Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Conservative_Party_of_British_Columbia_Policy_Platform_(2).pdf
|
PDF document, version 1.7, 114 pages
|
initial sample
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\c0ea4aaf-9057-43b2-ae43-88d2f0940a44.tmp
|
JSON data
|
modified
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-241025175812Z-187.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
|
Certificate, Version=3
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
|
Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks,
0x1 compression
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
|
data
|
dropped
|
||
|
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.7468
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
|
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI52782.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-10-25 13-58-10-016.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\05bf70ae-e6ea-435e-b134-f292358c59f4.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\0c97fc96-c25d-492d-8a7c-21f0083a126d.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\3f67592f-60d4-470f-a7e3-b7f40184e974.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\acrocef_low\e320a697-e04c-4d6f-b502-4dad929a7ab9.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
There are 37 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Desktop\Conservative_Party_of_British_Columbia_Policy_Platform_(2).pdf"
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
|
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2088 --field-trial-handle=1736,i,14481799690591012217,13194473589811774586,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
https://www.cadth.ca/sites/default/files/Tech%20Trends/2023/ER0013%20-%202023%20Watch%20List%20Final
|
unknown
|
||
|
https://www.cfpc.ca/CFPC/media/Resources/Health-Policy/HPGR-FP-Reform-Policy-EN.pdf)
|
unknown
|
||
|
https://www.fraserinstitute.org/sites/default/files/price-of-public-health-care-insurance-2021.pdf)
|
unknown
|
||
|
https://smractionplan.ca/)
|
unknown
|
||
|
https://www.cma.ca/sites/default/files/pdf/Media-Releases/Conference%20Board%20of%20Canada%20-%20Mee
|
unknown
|
||
|
https://www.bclaws.gov.bc.ca/civix/document/id/complete/statreg/08038_01)
|
unknown
|
||
|
https://www.fraserinstitute.org/studies/10-years-on-revisiting-the-saskatchewan-surgical-initiative)
|
unknown
|
||
|
https://www.cdhowe.org/sites/default/files/2024-05/Commentary_660.pdf)
|
unknown
|
||
|
https://occupations.esdc.gc.ca/sppc-cops/.4cc.5p.1t.3onsummaryd.2tail%40-eng.jsp?tid=104)
|
unknown
|
||
|
https://bc.ctvnews.ca/b-c-nurses-speak-out-amid-concerns-about-drug-use-in-hospitals-1.6834635)
|
unknown
|
||
|
https://globalnews.ca/news/9478783/ottawa-health-funding-deal-leblanc/)
|
unknown
|
||
|
https://www.heu.org/sites/default/files/2022-03/NR%2003%2032%2022%20HEU_Poll.pdf)
|
unknown
|
||
|
https://cifar.ca/wp-content/uploads/2020/11/AI-health-policy-report-ENG.pdf)
|
unknown
|
||
|
https://www.ourcommons.ca/content/committee/421/hesa/brief/br10576965/br-external/britishcolumbianur
|
unknown
|
||
|
https://vancouversun.com/news/local-news/bc-physician-assistants-patient-waitlists)
|
unknown
|
||
|
https://secondstreet.org/sweden/)
|
unknown
|
||
|
https://www.cfib-fcei.ca/en/research-economic-analysis/patients-before-paperwork)
|
unknown
|
||
|
https://www.priv.gc.ca/en/opc-actions-and-decisions/investigations/investigations-into-federal-insti
|
unknown
|
||
|
https://ai4ph-hrtp.ca/wp-content/uploads/2024/06/AI-to-advance-public-health-in-Canada-2024-FINAL.pd
|
unknown
|
||
|
https://www.ontario.ca/laws/regulation/900552?search=552&BK12)
|
unknown
|
||
|
https://www.youtube.com/watch?v=VYEUShIP7Rs)
|
unknown
|
||
|
https://www150.statcan.gc.ca/t1/tbl1/en/tv.action?pid=3210023001&pickMembers%5B0%5D=1.11&cubeTimeFra
|
unknown
|
||
|
https://nursesunions.ca/wp-content/uploads/2017/05/CFNU_Enough-is-Enough_June1_FINALlow.pdf)
|
unknown
|
||
|
https://uploads-ssl.webflow.com/64108fa6cd96c24e82418a19/641c495696ff766b26d9e1b6_Viewpoints%20-%20V
|
unknown
|
||
|
https://secure.cihi.ca/free_products/ActivityBasedFundingManualEN-web_Nov2013.pdf)
|
unknown
|
||
|
https://www.jobbank.gc.ca/trend-analysis/job-market-reports/britishcolumbia/sectoral-profile-agricul
|
unknown
|
||
|
https://www.cihi.ca/en/wait-times-for-priority-procedures-in-canada-2024)
|
unknown
|
||
|
http://x1.i.lencr.org/
|
unknown
|
||
|
https://vancouversun.com/health/local-health/bc-no-family-doctor-care-options#%3A~%3Atext%3DNearly%2
|
unknown
|
||
|
https://www2.gov.bc.ca/assets/gov/data/statistics/business-industry-trade/small-business/small_busin
|
unknown
|
||
|
https://www.cma.ca/latest-stories/addressing-physicians-administrative-burden-invisible-crisis-famil
|
unknown
|
||
|
https://www.rbcroyalbank.com/healthcare-financial-solutions/advice-learning/article/?title=canada-ne
|
unknown
|
||
|
https://secondstreet.org/2022/07/19/policy-brief-copy-eu-policy-reduce-patient-suffering/)
|
unknown
|
||
|
https://www.hospitalmanagementasia.com/tech-innovation/the-increasing-importance-of-integrated-opera
|
unknown
|
||
|
https://www.bcnu.org/News-Events/CampaignsInitiatives/Documents/Future_of_Nursing_in_BC.pdf)
|
unknown
|
||
|
https://canjhealthtechnol.ca/index.php/cjht/article/download/EH0125/EH0125/7118)
|
unknown
|
||
|
https://www.informationsverige.se/en/om-sverige/att-varda-sin-halsa-i-sverige/rattigheter-och-skyldi
|
unknown
|
||
|
https://rnao.ca/bpg/get-involved/acpf/enhancing-violence-prevention-for-health-care-workers-employed
|
unknown
|
||
|
https://www.cfp.ca/content/69/4/269.long#ref-27)
|
unknown
|
||
|
https://qane-afi.casn.ca/cgi/viewcontent.cgi?article=1408&context=journal)
|
unknown
|
||
|
https://www.ontario.ca/document/ohip-infobulletins-2024/bulletin-240404-new-e-form-application-out-c
|
unknown
|
||
|
https://www.hee.nhs.uk/our-work/topol-review)
|
unknown
|
||
|
https://www.cdhowe.org/intelligence-memos/tingting-zhang-five-ways-address-our-family-physician-shor
|
unknown
|
||
|
https://www.ourcommons.ca/Content/Committee/441/HESA/Reports/RP12260300/hesarp10/hesarp10-e.pdf)
|
unknown
|
||
|
https://www.bcauditor.com/sites/default/files/publications/reports/Report%20Rural%20Nursing%20FINAL.
|
unknown
|
||
|
https://www.finances.gouv.qc.ca/Budget_and_update/budget/documents/Budget2425_BudgetPlan.pdf)
|
unknown
|
||
|
https://secondstreet.org/wp-content/uploads/2023/12/Policy-Brief-Died-on-a-Waiting-List-2023-FINAL.p
|
unknown
|
||
|
https://pubmed.ncbi.nlm.nih.gov/36474786/)
|
unknown
|
||
|
https://energyfuturesinstitute.ca/f/new-ipsos-poll-reveals-concerns-about-bc%E2%80%99s-energy-polici
|
unknown
|
||
|
https://www.timescolonist.com/local-news/plan-for-private-mri-clinic-at-hillside-scrapped-after-fail
|
unknown
|
||
|
https://www.thejournal.ie/belfast-of-blind-cataract-bus-michael-collins-5164956-Jul2020/)
|
unknown
|
||
|
https://cap-cpma.ca/the-council-of-atlantic-premiers-presented-the-golden-scissors-award-from-the-ca
|
unknown
|
||
|
https://www.fraserinstitute.org/sites/default/files/understanding-british-columbias-public-managemen
|
unknown
|
There are 43 hidden URLs, click here to show them.
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
x1.i.lencr.org
|
unknown
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
96.7.168.138
|
unknown
|
United States
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sFileAncestors
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
bisSharedFile
|
There are 10 hidden registries, click here to show them.