....L.Z.q...`...+..I...@.....T.p.z.......9...E...r.G.U.x.y.................7...Q.......#...h...........5...@...Q....._.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\bell2.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):87678
                                                                                                                                            Entropy (8bit):6.600950279412908
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:MihVUU7j10GvDy2s65epfQ3XR7xTv7sHb+SAAVOhYmfE5RpX0+j6q2AcXe4Ldpq8:7UU7j6GjXDpEZAAVhD0+j6ve4hpq8
                                                                                                                                            MD5:00E641ECF71AAFBEDF54F6D948CA8B58
                                                                                                                                            SHA1:D235AB2E36BBD4974D6628FAAB9622A4D77F9328
                                                                                                                                            SHA-256:0D670F271DBC8DDD1F8ADD6C01CDAD1678E8D968A38482A09B69AF2A4E12C3C2
                                                                                                                                            SHA-512:AED88A9E8D1611C79F92AD19E5F6C5B0BD67BE9D9A72D62FFE7F99E8BD5FAEC98823EBCF245C88B8E14FCCDFED203532165D36D9DDAABC12303CF043C01D8E84
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFFvV..WAVEfmt ........D....X......dataRV......................4.z.1.U.&.........x...w.......e.F.N...{...$...,.....i.2.......!.~.0...,.....H.I.Q.................*.1...............U.D.....v.g.....0...........V.X.o.j.2.Z.d.1. .........(.P...[.?....................K.-............[.......+...............w...@...N...8.....i.....".....+...N...........F.......%.....N.......E.......=.................T...'.7.U.i...>.j.........!.....M.,...:.........,...Q.......H...&...a...l...............C.......a.........,...e...+...@.0./...".a.&.....1.i...%.........7.......W.....[.,.A...`...>.....V.(.....9.(.;.(...v... ./.S.....#.........P.....(...L.....F.Q.....m...~.......`.......Q.7.1...N.....g.U.....4.................F.S.#.....0.`...*...............R...:.......<...j.............$.E.W.....~...r.P.......N...,.............%.L.....@...H...p.........0..."...L.......|.....#.;...W.....j.:...G.................U.?.....].........R.1.............}.......:.........6.k...P...r.....;...............u.K... .9.....?.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\cacert.pem (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):236849
                                                                                                                                            Entropy (8bit):6.003001911190803
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:ecRqlx9NFqI6FdZL52dTOgSQh1hV1A9W2u2x:ecCnd6fZL5mO41hXA9Wkx
                                                                                                                                            MD5:92C13373D7DBE43BDC167479274A43E2
                                                                                                                                            SHA1:B0A93C92A2358CD0D9E9D202B6D60B69DF9DAB0B
                                                                                                                                            SHA-256:BB1782D281FE60D4A2DCF41BC229ABE3E46C280212597D4ABCC25BDDF667739B
                                                                                                                                            SHA-512:26C6FA1AC7BCFD523F9AB9E6C2D971103CCFC610AD0DF504D4E9B064DAD74576D77240C052B808F4C37C9240302A7E973A20F79EE39AC7BF3201A6FA9F0DFA96
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:##.## Bundle of CA Root Certificates.##.## Certificate data from Mozilla as of: Tue Nov 26 13:58:25 2024 GMT.##.## Find updated versions here: https://curl.se/docs/caextract.html.##.## This is a bundle of X.509 certificates of public Certificate Authorities.## (CA). These were automatically extracted from Mozilla's root certificates.## file (certdata.txt). This file can be found in the mozilla source tree:.## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt.##.## It contains the certificates in PEM format and therefore.## can be directly used with curl / libcurl / php_curl, or with.## an Apache+mod_ssl webserver for SSL client authentication..## Just configure this file as the SSLCACertificateFile..##.## Conversion done with mk-ca-bundle.pl version 1.29..## SHA256: 36105b01631f9fc03b1eca779b44a30a1a5890b9bf8dc07ccb001a07301e01cf.##...GlobalSign Root CA.==================.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAA

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\ding.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67340
                                                                                                                                            Entropy (8bit):6.249655199455427
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:8Jcv03vs0BhTFiC7v+CZ7lISS1Q02NVfto7tZ/rGLBTLfI:8CE5jFisv+CDIfiZq7fjt
                                                                                                                                            MD5:C13B4139D1E32DCABDB8EEE9E699053D
                                                                                                                                            SHA1:2932FD23C0E67A4E63CC720E8DCC094041B1E511
                                                                                                                                            SHA-256:D6B7B4D6E7A38E58484FED53BDBB27C0D0097A58E6289BC5C06267C6B2C8D06A
                                                                                                                                            SHA-512:0F00B8A6C530F3C05089BC403C2E118D5653E17F19FB1020A2B42BE66289F62EC5E39165AB1DF55C09FFC9E39A57471EB140DBE978CB6EC918A2DEAB7EB4CB66
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF....WAVEfmt ........D....X......data......#.j...............f.J._.......#.U.......t.......,...].....7.......M.......K...*.../...w.2...J.....e.|.p.C.......L...=.......B...........Q.~...6...../.U...............W.:.`...........&.;.%.&."...c...-.Q.....Z.4...Q.(.....?.v...J.s.B.r...............q.......l.i...9.p.U.......#..4.X.=.q.H.........G.............;.......k.....'...k...............B.a.O.1.~.........Y...........t.M...h._.]...P.....O...3.....=.0.........X.....(.....p.>...s.....x...f.5.I...x...............b.......&...j.......C...........<.z.!...6.......F..._.L...........P...g.....y.4.....0...g.h.^.....;.....Y.#..C.+..............k...........v.......9.c.,...x.....E.$.....e.....e......*.........D.....p.....=.................N.j.......I...E...].=......^.t.m........*.....x...........d.*.=............. .n.....[.......U.^.I.....<.|.......&.%.....].D.....]...q.....}...........V.K.x.......#.2.....o.........u.'...L...^.Y.6.9...b.X.........................>...............^...8.......

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\fail.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35092
                                                                                                                                            Entropy (8bit):7.05611679728137
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:89J1rqJ2HjTExdYblpk7epJoAJ/Sc6CdbzCpOAXdGHb:CqJ2H/bl6NAJ6c6qlAXdub
                                                                                                                                            MD5:8E77A356049413423D4B090EADAC4BA9
                                                                                                                                            SHA1:989854EC030D81E7CBA8441DDB9DD1BF1AED7C87
                                                                                                                                            SHA-256:7409AC35B27BA3D05326045F43EE2346679BE37A0CDA4333BFD6BB28E5C0595D
                                                                                                                                            SHA-512:68DD934734A3153AB14F6C06FAB6CC84F9E4BA2D3FA19F2A651A0E83BBDD77438E472836FE762BCE1AC2904D7C8B613714878CB7FFB8360C6DAA1422E34EE00F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF....WAVEfmt ........D....X......data.....................................&.7.8...........<.&................................................. ...............................?.).........................-.2...4.s...........M...'.:...T.Q...............7...I...K.......^...j.....=.......'.........k.b...........-...@.,.U...*.....>.............t.r.>....+.....o.....l.......;.......M.+.V.............+...t.)._.x.......U...e.......:...................d.\...y.............0.(.......\.I...S.........f.S.......[...<.....r.~.Q...!.).........G...........@...S.p.......O.r......!....b...............K.............c.g...v...I.l.....P.Y...........\.....9.........w.d.4.......l.H.G.........~.\.......+.............P.............<...R.@.B...o.x...+.\.o.l.:.#.>._.O.3.......g.....C.].0.....o...!.|.........6.....G.....[.K...f...j.....m.}..... .H.......\.......f.Y.8..................(.^.(.........K.........x...A.1...8.....Q...x.6...............U.$.......].R.........,.g...L.W.............#.;...r.N.~.#.v.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\fail2.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 24000 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):50454
                                                                                                                                            Entropy (8bit):7.132841508547479
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:XR8h/Ashig01KTPg+tZXhbLkxmXwvBy4QfSuR37v5qzQRYG/gIez:Xfs0zkjft3fkxmOI4Q6uF7v5qzeJgIez
                                                                                                                                            MD5:18BBD6A2A31120E65FBB59909674D339
                                                                                                                                            SHA1:2DE3DFC75C04B3C38538F448C13B9C6529676A3D
                                                                                                                                            SHA-256:2AC1CEF32CC5A514375AEF53D82B84F5BF7F5463520DA497C3DFCD41FFD0DCDA
                                                                                                                                            SHA-512:AE1F60E8AB60A11F1E118F3951480D167A41076ED506913CCD67EE9A6255D41AC5A1E173265E30B8954937903BD028A3147F8F69845D2D18FB21F0562E9CD7F3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF....WAVEfmt .........]..........data........................................................................................................................................................................................................................................................................................ .......................................................................#.........................../.u...,...9.....L.........P.....M...m.......-...\.J.u...7...`...........+.....~.'....~...............B....!."Q!..M...x.N...B...e.g.........?.....{.I.P.....f...V.....].c.{.d.....T.P.......+..E..3.....#.%......V.......$"N,T1.0.*.!..k.`...7.W.&.C.".}.\...g...).............<.*.=./.....\...z.......e...........N.....-......Z..............).-_*. 7...,.Q.....................D...........|.........u.........w...}.c.....R.R...]...1.2......L.<.j.....j.f....-.e .'.&..%.....................^...!.g.............k.;.M.....&.G...D.....P.......k.....t...l.K.P......=....J.....

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\gong.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):230274
                                                                                                                                            Entropy (8bit):5.828753704400131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:aNjvtDzBKXy1MzW3zioFQwGnJvCAIGLmr:azdzvDnGJ7IGqr
                                                                                                                                            MD5:7DFF321C9C0DFBA94C1FD67B621DD759
                                                                                                                                            SHA1:DA8910DF016404C38B0C77490D8DEEB15F6FEB73
                                                                                                                                            SHA-256:7F6C0F42AF2125813D3FD67E57D2CF885D7D6567FBF076DAF7C13321FBB46D80
                                                                                                                                            SHA-512:129E8BB6D545B22B552AD293101084A604E8B493A848DA9C019439F56EE073B124A53639B253E984F4835CAC2B4F907C98DAEEF2B10266E396D89EEBF60F1651
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFFz...WAVEfmt ........D....X......dataV...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\harp.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):182060
                                                                                                                                            Entropy (8bit):6.567289215526673
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:HznYojw9VI12joRDa1CxhDkGA6mHMkhcHijrbfr4JWILrqEOkMZrxu2+Hcd1MFq8:HjY98a1+SeSrbf8Tl1MZv8cHMn
                                                                                                                                            MD5:E875FAD9206AA9A9F5D48FD9FC46EF69
                                                                                                                                            SHA1:D18C4C8B93A2372AF83E613BBE9E447D4D205C7F
                                                                                                                                            SHA-256:31DA846077E99BF11F95477B9547513D04DF8048914FA7AC8EC4087B7889C4B0
                                                                                                                                            SHA-512:DC4E16216D64DB7A41B357A6C181EDFDAF5ED6B0BEEB640FFFD6F5752583105C9C0CBCD411F7971FA8A7C7C7DE5A85E74AD98DB470AFD1EE4D0432CF9EC2A1D7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF$...WAVEfmt ........D....X......data................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-4M70H.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):524890
                                                                                                                                            Entropy (8bit):7.998477275593787
                                                                                                                                            Encrypted:true
                                                                                                                                            SSDEEP:12288:tHWwVw5n/cZGaKwH3OPaLBu5dTz/QoFk3mTiJYEyRLrO0NOwbVFEL:t2wVw5n63KwHeSLBurtC1a2sDQ
                                                                                                                                            MD5:49DF22A8504B30AC0E66D0A8521BEFF2
                                                                                                                                            SHA1:2ACDA03760A6EC4D1196197CF83A61FBB8965952
                                                                                                                                            SHA-256:AF05178F06ECD3F8E8235DE53A91AAE011D75E6F78772B700D7C6B40D5B60479
                                                                                                                                            SHA-512:EAFD5C5DCE9CF45B5DDA23DF702E73F60FDF6DBD163103D17C6D96179F70327896642EE89E071E6980308F0E5E60964F056D2DF86C0F5689BD35B1D0BCC8522C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:PK.........}uY...!zF...T......bulgarian.lng.]_o.Gr.>.....D.@\E. ...c[....8...h...........'.:.....F..l'.`..+....3.(]U.3=..3.. @.......U..Uu.....7z...~..`/.{.....?.....$...e...~.../~..'~....]..}...{<.xy...?.i.l...8..x...[,`......b...=.$.A..$.....~.y...w....q.F}..wx.....o..l.w....x[.=7yS<a..l....9.&,...e...l.....d..evI....G.4p.Gn?q..{_.,.e.O8..1.p.2(.0......L.9.. .....(.x....~8.w.?.-...I.......-.O..:...]Wa.....<..E]..Fn4..X.u.z...`..^~,...Z.G..0.k.M.?..8X....t4.#X..79p.9....A..w..Q...43.#.JHuB.,@.G(...,;........-.s.?V+.)>.5,0.........?.X.*...../.6.F..j......q..ks1.,......L.z.d...N..3..V..4........U.....t......g.....9..R.;.u.. ....q..../...p..7..q}.f...p...*..<J;I.6..8.Y6..{...8.&<n.q...t<X.0.9-F.,.....Gc...;..........B.t...S.IOq...M.Gh....T`.`k...i.{..3/..4.._....yL..e.dF.ff3............7.17...Y.?.b..3.......%(..C&..{f.......h..I...C.'k..~.....AxP..M.;.`.2b....B....v.}!.n.a.'.hw\..G..7d....S.[....TD..r.1...wWlw=xp..s..[-.E....=UA.M...k.z.-..

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-61EKV.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):87678
                                                                                                                                            Entropy (8bit):6.600950279412908
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:MihVUU7j10GvDy2s65epfQ3XR7xTv7sHb+SAAVOhYmfE5RpX0+j6q2AcXe4Ldpq8:7UU7j6GjXDpEZAAVhD0+j6ve4hpq8
                                                                                                                                            MD5:00E641ECF71AAFBEDF54F6D948CA8B58
                                                                                                                                            SHA1:D235AB2E36BBD4974D6628FAAB9622A4D77F9328
                                                                                                                                            SHA-256:0D670F271DBC8DDD1F8ADD6C01CDAD1678E8D968A38482A09B69AF2A4E12C3C2
                                                                                                                                            SHA-512:AED88A9E8D1611C79F92AD19E5F6C5B0BD67BE9D9A72D62FFE7F99E8BD5FAEC98823EBCF245C88B8E14FCCDFED203532165D36D9DDAABC12303CF043C01D8E84
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFFvV..WAVEfmt ........D....X......dataRV......................4.z.1.U.&.........x...w.......e.F.N...{...$...,.....i.2.......!.~.0...,.....H.I.Q.................*.1...............U.D.....v.g.....0...........V.X.o.j.2.Z.d.1. .........(.P...[.?....................K.-............[.......+...............w...@...N...8.....i.....".....+...N...........F.......%.....N.......E.......=.................T...'.7.U.i...>.j.........!.....M.,...:.........,...Q.......H...&...a...l...............C.......a.........,...e...+...@.0./...".a.&.....1.i...%.........7.......W.....[.,.A...`...>.....V.(.....9.(.;.(...v... ./.S.....#.........P.....(...L.....F.Q.....m...~.......`.......Q.7.1...N.....g.U.....4.................F.S.#.....0.`...*...............R...:.......<...j.............$.E.W.....~...r.P.......N...,.............%.L.....@...H...p.........0..."...L.......|.....#.;...W.....j.:...G.................U.?.....].........R.1.............}.......:.........6.k...P...r.....;...............u.K... .9.....?.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-7E1DU.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):35092
                                                                                                                                            Entropy (8bit):7.05611679728137
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:89J1rqJ2HjTExdYblpk7epJoAJ/Sc6CdbzCpOAXdGHb:CqJ2H/bl6NAJ6c6qlAXdub
                                                                                                                                            MD5:8E77A356049413423D4B090EADAC4BA9
                                                                                                                                            SHA1:989854EC030D81E7CBA8441DDB9DD1BF1AED7C87
                                                                                                                                            SHA-256:7409AC35B27BA3D05326045F43EE2346679BE37A0CDA4333BFD6BB28E5C0595D
                                                                                                                                            SHA-512:68DD934734A3153AB14F6C06FAB6CC84F9E4BA2D3FA19F2A651A0E83BBDD77438E472836FE762BCE1AC2904D7C8B613714878CB7FFB8360C6DAA1422E34EE00F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF....WAVEfmt ........D....X......data.....................................&.7.8...........<.&................................................. ...............................?.).........................-.2...4.s...........M...'.:...T.Q...............7...I...K.......^...j.....=.......'.........k.b...........-...@.,.U...*.....>.............t.r.>....+.....o.....l.......;.......M.+.V.............+...t.)._.x.......U...e.......:...................d.\...y.............0.(.......\.I...S.........f.S.......[...<.....r.~.Q...!.).........G...........@...S.p.......O.r......!....b...............K.............c.g...v...I.l.....P.Y...........\.....9.........w.d.4.......l.H.G.........~.\.......+.............P.............<...R.@.B...o.x...+.\.o.l.:.#.>._.O.3.......g.....C.].0.....o...!.|.........6.....G.....[.K...f...j.....m.}..... .H.......\.......f.Y.8..................(.^.(.........K.........x...A.1...8.....Q...x.6...............U.$.......].R.........,.g...L.W.............#.;...r.N.~.#.v.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-8A1UJ.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):67340
                                                                                                                                            Entropy (8bit):6.249655199455427
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:8Jcv03vs0BhTFiC7v+CZ7lISS1Q02NVfto7tZ/rGLBTLfI:8CE5jFisv+CDIfiZq7fjt
                                                                                                                                            MD5:C13B4139D1E32DCABDB8EEE9E699053D
                                                                                                                                            SHA1:2932FD23C0E67A4E63CC720E8DCC094041B1E511
                                                                                                                                            SHA-256:D6B7B4D6E7A38E58484FED53BDBB27C0D0097A58E6289BC5C06267C6B2C8D06A
                                                                                                                                            SHA-512:0F00B8A6C530F3C05089BC403C2E118D5653E17F19FB1020A2B42BE66289F62EC5E39165AB1DF55C09FFC9E39A57471EB140DBE978CB6EC918A2DEAB7EB4CB66
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF....WAVEfmt ........D....X......data......#.j...............f.J._.......#.U.......t.......,...].....7.......M.......K...*.../...w.2...J.....e.|.p.C.......L...=.......B...........Q.~...6...../.U...............W.:.`...........&.;.%.&."...c...-.Q.....Z.4...Q.(.....?.v...J.s.B.r...............q.......l.i...9.p.U.......#..4.X.=.q.H.........G.............;.......k.....'...k...............B.a.O.1.~.........Y...........t.M...h._.]...P.....O...3.....=.0.........X.....(.....p.>...s.....x...f.5.I...x...............b.......&...j.......C...........<.z.!...6.......F..._.L...........P...g.....y.4.....0...g.h.^.....;.....Y.#..C.+..............k...........v.......9.c.,...x.....E.$.....e.....e......*.........D.....p.....=.................N.j.......I...E...].=......^.t.m........*.....x...........d.*.=............. .n.....[.......U.^.I.....<.|.......&.%.....].D.....]...q.....}...........V.K.x.......#.2.....o.........u.'...L...^.Y.6.9...b.X.........................>...............^...8.......

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-9FKFJ.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54890
                                                                                                                                            Entropy (8bit):6.922608548070075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:k3RE1QCkFCNf8vCrzR6Rzrw7zRgxwqz5LI9jT7s:+zc8vCrYUzRb6+9v7s
                                                                                                                                            MD5:E83E11BFCF969E11C40BB415D3F80D2B
                                                                                                                                            SHA1:1D317B80265E40CCD7A31E8B2C09FB243FEBCBAF
                                                                                                                                            SHA-256:0EF947556E4E00E3FCDB55EBEE46A6932F08111DC7D18C5E9AED1BD7D936E667
                                                                                                                                            SHA-512:E220BCAEE82C9BB6FD035EEE7D5D9436765907231DF42D006EA072C2A26F526941BAE97684D4EE18AE86DA7104C2CB67D3228DD73FBA59F20AB246AF584D76EA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFFb...WAVEfmt ........D....X......data>...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-.........7.....y...I.5))(..,.X....h.L.X.........P.............Q.'....#.....d.}...(..............2........(.$.....}.=........=.m..j._...}.......y...@.......T...2.......*.c...u.......1...A.)...P.....q.......8....%..,.v...,.......2.....................i.......0....[...........*.V.W...;.*.".....b.6...&...........W...].i.....V...O...9..._.}..$.u...b...............u.r.*.....d.....Y.R.....U.}...]...7.....A.........W.A...].....C.m...;.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-E0CQP.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):351747
                                                                                                                                            Entropy (8bit):7.899316585167089
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:CAQnMm4AzR2iT0BeyMcEMHeBs/bhkS/vQQbOY+LX8d3pukVMQyP:CNX0iIBeyf+Bsdkg4yymuhfP
                                                                                                                                            MD5:EB2B74B48971C9EE1F8739C047AEC356
                                                                                                                                            SHA1:11B2576621F710513B34CCEDC33E86C6DBBE82BF
                                                                                                                                            SHA-256:BD77639AE7610479AC31B66534A5AB8B84A3497DFC9DD2007FED40A565E0E7E8
                                                                                                                                            SHA-512:D49E6F4F88C700BA6C821B8D20D1745EA456362675E8253307B8CC5B0467AE8506E53DFADDA4A4E1F7FD8D8F4DB0BBA369E4DCB194D3EDAA03A1058F76E4635C
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:PK........y..V................about.png.PNG........IHDR... ... .....szz.....tIME.....+2...%....pHYs...#...#.x.?v....gAMA......a.....IDATx...XTW../]1&k,.$&F,.((F.5.P. ....C..3 ...v...Q....m..A...!.A1.V..Q......!Fe....~.{.....=...!.... .W.G'..7.G.<Z.&..-Uy...e....Dg.)......#.OP....u.,^...H...9.K....J~x....].G.`.{.V|]s.i.-]k...;k.m.N.$..........H..^I..;N.E.4c...".o"8.........A.u...D@.u......"s..7..O^.}i........\....]..E.........d6.y..p.8f\...~.e.mo.-e.7..i..x.....n[E....2y.._2.+Sh.Dl..P.=..dbM..v...`.~.V__....n;..wu....X.v..(....4..KS.a......X./m....S...j@&K.t...k.S...M.,.j.....*.x..<...q...<~.....q..*._.a.....,.;.9..k..d.9._..I.c..M.ry.Z.....*..5...{.X....a~..f....t....x....C'.0;.{|..3C.8.a.|..).1.o..~a...4...0..).Ib.f....ST..[.._....x......Zw.3.y...^.$....#..>*:....d........n.....p....G.G0j.i..........MtL\....by..V...Z....e.H[..k $B>c....3WW.Hv............>.<h.....L.9.i.J.C)..c..$...6.o.%.q.....+..6....*.....!..~.?......A.AL.d...1..

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-G9413.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):102500
                                                                                                                                            Entropy (8bit):6.555433845117635
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:DZbfe8QjDm2KS6RZD1FKtHNXM7g4dCJulvE7+O3zTPDOcxuVyyqqLYET7GLpQM8f:DVf2h6RVSmdE0xO3Hb9uMdVLJA
                                                                                                                                            MD5:39A54BA919BA15551573DB2D39BA7440
                                                                                                                                            SHA1:E595DA7379327C5AFABCE031B75C6573D0A0206A
                                                                                                                                            SHA-256:F7EBAF259755C2F7DDBFE48E0D5351EDA8DC974C1C7A954D25EBE97BBF1CEF4A
                                                                                                                                            SHA-512:15BF3DBFC055C27AD5AEA4C34874A850A9C97AB24C12E3C2428AC9A7C683E221FF2CA7C6283493272D7B37FA541F4EBC564316186CBDEC8F5F193EA3E3B7915E
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF\...WAVEfmt ........D....X......data8...r...!...........j.+...'...=...9.X.0...N...C...R.......+............./...6.l.J...f...........;.5...U.U.......t.....Z.=...B.........9...j...@.>.......1.....W.a.....C.........................1.......+.....0.............................7...4.I...........a.....f.............P...............+.V.2...p.|... ...{.....C.X.<.....N.....^.............].....N........x...........{.........3.............{.....D...{..._.).x./...;.o.Z..... ...`.<.............5.............3.......;.....$...X..X...,...j...O.?.....W...2...o.w.!...%...m.:.y...-.&...G.....................f.|.....\.|.s.....=...........;.O.......d...n...c.$...p...S...............(.............%.................^."...t.g.c.q.........r...9.........................Q.2.....?.Y...$.l...W.......*.....s.....D.....A.....B.H.U.M...|...d.N...b...........7.......'...}.d.......h.......(. .x.....L.Z.q...`...+..I...@.....T.p.z.......9...E...r.G.U.x.y.................7...Q.......#...h...........5...@...Q....._.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-IR8JU.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):182060
                                                                                                                                            Entropy (8bit):6.567289215526673
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:HznYojw9VI12joRDa1CxhDkGA6mHMkhcHijrbfr4JWILrqEOkMZrxu2+Hcd1MFq8:HjY98a1+SeSrbf8Tl1MZv8cHMn
                                                                                                                                            MD5:E875FAD9206AA9A9F5D48FD9FC46EF69
                                                                                                                                            SHA1:D18C4C8B93A2372AF83E613BBE9E447D4D205C7F
                                                                                                                                            SHA-256:31DA846077E99BF11F95477B9547513D04DF8048914FA7AC8EC4087B7889C4B0
                                                                                                                                            SHA-512:DC4E16216D64DB7A41B357A6C181EDFDAF5ED6B0BEEB640FFFD6F5752583105C9C0CBCD411F7971FA8A7C7C7DE5A85E74AD98DB470AFD1EE4D0432CF9EC2A1D7
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF$...WAVEfmt ........D....X......data................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-O61MR.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 24000 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):50454
                                                                                                                                            Entropy (8bit):7.132841508547479
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:XR8h/Ashig01KTPg+tZXhbLkxmXwvBy4QfSuR37v5qzQRYG/gIez:Xfs0zkjft3fkxmOI4Q6uF7v5qzeJgIez
                                                                                                                                            MD5:18BBD6A2A31120E65FBB59909674D339
                                                                                                                                            SHA1:2DE3DFC75C04B3C38538F448C13B9C6529676A3D
                                                                                                                                            SHA-256:2AC1CEF32CC5A514375AEF53D82B84F5BF7F5463520DA497C3DFCD41FFD0DCDA
                                                                                                                                            SHA-512:AE1F60E8AB60A11F1E118F3951480D167A41076ED506913CCD67EE9A6255D41AC5A1E173265E30B8954937903BD028A3147F8F69845D2D18FB21F0562E9CD7F3
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF....WAVEfmt .........]..........data........................................................................................................................................................................................................................................................................................ .......................................................................#.........................../.u...,...9.....L.........P.....M...m.......-...\.J.u...7...`...........+.....~.'....~...............B....!."Q!..M...x.N...B...e.g.........?.....{.I.P.....f...V.....].c.{.d.....T.P.......+..E..3.....#.%......V.......$"N,T1.0.*.!..k.`...7.W.&.C.".}.\...g...).............<.*.=./.....\...z.......e...........N.....-......Z..............).-_*. 7...,.Q.....................D...........|.........u.........w...}.c.....R.R...]...1.2......L.<.j.....j.f....-.e .'.&..%.....................^...!.g.............k.;.M.....&.G...D.....P.......k.....t...l.K.P......=....J.....

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-OMPGL.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):230274
                                                                                                                                            Entropy (8bit):5.828753704400131
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:aNjvtDzBKXy1MzW3zioFQwGnJvCAIGLmr:azdzvDnGJ7IGqr
                                                                                                                                            MD5:7DFF321C9C0DFBA94C1FD67B621DD759
                                                                                                                                            SHA1:DA8910DF016404C38B0C77490D8DEEB15F6FEB73
                                                                                                                                            SHA-256:7F6C0F42AF2125813D3FD67E57D2CF885D7D6567FBF076DAF7C13321FBB46D80
                                                                                                                                            SHA-512:129E8BB6D545B22B552AD293101084A604E8B493A848DA9C019439F56EE073B124A53639B253E984F4835CAC2B4F907C98DAEEF2B10266E396D89EEBF60F1651
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFFz...WAVEfmt ........D....X......dataV...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-QPBOH.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 24000 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59894
                                                                                                                                            Entropy (8bit):6.838365676849903
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:UU+/iLUqeJcKYn9lgxaQDyJVv06RvWYI2SN6gQVfF:UUocOyoa93v061WYI2TF
                                                                                                                                            MD5:654A9C620731AE72D26D3777418FA647
                                                                                                                                            SHA1:B1CAB3E17046914CDB3F4D22DC3A71F747F8728E
                                                                                                                                            SHA-256:E6A06409A9B1AF41FC2242AB98D8B8F588B54DB7ED583C299838D135CE2A1D73
                                                                                                                                            SHA-512:CC7E0328249A3A08AB533153C168B707A30B0223D9AEDE1BD84AB1B33A3B5D60193120019B25BD8C18B92B454C14F653A54D31EC00F0DFF41CA60C8E020CB573
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF....WAVEfmt .........]..........data....................3.>...%...z.......[.Z.....K.....G.....N.....Z.'.....h.w.......>.!....... .................=.....:.%...e.....I.....4.....W.....................;.....5.......@.....S.#...M.E.....8...4.Y.......!.....s.<.8.R.T...k.a.a.f.^...G.......2.......[.....k.........}..........z..o.............;.]...)...............I.r...m.e.....0...".....$.'.J.h.=...L.................e.2.....N.c...S...$...q...v.[..........................i.w...d.%._.1.;...].s.N...g.....#.v.l......z.i..9.H...$.*.....D.h.s...z.............N.`...M.....8.L.I...0.. ../.}.5.R.......g.......-.I.-....[...!.........Y...A.....$.Z.....d.}..............[.....b...H.n.......p.......~...'.c.......e......m...(.\...T.a.x.9.....>.......6.I...........K.............U!..../.............b.........:.\.......w.....[..........._.........k.2.s.=...x...0.P...q...................H...v...=............2.............D.j...V.......;...3.s.....J...7.....8...................!.......H.....D.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-TUPI7.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114220
                                                                                                                                            Entropy (8bit):5.815286660197201
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:6ToO1ilKTJMbmAiekySMd10fQfYKs2LfjfN2IupDrOQnQ6a+wX43E5PF:6TTiEMmFekySMH03KsiQDrO1D
                                                                                                                                            MD5:9B9C547DA31F05167D03B9A9C4794A1E
                                                                                                                                            SHA1:5CB65DA494D1BE506D00CCFC523D39C1AF4BF44E
                                                                                                                                            SHA-256:CC8E7CED06DED913DC63F3DC48442D4B78247E98A0B1481ABAD421446E7B9725
                                                                                                                                            SHA-512:97A0199C1B76A1B9FC54A7DFA52197754905248921D2268D2D963EAABB3DDCA6401389B61E44278E8179532E08FC82D0F75B3EADB8D8B1026F0508709958F132
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF$...WAVEfmt ........D....X......data................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\is-V71GJ.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):236849
                                                                                                                                            Entropy (8bit):6.003001911190803
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:ecRqlx9NFqI6FdZL52dTOgSQh1hV1A9W2u2x:ecCnd6fZL5mO41hXA9Wkx
                                                                                                                                            MD5:92C13373D7DBE43BDC167479274A43E2
                                                                                                                                            SHA1:B0A93C92A2358CD0D9E9D202B6D60B69DF9DAB0B
                                                                                                                                            SHA-256:BB1782D281FE60D4A2DCF41BC229ABE3E46C280212597D4ABCC25BDDF667739B
                                                                                                                                            SHA-512:26C6FA1AC7BCFD523F9AB9E6C2D971103CCFC610AD0DF504D4E9B064DAD74576D77240C052B808F4C37C9240302A7E973A20F79EE39AC7BF3201A6FA9F0DFA96
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:##.## Bundle of CA Root Certificates.##.## Certificate data from Mozilla as of: Tue Nov 26 13:58:25 2024 GMT.##.## Find updated versions here: https://curl.se/docs/caextract.html.##.## This is a bundle of X.509 certificates of public Certificate Authorities.## (CA). These were automatically extracted from Mozilla's root certificates.## file (certdata.txt). This file can be found in the mozilla source tree:.## https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt.##.## It contains the certificates in PEM format and therefore.## can be directly used with curl / libcurl / php_curl, or with.## an Apache+mod_ssl webserver for SSL client authentication..## Just configure this file as the SSLCACertificateFile..##.## Conversion done with mk-ca-bundle.pl version 1.29..## SHA256: 36105b01631f9fc03b1eca779b44a30a1a5890b9bf8dc07ccb001a07301e01cf.##...GlobalSign Root CA.==================.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAA

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\notify.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):54890
                                                                                                                                            Entropy (8bit):6.922608548070075
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:k3RE1QCkFCNf8vCrzR6Rzrw7zRgxwqz5LI9jT7s:+zc8vCrYUzRb6+9v7s
                                                                                                                                            MD5:E83E11BFCF969E11C40BB415D3F80D2B
                                                                                                                                            SHA1:1D317B80265E40CCD7A31E8B2C09FB243FEBCBAF
                                                                                                                                            SHA-256:0EF947556E4E00E3FCDB55EBEE46A6932F08111DC7D18C5E9AED1BD7D936E667
                                                                                                                                            SHA-512:E220BCAEE82C9BB6FD035EEE7D5D9436765907231DF42D006EA072C2A26F526941BAE97684D4EE18AE86DA7104C2CB67D3228DD73FBA59F20AB246AF584D76EA
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFFb...WAVEfmt ........D....X......data>...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................-.........7.....y...I.5))(..,.X....h.L.X.........P.............Q.'....#.....d.}...(..............2........(.$.....}.=........=.m..j._...}.......y...@.......T...2.......*.c...u.......1...A.)...P.....q.......8....%..,.v...,.......2.....................i.......0....[...........*.V.W...;.*.".....b.6...&...........W...].i.....V...O...9..._.}..$.u...b...............u.r.*.....d.....Y.R.....U.}...]...7.....A.........W.A...].....C.m...;.

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\notify2.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 44100 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):114220
                                                                                                                                            Entropy (8bit):5.815286660197201
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:6ToO1ilKTJMbmAiekySMd10fQfYKs2LfjfN2IupDrOQnQ6a+wX43E5PF:6TTiEMmFekySMH03KsiQDrO1D
                                                                                                                                            MD5:9B9C547DA31F05167D03B9A9C4794A1E
                                                                                                                                            SHA1:5CB65DA494D1BE506D00CCFC523D39C1AF4BF44E
                                                                                                                                            SHA-256:CC8E7CED06DED913DC63F3DC48442D4B78247E98A0B1481ABAD421446E7B9725
                                                                                                                                            SHA-512:97A0199C1B76A1B9FC54A7DFA52197754905248921D2268D2D963EAABB3DDCA6401389B61E44278E8179532E08FC82D0F75B3EADB8D8B1026F0508709958F132
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF$...WAVEfmt ........D....X......data................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\Resources\remind.wav (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 24000 Hz
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):59894
                                                                                                                                            Entropy (8bit):6.838365676849903
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:1536:UU+/iLUqeJcKYn9lgxaQDyJVv06RvWYI2SN6gQVfF:UUocOyoa93v061WYI2TF
                                                                                                                                            MD5:654A9C620731AE72D26D3777418FA647
                                                                                                                                            SHA1:B1CAB3E17046914CDB3F4D22DC3A71F747F8728E
                                                                                                                                            SHA-256:E6A06409A9B1AF41FC2242AB98D8B8F588B54DB7ED583C299838D135CE2A1D73
                                                                                                                                            SHA-512:CC7E0328249A3A08AB533153C168B707A30B0223D9AEDE1BD84AB1B33A3B5D60193120019B25BD8C18B92B454C14F653A54D31EC00F0DFF41CA60C8E020CB573
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:RIFF....WAVEfmt .........]..........data....................3.>...%...z.......[.Z.....K.....G.....N.....Z.'.....h.w.......>.!....... .................=.....:.%...e.....I.....4.....W.....................;.....5.......@.....S.#...M.E.....8...4.Y.......!.....s.<.8.R.T...k.a.a.f.^...G.......2.......[.....k.........}..........z..o.............;.]...)...............I.r...m.e.....0...".....$.'.J.h.=...L.................e.2.....N.c...S...$...q...v.[..........................i.w...d.%._.1.;...].s.N...g.....#.v.l......z.i..9.H...$.*.....D.h.s...z.............N.`...M.....8.L.I...0.. ../.}.5.R.......g.......-.I.-....[...!.........Y...A.....$.Z.....d.}..............[.....b...H.n.......p.......~...'.c.......e......m...(.\...T.a.x.9.....>.......6.I...........K.............U!..../.............b.........:.\.......w.....[..........._.........k.2.s.=...x...0.P...q...................H...v...=............2.............D.j...V.......;...3.s.....J...7.....8...................!.......H.....D.

                                                                                                                                            C:\Program Files\FreeFileSync\Uninstall\is-NGOJS.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3414640
                                                                                                                                            Entropy (8bit):6.589239930239391
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:udJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQi333qFI:AJYVM+LtVt3P/KuG2ONG9iqLRQi333q
                                                                                                                                            MD5:AFC70B74FF6456A1DB47AA6A5480A389
                                                                                                                                            SHA1:DA7D29720A817A677DCC6AD09ACE07159D1013DA
                                                                                                                                            SHA-256:A23438A6655F6F3AA29657497F82E841CF7B7A5E2FACC86A469F3DFBBE800CEF
                                                                                                                                            SHA-512:05DAC7C5379D1E89D4E5FF1F0371B00769C64ACEE01AF0AC53821D5E1A38D3515DC689D76A9ABDC55D4EE43C68555A3A4A05B270E7E396A97376186BA9A3D368
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..,........*.......*...@...........................4.......4...@......@...................P,.n.....,.j:...P0.Ll............3.p(....,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...Ll...P0..n..../.............@..@.............04......`3.............@..@................

                                                                                                                                            C:\Program Files\FreeFileSync\Uninstall\unins000.dat

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:InnoSetup Log \001\342\200\214F\342\200\214r\342\200\214e\342\200\214e\342\200\214F\342\200\214i\342\200\214l\342\200\214e\342\200\214S\342\200\214y\342\200\214n\342\200\214c, version 0x418, 56033 bytes, 216554\37\user\376\, C:\Program Files\FreeFileSync\376\377\377\
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):56033
                                                                                                                                            Entropy (8bit):3.924072055856257
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:xKTO1VoPBjc0wTe9IlhYbFVbMQFNIbWFycrptofPy2bzD1Ti+xIA+x:+uVopjcvPYgmh
                                                                                                                                            MD5:A48CBF832882918FA67B8AC45CA64532
                                                                                                                                            SHA1:7BF4F70EB1E8E6251F4DD4F0B03CEF3B0B15642C
                                                                                                                                            SHA-256:9C4B764222DD10FCCD2B212E805DB4A4925603FD09146F19F31F3DB81E721DBD
                                                                                                                                            SHA-512:6FB72A36EE4A77DA4DDA8EA12C6FED8D0156A05AA3BD236B393A25374769BEB3598C561D83D00651CDCDD413ED19A312FBCE4988EA0C55A555048AAF5B83921F
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Inno Setup Uninstall Log (b)....................................FreeFileSync......................................................................................................................F.r.e.e.F.i.l.e.S.y.n.c...................................................................................+........................................................................................................................+...........F........s........2.1.6.5.5.4......c.a.l.i......C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c..................7.... ...........U..IFPS....D........................................................................................................ANYMETHOD.....................................................................BOOLEAN..............TWIZARDFORM....TWIZARDFORM.........TMAINFORM....TMAINFORM.........TUNINSTALLPROGRESSFORM....TUNINSTALLPROGRESSFORM.........TCONTROL....TCONTROL.............................................

                                                                                                                                            C:\Program Files\FreeFileSync\Uninstall\unins000.exe (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3414640
                                                                                                                                            Entropy (8bit):6.589239930239391
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:udJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQi333qFI:AJYVM+LtVt3P/KuG2ONG9iqLRQi333q
                                                                                                                                            MD5:AFC70B74FF6456A1DB47AA6A5480A389
                                                                                                                                            SHA1:DA7D29720A817A677DCC6AD09ACE07159D1013DA
                                                                                                                                            SHA-256:A23438A6655F6F3AA29657497F82E841CF7B7A5E2FACC86A469F3DFBBE800CEF
                                                                                                                                            SHA-512:05DAC7C5379D1E89D4E5FF1F0371B00769C64ACEE01AF0AC53821D5E1A38D3515DC689D76A9ABDC55D4EE43C68555A3A4A05B270E7E396A97376186BA9A3D368
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..,........*.......*...@...........................4.......4...@......@...................P,.n.....,.j:...P0.Ll............3.p(....,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...Ll...P0..n..../.............@..@.............04......`3.............@..@................

                                                                                                                                            C:\Program Files\FreeFileSync\Uninstall\unins000.msg

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:InnoSetup messages, version 6.0.0, 261 messages (UTF-16), Cancel installation
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):24089
                                                                                                                                            Entropy (8bit):3.274664443443748
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:192:61EjNSCkf3SCqsTr6CCPanAG1GznL7VV+Iqfc51USQDztXfbKJG/pfx:61EK6CHr6f5H+7Q1USQDztB/Rx
                                                                                                                                            MD5:6F54066EB96F26B2BD0FCE8DA6B5F146
                                                                                                                                            SHA1:2A20CA3C15D82635C727FC4F7B1BABDC5E68032F
                                                                                                                                            SHA-256:13841813BF9AC9E34D496D865D80C6DF6A40EAF0DD6C3793CF6B53089419FDCD
                                                                                                                                            SHA-512:A329EE5758A8FE2D69A791B2304FB0E22AEFC5F192D3CC6B6248842C82E8D835BAA861A762B6E3F7B2EFE4AD2DDE1692924CF8193EA9A5F0DC367F4C66F89309
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:Inno Setup Messages (6.0.0) (u)......................................]..3....2t.C.a.n.c.e.l. .i.n.s.t.a.l.l.a.t.i.o.n...S.e.l.e.c.t. .a.c.t.i.o.n...&.I.g.n.o.r.e. .t.h.e. .e.r.r.o.r. .a.n.d. .c.o.n.t.i.n.u.e...&.T.r.y. .a.g.a.i.n...&.A.b.o.u.t. .S.e.t.u.p.........%.1. .v.e.r.s.i.o.n. .%.2.....%.3.........%.1. .h.o.m.e. .p.a.g.e.:.....%.4.....A.b.o.u.t. .S.e.t.u.p...Y.o.u. .m.u.s.t. .b.e. .l.o.g.g.e.d. .i.n. .a.s. .a.n. .a.d.m.i.n.i.s.t.r.a.t.o.r. .w.h.e.n. .i.n.s.t.a.l.l.i.n.g. .t.h.i.s. .p.r.o.g.r.a.m.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.c.o.m.m.e.n.d.e.d. .t.h.a.t. .y.o.u. .a.l.l.o.w. .S.e.t.u.p. .t.o. .a.u.t.o.m.a.t.i.c.a.l.l.y. .c.l.o.s.e. .t.h.e.s.e. .a.p.p.l.i.c.a.t.i.o.n.s.....T.h.e. .f.o.l.l.o.w.i.n.g. .a.p.p.l.i.c.a.t.i.o.n.s. .a.r.e. .u.s.i.n.g. .f.i.l.e.s. .t.h.a.t. .n.e.e.d. .t.o. .b.e. .u.p.d.a.t.e.d. .b.y. .S.e.t.u.p... .I.t. .i.s. .r.e.

                                                                                                                                            C:\Program Files\FreeFileSync\User Manual.pdf (copy)

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PDF document, version 1.4
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1184858
                                                                                                                                            Entropy (8bit):7.9402035905593955
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:6l7kUF9mZjMk+kbTBscPr436Igjl7F+c93ZlWuajrb7:6lTF81D+kpfT436FD9muajrb7
                                                                                                                                            MD5:321704EB18195DCE4C1078EADD53C688
                                                                                                                                            SHA1:3E68163477D347BE9822453CE42D144E0EEBA1D7
                                                                                                                                            SHA-256:32E221D0A3F2CE1E4963006EE95FC0FD2FB4C63CD56113C4021BDF1FBBE8C82D
                                                                                                                                            SHA-512:6827089989FA2C1FF1C6E6DF09329B235A507ED078B03F984BF03E14B7B742961B4133A70AF647AA58A08D5DAD49799490B66E1E7E0ADD7EA1B44557CBCE4180
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:%PDF-1.4.1 0 obj.<<./Title (...M.a.n.u.a.l. .-. .F.r.e.e.F.i.l.e.S.y.n.c)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241207103401+01'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj.4 0 obj.[/Pattern /DeviceRGB].endobj.6 0 obj.<<./Type /XObject./Subtype /Image./Width 572./Height 575./BitsPerComponent 8./ColorSpace /DeviceGray./Length 7 0 R./Filter /FlateDecode.>>.stream.x..w@......J ........{=..z...b=..b...;..v...;J.D.H.....v}..H'...d~..'......73......J@.......;.9.]....nJ...............R.................."QK.D..S..k$.....J.Q...h**...3.0e........d}}..........}}..z......i$q.R.R.o.P&e....T.2c.1aP_...MLL..-,..K..077351116BEBMB5.h$Q.(1.L.U.z.eP.m*.)....chdd......ccck......}.....[9;.....XYZZX.....a......q.. I.....?..2mtu...c.3.+k[;.'g..W..m..zx...s..}.y..9z..a^.{w...S......qsm.....`ogceafbD... -b...._...............M..^......3n.).~......,.....k...y+...

                                                                                                                                            C:\Program Files\FreeFileSync\is-0RARI.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):147223
                                                                                                                                            Entropy (8bit):4.884422991548549
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3072:njjdQgWoXi9Wpsy8tLd3oXU91w28OvY+KlAd7J:TTmy2oks+KAd7J
                                                                                                                                            MD5:6E6DBAD61ECC2B74C8150A227CD51FB5
                                                                                                                                            SHA1:746924D5F98F9B4428A17CE36FA02B0459E9BC09
                                                                                                                                            SHA-256:CF47B6710F5ADD5EB9BF4A4455507A123E17BE212D64A266ED57E1539ACB3EBB
                                                                                                                                            SHA-512:A95B93CB659282B978271389681C63964DD85E3E21F42C678A6932E1073D8BBB7A1269898C4CA3FB7017A8FE7496CB11B4A54F043D5C6FC1FB33F2C675C42646
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:FreeFileSync 13.9 [2024-12-07]..------------------------------..Fixed CURLE_SEND_ERROR: OpenSSL SSL_write: SSL_ERROR_SYSCALL, errno 0..Added comparison and sync context menu options for multiple folder pairs..Show file include/exclude filter directly in tooltip..Fixed file not found error when cancelling file up-/download..Fixed showing cancelled config log status after nothing to sync..Updated translation files......FreeFileSync 13.8 [2024-11-04]..------------------------------..Support raw IPv6 server address for (S)FTP..RealTimeSync: Fixed scrollbar when adding/removing folders..Don't set sync direction for partial folder pairs..Uniquely identify partial folder pairs in error message..Fixed network login prompt not showing in Windows 11 24H2......FreeFileSync 13.7 [2024-06-23]..------------------------------..Support copying symlinks between SFTP devices..Fixed input focus not being restored after comparison/sync..Fixed log file pruning not considering selected configuration..Show s

                                                                                                                                            C:\Program Files\FreeFileSync\is-5Q5L9.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:Rich Text Format data, version 1, ANSI, code page 1252
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):52941
                                                                                                                                            Entropy (8bit):4.834889561469989
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:4IwnwOuD+WlljeKquwIx0i5D/e1iHdTcoPhpkYp/T/FXOx0Bpm3APzB4D:j1OuljeMr5DGwxUETy0Bpm3Al4D
                                                                                                                                            MD5:EE9B7FD879D57A35B5F0F575A1755F71
                                                                                                                                            SHA1:D3CA973EAA0EC74845E2E7851A6837AE08906E67
                                                                                                                                            SHA-256:ADC61454C4F9DA3C500501D33E2949EC5B0B857C57B3CF2FD172FBFF2BF76CDB
                                                                                                                                            SHA-512:D32DBF8B3AB9155F008F1283D4F37225E8B66A71F3E58BC1FED566EA8FC3618773DD73A677C772BE0EA4854D75264A8765EB0A3C480418A73060ED93D4B502CF
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:{\rtf1\ansi\ansicpg1252\deff0\nouicompat\deftab709{\fonttbl{\f0\fswiss\fprq2\fcharset0 Segoe UI;}}..{\colortbl ;\red0\green0\blue255;\red0\green0\blue128;}..{\*\generator Riched20 10.0.19041}\viewkind4\uc1 ..\pard\nowidctlpar\hyphpar0\qc\kerning1\f0\fs26\lang1031 FreeFileSync: Terms of Use\par....\pard\nowidctlpar\hyphpar0\fs22\par..The FreeFileSync standard and {{\field{\*\fldinst{HYPERLINK "https://freefilesync.org/faq.php#donation-edition" }}{\fldrslt{\ul\cf1\cf2\ul Donation\~Edition}}}}\f0\fs22 are for \b private\~use\b0 only.\par..\b\fs11\par..\fs22 Commercial use\b0 requires buying\b \b0 the {{\field{\*\fldinst{HYPERLINK "https://freefilesync.org/faq.php#business" }}{\fldrslt{\ul\cf1\cf2\ul FreeFileSync\~Business\~Edition}}}}\f0\fs22 . This also applies to government organizations.\par....\pard\nowidctlpar\hyphpar0\qc _____________________________________________________________\par....\pard\nowidctlpar\hyphpar0\par..A. GNU General Public License\par..B. wxWidgets License\par

                                                                                                                                            C:\Program Files\FreeFileSync\is-9EHB8.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PDF document, version 1.4
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1184858
                                                                                                                                            Entropy (8bit):7.9402035905593955
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24576:6l7kUF9mZjMk+kbTBscPr436Igjl7F+c93ZlWuajrb7:6lTF81D+kpfT436FD9muajrb7
                                                                                                                                            MD5:321704EB18195DCE4C1078EADD53C688
                                                                                                                                            SHA1:3E68163477D347BE9822453CE42D144E0EEBA1D7
                                                                                                                                            SHA-256:32E221D0A3F2CE1E4963006EE95FC0FD2FB4C63CD56113C4021BDF1FBBE8C82D
                                                                                                                                            SHA-512:6827089989FA2C1FF1C6E6DF09329B235A507ED078B03F984BF03E14B7B742961B4133A70AF647AA58A08D5DAD49799490B66E1E7E0ADD7EA1B44557CBCE4180
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:%PDF-1.4.1 0 obj.<<./Title (...M.a.n.u.a.l. .-. .F.r.e.e.F.i.l.e.S.y.n.c)./Creator (...w.k.h.t.m.l.t.o.p.d.f. .0...1.2...6)./Producer (...Q.t. .4...8...7)./CreationDate (D:20241207103401+01'00').>>.endobj.3 0 obj.<<./Type /ExtGState./SA true./SM 0.02./ca 1.0./CA 1.0./AIS false./SMask /None>>.endobj.4 0 obj.[/Pattern /DeviceRGB].endobj.6 0 obj.<<./Type /XObject./Subtype /Image./Width 572./Height 575./BitsPerComponent 8./ColorSpace /DeviceGray./Length 7 0 R./Filter /FlateDecode.>>.stream.x..w@......J ........{=..z...b=..b...;..v...;J.D.H.....v}..H'...d~..'......73......J@.......;.9.]....nJ...............R.................."QK.D..S..k$.....J.Q...h**...3.0e........d}}..........}}..z......i$q.R.R.o.P&e....T.2c.1aP_...MLL..-,..K..077351116BEBMB5.h$Q.(1.L.U.z.eP.m*.)....chdd......ccck......}.....[9;.....XYZZX.....a......q.. I.....?..2mtu...c.3.+k[;.'g..W..m..zx...s..}.y..9z..a^.{w...S......qsm.....`ogceafbD... -b...._...............M..^......3n.).~......,.....k...y+...

                                                                                                                                            C:\Program Files\FreeFileSync\is-F80UQ.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):390256
                                                                                                                                            Entropy (8bit):6.134884165717768
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:B5EBllbJaaRqWCMjtIj2UpComPU8kmz7ia0oQhX:BiBllVfRqWCMYQUzeNLQh
                                                                                                                                            MD5:93B8B77BAE7AF0FA64E9F59F8C15351E
                                                                                                                                            SHA1:A01661073A1E0BB9EC697645EA2F5D36DDD66530
                                                                                                                                            SHA-256:F4D1BBDBB75ED4017ADCEF6295DB223D5B633B9AFD88FD016E86434EDB97A262
                                                                                                                                            SHA-512:FA804AA8E41647330512F00BDFA70BC6020C6CDC1AF24C2788D65CE7BD495B7007C9D4B119C9CBE571BF9089CF5843A5118690ED3956A2684403638251473D51
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........$b..E...E...E...=...E...=..AE...=...E.......E.......E.......E...=...E...=...E...E.. E..l....E..l...E..l....E..Rich.E..................PE..L.....Tg...............*..........................@..........................P...........@....................................P.......................p(... ...%...d..T....................d......Xc..@............................................text...$........................... ..`.rdata..b...........................@..@.data....^...........~..............@....rsrc...............................@..@.reloc...%... ...&..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Program Files\FreeFileSync\is-UNI7V.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):676464
                                                                                                                                            Entropy (8bit):6.18963251148129
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:e+LGHv4E3fx+XjXh0vdb514ocPAwYf7krBl:e+Lov42x+X6lb51+ifwrL
                                                                                                                                            MD5:DD8779C4A9D2F47F3C9279F6F7786E69
                                                                                                                                            SHA1:6E288BE940E0035DDD3240537EDEEE3991A665A4
                                                                                                                                            SHA-256:919322547B2E2D19BED839B8889A204A3E34742648736E2114F565751FD32351
                                                                                                                                            SHA-512:4D710A8D95C7CFFC786743E0DA26D5A1B7CB4C9407EDD789EFA390BB2BA4A1CE670E98484E75BEFBBAF3367CE81B007CD3395F9B4F8ED2900FA086CEA7C995EC
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|.c/.c/.c/..`..c/..f.C.c/..`...c/..g...c/..f...c/..g...c/..e..c/..b...c/.b/..c/o.j..c/o../.c/o.a..c/Rich.c/................PE..L.....Tg...............*.D...2......c........`....@.................................A.....@..................................}...........j...........*..p(...p...1...3..T....................3......P2..@............`..T............................text...jB.......D.................. ..`.rdata...,...`.......H..............@..@.data....e...........v..............@....rsrc....j.......l..................@..@.reloc...1...p...2..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Thu Jan 2 11:23:55 2025, mtime=Thu Jan 2 11:23:58 2025, atime=Sat Dec 7 14:38:54 2024, length=676464, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1019
                                                                                                                                            Entropy (8bit):4.423042262346652
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:88BJUCa0YXT+h9nBdpF46/6odBAH0zKWB4AjA4InGxcmBsmVX+LgQbdp6BP+Bsb/:8Nx0dlnKW6UA4Iccm3uEkdA5+OdAr9m
                                                                                                                                            MD5:318A3E377254AB59B8D284E91FF0CA01
                                                                                                                                            SHA1:B6C56822890C29E9EA2855630EB4BAB5ACDE1ACE
                                                                                                                                            SHA-256:4AC12F8C1C5C18B67691CA792597AD3CF63DFBE6E29ED534CBAD124F7ABCEB0B
                                                                                                                                            SHA-512:EB3C4E04D7CB806DFEAC2F22D5345956CB1120508CF953B0C04C012179A1BC82B0EBD98588A5F9082B9B1D43A908BFC9FE46C4E63034E1A9F967CA9B0BCC9396
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:L..................F.... ......0.]....{2.].......H..pR...........................P.O. .:i.....+00.../C:\.....................1....."Z.b..PROGRA~1..t......O.I"Z.c....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1....."Z.b..FREEFI~1..J......"Z.b"Z.c.........................;.5.F.r.e.e.F.i.l.e.S.y.n.c.....n.2.pR...Y.| .FREEFI~1.EXE..R......"Z.b"Z.b..............................F.r.e.e.F.i.l.e.S.y.n.c...e.x.e.......]...............-.......\...................C:\Program Files\FreeFileSync\FreeFileSync.exe..4.F.r.e.e.F.i.l.e.S.y.n.c. .. .F.o.l.d.e.r. .C.o.m.p.a.r.i.s.o.n. .a.n.d. .S.y.n.c.h.r.o.n.i.s.a.t.i.o.n.:.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.\.F.r.e.e.F.i.l.e.S.y.n.c...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.`.......X.......216554...........hT..CrF.f4... ...Tl..........%..hT..CrF.f4... ...Tl..........%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM.

                                                                                                                                            C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Thu Jan 2 11:23:55 2025, mtime=Thu Jan 2 11:23:58 2025, atime=Sat Dec 7 14:38:48 2024, length=390256, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):995
                                                                                                                                            Entropy (8bit):4.486211900556942
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:8gx1a0YXT+h9nBdpF46/6odBiSm0zK+/UAjA4IET6m/YcGfgQbdp6BTAeN/YbdpL:8z0dlVKYUUA4IET6whkdAKe9MdArdm
                                                                                                                                            MD5:5D9EA2CAB0EEEF077D01A9D24D46CA3D
                                                                                                                                            SHA1:585878ED8500360318E8067F14850BD22A4CABB2
                                                                                                                                            SHA-256:B241F77EA2DA346D7A90BBA03DB9FF4D637DB60A7FF0A077AA967941E3B543D1
                                                                                                                                            SHA-512:024B203AB3A07DDDB1B83E6168654D9DC32BDAF28820B60B5716E49CD3B19BC2F514F646836F1B349F91F6B5A4DAF63C5F4F027391CCEC4D536C76010E4BF541
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:L..................F.... ...L..0.]..nX.2.]...4...H..p............................P.O. .:i.....+00.../C:\.....................1....."Z.b..PROGRA~1..t......O.I"Z.c....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1....."Z.b..FREEFI~1..J......"Z.b"Z.c.........................;.5.F.r.e.e.F.i.l.e.S.y.n.c.....n.2.p....Y.| .REALTI~1.EXE..R......"Z.b"Z.b..............................R.e.a.l.T.i.m.e.S.y.n.c...e.x.e.......]...............-.......\...................C:\Program Files\FreeFileSync\RealTimeSync.exe..(.R.e.a.l.T.i.m.e.S.y.n.c. .. .A.u.t.o.m.a.t.e.d. .S.y.n.c.h.r.o.n.i.s.a.t.i.o.n.:.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.\.R.e.a.l.T.i.m.e.S.y.n.c...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.`.......X.......216554...........hT..CrF.f4... ...Tl..........%..hT..CrF.f4... ...Tl..........%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                            C:\Users\Public\Desktop\FreeFileSync.lnk

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Thu Jan 2 11:23:55 2025, mtime=Thu Jan 2 11:23:55 2025, atime=Sat Dec 7 14:38:54 2024, length=676464, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1007
                                                                                                                                            Entropy (8bit):4.4556324976172155
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:8i+SdCnKW6UA4Iccm3uEtodA5+OdAr9m:8i+SdCnJ6jJcb3BtodA5+OdAp
                                                                                                                                            MD5:A292390629DB82A2CC9B2325CB57264D
                                                                                                                                            SHA1:137C016B346ABB3A8015BBC421EEB95EE8419F3A
                                                                                                                                            SHA-256:E2DF25960AA06B5268C134FC16C083401F06EE67C77DFEDB66CA3567B1752B38
                                                                                                                                            SHA-512:329EA2C9EC1E68AE4E36256189F07BA4FA7C510D6CFD8D5E51B568F78B938F894149AA94E9AB7C8F880753F4AE42D29D121CB5643846FF07A0FC5363CC0D179D
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:L..................F.... ......0.].....0.].......H..pR...........................P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I"Z.b....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1....."Z.b..FREEFI~1..J......"Z.b"Z.b...........................d.F.r.e.e.F.i.l.e.S.y.n.c.....n.2.pR...Y.| .FREEFI~1.EXE..R......"Z.b"Z.b..............................F.r.e.e.F.i.l.e.S.y.n.c...e.x.e.......]...............-.......\...................C:\Program Files\FreeFileSync\FreeFileSync.exe..4.F.r.e.e.F.i.l.e.S.y.n.c. .. .F.o.l.d.e.r. .C.o.m.p.a.r.i.s.o.n. .a.n.d. .S.y.n.c.h.r.o.n.i.s.a.t.i.o.n.4.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.\.F.r.e.e.F.i.l.e.S.y.n.c...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.`.......X.......216554...........hT..CrF.f4... ...Tl..........%..hT..CrF.f4... ...Tl..........%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?.........

                                                                                                                                            C:\Users\Public\Desktop\RealTimeSync.lnk

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Thu Jan 2 11:23:55 2025, mtime=Thu Jan 2 11:23:55 2025, atime=Sat Dec 7 14:38:48 2024, length=390256, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):983
                                                                                                                                            Entropy (8bit):4.5037548738055575
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12:8gx1a0YXT+h9nBdpF46/6odBiSm0zK+/UAjA4IET6m/YcGfgtcbdp6BTAeN/Ybd5:8z0dlVKYUUA4IET6whtodAKe9MdArdm
                                                                                                                                            MD5:500E3E47BF4AED1ED346104E7996FBC8
                                                                                                                                            SHA1:8D0E79DA5431A5A137D321EFBA4B444D7EF8D6C6
                                                                                                                                            SHA-256:CF0D6956F1C3E18D66DAFB177604127C41B458E44CC5A3CE166FA00F4E9CE6B0
                                                                                                                                            SHA-512:DDDDC30FA11BEDDB5C32506DE3C14DEC498C1B44582D8F3B7DE1BEA0FBF8BDC4846F4083AA672F9C0BDCD2E3A142146A6E0F8D456EF6BEF9B11E817FBBED6FA4
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:L..................F.... ...L..0.]...V.0.]...4...H..p............................P.O. .:i.....+00.../C:\.....................1....."Z.b..PROGRA~1..t......O.I"Z.c....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1....."Z.b..FREEFI~1..J......"Z.b"Z.c.........................;.5.F.r.e.e.F.i.l.e.S.y.n.c.....n.2.p....Y.| .REALTI~1.EXE..R......"Z.b"Z.b..............................R.e.a.l.T.i.m.e.S.y.n.c...e.x.e.......]...............-.......\...................C:\Program Files\FreeFileSync\RealTimeSync.exe..(.R.e.a.l.T.i.m.e.S.y.n.c. .. .A.u.t.o.m.a.t.e.d. .S.y.n.c.h.r.o.n.i.s.a.t.i.o.n.4.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.\.R.e.a.l.T.i.m.e.S.y.n.c...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.`.......X.......216554...........hT..CrF.f4... ...Tl..........%..hT..CrF.f4... ...Tl..........%.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:data
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):20948
                                                                                                                                            Entropy (8bit):5.614801526501092
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:384:1Kz3GPlJeubuhApI1sBM+XJC71veFWgTjQG6WQwiaVj/w8CPfoGhsRd:A2Jnuh6ysy+XUFeD6vfaN/8fHhsRd
                                                                                                                                            MD5:8FC5484D0F375FAD854147B9E8A7F9E4
                                                                                                                                            SHA1:946573D098451E8879185DA4D4CEC511F94D10CA
                                                                                                                                            SHA-256:282C01C4F76DF2ADF95332B44C670E27F4432F97F83BC02537FF0742DC17B827
                                                                                                                                            SHA-512:22E4D6AC819B7257B0AA1B59369CB96EB65D04A95CE0AD263F0E39D539354714ABA9F93ACA4F84BDF69BE22C754E402897D44D1897BE52FB14674A933A07F425
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:@...e...........................W.../.c..............@..........H...............o..b~.D.poM...L..... .Microsoft.PowerShell.ConsoleHostD...............4..7..D.#V.....6.......System.Management.Automation4...............<."..Ke@...j..........System.Core.0.................Vn.F..kLsw..........System..4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.|.....#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.@................z.U..G...5.f.1........System.DirectoryServices<................t.,.lG....M...........System.Management...4..................~..2K..}...0".......System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Commands.Utility...D....................+.H..!...e........System.Configuration.Ins

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_azkqdh01.asx.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_o3hhj1x4.ixb.ps1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pn3wj1ai.sej.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ujdiz5y0.ild.psm1

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):60
                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):676464
                                                                                                                                            Entropy (8bit):6.18963251148129
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:12288:e+LGHv4E3fx+XjXh0vdb514ocPAwYf7krBl:e+Lov42x+X6lb51+ifwrL
                                                                                                                                            MD5:DD8779C4A9D2F47F3C9279F6F7786E69
                                                                                                                                            SHA1:6E288BE940E0035DDD3240537EDEEE3991A665A4
                                                                                                                                            SHA-256:919322547B2E2D19BED839B8889A204A3E34742648736E2114F565751FD32351
                                                                                                                                            SHA-512:4D710A8D95C7CFFC786743E0DA26D5A1B7CB4C9407EDD789EFA390BB2BA4A1CE670E98484E75BEFBBAF3367CE81B007CD3395F9B4F8ED2900FA086CEA7C995EC
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........|.c/.c/.c/..`..c/..f.C.c/..`...c/..g...c/..f...c/..g...c/..e..c/..b...c/.b/..c/o.j..c/o../.c/o.a..c/Rich.c/................PE..L.....Tg...............*.D...2......c........`....@.................................A.....@..................................}...........j...........*..p(...p...1...3..T....................3......P2..@............`..T............................text...jB.......D.................. ..`.rdata...,...`.......H..............@..@.data....e...........v..............@....rsrc....j.......l..................@..@.reloc...1...p...2..................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\_isetup\_setup64.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):6144
                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\img_47.bmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe
                                                                                                                                            File Type:PC bitmap, Windows 3.x format, 640 x 338 x 24, resolution 11811 x 11811 px/m, cbSize 649014, bits offset 54
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):649014
                                                                                                                                            Entropy (8bit):3.7686631691455514
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:6144:AobWkba3IIlPJ2Apef8IvSyIUXFx39oRf2ljm/M2H:A2Wkba3IiPJMf35JY2Bm/M
                                                                                                                                            MD5:674E41E3E444ABC176CC8D42ADAD928B
                                                                                                                                            SHA1:F3C47FC1854D61612F95BDFFDBC510A4E221C550
                                                                                                                                            SHA-256:1F0A61811C941533306EEEBF3BE6EADAB5DBEE228DE80E4DE8A978AEEFB27AF9
                                                                                                                                            SHA-512:9EB4E1D1BD961356BA7605876EDD46CF86C74E98E3CAEE76B38A7C2F74FB23EA1614405B602807227DA9AC58C638CA5F081766C950C82526C15841066D7740C2
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:BM6.......6...(.......R...............#...#....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."..$..%..".............................%..'..'..1..?..R..S..a$.n(..6..K..Y..f..w..}.....

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\img_47.jpg

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:JPEG image data, JFIF standard 1.02, resolution (DPI), density 300x300, segment length 16, progressive, precision 8, 640x338, components 3
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):33621
                                                                                                                                            Entropy (8bit):7.934038609528603
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:768:kCKdDSyqoZkfFErqHijjeDv8k0BtHl6bARLF+nAxzfxPvsa:kDpBwFE+ij+w+ecAxd
                                                                                                                                            MD5:A211FB5B8F907555139B50A102CE0322
                                                                                                                                            SHA1:FD64AA773532861675924DECFA55B69BF626FA26
                                                                                                                                            SHA-256:602DDB322E7697856D2B0E561954E5DEE4B6C37FF412459970923FF2E7A7B1F1
                                                                                                                                            SHA-512:166F660D170CCC728253DCA0D67A495203EA760F670F93547467B34C1899669DA9BC43B3DACCC7B6A0929406BCC11C1C7FBCDE6E719BF9E508E392E9FDDF7FC6
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:......JFIF.....,.,.....C....................................................................C.......................................................................R...............................................................................................................................X.Lu.M..y5e.s...M..}#.4.............................f.wB..^..J...t.M...r.......M.|...]2.......................o&..5}'...oC..Ff.K/=7.b.........7.g>....j.%..d........a.2.................Eu..{.e.mn....*\....[sU..}a.;D.....[T.t.i...x..yo+..[..........k.m.....................?....U..,s=%n4...Z^....E.Y.C;x=.K.^9.....&.D..}...N8......s....@....gcloc\G. ...............R...~n..?.^......i....-....~x.5idf/[....B...v.@..it.,|....sz...5...o).Blk......;.w.X..X............m...Z?A..ZF.._.z.x.4....a.9.>.F.=z.+.......=.9m......K......#.<=......;...k.y..>e.t.........>..U..............,.......X.i{..g.u......y.9.n;I:...;+PmVKi([_.M.V.;.Z......r.xg.......Ob.6|.....s.`....e..I..5.......

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3414640
                                                                                                                                            Entropy (8bit):6.589239930239391
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:udJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQi333qFI:AJYVM+LtVt3P/KuG2ONG9iqLRQi333q
                                                                                                                                            MD5:AFC70B74FF6456A1DB47AA6A5480A389
                                                                                                                                            SHA1:DA7D29720A817A677DCC6AD09ACE07159D1013DA
                                                                                                                                            SHA-256:A23438A6655F6F3AA29657497F82E841CF7B7A5E2FACC86A469F3DFBBE800CEF
                                                                                                                                            SHA-512:05DAC7C5379D1E89D4E5FF1F0371B00769C64ACEE01AF0AC53821D5E1A38D3515DC689D76A9ABDC55D4EE43C68555A3A4A05B270E7E396A97376186BA9A3D368
                                                                                                                                            Malicious:true
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..,........*.......*...@...........................4.......4...@......@...................P,.n.....,.j:...P0.Ll............3.p(....,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...Ll...P0..n..../.............@..@.............04......`3.............@..@................

                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe
                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):3414640
                                                                                                                                            Entropy (8bit):6.589239930239391
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:49152:udJYVM+9JtzZWnoS2VC23aun8+f5KuG2OY9IG9ivyv2cLx1RQi333qFI:AJYVM+LtVt3P/KuG2ONG9iqLRQi333q
                                                                                                                                            MD5:AFC70B74FF6456A1DB47AA6A5480A389
                                                                                                                                            SHA1:DA7D29720A817A677DCC6AD09ACE07159D1013DA
                                                                                                                                            SHA-256:A23438A6655F6F3AA29657497F82E841CF7B7A5E2FACC86A469F3DFBBE800CEF
                                                                                                                                            SHA-512:05DAC7C5379D1E89D4E5FF1F0371B00769C64ACEE01AF0AC53821D5E1A38D3515DC689D76A9ABDC55D4EE43C68555A3A4A05B270E7E396A97376186BA9A3D368
                                                                                                                                            Malicious:false
                                                                                                                                            Antivirus:
                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                            Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*..,........*.......*...@...........................4.......4...@......@...................P,.n.....,.j:...P0.Ll............3.p(....,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...Ll...P0..n..../.............@..@.............04......`3.............@..@................

                                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\FreeFileSync.lnk

                                                                                                                                            Download File
                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Has command line arguments, Archive, ctime=Thu Jan 2 11:23:55 2025, mtime=Thu Jan 2 11:23:58 2025, atime=Sat Dec 7 14:38:54 2024, length=676464, window=hide
                                                                                                                                            Category:dropped
                                                                                                                                            Size (bytes):1049
                                                                                                                                            Entropy (8bit):4.408579899196987
                                                                                                                                            Encrypted:false
                                                                                                                                            SSDEEP:24:8y+x0dlnKW6UA4Iccm3uEudA5+OdAp9m:8y+OdlnJ6jJcb3BudA5+OdAb
                                                                                                                                            MD5:0CB14A6409122C9B1574934308B15555
                                                                                                                                            SHA1:ABAD2077762EAABB9F72E980FD2D0119C5EAA713
                                                                                                                                            SHA-256:90F6281401AEC4298B0715A51F662346D44E2300244FE7A80A4C8DFAFAD424A2
                                                                                                                                            SHA-512:C766A908C0184EB8218C38E74EC37304CBE6ADF8DF25A2313316982EB9964041C1AA0AECA1C10A178F9D1D202CDF22C513DD8DEE518ECBB59C4B64FD05E53DE1
                                                                                                                                            Malicious:false
                                                                                                                                            Preview:L..................F.... ......0.].....2.].......H..pR...........................P.O. .:i.....+00.../C:\.....................1....."Z.b..PROGRA~1..t......O.I"Z.c....B...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....b.1....."Z.b..FREEFI~1..J......"Z.b"Z.c.........................;.5.F.r.e.e.F.i.l.e.S.y.n.c.....n.2.pR...Y.| .FREEFI~1.EXE..R......"Z.b"Z.b..............................F.r.e.e.F.i.l.e.S.y.n.c...e.x.e.......]...............-.......\...................C:\Program Files\FreeFileSync\FreeFileSync.exe..4.F.r.e.e.F.i.l.e.S.y.n.c. .. .F.o.l.d.e.r. .C.o.m.p.a.r.i.s.o.n. .a.n.d. .S.y.n.c.h.r.o.n.i.s.a.t.i.o.n.@.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c.\.F.r.e.e.F.i.l.e.S.y.n.c...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.F.r.e.e.F.i.l.e.S.y.n.c...-.S.e.n.d.T.o. .`.......X.......216554...........hT..CrF.f4... ...Tl..........%..hT..CrF.f4... ...Tl..........%.E.......9...1SPS..mD..pH

                                                                                                                                            Static File Info

                                                                                                                                            General

                                                                                                                                            File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                            Entropy (8bit):7.999991446350162
                                                                                                                                            TrID:
                                                                                                                                            • ZIP compressed archive (8000/1) 100.00%
                                                                                                                                            File name:MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip
                                                                                                                                            File size:20'159'091 bytes
                                                                                                                                            MD5:040e4e96b3c71169e5706b579862bb8c
                                                                                                                                            SHA1:f9da50db010b8704a5246d42d2cd1e898a244b3f
                                                                                                                                            SHA256:03691405dc49eed57372ef1877d246c3464453aa26ed49966cae495bb5fb95dd
                                                                                                                                            SHA512:526d650f6444b6f03fde557879c2a860acf61159763a0d2bc019b21c69c1412d85b2858713532669b0f1b1415011c190aa91ff3b49d2e3e3028bc727c23f8c14
                                                                                                                                            SSDEEP:393216:pq2Kbit+X0V+++W+ibqcpc9dewoRy4suC/O0ZIfblBrDfpc6fn1v70Ry:82KsotZ+qcpc9d14S/O8ULDfC6KRy
                                                                                                                                            TLSH:3E1733934920B26608090D86B5A51B0B8E7B7BDF6337CF10283589E315DD75BBF879AC
                                                                                                                                            File Content Preview:PK........A_"Z...n..3...;.#.$.FreeFileSync_13.9_Windows_Setup.exe.. ..............].......].......]..*.,.......lY...U-]..s..Ur..[v...>-_N3.;../a.e...`.}.U..-.j.........."5,].........|.3Y...2eq..!...tH.Y...#.....GM<...s.>~..1-Dlh.#IoTa...m..c.u.8:....]1.9l

                                                                                                                                            File Icon

                                                                                                                                            Icon Hash:1c1c1e4e4ececedc

                                                                                                                                            Network Behavior

                                                                                                                                            Suricata IDS Alerts

                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                            2025-01-02T13:24:07.106671+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649709104.21.2.160443TCP

                                                                                                                                            Network Port Distribution

                                                                                                                                            TCP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Jan 2, 2025 13:24:06.648020983 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:06.648056984 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:06.648197889 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:06.649445057 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:06.649456978 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:07.106573105 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:07.106671095 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:07.109728098 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:07.109734058 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:07.109932899 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:07.145940065 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:07.145986080 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:07.146042109 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:07.313735008 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:07.313792944 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:07.314085007 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:07.314569950 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:07.314569950 CET49709443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:07.314584970 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:07.314591885 CET44349709104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.069040060 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.069081068 CET44349711104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.069165945 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.071155071 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.071166992 CET44349711104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.545595884 CET44349711104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.545682907 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.553553104 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.553560972 CET44349711104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.553762913 CET44349711104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.553822041 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.555344105 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.599333048 CET44349711104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.766768932 CET44349711104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.766832113 CET44349711104.21.2.160192.168.2.16
                                                                                                                                            Jan 2, 2025 13:24:13.766849041 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.766895056 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.767165899 CET49711443192.168.2.16104.21.2.160
                                                                                                                                            Jan 2, 2025 13:24:13.767177105 CET44349711104.21.2.160192.168.2.16

                                                                                                                                            UDP Packets

                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                            Jan 2, 2025 13:24:06.632987022 CET5585853192.168.2.161.1.1.1
                                                                                                                                            Jan 2, 2025 13:24:06.643953085 CET53558581.1.1.1192.168.2.16

                                                                                                                                            DNS Queries

                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                            Jan 2, 2025 13:24:06.632987022 CET192.168.2.161.1.1.10x6f6bStandard query (0)api.freefilesync.orgA (IP address)IN (0x0001)false

                                                                                                                                            DNS Answers

                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                            Jan 2, 2025 13:24:06.643953085 CET1.1.1.1192.168.2.160x6f6bNo error (0)api.freefilesync.org104.21.2.160A (IP address)IN (0x0001)false
                                                                                                                                            Jan 2, 2025 13:24:06.643953085 CET1.1.1.1192.168.2.160x6f6bNo error (0)api.freefilesync.org172.67.129.95A (IP address)IN (0x0001)false

                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                            • api.freefilesync.org

                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            0192.168.2.1649709104.21.2.1604436504C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-02 12:24:07 UTC212OUTPOST /new_installation HTTP/1.1
                                                                                                                                            Connection: Keep-Alive
                                                                                                                                            Content-Type: application/x-www-form-urlencoded; Charset=UTF-8
                                                                                                                                            Accept: */*
                                                                                                                                            User-Agent: FFS-Installer
                                                                                                                                            Content-Length: 180
                                                                                                                                            Host: api.freefilesync.org
                                                                                                                                            2025-01-02 12:24:07 UTC180OUTData Raw: 66 66 73 5f 76 65 72 73 69 6f 6e 3d 31 33 2e 39 26 6f 73 5f 6e 61 6d 65 3d 57 69 6e 64 6f 77 73 26 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 5f 74 79 70 65 3d 4c 6f 63 61 6c 26 6f 73 5f 76 65 72 73 69 6f 6e 3d 31 30 2e 30 26 6f 73 5f 61 72 63 68 3d 36 34 26 6c 61 6e 67 75 61 67 65 3d 65 6e 26 63 6f 75 6e 74 72 79 3d 43 48 26 69 6e 73 74 61 6c 6c 65 72 5f 74 79 70 65 3d 41 64 2d 46 72 65 65 26 69 6e 73 74 61 6c 6c 65 72 5f 63 6f 6d 70 69 6c 65 72 3d 49 6e 6e 6f 26 73 74 61 74 75 73 3d 43 6f 6d 70 6c 65 74 65 64 26 73 69 6c 65 6e 74 3d 4e 6f
                                                                                                                                            Data Ascii: ffs_version=13.9&os_name=Windows&installation_type=Local&os_version=10.0&os_arch=64&language=en&country=CH&installer_type=Ad-Free&installer_compiler=Inno&status=Completed&silent=No
                                                                                                                                            2025-01-02 12:24:07 UTC1100INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 02 Jan 2025 12:24:07 GMT
                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                            Connection: close
                                                                                                                                            x-robots-tag: noindex
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            vary: User-Agent
                                                                                                                                            Cache-Control: max-age=3600, public
                                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                            referrer-policy: no-referrer-when-downgrade
                                                                                                                                            x-frame-options: DENY
                                                                                                                                            content-security-policy: frame-ancestors 'none';
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Dv5Mr1zT1SRvbz9s7TlqxmkhxfDVX8K5IxXmZHihMUXE0qgWbXKcUAIuBYIaDNYRK%2F11QiiHMpneOjIiAM15DaWk%2BxMZ8oOw0ATOkniNHnBTa%2BtByOeuT6Q9oG1gbNRlepD25eB4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8fbab964fea2de97-EWR
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1484&min_rtt=1474&rtt_var=574&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2840&recv_bytes=1028&delivery_rate=1871794&cwnd=236&unsent_bytes=0&cid=8ad675e3dcdb7e16&ts=215&x=0"
                                                                                                                                            2025-01-02 12:24:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                            Data Ascii: 0


                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                            1192.168.2.1649711104.21.2.1604435768C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                            2025-01-02 12:24:13 UTC231OUTPOST /latest_version HTTP/1.1
                                                                                                                                            Accept: */*
                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                            User-Agent: FFS-Update-Check
                                                                                                                                            Host: api.freefilesync.org
                                                                                                                                            Content-Length: 157
                                                                                                                                            Cache-Control: no-cache
                                                                                                                                            2025-01-02 12:24:13 UTC157OUTData Raw: 66 66 73 5f 76 65 72 73 69 6f 6e 3d 31 33 2e 39 26 69 6e 73 74 61 6c 6c 61 74 69 6f 6e 5f 74 79 70 65 3d 4c 6f 63 61 6c 4d 61 63 68 69 6e 65 26 66 66 73 5f 76 61 72 69 61 6e 74 3d 46 72 65 65 26 6f 73 5f 6e 61 6d 65 3d 57 69 6e 64 6f 77 73 26 6f 73 5f 76 65 72 73 69 6f 6e 3d 31 30 2e 30 26 6f 73 5f 61 72 63 68 3d 36 34 26 64 69 70 5f 73 63 61 6c 65 3d 31 26 66 66 73 5f 6c 61 6e 67 3d 65 6e 5f 47 42 26 6c 61 6e 67 75 61 67 65 3d 65 6e 26 63 6f 75 6e 74 72 79 3d 43 48
                                                                                                                                            Data Ascii: ffs_version=13.9&installation_type=LocalMachine&ffs_variant=Free&os_name=Windows&os_version=10.0&os_arch=64&dip_scale=1&ffs_lang=en_GB&language=en&country=CH
                                                                                                                                            2025-01-02 12:24:13 UTC1095INHTTP/1.1 200 OK
                                                                                                                                            Date: Thu, 02 Jan 2025 12:24:13 GMT
                                                                                                                                            Content-Type: application/octet-stream
                                                                                                                                            Content-Length: 4
                                                                                                                                            Connection: close
                                                                                                                                            x-robots-tag: noindex
                                                                                                                                            x-content-type-options: nosniff
                                                                                                                                            vary: User-Agent
                                                                                                                                            Cache-Control: max-age=3600, public
                                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                                            referrer-policy: no-referrer-when-downgrade
                                                                                                                                            x-frame-options: DENY
                                                                                                                                            content-security-policy: frame-ancestors 'none';
                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=83BFlWgLpygw99NFcL5Y7OsL9d9ej8n3s%2FxhnFhpHtrmBUcext59NL%2FkTTi%2FJVpm6jU0EoMgCucJfxVEFVfgfTq3%2Fl9l7jbnEQsGndU3mCLf%2FVzxrkfv749dQhCjkbmhKSpIUw0pEA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                            Server: cloudflare
                                                                                                                                            CF-RAY: 8fbab98d3c7141d2-EWR
                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=1671&rtt_var=646&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=1016&delivery_rate=1669525&cwnd=251&unsent_bytes=0&cid=b1b443f22e12b168&ts=226&x=0"
                                                                                                                                            2025-01-02 12:24:13 UTC4INData Raw: 31 33 2e 39
                                                                                                                                            Data Ascii: 13.9


                                                                                                                                            Statistics

                                                                                                                                            CPU Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            Memory Usage

                                                                                                                                            Click to jump to process

                                                                                                                                            High Level Behavior Distribution

                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                            Behavior

                                                                                                                                            Click to jump to process

                                                                                                                                            System Behavior

                                                                                                                                            General

                                                                                                                                            Target ID:0
                                                                                                                                            Start time:07:23:20
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                            Imagebase:0x7ff714810000
                                                                                                                                            File size:71'680 bytes
                                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:9
                                                                                                                                            Start time:07:23:43
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe"
                                                                                                                                            Imagebase:0x390000
                                                                                                                                            File size:20'692'472 bytes
                                                                                                                                            MD5 hash:954CEE0E02BAC777F4DB7A05EE8BDA65
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:10
                                                                                                                                            Start time:07:23:44
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-OKC8K.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$80024,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe"
                                                                                                                                            Imagebase:0x290000
                                                                                                                                            File size:3'414'640 bytes
                                                                                                                                            MD5 hash:AFC70B74FF6456A1DB47AA6A5480A389
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:13
                                                                                                                                            Start time:07:23:45
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024
                                                                                                                                            Imagebase:0x390000
                                                                                                                                            File size:20'692'472 bytes
                                                                                                                                            MD5 hash:954CEE0E02BAC777F4DB7A05EE8BDA65
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:14
                                                                                                                                            Start time:07:23:45
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-90TT2.tmp\FreeFileSync_13.9_Windows_Setup.tmp" /SL5="$7036C,19508176,913920,C:\Users\user\AppData\Local\Temp\Temp1_MDE_File_Sample_017466bb6ff6d1b5b887f00b4b0a959ffc026bdb.zip\FreeFileSync_13.9_Windows_Setup.exe" /SPAWNWND=$302A8 /NOTIFYWND=$80024
                                                                                                                                            Imagebase:0x570000
                                                                                                                                            File size:3'414'640 bytes
                                                                                                                                            MD5 hash:AFC70B74FF6456A1DB47AA6A5480A389
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:15
                                                                                                                                            Start time:07:23:46
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\FreeFileSync.exe" ffs_setup_convert_jpg_to_bmp "C:\Users\user\AppData\Local\Temp\is-24R9K.tmp\img_47.jpg"
                                                                                                                                            Imagebase:0x830000
                                                                                                                                            File size:676'464 bytes
                                                                                                                                            MD5 hash:DD8779C4A9D2F47F3C9279F6F7786E69
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Antivirus matches:
                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:16
                                                                                                                                            Start time:07:23:58
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"powershell.exe" -inputformat none -outputformat none -NonInteractive -Command "Add-MpPreference -ExclusionProcess 'C:\Program Files\FreeFileSync\Bin\*'"
                                                                                                                                            Imagebase:0xc20000
                                                                                                                                            File size:433'152 bytes
                                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:17
                                                                                                                                            Start time:07:23:58
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                            Imagebase:0x7ff6684c0000
                                                                                                                                            File size:862'208 bytes
                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:high
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:18
                                                                                                                                            Start time:07:23:58
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Program Files\FreeFileSync\FreeFileSync.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Program Files\FreeFileSync\FreeFileSync.exe" ffs_setup_finalize
                                                                                                                                            Imagebase:0x410000
                                                                                                                                            File size:676'464 bytes
                                                                                                                                            MD5 hash:DD8779C4A9D2F47F3C9279F6F7786E69
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:19
                                                                                                                                            Start time:07:23:58
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe" ffs_setup_finalize
                                                                                                                                            Imagebase:0x7ff638730000
                                                                                                                                            File size:17'732'208 bytes
                                                                                                                                            MD5 hash:9C31F370631A40917DF397F40C0772DB
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:true
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Reputation:low
                                                                                                                                            Has exited:true

                                                                                                                                            General

                                                                                                                                            Target ID:21
                                                                                                                                            Start time:07:24:00
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                            Imagebase:0x7ff6899f0000
                                                                                                                                            File size:496'640 bytes
                                                                                                                                            MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                            Has elevated privileges:true
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:22
                                                                                                                                            Start time:07:24:08
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Program Files\FreeFileSync\FreeFileSync.exe
                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                            Commandline:"C:\Program Files\FreeFileSync\FreeFileSync.exe"
                                                                                                                                            Imagebase:0x410000
                                                                                                                                            File size:676'464 bytes
                                                                                                                                            MD5 hash:DD8779C4A9D2F47F3C9279F6F7786E69
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:false

                                                                                                                                            General

                                                                                                                                            Target ID:23
                                                                                                                                            Start time:07:24:08
                                                                                                                                            Start date:02/01/2025
                                                                                                                                            Path:C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe
                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                            Commandline:"C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe"
                                                                                                                                            Imagebase:0x7ff638730000
                                                                                                                                            File size:17'732'208 bytes
                                                                                                                                            MD5 hash:9C31F370631A40917DF397F40C0772DB
                                                                                                                                            Has elevated privileges:false
                                                                                                                                            Has administrator privileges:false
                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                            Has exited:false

                                                                                                                                            Disassembly

                                                                                                                                            No disassembly