IOC Report
https://magentacloud.de/s/2bMe7TmEWH89MxG

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

Certificate, Version=3

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

data

dropped

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt23.lst (copy)

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.5600

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt23.lst (copy)

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt23.lst.5600

PostScript document text

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

JSON data

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 25

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

SQLite Rollback Journal

dropped

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

data

dropped

C:\Users\user\AppData\Local\Temp\MSI95ebb.LOG

Unicode text, UTF-16, little-endian text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-01-16 07-15-59-971.log

ASCII text, with very long lines (393)

dropped

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

ASCII text, with very long lines (393), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\acrocef_low\1c1f3e00-ce3b-4b24-9e60-1b3c1559356a.tmp

gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 42290

dropped

C:\Users\user\AppData\Local\Temp\acrocef_low\4823d41b-a8a5-4bfb-9ff0-ec05c215adf0.tmp

gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022

dropped

C:\Users\user\AppData\Local\Temp\acrocef_low\bdb284c2-a817-4060-adaa-b96861122e39.tmp

gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538

dropped

C:\Users\user\AppData\Local\Temp\acrocef_low\cd236f46-f305-44cd-a246-884e53a8a26f.tmp

gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142

dropped

C:\Users\user\AppData\Local\Temp\j43hmrmm.3cx\Jahresbericht STaR 2024\Jahresbericht_STaR_2024.pdf

PDF document, version 1.7, 14 pages

dropped

C:\Users\user\AppData\Local\Temp\unarchiver.log

ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 11:15:20 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 11:15:19 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 11:15:19 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 11:15:20 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Jan 16 11:15:19 2025, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide

dropped

C:\Users\user\Downloads\Jahresbericht STaR 2024.zip.crdownload

Zip archive data, at least v2.0 to extract, compression method=store

dropped

C:\Users\user\Downloads\d3351d08-a7d6-413e-bd9d-1de38f99d3d9.tmp

Zip archive data, at least v2.0 to extract, compression method=store

dropped

Chrome Cache Entry: 217

ASCII text

dropped

Chrome Cache Entry: 218

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1920x1080, components 3

downloaded

Chrome Cache Entry: 219

ASCII text

downloaded

Chrome Cache Entry: 220

ASCII text

downloaded

Chrome Cache Entry: 221

ASCII text

dropped

Chrome Cache Entry: 222

ASCII text

downloaded

Chrome Cache Entry: 223

ASCII text

dropped

Chrome Cache Entry: 224

ASCII text, with very long lines (415)

downloaded

Chrome Cache Entry: 225

Unicode text, UTF-8 text

downloaded

Chrome Cache Entry: 226

ASCII text

downloaded

Chrome Cache Entry: 227

ASCII text

dropped

Chrome Cache Entry: 228

ASCII text, with very long lines (23584)

downloaded

Chrome Cache Entry: 229

Unicode text, UTF-8 text, with very long lines (65435)

dropped

Chrome Cache Entry: 230

ASCII text

downloaded

Chrome Cache Entry: 231

ASCII text, with very long lines (788)

dropped

Chrome Cache Entry: 232

ASCII text, with very long lines (10457)

downloaded

Chrome Cache Entry: 233

ASCII text, with very long lines (3930)

downloaded

Chrome Cache Entry: 234

ASCII text, with very long lines (65536), with no line terminators

downloaded

Chrome Cache Entry: 235

Unicode text, UTF-8 text, with very long lines (65429)

dropped

Chrome Cache Entry: 236

Zip archive data, at least v2.0 to extract, compression method=store

downloaded

Chrome Cache Entry: 237

Unicode text, UTF-8 text

downloaded

Chrome Cache Entry: 238

Unicode text, UTF-8 text

dropped

Chrome Cache Entry: 239

ASCII text

downloaded

Chrome Cache Entry: 240

Unicode text, UTF-8 text, with very long lines (65460)

dropped

Chrome Cache Entry: 241

ASCII text, with very long lines (47219), with CRLF line terminators

downloaded

Chrome Cache Entry: 242

ASCII text, with very long lines (10457)

dropped

Chrome Cache Entry: 243

ASCII text, with very long lines (12211)

downloaded

Chrome Cache Entry: 244

JSON data

downloaded

Chrome Cache Entry: 245

ASCII text, with very long lines (23584)

dropped

Chrome Cache Entry: 246

ASCII text, with very long lines (65467), with escape sequences

dropped

Chrome Cache Entry: 247

Unicode text, UTF-8 text

downloaded

Chrome Cache Entry: 248

HTML document, ASCII text, with very long lines (451)

dropped

Chrome Cache Entry: 249

ASCII text

dropped

Chrome Cache Entry: 250

ASCII text

dropped

Chrome Cache Entry: 251

Unicode text, UTF-8 text, with very long lines (65459)

dropped