1687311b4e7a3720be20490e8ed6cc772a32336a7bed8896e475b8ec616c6b81

Resubmissions

11/09/2024, 13:13

240911-qf3rsasemc 6

05/09/2024, 13:15

240905-qhfd9sscrh 6

Analysis

max time kernel
88s
max time network
70s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
Size

1.7MB
MD5

c16f86882d5a102ed7a0fbbc0874d102
SHA1

4e3ac7a53f0f368b9218bf717162d5e073a0f7df
SHA256

1687311b4e7a3720be20490e8ed6cc772a32336a7bed8896e475b8ec616c6b81
SHA512

90b7aac54467b266a9dd9ce7c83a156d3d99f7aeb1ad0e3e2ef5516b38270112dae07892e3e80765c3508484e3ee66e7439db0512a63b48f64e6b15e83285f67
SSDEEP

49152:Cjt17kLz5P3mucJZCliSAbFXHrZy0HCxgdjmyZ3xog:AjkLlP2bClDC9Fjd

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Greenshot = "C:\\Program Files\\Greenshot\\Greenshot.exe"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-3ARJ3.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-550UJ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-0V2S9.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-D862S.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\is-BLI78.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-LUIIF.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-GA4NL.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File opened for modification	C:\Program Files\Greenshot\LinqBridge.dll	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-LE0Q3.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-ACDVJ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-EQBU8.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-VR1RR.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-1TQSS.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotFlickrPlugin\is-61GMV.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-A5DJE.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-EOTT4.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-UEHD0.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-70D31.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\unins000.msg	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-I6382.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-OP9K6.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-VHBCN.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-IK0S6.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-1U826.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-VV3UG.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-8K83O.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-474BV.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\unins000.dat	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-DVQO0.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-4H2GB.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-ANB5U.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-HVO0B.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-QTIQN.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\is-E7254.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-T731P.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-CG22A.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotFlickrPlugin\is-B72VT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-AT1OH.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-G8TUJ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-9I4AT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-UMF4P.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-L3BNT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-EVPHA.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-32HTC.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-V42I8.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotFlickrPlugin\is-16L5P.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-2SC8P.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-Q4MV3.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-I4P16.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotFlickrPlugin\is-I1EED.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-BB3US.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-3HM8S.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-9PENL.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotJiraPlugin\is-1MFMD.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-EO2JV.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotPhotobucketPlugin\is-2G4NN.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-F0OUV.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-Q7ELN.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-PA7FB.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-53AIF.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-OSQ6F.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-1PFT3.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-TCJ42.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-LPBP6.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Drops file in Windows directory 15 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\698-0\log4net.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\a29ea947e6999e5552446b01be2b13d0\Greenshot.ni.exe.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\6fc-0\LinqBridge.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP17B6.tmp\GreenshotPlugin.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\7c4-0\Greenshot.exe	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\950-0\GreenshotPlugin.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\f00868af4598f427f377a5354f13804c\LinqBridge.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\a9f816e307a807784823161bb6f8ed0d\log4net.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\f604cef4931b67f5ec2985bc665b55e4\GreenshotPlugin.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index142.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index143.dat	mscorsvw.exe

Executes dropped EXE 4 IoCs

pid	Process
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2256	_setup64.tmp
2960	Greenshot.exe
2232	greenshotocrcommand.exe

Loads dropped DLL 17 IoCs

pid	Process
1288	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
1688	mscorsvw.exe
2384	mscorsvw.exe
1988	mscorsvw.exe
2384	mscorsvw.exe
1788	mscorsvw.exe
2380	mscorsvw.exe
2380	mscorsvw.exe
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2960	Greenshot.exe
2960	Greenshot.exe
2960	Greenshot.exe
2960	Greenshot.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	greenshotocrcommand.exe

Modifies Internet Explorer settings 1 TTPs 37 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\getgreenshot.org	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000004783b7dc8edee8922675b63da9092c47df1f91628bf1ae0aeccc03aa418bbe4c000000000e800000000200002000000020682d41208e0e1608b7586ee902956610deacec0cf344cb118f365c63816231900000006b2eef752b4c7ad92eb7e369f7db4b744f6265cf9b25fce1d64b1aca12d0395f0b4955e5aff36c2c7742221cb4c8994c6a00d00ec7d679fa156e161fa03f3bd5ccc927474000cfc4681b57fe2273a02d312929969ea0f15b7860f51b0d077f5b8718f0c3035d29febb0078d80158dbafddf02be83ec1cb88ba36757f36ead477e7d724d9bc67da3286b9e1c05fea99b340000000c26aa98971b376ae05d22184639b527feae2c10a339a4bf6c1718ac28dd14c3a0a2034787a9cfeca2d67d2c382f410a22b38d4366c4318dd64148f30c5029b05	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000004df057a176cb4bd3a89c458adf4ad580c548dd837a6593ffc9030ef387797045000000000e8000000002000020000000bba3e52126d9b0cf3138fb66658fb344a9fca8fd98b2d20e8e453b26b693f3892000000043aef6d2504f816e15e3787a102af1dc09add73b06eb4dc6d72b841aac3176d540000000656f07e5fd32024b4c908d80dc4f4812f71a9bd8591e26a5262e2e69ade20b6b4a14f4b1b8880c09d90fa51286d2815af7f268e48bbe3227625c6dedcfc4e3c0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e3f9e595ffda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0EB5A6A1-6B89-11EF-B6DB-72E825B5BD5B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage\getgreenshot.org\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\ = "Greenshot File"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open\command	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open\command\ = "\"C:\\Program Files\\Greenshot\\Greenshot.EXE\" --openfile \"%1\""	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.greenshot\ = "Greenshot"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot\DefaultIcon	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\DefaultIcon\ = "C:\\Program Files\\Greenshot\\Greenshot.EXE,0"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot\shell\open\command	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2960	Greenshot.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2392	iexplore.exe
2960	Greenshot.exe
2960	Greenshot.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2960	Greenshot.exe
2960	Greenshot.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2392	iexplore.exe
2392	iexplore.exe
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE
1272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 1668	1288	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	28
PID 1288 wrote to memory of 1668	1288	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	28
PID 1288 wrote to memory of 1668	1288	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	28
PID 1288 wrote to memory of 1668	1288	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	28
PID 1288 wrote to memory of 1668	1288	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	28
PID 1288 wrote to memory of 1668	1288	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	28
PID 1288 wrote to memory of 1668	1288	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	28
PID 1668 wrote to memory of 2256	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	31
PID 1668 wrote to memory of 2256	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	31
PID 1668 wrote to memory of 2256	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	31
PID 1668 wrote to memory of 2256	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	31
PID 1668 wrote to memory of 2380	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	33
PID 1668 wrote to memory of 2380	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	33
PID 1668 wrote to memory of 2380	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	33
PID 1668 wrote to memory of 2380	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	33
PID 1668 wrote to memory of 1016	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	40
PID 1668 wrote to memory of 1016	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	40
PID 1668 wrote to memory of 1016	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	40
PID 1668 wrote to memory of 1016	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	40
PID 1668 wrote to memory of 2392	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	44
PID 1668 wrote to memory of 2392	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	44
PID 1668 wrote to memory of 2392	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	44
PID 1668 wrote to memory of 2392	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	44
PID 2392 wrote to memory of 1272	2392	iexplore.exe	45
PID 2392 wrote to memory of 1272	2392	iexplore.exe	45
PID 2392 wrote to memory of 1272	2392	iexplore.exe	45
PID 2392 wrote to memory of 1272	2392	iexplore.exe	45
PID 1668 wrote to memory of 2960	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	48
PID 1668 wrote to memory of 2960	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	48
PID 1668 wrote to memory of 2960	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	48
PID 1668 wrote to memory of 2960	1668	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	48
PID 2960 wrote to memory of 2232	2960	Greenshot.exe	49
PID 2960 wrote to memory of 2232	2960	Greenshot.exe	49
PID 2960 wrote to memory of 2232	2960	Greenshot.exe	49
PID 2960 wrote to memory of 2232	2960	Greenshot.exe	49

C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
"C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Users\Admin\AppData\Local\Temp\is-26CIJ.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-26CIJ.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$3012C,1293027,131584,C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:1668
- - C:\Users\Admin\AppData\Local\Temp\is-642NM.tmp\_isetup\_setup64.tmp
    helper 105 0x268
    3⤵
    - Executes dropped EXE
    PID:2256
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\Greenshot.exe"
    3⤵
    PID:2380
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 104 -InterruptEvent 0 -NGENProcess f4 -Pipe 100 -Comment "NGen Worker Process"
      4⤵
      PID:2488
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 168 -InterruptEvent 0 -NGENProcess 104 -Pipe 160 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:1988
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 188 -InterruptEvent 0 -NGENProcess 16c -Pipe 184 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:1688
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1b4 -InterruptEvent 0 -NGENProcess 190 -Pipe 1a0 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:2384
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1b4 -InterruptEvent 0 -NGENProcess 168 -Pipe 1bc -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:1788
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\GreenshotPlugin.dll"
    3⤵
    PID:1016
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 104 -InterruptEvent 0 -NGENProcess f4 -Pipe 100 -Comment "NGen Worker Process"
      4⤵
      PID:2756
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 104 -InterruptEvent 0 -NGENProcess fc -Pipe f4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:2380
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1272
- - C:\Program Files\Greenshot\Greenshot.exe
    "C:\Program Files\Greenshot\Greenshot.exe" /language en
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe
      "C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe" -c
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Greenshot\Greenshot.exe.config

Filesize
423B

MD5
607cf0cb207fe62914afb1d252002de5

SHA1
7e9979e5244f6cd3640cf5bc429c29ea9f80c656

SHA256
e1f91b7391b071117b03be8e8a21fb644e83a624bfa9ea76a4389e8f2ea7027c

SHA512
552c0b846b8a9a487aa27a9158ec01dc35f47f4cf932540adbf3bebad34ed85422213e73ab9f826648d9340ab0d867eab71d23c4b7b06ca1f0775aab9683d096

Download Submit
C:\Program Files\Greenshot\GreenshotPlugin.dll

Filesize
447KB

MD5
9ffceb225f44cf2aeb6fbb51c77fd12d

SHA1
3658d7ec2f0de037f909d59c8a51783fa2ec885e

SHA256
697f06fe82a419c2a32d5f8819ff857e70c2052e253389780469ce114bd8efe7

SHA512
8ba2910c71b347eea24650b996bc26dff3393c0416be0ac8a6fb6014cc61a9e705e770bc9909c2247dae025e1c13738c9a4f249ef9414ffd8ef668a4caa9eeb1

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-cs-CZ.xml

Filesize
1KB

MD5
f85c6c79b6ac8001561f3a9a41d4213b

SHA1
d3590b973f13bb92d843ae032ebae5c32cb59f9e

SHA256
934453e0626a9d0e4e12bfe834b14b7e757219017ff023ee87becfd98ab0ef04

SHA512
0f4103c09b38430c8d37a09ebbbab5ecaa0be72b6ab9f741d71faa26bfe25b320c190fa6209e194eb2d55584ec41deccc6a25f850106a32fb395747d092d2cda

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-de-DE.xml

Filesize
837B

MD5
ef2cf55aa8273433ac9bc0c94e5932b6

SHA1
fd6c91b7b9def2e864ab6cf5632d0ca81f58de11

SHA256
51cae4140a51f8c272dbdebe1706dddda7d7b1f9769b0cf8942534eb83acc531

SHA512
aa73fe1f50849574fb0e67b6c7c54c206d7b43528ad234904990147b986933c91563847a224acf61bbd28b6a04bc63cf3f3cfef987925ea5741664021add3627

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-en-US.xml

Filesize
826B

MD5
83120bb41321702ee5397446cfcdf818

SHA1
02fd4679077abcd1fea3e428bf41d2dd9b9a7202

SHA256
e0655468f017198446450d7aef03185ace03be27681098b054910c94aaf7c099

SHA512
5f6d1a87b8851e4d654473765345ba383eec186c41295c66f030cfc7204716eb63cf06ed69c9e4b3088e391367ad99744686bdee5ac7a5b201aa4b87b8bcff0d

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-fr-FR.xml

Filesize
988B

MD5
0714716280bd8617fb4093c8e06c996a

SHA1
b3a9d237bd099497dc6bb75b75717f76a9492196

SHA256
29e108a62595fb9cda547610a9d03d2cbd9832321ab21be675f52afedcc4da52

SHA512
2e3fac8b6a84e7409dd0dd3ae12eaab7c73a589d7108528a3c4a3de93ae5a158fbfb810ada6aa980630eadf9b0b86b9a9d2422005e41751aea502cf0cbb70e99

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-id-ID.xml

Filesize
831B

MD5
45f8640a4e0a240cf956037c53717953

SHA1
7d0d95b2840e83703d76661da4a2b6d26f07449d

SHA256
0fcf1341dd0c48173f3a075d12a3044d22a1c0dedc13f1fc6e0dd9b74a9eb16d

SHA512
b5e8d65381530955fed17f4bdefb3abc75f549002944883dc35a13652ead56daa8d00ef01bbf078d53a260bf45311c9095dbf7958923a17175467f74d50e3a9c

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-it-IT.xml

Filesize
880B

MD5
e234ddd5b696af23528acb79041ea5c1

SHA1
3f73cca399ca197b989f3e66b9b9b2b85a8e0a67

SHA256
d58c99e7c871d30ee507bda8c26318842cf680be776f63e55357380dbabf13dd

SHA512
66505c0eff22d30c36c38d7c80092c865642ebdb592f0bd2140b15558169db148b6968cc902c0d83d8e044e9198267e292251cdf4ed15fda2b8050eca9b109db

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-kab-DZ.xml

Filesize
876B

MD5
b30ace96b6f310d36c57daedb3407faf

SHA1
a452551329cf0be9ec6cda5ab67ef226179183ca

SHA256
0ae11b78905df0feea86b433c398bf402c18c7e2d5a0b4e8bca711d240e4ae73

SHA512
e51e6583c0809a9a4e5258186d5bcee98a805e7232284e8c0233f539fed09827756df8f40c1fdb96e62d8b1069644e3f2eb6c07b0016190f7950807f1ef5b4e4

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-ko-KR.xml

Filesize
830B

MD5
22bc36f022dfc5898802671989bbe675

SHA1
41d6356a9df17ea8633042ec328272f85125b718

SHA256
2f0305a5410f4d011382ca43b8725c250b04ee722c5550ee1b9d7c0d72f2cc94

SHA512
0b1dad40d98b9fbca75a4fac486238c06ee142c173c2bf51835d93262c0240d6fdce508277e9e198a03821682795e2dc34214e67ea99d67467d9d06575065770

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-lv-LV.xml

Filesize
953B

MD5
0ec47cf5b351478277db1478c4deaee2

SHA1
1fc3660b7ebae1e64500e3255da2c4e23005e3ee

SHA256
50ea016bcc3e7640104d32bd117377835db18cec434f1aa49ca11f4612e409e5

SHA512
491f3294e5a5e29e63a631054b2a543635bb57016c5eededea4dd8fa1ac36a6e5f4521bbf779624fbecf15aa742ae1cbffff3815f38f7afa624deb9bd809018f

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-pl-PL.xml

Filesize
818B

MD5
083528c290d361ae7405e8780d362644

SHA1
133defc3f9819cffa65ad9ceb607fc97277712a1

SHA256
e0ebdb22913227ef364ed6c39b172bb98ed3cae39267155cbd5e9e66a278dc37

SHA512
fc45ad5e81eb1432a9de8bf69b19d54ab04f6c702fa5097b544522a28daa4d21043b8508fb327eae6f7ccd872c1dc923bb5322980ab7324109134dcf84399865

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-pt-PT.xml

Filesize
879B

MD5
7c8b9112f06592b5d9235591b384aa9a

SHA1
e62443cd751a865155ddd2526909f93e06a8fe23

SHA256
62b67c344917bf9421b69bfa6f71a1ca6ceb6f00261ac09a9b10ab3e7742c4d0

SHA512
33a9d2f7a510c72d0ef7e8bcfa612bc93b52914880a2a9f434a842fcb911f10e03e5ca7fbdcb865ec828b1e9467ab63d6d414038fc05b1e6c9bc158ca82347ba

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-ru-RU.xml

Filesize
984B

MD5
ec5828c7ffc2cc2ec74c44e61e88ba3d

SHA1
1c9f283d286e0286fd41d1aa9ccf4a56a7c7eb95

SHA256
5ed053da2ed8dca0cab3736f9d8d5ad82a68c206b7f91d50a94aa3bc4786027d

SHA512
6ee766938573f3e259acf8cedd620e2f3d1d4a3f6c9f79db2acc69338d3dacdf993ff596a15b52efabeb2409f8182345ff82c1ccc3f4565c1efbd04ec5c92fc3

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-sr-RS.xml

Filesize
981B

MD5
1e1daf76d8bfffb4416fec8e1089db7f

SHA1
06b31943aadb13e3ab9a38a744fdd2eea653186e

SHA256
f29fa78b558df082e3577baf52727659a3861204d3f4fdbc91ae63bb2465b4f1

SHA512
c6133c1e01e6ae7bc23ab3696e24a212927c3976ee1ac120d93d6f0d6844aaf143c95671caf93cfe08d3133d9b782c0bd57a705c58ab94d1f787dd817feb28c8

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-sv-SE.xml

Filesize
834B

MD5
ab4385501114e551b4ab278275d20b98

SHA1
091c8ac4a31d630775b3a79fe3d86adc1e13a198

SHA256
ea1b3f5625589801605daf252eccb991c068c7cf15f3a7ab4214f96a0ac216c2

SHA512
3b1b57710a5662c4aa4de55b2cf5ba3204bb9e9b30088501f980b4884b2f0ff16e3d0ac055fe1169145cb269f6f2d7659980dd34c7b9937243ea7a1b982eed41

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-uk-UA.xml

Filesize
1018B

MD5
4fd30f7bca5af7ff55e838b07c4b87df

SHA1
163bc11a03799d17532b7912c03d3f114b6b55d5

SHA256
5cae7eacd630f3ddd7dcb59b21ecc3d00716b33f8492959a197f953bc06aae2d

SHA512
a5f212dfb5cc0266afb52ba1f5bc3e2499de09b38ead835b488b3731855ba0c74cc4cf75eba047a31b6678a1d51570634e81f4c8bd0a16033ae6a4938de85ac6

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-zh-CN.xml

Filesize
793B

MD5
1340d586beb7a3b072f60d26f3a12799

SHA1
3784a5876ddb1f5d5abee22ec41f6fd8f5d29bc5

SHA256
6f30934f2799aa14ca32b9861a856a65610e8c36d70f1af812ff1b2fce24ecc4

SHA512
9b57cb298fae2645573ddfc022ff380b77bdad386b7bbfe6758e7c3c2a799c0fc987ba67aa26a0f9f5563cf150814d5c48c686cc7bfb418f8e49bc5ace4e6e30

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-zh-TW.xml

Filesize
783B

MD5
edcfd6acd102c2babc62ab31b66d9369

SHA1
a1543bf3839cd8c437af5316ff68b00f606b5020

SHA256
3d305372db9f22f2db2601abfcd21ecf34e5b3621fb4b3afe4234ba45f7e3b31

SHA512
9d4f8dabe70c21bef5ceb04561806a50a20c86b6a41127333d367d373f6aecf03b71530bc7f3dbd2634cd7a0794385e42b7d551108af81bbb05c0bdc1493e636

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-cs-CZ.xml

Filesize
1KB

MD5
60838b7578ba1ceb12423df9c2e802e2

SHA1
1186289ee5708a5e98927bcbbc9e3d9dd450c4f1

SHA256
8c3de8eaec780b3a8c9be5c366376274fca2f7f6ca1fc247af450aa2684dc7a3

SHA512
e65dc8b74f10787fbaa4565d5eb914cd6664640867a04ce231d0fc2d828047c4d533adf132180b7898051379bfdb2b8857f5b8c84f92c74e80c9602ea583aeee

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-de-DE.xml

Filesize
1KB

MD5
8392ecab0955c5b169757926d2a75371

SHA1
7c1cd9c1569cf8776cbd13b8524b17ada695fa04

SHA256
f19c8d03558136d2b7d174c4c89bcd5b3063422d56f0173d19b9a24355261062

SHA512
8a01fe1770ca16005044b094ab8e88d277b639b513d4ead7f4040c0b4ab0021908877df4347a01c025457c3b6c0bcc8e112109751d9f444b353945f8a6cc1a1b

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-en-US.xml

Filesize
1KB

MD5
b1c7501ba80d7d0061c185cc91fb7560

SHA1
25a2c42901851f1cdd70d80b431f81eb360aa2a2

SHA256
6ed010c12dd4d5c90b7fa9a0925c65749449513f9571bf965b1ff78598c62997

SHA512
9a04ff454c4a25812c5bc59fb7b70b4e453607a4244fb2627114e8bb57d03f1f03101446fc9f036f54ac77d14d53c2640f86d3dd8ced58e3574f4cdaf7804883

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-fr-FR.xml

Filesize
1KB

MD5
2228f3e0d562c70d83d94e7478f8c348

SHA1
1f4e48014e742e592a5dda73fe847d4b92811019

SHA256
a9e5b6e333f5c108ac866d9f73245a44aac4fa39bab6c2bb55bcc9e1fe8a1dd3

SHA512
06fa34c68525e3a30d416ca1cc1499fb664e47442d8b2c52b3e35cdfca18c5ce17e298e32ce96b79cd3887b38c4ea8cae24ba9a242d4c8108b63ba256cf2e137

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-id-ID.xml

Filesize
1KB

MD5
353c3f660cd3e1b675f4d9f1cad5a25c

SHA1
b52b7ce937cd6cebfecd5c06628c0c76a2033af3

SHA256
b395cc9ff8d580f586248d9b31c00ab830aacb7e0a76c8c57faa6d79431fdbca

SHA512
53eca30e44e28b96cb3de211336de3a5960fdb6f2430ede31f3e2526e2088404194a5f16441b9aa3eb1cdc8f4ee1a02fc8a398720602f76ac7141209cefbe787

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-it-IT.xml

Filesize
2KB

MD5
18d2d9cb43d45fa5142d2eb342179676

SHA1
fe1c216a2049f8d5ca6ebc36ada2d25fc7fc1a24

SHA256
e28f3366530654d6b1b02c01af006fdf84b42e71f050c1abac01c347a2db0345

SHA512
2f5e5bdceae55a438eb2d370522f58c5d1f13b87711845faf6a76c2351d383168416c016da5abf772b665da64ef5110d8def99f08b82b9c57ded7a48325cecbf

Download Submit
C:\Program Files\Greenshot\Languages\language-de-DE.xml

Filesize
23KB

MD5
5bb8d3f5032b557249b155200f8e9de2

SHA1
a888b88b71c89067f79bbd570c523f96cdec7f6e

SHA256
fc84949780d112cbc2534868cc2a2f7c098d6d40753ada576411b0ece82a44d0

SHA512
61b2e5101898015a6e391eac2e572a6fba86f686060c30ec2cdc4b4030214d4157a10aebef1bdf273719608689d32fb96f472ca4b38196c4b1f73f83234db0f5

Download Submit
C:\Program Files\Greenshot\Languages\language-en-US.xml

Filesize
22KB

MD5
3933519bb13fbbd82a22c762e97db486

SHA1
34bf3736bbf3ca9fd40ec9e514079f24221f40e0

SHA256
8713627e6eec1b09ecffa0d9e71d3d0d4ae99b75408ba0da8c1115a7cdca6114

SHA512
25ea729a2065574324db3b96cf9490bd6f58c1dac192d52e7402e8cb32eed5fa134534e2beeb04797ab5e1b6bc3a16e8ca45b58d313ac5da935f8253f4e0b7ed

Download Submit
C:\Program Files\Greenshot\Languages\language-nl-NL.xml

Filesize
22KB

MD5
f84c21e890cd14ac30c96727791e60df

SHA1
f54d1ed6288eaf4162c492bb0897dcad93bb5405

SHA256
85230847998029548872f95ffa4e9a2018f1084a581939f8fc5d4346ea6db7ad

SHA512
e84497e61dda1270ae461129b808dc5f749e16a465ae432f7cbc0bb3e5e4d5f36d73863670634f7e5a8914ca9e6f1f28e612058dc5170611a0452941932e718c

Download Submit
C:\Program Files\Greenshot\LinqBridge.dll

Filesize
72KB

MD5
8786edae35ac469b8a80e443d387e968

SHA1
cd51f58c61c8c8a8ebd4428f6a2e4b98a446c215

SHA256
e9d98dcf877357127db02dd36d2a0c6eb6c8561ea802d910b6a9c62c75243e94

SHA512
ea0074b3b0ae46a8c9faeba13305147748104787757b5c78e1915be73d5a33e39f108cca2c5e6c70e3b0f76f3a6adc7365d3a14afd16de198201a7f31e245571

Download Submit
C:\Program Files\Greenshot\log4net.dll

Filesize
216KB

MD5
c10193a05427df7e422abbbd733e059e

SHA1
d8db7f68218bd39c0e758fcde4a7c0f18ce1cb81

SHA256
b44c644dcb302ef0fe827a40f947c68e689cb20a162defed655599e90a47fba6

SHA512
12ec16a5127deba51e5e35b63645f7ba710cac146d4969b35545f0aab01ed3f9d32e887fa6b5187195d65df9b7a7a7da8764bf0e5a69887a2002c0b8a0c7a13a

Download Submit
C:\Program Files\Greenshot\log4net.xml

Filesize
1KB

MD5
76b1bef0cad73c9c8bc52294221e15c0

SHA1
1f9c4975b0fc35c17dae9c0cfc635bb0c7eff878

SHA256
73f2751080ccf92ef64b2096bed37608219acb4353e9b6d7c5a463c035014448

SHA512
c3d2e11663be659c018f2967428871e7a3fcf57ebe16c436f8b8f1657cd659d334df6715a61620244a8b64353b69da3eb76aaf79bd74dedeb340e665bb52e456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
250a7f9b5d8c2b2128db4fb2b5e5ff82

SHA1
4c3adeddd796f517db7a246d3a662cd47f29e580

SHA256
0420816bc474ae8b214218591a319a1b5fce693f15c3f3acb28706fc69ff1456

SHA512
6c1fa7ad989014424a274c2f633139bec59f340f1361ffbe839553f68321b40e04f7f199c11dad8a6af5c2b7c28363f6450f6d05b59ee07225e6778fb10729e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5a8a58ce5b2e4168b1452ed5a9fbbf0

SHA1
5eb61c1a8dacb319dc2e286ce7defd93cb3e8036

SHA256
9d66df2ddb73b55455b83cebe80d4b4fa28619daa3aed0a5c2781a63d83ae729

SHA512
bf0ab7735d78d5e10c4bf9381f5ca9824a72135528246b4e41f14e24651641deb4da78316d03c669520ffbf158f7bf3ef5a27dc0f7088d01e0820eebf056e724

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0fc6a31e73c00593b8e3b0f2a9d2ced

SHA1
cd706a9e07c87024a1273b3b3b4ac1f95045b3db

SHA256
0b9a319a69850e492a9313595ca9ed3d29117f2ace60dd3ccf2f70f2aec012c6

SHA512
34eeec3e74328ba5a61b495a4d8af001344752384ea386f67cd5e948becb438ef3dd737366b03d444d77c0767fe695b295c8ad75ca3d3bf94c3cadb1a18f2dfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d858b2f574289c3c9e4e0fad1106353

SHA1
4b02d889430298ffddd51346d23be4428693d1e8

SHA256
a6884ba432db40e3be3dc38ae4e1d65f6357833e23df2db928907ba4df26ce70

SHA512
065fb0eefdb2db8834cfdcb6af8dea59db1988a4cb8173013e4af55d47265313625febb6c5bda81728f5379e4310f3190f046458045bfc5c2e99fe69fb7d90bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c2c7219d20a528892d9a2626b2e0fdc

SHA1
bc3d1e87bbc1c55a0de8d1e083960fe8173dd20b

SHA256
5fae7e43560ec2618d54de78edfa1dd881a5dad27c6a7cb6f985a5e0fc8e811a

SHA512
dd67ada40f1ceabb29462c1ab41a58f8f6db30d39df339b19bfd7afd3a045c515fbe97ae6ed3258e42ec2708bf149233b1e7226b904ad2d81bf2e1af0842a380

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7914388f08ac905781661b8810141e33

SHA1
89043cbc641e8e55f84ea29bc308a2773209a69e

SHA256
3543659814f4e815cf159922150a438e9f33083da487f2233cd6f7f4e49592a3

SHA512
4f8c6407a59c3d225da44aa0f1d29e68f23bf19cb794a419def1915d9b70eecd9d68b4b97a81eed38c6c65cc46ca4aac73c50ff8612f1285cf702133637b73cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b966476acd7c27a651b3804f8ccf874

SHA1
bd117dc4f8b03450b7de142b417889870b61edb7

SHA256
a8f9994a16ae6f14d9023f8c73a7b6a3f6aaf0a0ec4e2be3edb5b1e93dd0b83d

SHA512
6e086b46cf7f5e749bfd332f159453fd85cebd151f9992a49510a3183b1046dd2322bc63c8b00d9962e997cf8d885965c6d075e95af66be27f7d77f390ca337c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
571021492a78acd0aca06e829cf74873

SHA1
acfeed91764bc7370db450076f72369fdee89102

SHA256
46b6adcc3ebd2b61ff61012768d32837c4402bb12e006606f81518916d205f32

SHA512
2a48984ddfa4dc7436e9ff17ce040f248907ed874edd872f55e8b50df04c201b83189d8a8bf2835686fe110bdca82df865546db992d31697e6472bfe43988eba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a36faaf47e97b3d82e78ecd90bd7b32

SHA1
209a98797f222af4e634cc0c744d234eb5df5911

SHA256
c449d0cbda5b57a1a310b2bc655d7dea880861621984d0ca083e3a08c9041e6a

SHA512
bd49433491ced405502bcc572b97c7063524fafa0e5ef02760296cb525020c899e38bf91e7eaf03ba9c3b9b89552b73613432639e6a0035387939503e36f8cdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a507ad5ddd5ede94f58fed1d1398f7b

SHA1
716d242e3025e9d9437193c1c951735f41418695

SHA256
7e435681ddb33340c037786ed916f4fd70646a0d87b0ac855e7f12438e90ba08

SHA512
b33dc817c4ffe4933f10e48d3a4b4abebb7e5149d3468557df023d32c9983e257c3589ee1c1103f7a618bd7e5424ea04d658a50089d520be2f4444d5bb7cd4c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92cc92b7bf30da104c83fc2640505094

SHA1
fefe17544c688b09bc90a2f4fca396f37c417ccf

SHA256
df0f52e788ecfbed9da871b8dc41bab8233c08607483d1523c9824a4e1aa689f

SHA512
6a1defebbb6a2c1d67bf04962535ab4e5128d0a1af5a9266ddb4dc3d948c256e92b1721899cc88b9a2f769477d365a79bd84b92baa711e13744c662099edd0ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93a901f24d3ad8f50bd42c2235a6df4d

SHA1
f07dfef4f94d4bb8e8c4e222b0049aa7626dcf88

SHA256
2216bf11eda21fb2dc9fcc85ef94bc7bbdb147bef017086d957f317c5b37a14c

SHA512
eef8f49319ab9a9ffa358d7f14d4ebde7fce3f56508bece4752c010a640322cfae5c9bbf0d2fa51018d327e6c09055a93a037b7550ea697f7c72947f93e0375f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76486363bd417b172a4c4fac2f1d8df5

SHA1
d774b0d9da7595623663480eb5127cd750a93847

SHA256
a40947fd0aea0b00b0e365bb644af2ae5668c21c05ecbbfa79e8de1239081e03

SHA512
09e7ec2c505d18edb37a6996b2ff651dfaf6843102b63aec478838a6b34f9ad5b450fb2404dbe98194bc8176991a59905040ed0f98c8da1511dbe4ae7ba88f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a59e3bedcd5f2db461e082a8e4bc55b

SHA1
f3a8f4f2ea2d035c97efdeab440b64de5dc20728

SHA256
6c2d9ee0df003e811a411d2d72f05ee5047b0f4c4c525ed254698b89a0c97832

SHA512
4e222f7d1e4f082f23e963ae602d23de86777a54874e05f227ae0e81be40bbe75ae88873743077be62ee1d59cef5d7f5ddb91acc35ad00ab4218571ceb98a9c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb019d0fd67a72a7247586086733b7ea

SHA1
814f2da6f4367696dd6e8d08859dfebdc8cb81c5

SHA256
09bb755489a0910216dabe171d29c6bec4f0a8c7f6ddeea8595d4a21a5f83b05

SHA512
63d0a5d7dd62fed489fde55d02f985e8a9e3f3c16005f0c80c65b908685aabca3258d3e0ca829aa733561116048af36fa3f095bc850b34fd8ab8421c65acf5e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e938c3bb60749d3f2991082afcc57a4

SHA1
31a2dd8e28bb9be75a72cfd132cc9884a0687e1b

SHA256
cc2636e9472bb7c7b63f2ca3e80d9b6af4dde1a78702ed6491b5c568de4007d3

SHA512
c97f3f5bafdab3d5bb9eb1f928e6139136b49046e3e7bb27113fb71dc915b6d078b25b1e65f492c159c7d284f1799f4eada5f83ec4131b73991276a18053e0d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08f2c971ec40576a5c51ecd89337c2db

SHA1
dd17a97d9d4541016c6c0ccfcce0588d29712caf

SHA256
965af040b393e8665e4aaf06a691bdedd7d09c7b4a4fd8dbd85317596501d1d0

SHA512
669a381a013b290fe4c97f6063e6e2e1b52f97f6b90c02f48b1b8c6ac2d6670c679dd335c035c37821033c0fb5ad855cfbc919d1d03e6d481bdd77b42df4ee4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91dee95e0e022671b1f8d8bcd6589f98

SHA1
9070bb6cabbc14a121b317be06c678c21a13a0ee

SHA256
ca55289d1da3231836effafeefbab109b1681aa2201fd8da631547b28f50f29b

SHA512
63fc8ed5a619c124912a9ffb3a28c17fa3002f7a97ac669c4a3d081866a6ae42239ebe21dbe4a03a7d0e87e71d518ebac4010b17101ff0264b911d88aa25b67f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a926d410ed4d302270de6d5cf0e1c3c3

SHA1
86640f1b26744f30e6b613aaea063ab71051d143

SHA256
79dab00818ec17703bd494e6f832cfc4a7b587dc431848b90ff51b1b635e3353

SHA512
d256c592ae00541422879df2a6507edacdd42529cc2be71b10ff5dc479bd723acbc77028ad9f47e1d3d33f07d63bec70d53058d3b6176eb572ee4e603c5ae6aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

Filesize
15KB

MD5
fa2fe945dd2349c7c01f6e468033ff0c

SHA1
2b743408b82a11347eb2cccd8f843f5f91159a34

SHA256
398af8813b60b5e47b542128f7077b60cbf3e1cea6bb580f9d0307dab60c35d0

SHA512
edf09c064ef3ea4f189ce6d5c47e9ce7e49328d252841eda85aa883321cdd5cc020ccd6775eb7223c0cafe201469b46680a996e58a5a088a02837d43ebb8dc39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\favicon[1].ico

Filesize
14KB

MD5
a6b45da29af3096adc82a3f86448bacc

SHA1
b65379ea6b612d69038c5b1397851173d1c6d608

SHA256
f35b4655dc5ffae84e2e2af48c83574ab1d2cb440f425643ddff1514fc0ff16c

SHA512
34c339145227f91610028312ae33efc1e940a6cc2273d85c2bafc09edaf3ce31e635fde6d5c02ecf059b8a9e63cbfe70edbc0e61f90c7b2aaf8aea5a25ebca47

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD3C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDDB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-642NM.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\f604cef4931b67f5ec2985bc665b55e4\GreenshotPlugin.ni.dll.aux

Filesize
1KB

MD5
abb373bbe092eb2ea459d4e1d830b51e

SHA1
b49e6e7417c698fc73e7dda96dbf4934f8643fd2

SHA256
a3b6054a7eca7ac3ccb0fb9465b30fbbe340705673e2261202cdaf20c82b562c

SHA512
2352f64c4fa1bd738c064421dfc6444e291763a315c69e80f9b0e3c381be57b832356771278ac60e8df10dd935e4167553d28d62deb0e8910d82667900bc74dc

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\a29ea947e6999e5552446b01be2b13d0\Greenshot.ni.exe.aux

Filesize
1KB

MD5
856804206c0e0df38dd3aeff11747be6

SHA1
859acd975848004e54373e613ad6d72672402f00

SHA256
e6815fcba8258649da63856a446fc4f0b3985138b0c7843032d522c6fec7ffe8

SHA512
a7787df63c593fc45f2e1c6801591a9efea939341148df42fc800edd4359c82269faa1f660ddcbd21ce4467a95aa01b5a8af23f881eac2af7143eee973c7f2f7

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\a9f816e307a807784823161bb6f8ed0d\log4net.ni.dll.aux

Filesize
1KB

MD5
a210ef148e0aef8ce5c76161f1bbfdd8

SHA1
eee022e6bb666710ed30c6b3821d0566019e1deb

SHA256
03473dd96c499e0936736da90bea5750d2d874c2f8464168848213c4a62bc65b

SHA512
4866d49d30dc2c547c96561225b5890e812b4c7a40971f05b2f2a9dc461642b4df0674ee11402e86294b393ae26de9272d22822344de0e89fe8bcd7d84a2ffc0

Download Submit
\Program Files\Greenshot\Greenshot.exe

Filesize
515KB

MD5
346d22939e3079901f0dfac7add71c94

SHA1
67ea9f4f56c7c4189745aab05c614a6e615d9e7e

SHA256
fdc3900da9cf5b4b7f4b461eb54f2f7abf2af104de8bfdd0b7f6a46f092f9cc6

SHA512
3d845aee807f6fc711f212229595ba2dfeec760c649b7b0f4398cba8091fab8eb63dd551b46f49840a2de2c2b872130b4b5e90f95ff2757381e96be4b066122d

Download Submit
\Users\Admin\AppData\Local\Temp\is-26CIJ.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Filesize
1.1MB

MD5
d1a078992e232919ea834226aea627a8

SHA1
53f5af8c06721ef5b62f56037e3b57dc4b517eaf

SHA256
655da9c7f64ef8f0f48160c76b8dc5443aaba63e8c6b3534a266e9cd5a18489f

SHA512
e056370322e58725961c024d1f322d31066bffd8b8d77f80fc14d2b5861788ef00e5ebc3fa6f51a6b0a94bdb02e8fffea48926716275754dd77bbe0fb8e221f8

Download Submit
\Users\Admin\AppData\Local\Temp\is-642NM.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP17B6.tmp\GreenshotPlugin.dll

Filesize
2.1MB

MD5
18636b26f461955f45a861b1e238fdab

SHA1
69a2e699fa20994af476ee2e9601c1089a1f04de

SHA256
7b9771bfa18574531a9aed48dd13b81963339a9ebe56c76ac127f7366848b307

SHA512
c90fe72f21daee6a4457b6a19bf6c9fddab11c103725e0a90de7fd8e086e3ad0023fea8fb28e943ceea317143c59d27135978d466acf0ff06495c1ae382d8d27

Download Submit
\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\f604cef4931b67f5ec2985bc665b55e4\GreenshotPlugin.ni.dll

Filesize
1.8MB

MD5
235bc7a5abe1eb7e6fab66d50556c7e1

SHA1
e82532e11007aa42f5a23a3bcf91697864f1d3ee

SHA256
898debd19872d654e27e8c8b1ae04be81c6b83fb2cf4fecaf455827863629369

SHA512
45d8a7d293c21d8829607fd9e88ac7165fe249932bee25c3daa66025b48a18111300742e647eef86315daa46e9b625ec000cfe276c4abcbd4b24b055aa0ce82b

Download Submit
\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\a29ea947e6999e5552446b01be2b13d0\Greenshot.ni.exe

Filesize
1.8MB

MD5
49c2bbef95580b062063343e1a696e73

SHA1
a9680d3a2697820547ee43960913ef26d93d254e

SHA256
3f6622c5619ff7ee8c39c50df826a4ca4fe82fe6347c7fab27794a54ca73d45f

SHA512
49b40289e749159743643083c439faaf845838ebb2e9cc670ad9f420bc417fd95193933d6f5f3ee2522002988f5a63e69fc31f0ce583695712fd56bb2f417b03

Download Submit
\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\f00868af4598f427f377a5354f13804c\LinqBridge.ni.dll

Filesize
742KB

MD5
19db047bc5e65a81b06529a0a1c97cdb

SHA1
e73ca748bc02c996afc52bfa358c3930721f289e

SHA256
c19b7bcc48ce4570b8d18038969daa31981eaa66d9cf1cb18e6c5d688b17f174

SHA512
e78cba55e9a1d90b8f02e03928f8eeb4be3e3a8f3d70230ca96a75ab4029eeeecc617cf04964502c27be1f86f95563f85dfad206892a8c6cb6b2e1ed5931d6fc

Download Submit
\Windows\assembly\NativeImages_v4.0.30319_64\log4net\a9f816e307a807784823161bb6f8ed0d\log4net.ni.dll

Filesize
705KB

MD5
564dda83dc43601512edf5edfac81b55

SHA1
4fc863f9fa052686c266ae23e46af00a9638178a

SHA256
deb47d0d26108ae06195c46ff7a0c3ab3ebd400c021a0b5bad3fd2f911179398

SHA512
50f28d72ca71677f53b0832b1865f3d945cd4705dfd73a1a088f4b9afef52a0eb8eb482e11c4e77595b2765505f20e56a802b992d75e19ef493a5df041690157

Download Submit
memory/1288-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/1288-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1288-2035-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1288-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1668-8-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/1668-18-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/1668-16-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/1668-15-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/1668-526-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/1668-1544-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/1668-2034-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/1688-458-0x0000000000450000-0x000000000048A000-memory.dmp

Filesize
232KB

Download
memory/1688-462-0x00000644A2000000-0x00000644A20B3000-memory.dmp

Filesize
716KB

Download
memory/1788-510-0x000006448A000000-0x000006448A0BC000-memory.dmp

Filesize
752KB

Download
memory/1988-460-0x00000000023F0000-0x0000000002460000-memory.dmp

Filesize
448KB

Download
memory/1988-459-0x0000000002230000-0x00000000022B2000-memory.dmp

Filesize
520KB

Download
memory/1988-480-0x0000064488000000-0x00000644881CA000-memory.dmp

Filesize
1.8MB

Download
memory/1988-461-0x00000000004D0000-0x00000000004E6000-memory.dmp

Filesize
88KB

Download
memory/2232-2019-0x00000000009A0000-0x00000000009AA000-memory.dmp

Filesize
40KB

Download
memory/2380-1067-0x00000000021D0000-0x00000000021E6000-memory.dmp

Filesize
88KB

Download
memory/2380-853-0x0000000000560000-0x00000000005D0000-memory.dmp

Filesize
448KB

Download
memory/2380-1065-0x000000001D430000-0x000000001D8FE000-memory.dmp

Filesize
4.8MB

Download
memory/2380-1066-0x00000000022F0000-0x000000000232A000-memory.dmp

Filesize
232KB

Download
memory/2384-495-0x00000644A0000000-0x00000644A01D0000-memory.dmp

Filesize
1.8MB

Download
memory/2488-455-0x0000000000500000-0x0000000000570000-memory.dmp

Filesize
448KB

Download
memory/2488-450-0x0000000000730000-0x00000000007B2000-memory.dmp

Filesize
520KB

Download
memory/2488-453-0x00000000002C0000-0x00000000002FA000-memory.dmp

Filesize
232KB

Download
memory/2488-457-0x0000000000690000-0x00000000006A6000-memory.dmp

Filesize
88KB

Download
memory/2756-527-0x00000000002C0000-0x0000000000330000-memory.dmp

Filesize
448KB

Download
memory/2756-739-0x00000000007E0000-0x000000000081A000-memory.dmp

Filesize
232KB

Download
memory/2756-740-0x0000000002110000-0x0000000002126000-memory.dmp

Filesize
88KB

Download
memory/2960-1858-0x0000000001340000-0x00000000013C2000-memory.dmp

Filesize
520KB

Download
memory/2960-1996-0x000000001BC30000-0x000000001BC4A000-memory.dmp

Filesize
104KB

Download
memory/2960-1981-0x000000001B950000-0x000000001B968000-memory.dmp

Filesize
96KB

Download
memory/2960-1982-0x000000001B5C0000-0x000000001B5CA000-memory.dmp

Filesize
40KB

Download
memory/2960-1983-0x000000001BA80000-0x000000001BA8E000-memory.dmp

Filesize
56KB

Download
memory/2960-1986-0x000000001BB90000-0x000000001BB9C000-memory.dmp

Filesize
48KB

Download
memory/2960-1994-0x000000001BBB0000-0x000000001BC12000-memory.dmp

Filesize
392KB

Download
memory/2960-1987-0x000000001BBA0000-0x000000001BBB0000-memory.dmp

Filesize
64KB

Download
memory/2960-1995-0x000000001BC20000-0x000000001BC2A000-memory.dmp

Filesize
40KB

Download
memory/2960-1980-0x0000000000B30000-0x0000000000B3C000-memory.dmp

Filesize
48KB

Download
memory/2960-1997-0x000000001BC50000-0x000000001BC5C000-memory.dmp

Filesize
48KB

Download
memory/2960-1998-0x000000001BC60000-0x000000001BC6C000-memory.dmp

Filesize
48KB

Download
memory/2960-2000-0x000000001BC80000-0x000000001BC8A000-memory.dmp

Filesize
40KB

Download
memory/2960-1863-0x0000000000130000-0x0000000000146000-memory.dmp

Filesize
88KB

Download
memory/2960-1862-0x00000000012E0000-0x000000000131A000-memory.dmp

Filesize
232KB

Download
memory/2960-1860-0x0000000000350000-0x00000000003C0000-memory.dmp

Filesize
448KB

Download
memory/2960-2036-0x000000001C9A0000-0x000000001C9C2000-memory.dmp

Filesize
136KB

Download