Complaints about Phone Numbers509-279-####
Enter the last 4 digits to complete the search:
FTC
FCC
Enter the last 4 digits to complete the search:
FTC
FCC
| Company | XO WASHINGTON, INC. - WA |
| Rate Center | SPOKANE |
Other prefix codes with SPOKANE rate center:
Counterfeit Checks https://web.archive.org/web/20211213210443/https://pix.mirtouf.fr/FGOiWXlW.jpg https://web.archive.org/web/20211213210647/https://pix.mirtouf.fr/76aikMd7.jpg https://web.archive.org/web/20211213211211/https://pix.mirtouf.fr/PHUBJJxD.jpg Counterfeit Check Details: Amount $*******834.83 Routing Number/ABA Number 00000***** Account Number ***0000** Check Number 0000******** CASC Bank of America P.O. BOX 34414 SEATTLE, WA 98124-1414 Amount $*******853.48 Routing Number/ABA Number 00000***** Account Number ***0000** Check Number 0000******** CASC Bank of America P.O. BOX 34414 SEATTLE, WA 98124-1414 Amount $*******866.41 Routing Number/ABA Number 00000***** Account Number ***0000** Check Number 0000******** CASC Bank of America P.O. BOX 34414 SEATTLE, WA 98124-1414 --------------------------------------------------------------------------- The Headquarters of where this kind of activity proliferates https://www.nacarchitecture.com/portfolio/SCCScience.html Consumer Reviews of Bartleby https://www.trustpilot.com/review/bartleby.com https://www.mamma.com/us/bartleby-com https://www.complaintsboard.com/bartlebycom-b110137 https://www.sitejabber.com/reviews/bartleby.com https://www.defaulters.com/scam/bartleby-com/ NOVAD Management Consulting Unaccredited BBB Profile https://www.bbb.org/us/ok/oklahoma-city/profile/business-consultant/novad-management-consulting-0995-90043337/complaints Current Alerts For This Business Pattern of Complaint: The BBB files indicate that this business has a pattern of complaints. In the last 3 months, the BBB has received a large number of complaints against NOVAD regarding letters informing their clients of the transfer of their mortgage loan servicing. Consumers who are attempting to get information or payoff statements for their loans have difficulty contacting NOVAD due the transition and the Covid-19 pandemic. BBB is working closely with Novad find a resolution for the underlining cause for these complaints. ComplaintsBoard Listings on NOVAD Management [Other victims they've been trying to defraud and swindle] https://www.complaintsboard.com/us/ok/oklahoma-city/novad-management-consulting-2401-nw-23rd-st Home Warranty Direct Scam Discussion Board Listings https://800notes.com/Phone.aspx/1-800-299-4998 https://calldetective.net/800-299-4998/ Xact Loan BBB Unaccredited Listing https://www.bbb.org/us/oh/cincinnati/profile/debt-consolidation-services/xact-loan-0292-90040588 Metromile, Inc. Auto Insurance BBB Listing https://www.bbb.org/us/ca/san-francisco/profile/auto-insurance/metromile-inc-1116-444470 ISN Corporation BBB Unaccredited Profile Not Elsewhere Classified After Investigation https://www.bbb.org/us/md/bethesda/profile/not-elsewhere-classified-after-investigation/isn-corporation-0241-236001320 --------------------------------------------------------------------------- Kevin Brockbank https://archive.ph/HWtYX Nicole Duvernay https://archive.is/wip/dTvcv Pamela Jane Herrebout https://archive.is/tjuAs/718389dae0b20accc1132d55c40c3bc1105b4d5a License Plate: ABC5598 VIN: 4S3BMBA69B3219875 Retail Value: $4,140 Private Party Value: $9,010 Make: SUBARU Model: Legacy Year: 2011 Body Class: Sedan/Saloon Doors: 4 Series: - Type: PASSENGER CAR Jenny Martin https://archive.ph/HWtYX Scott Satake https://archive.ph/HWtYX Alison Carol Riegel https://archive.ph/HWtYX Colin Smith https://archive.is/cGgjs Lucas Werner https://archive.ph/HWtYX Douglas Revelle Carney https://archive.ph/HWtYX Michael William Stanfield https://archive.ph/HWtYX Anthony Owen Lucas https://archive.is/GFGay Tammerra Howe/Tamerra M Howe [Anti-Vaxxer] From Otis Orchards, WA https://web.archive.org/web/20210815164135/https://lutim.lagout.org/1jtkQSUV/d29PvX8Y.png Jess Edmondson [Anti-Vaxxer] https://web.archive.org/web/20210827220819/https://upload-image.rosariosis.com/L7H62MW5/tWK5R8BV.png Taylor Jones [Anti-Vaxxer] https://web.archive.org/web/20210827220908/https://upload-image.rosariosis.com/UrQGC0EO/TSXjiEc8.png Ruvim Gavrilyuk https://archive.is/rUmcZ Lexi Michelle Dawson https://archive.is/n0vEz/950e6e5569ee4332103372fa78a84a472f15d921 Sean Haskins Yolanda Hahn/Yolanda M Mitchell https://web.archive.org/web/20210731185337/https://lutim.stemy.me/XhUgl6q0/Wq0moiVR.png Thomas Crafts [Lying Snitch] https://archive.ph/7kkyQ/ba62999896f44914f9e0148e6e7851249f6983c7.jpg Jaymie Crafts [The mother of the snitch] Tiffany Nicole Husein https://archive.ph/HWtYX Norma Cantu https://archive.ph/HWtYX Heather Rebecca Slaminski https://nb-no.facebook.com/heather.slaminski Cory James Humphrey https://archive.ph/HWtYX Alexis Lisandro Guizar-Diaz https://web.archive.org/web/20210711052653/https://pbs.twimg.com/profile_images/1377032645213790210/3JM_gLVD_400x400.jpg Steven Smathers https://www.linkedin.com/in/steven-smathers-2042801bb Tito Ellis https://media-exp1.licdn.com/dms/image/C4D03AQGg_7tXkowy-Q/profile-displayphoto-shrink_200_200/0/1517029845793?e=1625097600&v=beta&t=PbE1QDMIXiVe71t9MDQJrxavMD7pOLKVoJ1BnH3AQrE Jordyn Noble https://www.linkedin.com/in/jordyn-reiter-65b5b2196 Guillermo Espinosa https://archive.ph/HWtYX Garrett William Clark https://archive.is/W0JVn Tanner Joseph Hundahl https://archive.ph/HWtYX Ger Moua https://www.ratemyprofessors.com/ShowRatings.jsp?tid=987470 Jason Eggerman Jay Reedy Broker License: #20121834 Managing Broker License: #8817 Full Name: Dr. Jamie Jo Diaz Pharm D. Provider Type: Individual Gender: Female Sole Proprietor: Yes, they are the sole owner of the medical practice. Definition: Pharmacist: An individual licensed by the appropriate state regulatory agency to engage in the practice of pharmacy. The practice of pharmacy includes, but is not limited to, assessment, interpretation,... WA Pharmacist Listings NPI: Their NPI Number is 1841624137 Learn what this is at: National Provider Identifier Standard from HHS and the Centers for Medicare & Medicaid Services. Additional: Useful things to add for visitors and potential patients: website links, office hours, specialties, etc. Aaron Kilfoyle Provider Data NPI Number 1770990608 Provider Name AARON KILFOYLE MS, LAT, ATC. Entity Type Individual Most Important Dates Provider Enumeration Date 07/11/2014 Last Updated 03/01/2021 Lori Hunt https://storage.zoominfo.com/-1509858032 Ryan Carstens https://media.spokesman.com/photos/2015/05/13/cit13_SCC.jpg Darik French https://media1.fdncms.com/inlander/imager/new-headline/u/original/2426999/protest1croppedweb.jpg Brandon Birdsill https://komonews.com/news/local/naked-man-arrested-in-community-college-womens-bathroom Steven Smathers https://www.medicarelist.com/counselor/steven-smathers-spokane-wa/ Stacey Reser - Helena, Montana https://www.linkedin.com/in/stacey-reser-9a0b5454 Spokane Community College "Honor Roll" https://www.spokesman.com/stories/2019/feb/22/area-students-make-honor-roll-at-spokane-community/ Ryan Murphy https://www.spokesman.com/stories/2013/oct/09/former-shadle-park-teacher-breaks-court-order-head/ Anthony JuJu Predisik https://www.spokesman.com/stories/2015/apr/03/supreme-court-rules-against-spokane-teachers-on/ Indian Trail Elementary https://www.spokaneschools.org/indiantrail Tyler Gabbard - North Central Wolfpack Football https://www.maxpreps.com/wa/spokane/north-central-wolfpack/football/roster/all-time/ Campus Safety / Department Directory https://www.spokaneschools.org/Page/334 North Central High School Class of 2011 https://www.spokesman.com/grads/north-central-high-school/2011/ North Central High School class lists - contact old friends https://old-friends.co/school.php?s=15692 Signature Quotations: "Don't take me. I am crazy." -Nicole Duvernay "Our goal is to kill creativity!" -Nicole Duvernay "I stole this off of the internet." -Nicole Duvernay admitting she is a thief and a liar by stealing math questions off of the internet that blatantly infringe on copyright "It's a conspiracy!" -Nicole Duvernay admitting that the entire Student Body at Spokane Community College was in on a conspiracy of silence in order to save face "We are going down this path together." -Nicole Duvernay "What happened?" -Nicole Duvernay "I'm not a real math teacher." -Nicole Duvernay admitting she is a fake "I.. Don't.. Actually... Remember..." -Nicole Duvernay on answering a question after she punked unsuspecting victims into taking a fraudulent excuse for a math course "Did I do something wrong?" -Nicole Duvernay attempting to guilt-trip with a loaded question "Be sure it isn't spiked." -Nicole Duvernay suggesting that the entire Student Body at Spokane Community College are open targets for what they did "Feeling awkward yet?" -How Nicole Duvernay answers questions with loaded insults to the students faces “I regret lighting the fireworks,” -Douglas Revelle Carney “I shouldn’t have done that.” -Douglas Revelle Carney “I don't feel real safe in my neighborhood anymore,” -Douglas Revelle Carney "I was stabbed three times, twice in the side, once in the arm right here,” -Douglas Revelle Carney "Stay in touch." -Carmen Green after the fact she tried to pull a fast one and take her potential victims insurance money for all they were worth. "welcome to higher edd" -Rob Vogel "I spit in his face." -Douglas Revelle Carney explaining what he did to get arrested at Spokane Community College after admitting to assaulting a dean “When I got to SCC, I didn’t believe that I was smart,” -Douglas Revelle Carney “As Doug became comfortable in the classroom, he responded very well to group work, particularly peer editing situations where students had opportunity to pool their knowledge and assist one another,” -Sharon Miller Whiteknighting for a convicted felon/Loan Shark “Doug became so good at this that students often asked him after class to help them with their essays.” -Sharon Miller giving credibility to a violent criminal who really belongs in federal prison “He is patient and listens well,” -Sharon Miller obviously oblivious to a complete stranger from the streets "That depends on your opinion." -Nicole Duvernay's view on Global Warming "Just let it go..." -Colin Smith (who works for these scumbags), telling others to gives criminals a free-pass and to just "sit back and enjoy all of it" "You will be successful." -Kevin Brockbank talking to his victims collectively that had their credit and debit information charged all year without notice "Actually, I'm making it up." -Nicole Duvernay bragging about insulting student intelligence "I once fell off a cliff" -Alison Carol Riegel "I'm not a professional." -Scott Satake "Scary Stuff!" -Scott Satake making a sarcastic comment during a conversation "We don't know the right answer." -Ger Moua "We only care about our money." -Ger Moua "You could keep digging yourself deeper... And then *poof* you're gone.." -Tito Ellis making an implied threat of being unpersoned from history. "You have to discriminate." -Cory James Humphrey thinking he knows it all "And I'll fail you and blame you!" -Tiffany Nicole Husein admitting she sets students up for failure by taking their money and making them do assignments with no objective truth to them all done with a smile on her ugly mug "I can muddy the water." -Tiffany Nicole Husein Admitting that she commits white-collar crime and can get away with it. "I don't understand." -Carmen Green feigning confusion to act like she doesn't know what she is listening to after the fact she makes people wait over 15 minutes and that this is how she talks to people who's time she wasted. "If it is off-campus then there is nothing we can do." -Scott Satake Admitting that he and the faculty at Spokane Community College take the side of criminals and trouble-makers and make no effort towards accountability. "Go see mental health." -Scott Satake soliciting false pretenses "I had a bet that you wouldn't make it back." -Douglas Revelle Carney admitting he puts money through russian roulette with students lives "The only person you confuse is yourself." -Douglas Revelle Carney instigating a fight "I want to go into business to sell foreign merchandise." -Douglas Revelle Carney "I'm 'that girl' that nobody wanted anything to do with." -Lexi Michelle Dawson "I got kicked out of this college ten years ago for getting into a fight with the dean of this campus." -Douglas Revelle Carney "I don't mean to be rude." -Michael William Stanfield "Hahahaaha haahahahahah EXACTLY!" -Michael William Stanfield laughing at his own demise "We call that a middle finger." -Anthony Owen Lucas "Don't you mean a 'honeytrap'?" -Michael William Stanfield implying that Pamela Jane Herrebout is a con-artist "You better be ready to f*****g kill me!" -Douglas Revelle Carney inviting pre-meditated murder in his direction "I will video stalk you." -Travis Lee Humphries admitting to violating people's safety and personal boundaries "This is my last time victimizing all of you!" -Nicole Duvernay admitting she rips people off "Hahaha I love confusing people!" -Nicole Duvernay "You may be feeling ripped off." -Nicole Duvernay "These next few weeks are really going to suck for you!" -Nicole Duvernay "Garrett is my favorite!" -Nicole Duvernay "Your my favorite!" -Nicole Duvernay to Jordyn C Noble/Jordyn Reiter during a final exam in front of over 20 people after she got a special invitation to have a thanksgiving dinner at her place of residence. "Here are my favorites!" -Nicole Duvernay pointing to Anthony Owen Lucas and Michael William Stanfield out in a hallway waiting for her to unlock the doors "What works for you does not work for me." -Michael William Stanfield "Who is doing this?" -Michael William Stanfield "We call that natural selection." -Anthony Owen Lucas "I prefer cheating." -Anthony Owen Lucas on being a self-described cheater before doing the final exam and giving dirty looks to people "Change your phone number." -Pamela Herrebout/Pamela Huffman "Sue Margado introduced radiology student Pam Herrebout who shared her story on her road to recovery from alcoholism to brain surgery." -Pamela Jane Herrebout on official record for being both an alcoholic and a batshit insane con-artist Nicole Duvernay Ratemyprofessor Profile https://archive.is/hBMKv What Nicole Duvernay Really Thinks of herself as https://archive.is/WcxqF Her Dead Relative https://archive.is/23XDx/044820f46396374937812b540334775d8230243a Photo Bomb https://archive.is/Cd4u Hosted Kiry Shabazz to make fun of people who have been segregated against their will. https://archive.is/4XCsX Michael William Stanfield's Metacafe Profile metacafe.com/channels/will0814 Douglas Revelle Carney's SWAT Arrest https://www.khq.com/news/swat-standoff-in-west-central-ends-with-arrest/article_8fa7a037-b340-5dad-8931-0ac5408ba55e.html Name Court Case Number Judgment Record Court Information 1 Brockbank, Kevin Charles Defendant Spokane County Dist 9Z1086041 12-02-2019 Name Court Case Number Judgment Record Court Information 1 Werner, Lucas Respondent Thurston County Dist UHS16-026 02-22-2016 2 Werner, Lucas Colby Defendant Grays Harbor Dist #2 C00216012 07-16-1998 3 Werner, Lucas Colby Defendant Olympia Municipal Ct 2Z0638820 09-17-2012 4 Werner, Lucas Colby Respondent Thurston County Dist DV12-0076 08-06-2012 5 Werner, Lucas Colby Defendant Grays Harbor Dist #2 C00216013 07-16-1998 6 Werner, Lucas Colby Defendant Olympia Municipal Ct 3Z0205435 02-28-2013 7 Werner, Lucas Colby Defendant Thurston County Dist 2Z0525297 08-15-2012 8 Werner, Lucas Colby Respondent Spokane County Dist 16720694 01-05-2017 9 Werner, Lucas Colby Defendant Spokane Municipal N00051841 08-19-2020 10 Werner, Lucas Colby Defendant Spokane Municipal N00044042 08-11-2020 11 Werner, Lucas Colby Defendant Spokane Municipal N00063296 07-13-2020 12 Werner, Lucas Colby Defendant Spokane Municipal N00058732 04-20-2021 Name Court Case Number Judgment Record Court Information 1 Slaminski, Heather Rebecca Defendant Stanfield, Michael William Defendant Spokane Municipal XZ0819890 11-09-2020 Name Court Case Number Judgment Record Court Information 1 Riegel, Alison Carol Defendant Upper Kittitas Dist 7Z0478568 03-16-2017 2 Riegel, Alison Carol Defendant Spokane County Dist 1A0313484 03-10-2021 Name Court Case Number Judgment Record Court Information 1 Gavrilyuk, Ruvim V Sr Defendant Spokane County Dist 6Z0691142 07-07-2016 2 Gavrilyuk, Ruvim V Sr Defendant Spokane County Dist 8Z0983066 10-03-2018 3 Gavrilyuk, Ruvim V Sr Defendant Spokane County Dist 7Z0092385 11-13-2017 4 Gavrilyuk, Ruvim V Sr Defendant Spokane County Dist 9Z0438602 04-15-2019 5 Gavrilyuk, Ruvim V Sr Defendant Clark County Dist 8Z0662618 06-25-2018 6 Gavrilyuk, Ruvim V Sr Defendant Spokane County Dist 1A0332602 04-26-2021 Smith, Colin Defendant Clark County Dist 13C7410-6 10-29-2013 Smith, Colin Defendant Tacoma Municipal A00136926 06-27-2014 Smith, Colin Defendant Tacoma Municipal A00136927 06-27-2014 Smith, Colin Defendant Clark County Dist 17C2824-2 07-13-2017 Smith, Colin Defendant Spokane County Dist 18182335 10-05-2018 Smith, Colin Defendant Lynnwood Municipal 180286517 11-08-2018 Smith, Colin Petitioner Sno Co-south Div C03-02824 12-03-2003 Smith, Colin Defendant Lynnwood Municipal 190190635 07-23-2019 Smith, Colin Defendant Lynnwood Municipal 210036313 03-01-2021 Case #: CR00000526-00 Defendant: FARMER, MELANIE Offense Date: 08/23/2000 Hearing: 03/15/2001 Charge: FORGERY Code Section: 18.2-172 Frederick Circuit Court Case #: CR00000526-01 Defendant: FARMER, MELANIE Offense Date: 08/23/2000 Hearing: 07/10/2003 Charge: REV.PROB.(FORGERY) Code Section: 19.2-306 Frederick Circuit Court Case #: CR00000527-00 Defendant: FARMER, MELANIE Offense Date: 08/23/2000 Hearing: 03/15/2001 Charge: UTTER FORGED CHECK Code Section: 18.2-172 Frederick Circuit Court Case #: CR00000527-01 Defendant: FARMER, MELANIE Offense Date: 08/23/2000 Hearing: 07/10/2003 Charge: REV.PROB.(UTTERING) Code Section: 19.2-306 Frederick Circuit Court Case #: CR00000526-01 Defendant: FARMER, MELANIE Defendant Information Gender: FEMALE Race: WHITE DOB: 02/13/**** Attorney: WILLIAM CRANE Case/Charge Information Defendant Status: BAIL Filed Date: 04/03/2003 Locality: COMMONWEALTH OF VA Code Section: 19.2-306 Charge: REV.PROB.(FORGERY) Case Type: FELONY Class: UNCLASSIFIED Commenced By: REINSTATEMENT Offense Date: 08/23/2000 Arrest Date: 04/10/2003 Amended Code Section: Amended Charge: Amended Case Type: Amended Class: Appeal Information Appeal Date: Hearing Information Date Time Result Type Courtroom Plea Duration Jury 07/10/2003 09:00 AM SENTENCED REVOCATION 3A 05/08/2003 09:00 AM CONTINUED REVOCATION 3A 04/10/2003 09:00 AM SET FOR TRIAL MOTION - OTHER PRE-TRIAL 3A Disposition Information Disposition: SENTENCE/PROBATION REVOKED Disposition Date: 07/10/2003 Concluded By: GUILTY PLEA Jail/Penitentiary: Concurrent/Consecutive: Life/Death: Sentence Time: Sentence Suspended: Program Type: Probation Type: Probation Time: Probation Starts: Operator License Suspension Time: Restriction Effective Date: Operator License Restrictions: Military: Traffic Fatality: Court/DMV Surrender: Driver Improvement Clinic: VASAP: Restitution Paid: Restitution Amount: Fine: * Costs: $138.00 * Fine/Costs Paid: YES Fine/Costs Paid Date: 11/25/2003 * This system cannot process online payments at this time. Please refer to ' How to Pay Traffic Tickets and Other Offenses ' for more information. Service/Process No Services/Processes found. Pleadings/Orders Seq. # Date Type Party Judge Book & Page Instrument Remarks 3 07/25/2003 FINAL ORDER 107, 613 2 05/08/2003 ORDER 106, 1084 1 04/10/2003 ORDER 106, 660 Frederick Circuit Court Case #: CR00000526-00 Defendant: FARMER, MELANIE Defendant Information Gender: FEMALE Race: WHITE DOB: 02/13/**** Attorney: LUKE BOYD Case/Charge Information Defendant Status: BAIL Filed Date: 10/31/2000 Locality: COMMONWEALTH OF VA Code Section: 18.2-172 Charge: FORGERY Case Type: FELONY Class: CLASS 5 Commenced By: INDICTMENT Offense Date: 08/23/2000 Arrest Date: 09/07/2000 Amended Code Section: Amended Charge: Amended Case Type: Amended Class: Appeal Information Appeal Date: Hearing Information Date Time Result Type Courtroom Plea Duration Jury 03/15/2001 09:00 AM SENTENCED PRE-SENTENCE REPORT 3A 01/25/2001 09:00 AM CONTINUED PLEA 3A 12/15/2000 09:00 AM CONTINUED MOTION - OTHER PRE-TRIAL 3A 11/09/2000 09:00 AM CONTINUED MOTION - OTHER PRE-TRIAL 3A 11/09/2000 09:00 AM TRUE BILL GRAND JURY 3A Disposition Information Disposition: GUILTY Disposition Date: 03/15/2001 Concluded By: GUILTY PLEA Jail/Penitentiary: PENITENTIARY Concurrent/Consecutive: Life/Death: Sentence Time: 2 Year(s) Sentence Suspended: 2 Year(s) Program Type: Probation Type: SUPERVISED Probation Time: 3 Year(s) Probation Starts: Operator License Suspension Time: Restriction Effective Date: Operator License Restrictions: Military: Traffic Fatality: Court/DMV Surrender: Driver Improvement Clinic: VASAP: Restitution Paid: Restitution Amount: Fine: * Costs: $828.50 * Fine/Costs Paid: YES Fine/Costs Paid Date: 07/24/2003 * This system cannot process online payments at this time. Please refer to ' How to Pay Traffic Tickets and Other Offenses ' for more information. Service/Process No Services/Processes found. Pleadings/Orders Seq. # Date Type Party Judge Book & Page Instrument Remarks 6 04/06/2001 FINAL ORDER 99, 1417 5 03/14/2001 ORDER 99, 1040 4 02/02/2001 ORDER 99, 547 3 01/05/2001 ORDER 99, 200 2 11/28/2000 ORDER 98, 1575 1 11/09/2000 ORDER 98, 1243 Frederick Circuit Court Case #: CR00000527-00 Defendant: FARMER, MELANIE Defendant Information Gender: FEMALE Race: WHITE DOB: 02/13/**** Attorney: LUKE BOYD Case/Charge Information Defendant Status: BAIL Filed Date: 10/31/2000 Locality: COMMONWEALTH OF VA Code Section: 18.2-172 Charge: UTTER FORGED CHECK Case Type: FELONY Class: CLASS 5 Commenced By: INDICTMENT Offense Date: 08/23/2000 Arrest Date: 09/07/2000 Amended Code Section: Amended Charge: Amended Case Type: Amended Class: Appeal Information Appeal Date: Hearing Information Date Time Result Type Courtroom Plea Duration Jury 03/15/2001 09:00 AM SENTENCED PRE-SENTENCE REPORT 3A 01/25/2001 09:00 AM CONTINUED PLEA 3A 12/15/2000 09:00 AM CONTINUED MOTION - OTHER PRE-TRIAL 3A 11/09/2000 09:00 AM CONTINUED MOTION - OTHER PRE-TRIAL 3A 11/09/2000 09:00 AM TRUE BILL GRAND JURY 3A Disposition Information Disposition: GUILTY Disposition Date: 03/15/2001 Concluded By: GUILTY PLEA Jail/Penitentiary: PENITENTIARY Concurrent/Consecutive: Life/Death: Sentence Time: 2 Year(s) Sentence Suspended: 2 Year(s) Program Type: Probation Type: SUPERVISED Probation Time: 3 Year(s) Probation Starts: Operator License Suspension Time: Restriction Effective Date: Operator License Restrictions: Military: Traffic Fatality: Court/DMV Surrender: Driver Improvement Clinic: VASAP: Restitution Paid: Restitution Amount: Fine: * Costs: * Fine/Costs Paid: Fine/Costs Paid Date: * This system cannot process online payments at this time. Please refer to ' How to Pay Traffic Tickets and Other Offenses ' for more information. Service/Process No Services/Processes found. Pleadings/Orders Seq. # Date Type Party Judge Book & Page Instrument Remarks 1 04/06/2001 FINAL ORDER 99, 1417 Frederick Circuit Court Case #: CR00000527-01 Defendant: FARMER, MELANIE Defendant Information Gender: FEMALE Race: WHITE DOB: 02/13/**** Attorney: WILLIAM CRANE Case/Charge Information Defendant Status: BAIL Filed Date: 04/03/2003 Locality: COMMONWEALTH OF VA Code Section: 19.2-306 Charge: REV.PROB.(UTTERING) Case Type: FELONY Class: UNCLASSIFIED Commenced By: REINSTATEMENT Offense Date: 08/23/2000 Arrest Date: 04/10/2003 Amended Code Section: Amended Charge: Amended Case Type: Amended Class: Appeal Information Appeal Date: Hearing Information Date Time Result Type Courtroom Plea Duration Jury 07/10/2003 09:00 AM SENTENCED REVOCATION 3A 05/08/2003 09:00 AM CONTINUED REVOCATION 3A 04/10/2003 09:00 AM SET FOR TRIAL MOTION - OTHER PRE-TRIAL 3A Disposition Information Disposition: SENTENCE/PROBATION REVOKED Disposition Date: 07/10/2003 Concluded By: GUILTY PLEA Jail/Penitentiary: JAIL Concurrent/Consecutive: Life/Death: Sentence Time: 4 Month(s) Sentence Suspended: Program Type: Probation Type: SUPERVISED Probation Time: 3 Year(s) Probation Starts: Operator License Suspension Time: Restriction Effective Date: Operator License Restrictions: Military: Traffic Fatality: Court/DMV Surrender: Driver Improvement Clinic: VASAP: Restitution Paid: Restitution Amount: Fine: * Costs: * Fine/Costs Paid: Fine/Costs Paid Date: * This system cannot process online payments at this time. Please refer to ' How to Pay Traffic Tickets and Other Offenses ' for more information. Service/Process No Services/Processes found. Pleadings/Orders Seq. # Date Type Party Judge Book & Page Instrument Remarks 1 07/25/2003 FINAL ORDER 107, 613 Douglas Revelle Carney: Wealth Score 6 Green Score 29 Donor Score 11 Travel Score 29 Tech Score 29 Shopping Score 20 Carmen Green UBI #: 604521018 [Does not Exist] Qualifications Years in Practice: 21 Years License: Washington / LF00002255 School: Pacific Lutheran University Year Graduated: 2001 I am a Licensed Marriage and Family Therapist and a Licensed Mental Health Counselor with over 20 years of experience. Additional Credentials Membership: American Association of Marriage and Family Therapists / 136512 Member Since: 2011 License No. and State: LF00009493 Washington State Tiffany Nicole Husein UBI# 603470018 [Does not exist] License Number: PY60196500 NPI number: 1548685613 Show entries Search (All columns are searched for letters/numbers entered): FirstPrevious1NextLast Name Start Date End Date Court Case No. Location Hearing Type Case Type Official Status HOWE, TAMERRA M 7/14/2020 8:00 AM 7/14/2020 DC 1960989 Ex Parte Hearing Small Claims-SC FASSBENDER, JENNIFER L Held PRATT, KOURTNIE; HOWE, TAMERRA M Case: 1960989 Charges: N/A Case Type: Small Claims-SC File Date: 09/16/2019 Incident Number: N/A Court: District Court Case Status: Open Hearings Hearing Type Date/Time Location Official Name Status Ex Parte Hearing 07/14/2020 8:00 am FASSBENDER, JENNIFER L Held Non Jury Trial - Small Claim 07/08/2020 9:00 am FASSBENDER, JENNIFER L Not Held-Other Non Jury Trial - Small Claim 04/27/2020 9:00 am FASSBENDER, JENNIFER L Not Held-Canceled Non Jury Trial - Small Claim 02/03/2020 9:00 am FASSBENDER, JENNIFER L Not Held-Continued Non Jury Trial - Small Claim 11/19/2019 9:00 am FASSBENDER, JENNIFER L Not Held-Continued Name: Alison Carol Riegel Wayup Profile: https://www.wayup.com/profile/Alison-Riegel-37695893a7/ Simbi: https://simbi.com/alison-riegel Physician Assistant Profile: https://www.physicianassistantforum.com/profile/182750-riegel/ Youshareproject profile: https://web.archive.org/web/20210619025525/https://www.youshareproject.com/author/aglimpseofsanity/ Pinterest: https://www.pinterest.com/littleriegel/ School: Gonzaga University Education: Bachelor of Arts in Psychology Username: Littleriegel **Please note that Alison Carol Riegel stole a photo of a young woman walking her dog. That isn't her original photo.** Alison Riegel Graduates from Gonzaga University Alison Riegel of Sammamish, WA recently earned the following degree(s): Bachelor of Arts in Psychology Honors: with Distinction Gonzaga University’s Commencement ceremonies were held on May 9, 2021 at Union Stadium. Gonzaga University is a private Catholic, Jesuit, and humanistic university providing education to more than 7,800 students. Situated along the Spokane River near downtown Spokane, Washington, Gonzaga is routinely recognized among the West's best comprehensive regional universities. Gonzaga offers 75 fields of study, 26 master's degrees, doctorate degrees in leadership studies and nursing, and a juris doctor degree through the School of Law. 11/21/20 Spokane Interview By Kelsi , October 21, 2020 in WASHINGTON: University of Washington Prev 1 2 Page 2 of 2 kaylaraphillips Newbie Members 1 2 posts Posted November 20, 2020 So excited to meet everyone tomorrow! I'm so nervous! Kayla Riegel Newbie Members 3 2 posts Posted November 21, 2020 Hey! Found you guys late! ???? I'm so glad I got meet you guys and hope to meet you in person soon. Alison Riegel kjgrover32 Member Members 4 14 posts Posted November 21, 2020 Good luck to every one! Was great meeting with you all. oit20 Newbie Members 2 2 posts Posted November 24, 2020 Has anyone heard anything yet? I’m going crazy ???? Daysha Crosier Aroohoo Member Members 19 16 posts Posted November 24, 2020 I just got the call about 20 minutes ago... I cried like an absolute baby. My mouth was dry from all of it, so I tried to drink some of my coffee. Now my stomach hurts. But... I got in. Like 3 Jwahlquist Member Members 28 29 posts Posted November 24, 2020 Those of you who are accepted join our facebook page "MEDEX Spokane Class 25" ???? Like 1 KarenAlexander Newbie Members 5 3 posts Posted November 24, 2020 I got accepted!! So excited! Karen Like 4 kjgrover32 Member Members 4 14 posts Posted November 25, 2020 I also have been accepted! Good luck to those still waiting! Like 3 Riegel Newbie Members 3 2 posts Posted November 25, 2020 Congratulations to everyone so far!! I’m still waiting ???? Like 3 Kelsi Member Members 9 11 posts Author Posted November 25, 2020 3rd times a charm for this girl! Beyond excited! Like 3 rm2020 Newbie Members 2 6 posts Posted November 25, 2020 (edited) I got notice that I am waitlisted for now. Anyone else? Congrats to those not stuck in limbo! Edited November 25, 2020 by rm2020 Typo DjH2020 Member Members 9 12 posts Posted November 25, 2020 I got the call this afternoon!!! I’m so excited and on cloud nine right! Good luck to everyone still waiting! David Prev 1 2 Page 2 of 2 11/21/20 Spokane Interview By Kelsi , October 21, 2020 in WASHINGTON: University of Washington 1 2 Next Page 1 of 2 Kelsi Member Members 9 11 posts Posted October 21, 2020 Wanted to start a group for those invited to interview on 11/21 via Zoom. Almost embarrassed to say but this will be my 3rd year interviewing! Hoping 3rd times a charm. It’s been very helpful to meet fellow interviewees before the big day, so hoping we can set up a zoom meeting for us to all meet! I’d suggest doing it on 11/20 unless that doesn’t work for most. Very excited! Like 3 MDalpias Advanced Member Members 19 37 posts Posted October 21, 2020 Kelsi, I have not gotten an interview for this date. BUT! I think its awesome you've kept on it and come back each year. Good luck! medworldpa Newbie Members 0 2 posts Posted October 21, 2020 When did you receive the invite to interview in November? Kelsi Member Members 9 11 posts Author Posted October 22, 2020 5 hours ago, medworldpa said: When did you receive the invite to interview in November? October 19 Like 1 caltmen Member Members 3 10 posts Posted October 22, 2020 I am interviewing this date as well! I’d love to talk and meet any and everyone! Like 2 kaylaraphillips Newbie Members 1 2 posts Posted October 24, 2020 Hi everyone! I am fortunate enough to get to interview this day as well! I can't wait to meet all of you and I am all for a prep zoom meeting! See you soon, Kayla Like 1 kjgrover32 Member Members 4 14 posts Posted October 25, 2020 Hello everyone! I also will be interviewing on Nov. 21. I think it would be nice to meet everyone on the 20th as well! Good luck to us all. Like 1 kjgrover32 Member Members 4 14 posts Posted October 27, 2020 Where is everyone from nd what re your backgrounds? I'm from Boise Idaho area and work in medical imaging. I have been working in x Ray the last few years. Kelsi Member Members 9 11 posts Author Posted October 27, 2020 1 hour ago, kjgrover32 said: Where is everyone from nd what re your backgrounds? I'm from Boise Idaho area and work in medical imaging. I have been working in x Ray the last few years. I’m from Coeur d’ Alene and have been a scribe, patient care tech and now a medical assistant. KarenAlexander Newbie Members 5 3 posts Posted October 30, 2020 I’m also interviewing this date and would love to do a meet and greet the day before via zoom! I live on the north side of Spokane and work at two local hospitals as a speech language pathologist. This is my first time applying to PA school. I have a home and family here, and I plan to stay in Spokane long term. I look forward to meeting everyone! Karen Alexander tahpa Newbie Members 1 5 posts Posted October 31, 2020 Hi all! I am interviewing this day and I think it would be a great idea for us to meet beforehand! Looking forward to meeting you all. Taylor Aroohoo Member Members 19 16 posts Posted November 1, 2020 Excited and nervous to interview with you all in 20 days... Does anyone know about how many people are interviewed in each group and how they break down the schedule for the day? I was not able to attend the information sessions last fall so I fell doubly nervous because I am certain there was information provided that I very much wish I had gotten. CC background... We live about an hour south of Spokane in a tiny little farming community. I work another hour south of there in a CAH as an NOC NAC and ER Tech. I would love to meet on the 20th if later in the day is possible? KateK Newbie Members 0 2 posts Posted November 3, 2020 (edited) Hi all! I was also invited to interview for this date in Spokane and would love to meet people before hand! I was born in rural Eastern Wa, and have grown up in the Spokane area my whole life. I am currently living in Portland as my husband finishes school at OHSU, then we plan to move back to the Spokane area and settle down. I have worked as an EMT, MA and am now educating patients as an exercise physiologist In cardiopulmonary rehab ???? This is my first time applying and first interview so definitely feeling the nerves! Good luck to all and I look forward to meeting you all! Kate Edited November 3, 2020 by KateK rm2020 Newbie Members 2 6 posts Posted November 5, 2020 Hi, I am also interviewing on this date. I would love to join the Zoom meet and greet, Friday 11/20 in the afternoon/evening works for me. I currently live and work in Spokane as a NAC at a hospital, and have worked in mental health counseling and ABA therapy in the past. Kelsi Member Members 9 11 posts Author Posted November 6, 2020 On 11/1/2020 at 3:27 AM, Aroohoo said: Excited and nervous to interview with you all in 20 days... Does anyone know about how many people are interviewed in each group and how they break down the schedule for the day? I was not able to attend the information sessions last fall so I fell doubly nervous because I am certain there was information provided that I very much wish I had gotten. CC background... We live about an hour south of Spokane in a tiny little farming community. I work another hour south of there in a CAH as an NOC NAC and ER Tech. I would love to meet on the 20th if later in the day is possible? Hey Congrats! I’m happy to talk about and answer any questions I can during the zoom meet and greet since I have some experience with these interviews, but of course I’ve never done one over zoom so it might be a little different. I can’t remember how many people are in each group but I’d guesstimate about 30, and it was a very long day but enjoyable. They do group interviews with 2 interviewers and 3 applicants at a time. You have 3 of these throughout the day. KarenAlexander Newbie Members 5 3 posts Posted November 13, 2020 I typed up a list of questions and tips about the interview from the info session. Just thought I would share for anyone who was interested. It’s pretty basic. I also heard from someone who interviewed at the last session that it was heavy on medical ethics. I found this online question bank (https://www.blackstonetutors.co.uk/100-medical-school-mmi-interview-ethical-questions--scenarios.html) that seems like a good resource for preparing for this part of the interview. What time should we zoom on the 20th? Karen PA Interview Questions.docx Like 1 kjgrover32 Member Members 4 14 posts Posted November 13, 2020 54 minutes ago, KarenAlexander said: I typed up a list of questions and tips about the interview from the info session. Just thought I would share for anyone who was interested. It’s pretty basic. I also heard from someone who interviewed at the last session that it was heavy on medical ethics. I found this online question bank (https://www.blackstonetutors.co.uk/100-medical-school-mmi-interview-ethical-questions--scenarios.html) that seems like a good resource for preparing for this part of the interview. What time should we zoom on the 20th? Karen PA Interview Questions.docx 13.52 kB · 2 downloads Great resources! Thank you! KateK Newbie Members 0 2 posts Posted November 16, 2020 On 10/21/2020 at 9:51 AM, Kelsi said: Wanted to start a group for those invited to interview on 11/21 via Zoom. Almost embarrassed to say but this will be my 3rd year interviewing! Hoping 3rd times a charm. It’s been very helpful to meet fellow interviewees before the big day, so hoping we can set up a zoom meeting for us to all meet! I’d suggest doing it on 11/20 unless that doesn’t work for most. Very excited! Kelsi, what time are you thinking to zoom on Friday? Later in the evening works best for me but I am flexible that day. Thanks! kjgrover32 Member Members 4 14 posts Posted November 16, 2020 21 minutes ago, KateK said: Kelsi, what time are you thinking to zoom on Friday? Later in the evening works best for me but I am flexible that day. Thanks! I agree, evening works best but I can do earlier if needed. Kelsi Member Members 9 11 posts Author Posted November 16, 2020 Evening works great for me too. I’m totally flexible with time so whatever y’all think. rm2020 Newbie Members 2 6 posts Posted November 17, 2020 What about 7 pm on Friday? Would that work for everyone? kjgrover32 Member Members 4 14 posts Posted November 17, 2020 1 hour ago, rm2020 said: What about 7 pm on Friday? Would that work for everyone? Is that pacific time? Kelsi Member Members 9 11 posts Author Posted November 18, 2020 (edited) 7 pacific time sounds good unless that’s too late for anyone farther East? My number is, two zero eight six nine nine seven nine two zero, if everyone sends me their name and email I can send out the Zoom invite! Edited November 19, 2020 by Kelsi Like 1 DjH2020 Member Members 9 12 posts Posted November 18, 2020 Hello all, I also have an interview on the 21st! Very excited. I am a reapplicant. I interviewed last year, but did not get a seat. I am an RT and have worked at Sacred Heart for the last 10 years. I live in Spokane Valley, have a family here, and would like to stay in the area long term as well. I think Friday evening at 1900 works great I am looking forward to this conference/interview with everyone. I think meeting beforehand will be beneficial and help ease the tension. David Hughes Like 2 Lntarango Newbie Members 0 1 post Posted November 20, 2020 Hi everyone, I will also be interviewing on this day! I am a re-applicant, however I did not receive an interview last time. I attended EWU for my undergrad and worked at Sacred Heart as a NAC for a little while before moving to a more rural hospital. Kelsi, my email is Lntarango4@hotmail.com I would love to be apart of the zoom call tomorrow! Laura Tarango 1 2 Next Page 1 of 2 WayUp logo Candidates Employers Login Alison Riegel About Me Hi! I'm finishing my undergrad hopefully within the next year and pursuing a Masters in Clinical Mental Health. I enjoy a wide variety of activities and value each learning opportunity. Life is as good as you make it, and I plan on making mine great. :) Education Gonzaga University December 2016 - December 2017 degree Bachelor's major Psychology Work Experience Pine Lake Covenant Church Child Care Provider August 2016 - present company Pine Lake Covenant Church title Child Care Provider overview • One of the mothers that are part of the program contacted the head of the program to ask for my details specifically to continue babysitting outside of the program. • I help run a classroom of 5 toddlers. We engage in learning activities and make sure the children are safe and happy. Guess Sales Associate April 2014 - March 2015 company Guess title Sales Associate overview • I was employee of the month with the top sales the first two months I worked there. • I interacted with customers on the floor providing answers to questions, offering suggestions, and making sure each need is met. • I consistently met the sales goal during each shift. Sammamish Library Volunteer August 2009 - November 2012 company Sammamish Library title Volunteer overview • I was punctual and communicated clearly if anything came up. • I helped pull books that people had requested, organized the hold sections, and offered help when asked. Fun Fact I once fell off a cliff Skills Languages Skills Leadership Research Team Member Theater Choir member Dance Hobbies Hiking There's nothing like standing on top of a mountain enjoying the view. Writing I've loved writing since I could hold a pencil. I have written songs, poems, short stories, blog regularly, and have two novels I am working on. I also journal occasionally. I hope to be published one day. Name Court Case Number Judgment Record Court Information 1 Albrecht, Pamela Trudel Defendant Douglas District 6Z0043160 01-19-2016 Name Court Case Number Judgment Record Court Information 1 Herrebout, Pamela J RESPONDENT S17 King Co Superior Ct 07-3-00621-8 01-10-2007 2 Herrebout, Pamela J TAXPAYER King Co Superior Ct 16-2-24854-3 Available 10-13-2016 3 Herrebout, Pamela Jane Defendant King County District 4Z0344429 03-20-2014 4 Herrebout, Pamela Jane Defendant Island County Dist 6Z1036649 10-19-2016 Judgment Record Number Name Participant File Date 16-9-19269-1 HERREBOUT, PAMELA J DEBTOR 10/13/2016 16-9-19269-1 WASHINGTON STATE OF EMPLOYMENT CREDITOR 10/13/2016 Court: King Co Superior Ct Case Number: 16-9-19269-1 1 Young, Amanda Defendant Spokane County Dist 14154000 12-30-2014 2 Young, Amanda Defendant Fife Municipal FRL430927 05-17-2017 3 Young, Amanda Defendant Lk Forest Park Muni 170079681 08-15-2017 4 Young, Amanda Defendant Fife Municipal FRL445215 09-27-2017 5 Young, Amanda Defendant Clark County Dist 18C3228-3 07-13-2018 6 Young, Amanda Defendant Chelan Co Dist Court 98-001266 07-23-1998 7 Young, Amanda Defendant Puyallup Municipal 190300968 11-22-2019 Sub Docket Date Docket Code Docket Description Misc Info 10-13-2016 FILING FEE VOUCHERED Filing Fee Vouchered 20.00 10-13-2016 WARRANT OVERPAID BENEFITS EMPLY SEC Warrant Overpaid Benefits Emply Sec Against Deft, Pamela J Herrebout & The Mar (stat Int @ 12.00% Per A) Comm Company Name: ALL ABOUT IT L.L.C. File Number: 602948518 Filing State: Washington (WA) Filing Status: Inactive Social Engineering Example: https://web.archive.org/web/20200529172721/https://postimg.cc/pp4kt4cy https://web.archive.org/web/20200529172901/https://postimg.cc/R3QTKFSn https://web.archive.org/web/20200330163543/https://postimg.cc/06JN8bNS https://web.archive.org/web/20200330163715/https://postimg.cc/8F3ZqkKs https://web.archive.org/web/20200330163757/https://postimg.cc/crhb9h09 https://web.archive.org/web/20200330164406/https://postimg.cc/4Hnddhrb https://web.archive.org/web/20200330164023/https://postimg.cc/Lh99nyCv Patterns Recognized CAPEC-407: Pretexting Attack Pattern ID: 407 CAPEC-416: Manipulating Human Behavior Attack Pattern ID: 416 Notes: *Attractive Women referenced. *Animals referenced. *Buzzwords like "Unique" and "Original" and "Genuine" are frequently used. *"Free Gift" comes with a payment of $29.95 plus shipping and service of $4.95. *Manipulator attempts to build the connection through an appeal to philanthropy. POFHeadlines Archived Website Report https://www.hybrid-analysis.com/sample/40f148fe67bc914e110a971c9b2bcf3aa6cdb867c3c1014e4c2fac018125c8ee https://www.hybrid-analysis.com/sample/40f148fe67bc914e110a971c9b2bcf3aa6cdb867c3c1014e4c2fac018125c8ee/5e50a49d2439b471dc760d4e https://archive.is/QlsQo This report is generated from a file or URL submitted to this webservice on February 22nd 2020 03:48:55 (UTC) and action script Default browser analysis Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1 Report generated by Falcon Sandbox v8.30 (C) Hybrid Analysis Analyzed on: 02/22/2020 03:48:55 (UTC) Environment: Windows 7 32 bit Threat Score: 88/100 AV Detection: 2% Phishing site MITRE ATT&CK(TM) Technique - T1035 - Service Execution ATT&CK ID T1035 Tactics Execution Permissions Required Administrator, SYSTEM Description Adversaries may execute a binary, command, or script via a method that interacts with Windows services, such as the Service Control Manager(...) Source https://attack.mitre.org/wiki/Technique/T1035 Informative Indicators Opened the service control manager MITRE ATT&CK(TM) Technique - T1179 - Hooking ATT&CK ID T1179 Tactics Credential Access, Persistence, Privilege Escalation Permissions Required Administrator, SYSTEM Description Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources(...) Source https://attack.mitre.org/wiki/Technique/T1179 Informative Indicators Installs hooks/patches the running process MITRE ATT&CK(TM) Technique - T1179 - Hooking ATT&CK ID T1179 Tactics Credential Access, Persistence, Privilege Escalation Permissions Required Administrator, SYSTEM Description Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources(...) Source https://attack.mitre.org/wiki/Technique/T1179 Informative Indicators Installs hooks/patches the running process MITRE ATT&CK(TM) Technique - T1179 - Hooking ATT&CK ID T1179 Tactics Credential Access, Persistence, Privilege Escalation Permissions Required Administrator, SYSTEM Description Windows processes often leverage application programming interface (API) functions to perform tasks that require reusable system resources(...) Source https://attack.mitre.org/wiki/Technique/T1179 Informative Indicators Installs hooks/patches the running process Network Related Malicious artifacts seen in the context of the input URL details Found malicious artifacts related to the input domain "http://pofheadlines.com" (IP: 69.89.31.169): ... URL: https://pofheadlines.com/wp-includes/js/jquery/jquery.js?ver=1.12.4 (AV positives: 2/72 scanned on 02/22/2020 03:52:06) URL: https://pofheadlines.com/xmlrpc.php (AV positives: 2/72 scanned on 02/19/2020 22:43:09) URL: http://pofheadlines.com/wp-content/themes/iribbon/inc/js/html5.js (AV positives: 2/72 scanned on 02/18/2020 19:08:03) URL: http://pofheadlines.com/ (AV positives: 2/72 scanned on 02/18/2020 13:34:54) URL: https://pofheadlines.com/wp-includes/js/comment-reply.min.js?ver=5.0.8 (AV positives: 2/72 scanned on 02/17/2020 23:59:35) File SHA256: 03f7b1097f58d1dd9bb791cc9e21e416d1fdfa0b758af6aa7714edddc752a5ea (AV positives: 4/73 scanned on 01/10/2020 01:34:10) File SHA256: b1ec43bf9699682442f816152032e426a2673107b668ccd541ba1f824d589029 (AV positives: 5/74 scanned on 01/09/2020 01:04:36) File SHA256: 67d353a19eee55b044861ef40ec1da8519f1b7300bce30a6a4c250e19788abf9 (AV positives: 1/73 scanned on 06/12/2019 03:55:28) File SHA256: c8d62662b0e43429408de3579e9be5038385ff532fd2b9af52a09951030bc01d (AV positives: 1/72 scanned on 06/05/2019 21:40:23) File SHA256: 93b262f676510c4006baa6cdb95735b5caa7ddfa1524a92a6022a01dc01c9ad4 (AV positives: 1/72 scanned on 04/08/2019 00:29:04) File SHA256: 56deec984a97d4066258357f7e59739f9161e51e6fa74d0d8e3c173229f2a928 (Date: 10/24/2017 23:56:51) File SHA256: 4e00b102f3e0ebd9273aee350a21d806182035c9c0cca635688d10ddc2d6a8e5 (Date: 10/24/2017 23:53:24) source Network Traffic relevance 10/10 This report was generated with enabled TOR analysis DNS Requests Domain Address Registrar Country c.statcounter.com 104.20.151.33 TTL: 193 pairNIC INC Organization: StatCounter Name Server: MAY.NS.CLOUDFLARE.COM Creation Date: Wed, 05 Jan 2000 00:00:00 GMT Flag of United States United States cm.g.doubleclick.net 172.217.9.130 TTL: 21599 MarkMonitor, Inc. Flag of United States United States cms.quantserve.com 192.184.69.196 TTL: 299 MarkMonitor, Inc. Flag of United States United States crt.usertrust.com 91.199.212.52 TTL: 425 CSC CORPORATE DOMAINS, INC. Flag of United Kingdom United Kingdom fonts.googleapis.com 172.217.13.74 TTL: 299 MarkMonitor, Inc. Flag of United States United States fonts.gstatic.com 172.217.8.3 TTL: 299 MarkMonitor, Inc. Flag of United States United States googleads.g.doubleclick.net 172.217.1.130 TTL: 299 MarkMonitor, Inc. Flag of United States United States image6.pubmatic.com 104.36.113.23 TTL: 254 - Flag of United States United States ocsp.pki.goog 172.217.13.227 TTL: 166 - Flag of United States United States ocsp.sectigo.com 151.139.128.14 TTL: 2502 - Flag of United States United States odr.mookie1.com 35.190.90.30 TTL: 299 - Flag of United States United States pagead2.googlesyndication.com 172.217.8.2 TTL: 95 - Flag of United States United States partner.googleadservices.com 216.58.194.130 TTL: 299 - Flag of United States United States pixel.everesttech.net 192.243.250.36 TTL: 287 - Flag of United States United States pixel.rubiconproject.com 8.39.36.143 TTL: 71 - Flag of United States United States pofheadlines.com 69.89.31.169 TTL: 14112 - Flag of United States United States rtb.openx.net 34.96.87.211 TTL: 299 - Flag of United States United States secure.statcounter.com 104.20.150.33 TTL: 296 - Flag of United States United States ssum-sec.casalemedia.com 23.44.169.67 TTL: 20233 - Flag of United States United States tpc.googlesyndication.com 172.217.6.161 TTL: 299 - Flag of United States United States www.googletagservices.com 172.217.1.130 TTL: 21599 - Flag of United States United States www.gstatic.com 172.217.1.227 TTL: 299 - Flag of United States United States https://www.hybrid-analysis.com/sample/f9e7ffd2529ba67fb2a326f96a98238d7510761d4d44923a5737efc51435a208/5e8292f87360a93d4e548017 Suspicious Indicators 3 External Systems Found an IP/URL artifact that was identified as malicious by at least one reputation engine details 1/76 reputation engines marked "http://unpkg.com" as malicious (1% detection rate) 1/76 reputation engines marked "http://ocsp.trust-provider.com" as malicious (1% detection rate) source External System relevance 10/10 Network Related Malicious artifacts seen in the context of a contacted host details Found malicious artifacts related to "104.16.125.175": ... URL: https://unpkg.com/scroll-hint@1.1.10/js/scroll-hint.js (AV positives: 1/76 scanned on 03/30/2020 07:41:32) URL: https://unpkg.com/infinite-scroll@3.0.6/dist/infinite-scroll.pkgd.js (AV positives: 1/76 scanned on 03/27/2020 13:18:34) URL: https://unpkg.com/picnic (AV positives: 1/76 scanned on 03/27/2020 04:51:43) URL: https://unpkg.com/leaflet@1.5.1/dist/leaflet.css (AV positives: 1/76 scanned on 03/27/2020 04:29:22) URL: http://unpkg.com/ (AV positives: 1/76 scanned on 03/25/2020 10:58:38) File SHA256: 98f0762725f964f8fba65272e29dc9ad0588b75d35facabc29d2a58541181c54 (Date: 03/21/2020 20:19:29) File SHA256: b15fc681c29496c360dddbdb2e1a326b78e36024b9baa6ff59269b796e5250b6 (Date: 03/16/2020 14:48:12) File SHA256: 4868221a1c9c9907b6b5b77e1893e5134aaa99498f334e1179b71ca1638f371e (Date: 03/16/2020 01:19:25) File SHA256: 9b87954a5f3b0403f4610177323bf89e591ca5a6bbb6e37ae268d48271bf265f (Date: 03/13/2020 00:14:19) File SHA256: e95930019345a42151d00f0221b61a5cddda6e49443a831fa1c084dfb467131a (Date: 03/03/2020 03:21:42) File SHA256: 458b46902ed3b12fa3b9b52528a59a9e3f7e100b7d5c42f3650a996768ad2e53 (AV positives: 11/69 scanned on 11/29/2018 11:44:21) source Network Traffic relevance 10/10 Sends traffic on typical HTTP outbound port, but without HTTP header details TCP traffic to 209.197.3.24 on port 443 is sent without HTTP header TCP traffic to 104.17.208.240 on port 443 is sent without HTTP header TCP traffic to 104.17.209.240 on port 443 is sent without HTTP header TCP traffic to 216.58.192.132 on port 443 is sent without HTTP header TCP traffic to 104.16.125.175 on port 443 is sent without HTTP header TCP traffic to 216.58.192.227 on port 80 is sent without HTTP header TCP traffic to 172.217.0.3 on port 443 is sent without HTTP header TCP traffic to 172.217.8.163 on port 443 is sent without HTTP header source Network Traffic relevance 5/10 ATT&CK ID T1043 (Show technique in the MITRE ATT&CK(TM) matrix) Type Path Access OPEN %WINDIR%system32apphelp.dll FILE_READ_DATA | FILE_EXECUTE CREATE %WINDIR%System32rundll32.exe GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %WINDIR%AppPatchAcLayers.dll GENERIC_READ | FILE_READ_ATTRIBUTES OPEN %WINDIR%AppPatchAcLayers.DLL FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%System32SspiCli.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%System32WINSPOOL.DRV FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%System32MPR.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%system32IMM32.DLL FILE_READ_DATA CREATE %WINDIR%System32en-USrundll32.exe.mui GENERIC_READ | FILE_READ_ATTRIBUTES OPEN %WINDIR%System32api-ms-win-downlevel-shell32-l1-1-0.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%System32version.DLL FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%WinSxSx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d FILE_EXECUTE OPEN %WINDIR%WinSxSx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705dcomctl32.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%WindowsShell.Manifest FILE_GENERIC_EXECUTE | FILE_READ_DATA | FILE_READ_EA OPEN %WINDIR%system32uxtheme.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%System32dwmapi.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%system32rpcss.dll FILE_READ_DATA OPEN %WINDIR%System32CRYPTBASE.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%System32api-ms-win-downlevel-shlwapi-l2-1-0.dll FILE_READ_DATA | FILE_EXECUTE CREATE C:f9e7ffd2529ba67fb2a326f96a98238d7510761d4d44923a5737efc51435a208.url GENERIC_READ | FILE_READ_ATTRIBUTES OPEN %WINDIR%System32PROPSYS.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%system32SHELL32.dll FILE_GENERIC_READ CREATE %PROGRAMFILES%Internet Explorereniexplore.exe.mui GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftInternet ExplorerRecoveryHighActive READ_CONTROL | WRITE_OWNER | FILE_READ_ATTRIBUTES CREATE %WINDIR%System32rsaenh.dll GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %PROGRAMFILES%Internet Exploreriexplore.exe GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftInternet ExplorerRecoveryHighActive{9A7D4109-72D8-11EA-A0A0-0A0027477BF1}.dat GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %WINDIR%AppPatchsysmain.sdb GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %PROGRAMFILES%MICROS~3Office14URLREDIR.DLL GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %PROGRAMFILES%Javajre1.8.0_151libplugin.jar FILE_READ_ATTRIBUTES CREATE %PROGRAMFILES%Javajre1.8.0_151binjavaws.exe FILE_READ_ATTRIBUTES CREATE %TEMP%JavaDeployReg.log GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet Files FILE_READ_DATA CREATE %USERPROFILE%AppDataRoaming FILE_READ_DATA CREATE %APPDATA%MicrosoftWindowsCookies FILE_READ_DATA CREATE %LOCALAPPDATA%MicrosoftWindowsHistory FILE_READ_DATA CREATE %WINDIR%System32stdole2.tlb GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %WINDIR%System32wshqos.dll GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %USERPROFILE%Favoritesdesktop.ini GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %WINDIR%System32en-USmsctf.dll.mui GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData57C8EDB95DF3F0AD4EE2DC2B8CFD4157 GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData7423F88C7F265F0DEFC08EA88C3BDE45_1374AC543829516A5CA56081CD00C32A GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData69C6F6EC64E114822DF688DC12CDD86C GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData6DB145CFEEC544B1582FED1ADA3370DD GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheContent7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5QQW0X29Ylogin[1].htm GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData5080DC7A65DB6A5960ECD874088F3328_1790C2BABAA04BAF417FFE9589C10997 GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaDataCC42971B7939A9CA55C44CFC893D7C1D GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5CKDNCXYSlogin[1].css GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE537NU00GPbundle[1].js GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheContent5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220 GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %WINDIR%System32oleaccrc.dll GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE52UXTWTJRQualtricsGrotesque-Thin.99cea185cc[1].eot GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5CKDNCXYSQualtricsGrotesque-Regular.d29c18d159[1].eot GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %WINDIR%System32en-USjscript9.dll.mui GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %WINDIR%Fontsarial.ttf GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsCaches FILE_READ_DATA CREATE %LOCALAPPDATA%MicrosoftWindowsCachescversions.1.db GENERIC_READ | FILE_READ_ATTRIBUTES CREATE C:share FILE_READ_ATTRIBUTES CREATE %WINDIR%System32en-USshell32.dll.mui GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %WINDIR%Fontsseguisym.ttf GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %WINDIR%Microsoft.NETFrameworkv1.0.3705mscorwks.dll READ_CONTROL | FILE_READ_ATTRIBUTES CREATE %WINDIR%Microsoft.NETFrameworkv1.1.4322clr.dll READ_CONTROL | FILE_READ_ATTRIBUTES CREATE %WINDIR%Microsoft.NETFrameworkv1.1.4322mscorwks.dll READ_CONTROL | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftInternet ExplorerDOMStoreHVI1ZDNFcss.co1.qualtrics[1].xml GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftInternet Explorerimagestore3mt7jhvimagestore.dat GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData1E11E75149C17A93653DA7DC0B8CF53F_447F5E83577BE48F231168C454280CA6 GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData1E11E75149C17A93653DA7DC0B8CF53F_B6E1EA240B4521A4F1D7437E2AE3098D GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData6B17EC2CD0C9B19353018FF1C12BC489 GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData5B9763FB83E74617D0DB58992800F69B GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %APPDATA%MicrosoftWindowsCookiesDYBRXUFE.txt GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5CKDNCXYSqualtrics-logo[1].png GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5QQW0X29Yqualtrics-logo.min[1].svg GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5QQW0X29YQualtricsIconFont.685c5b7d8e[1].eot GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5QQW0X29Ylock.min[1].svg GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaDataCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheContentCFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaDataBE8B021F9E811DFC8C8A28572A17C05A_B4E256AEE3EBA21D6B1078B3E1B79532 GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheContentBE8B021F9E811DFC8C8A28572A17C05A_B4E256AEE3EBA21D6B1078B3E1B79532 GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData6AF4EE75E3A4ABA658C0087EB9A0BB5B_D2FB8B90C888995EAF59F301AECA9E24 GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData6AF4EE75E3A4ABA658C0087EB9A0BB5B_51CCA0D20796B7CDC9BFC98988A9B0ED GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaData74F831100DEB0B8799203064F3E38B68 GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheContent6AF4EE75E3A4ABA658C0087EB9A0BB5B_D2FB8B90C888995EAF59F301AECA9E24 GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaDataBE8B021F9E811DFC8C8A28572A17C05A_0B97942EE72A6E3F514E8E84F294CC72 GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftCryptnetUrlCacheMetaDataBE8B021F9E811DFC8C8A28572A17C05A_A61001BAFE86CCE0A5899061868CC05C GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftInternet ExplorerRecoveryHighActiveRecoveryStore.{9A7D4107-72D8-11EA-A0A0-0A0027477BF1}.dat GENERIC_WRITE | GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %APPDATA%MicrosoftWindowsCookiesERV9N2EC.txt GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %APPDATA%MicrosoftWindowsCookiesL8DC4A47.txt GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE537NU00GPrecaptcha__en[1].js GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE52UXTWTJRQualtricsGrotesque-ExLight[1].eot GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE52UXTWTJRQualtricsGrotesque-Regular[1].eot GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE52UXTWTJRQualtricsGrotesque-Thin[1].eot GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5CKDNCXYSQualtricsGrotesque-Bold[1].eot GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5CKDNCXYSQualtricsGrotesque-ExLight[1].woff GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5CKDNCXYSQualtricsGrotesque-SemiBold[1].eot GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE537NU00GPQualtricsGrotesque-ExLight[1].ttf GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE537NU00GPQualtricsGrotesque-Bold[1].woff GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5QQW0X29Yfavicon[3].ico GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE537NU00GPfavicon[7].png GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE537NU00GPfavicon[8].png GENERIC_WRITE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%owMicrosoftInternet ExplorerServicessearch_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico GENERIC_READ | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES OPEN %WINDIR%SYSTEM32sechost.dll FILE_READ_DATA | FILE_EXECUTE CREATE %TEMP%~DFFEE3C3317B5DF4FB.TMP GENERIC_WRITE | GENERIC_READ | DELETE | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5QQW0X29Yanchor[1].htm GENERIC_WRITE | FILE_READ_ATTRIBUTES OPEN %PROGRAMFILES%Internet Explorerieproxy.dll FILE_READ_DATA | FILE_READ_ATTRIBUTES CREATE C:https:css.co1.qualtrics.comlogin?path=%2FControlPanel%2F&product=ControlPanel GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesContent.IE5QQW0X29Ystyles__ltr[1].css GENERIC_WRITE | FILE_READ_ATTRIBUTES OPEN %WINDIR%system32sfc.dll FILE_READ_DATA | FILE_EXECUTE OPEN %WINDIR%System32sfc_os.DLL FILE_READ_DATA | FILE_EXECUTE OPEN SystemRootWinSxSFileMapsprogram_files_internet_explorer_a421d1bfaf856e2b.cdf-ms FILE_GENERIC_READ CREATE %LOCALAPPDATA%MicrosoftInternet ExplorerUrlBlockManagerurlblocklist.bin GENERIC_READ | FILE_READ_ATTRIBUTES CREATE %LOCALAPPDATA%MicrosoftWindowsTemporary Internet FilesLow READ_CONTROL | WRITE_DAC | WRITE_OWNER | FILE_READ_ATTRIBUTES CREATE %APPDATA%MicrosoftWindowsCookiesLow READ_CONTROL | WRITE_DAC | WRITE_OWNER | FILE