1687311b4e7a3720be20490e8ed6cc772a32336a7bed8896e475b8ec616c6b81

Resubmissions

11/09/2024, 13:13

240911-qf3rsasemc 6

05/09/2024, 13:15

240905-qhfd9sscrh 6

Analysis

max time kernel
107s
max time network
101s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 13:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
Size

1.7MB
MD5

c16f86882d5a102ed7a0fbbc0874d102
SHA1

4e3ac7a53f0f368b9218bf717162d5e073a0f7df
SHA256

1687311b4e7a3720be20490e8ed6cc772a32336a7bed8896e475b8ec616c6b81
SHA512

90b7aac54467b266a9dd9ce7c83a156d3d99f7aeb1ad0e3e2ef5516b38270112dae07892e3e80765c3508484e3ee66e7439db0512a63b48f64e6b15e83285f67
SSDEEP

49152:Cjt17kLz5P3mucJZCliSAbFXHrZy0HCxgdjmyZ3xog:AjkLlP2bClDC9Fjd

Score

6^/10

discovery persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Greenshot = "C:\\Program Files\\Greenshot\\Greenshot.exe"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-LSOP5.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-BJ8LQ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-I7848.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-V35RF.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotFlickrPlugin\is-U6MHV.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-TDOMK.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-LKQDL.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-MA3A6.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-7ND9J.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-E38HD.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-T9RT0.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-DRCTR.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-6023T.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-P7PO6.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-CSV42.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-SLVPT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotFlickrPlugin\is-GB0GF.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotFlickrPlugin\is-JUESF.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-9D7F4.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-FK79K.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\unins000.dat	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-SSAT5.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-15FNT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-GLOCB.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-JB4J4.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-DVC16.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-8U4LP.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-53GL4.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-E7S43.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-8UH9U.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-6LE70.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-4UJPH.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-MKD70.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\is-SDQT2.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-DELN1.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-MRI38.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-T64HL.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-UCK1I.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-IOL9F.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-HODHN.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-097SE.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\is-2TEMS.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-V0KRQ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-3ND94.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-3V4J7.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-2QH7O.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-H1INT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-VS27T.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-THQAU.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-FNVRN.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-DVJI0.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-5VCLQ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-1ITCR.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-OORDJ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-KMPFP.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File opened for modification	C:\Program Files\Greenshot\GreenshotPlugin.dll	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-T6ONH.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-I4B55.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPicasaPlugin\is-1G0M9.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\is-3UGR4.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-G85F2.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotDropBoxPlugin\is-9G49N.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotPhotobucketPlugin\is-OA5EU.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotJiraPlugin\is-7FACA.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index142.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\a9f816e307a807784823161bb6f8ed0d\log4net.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\a29ea947e6999e5552446b01be2b13d0\Greenshot.ni.exe.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\f604cef4931b67f5ec2985bc665b55e4\GreenshotPlugin.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\f00868af4598f427f377a5354f13804c\LinqBridge.ni.dll.aux.tmp	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index143.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\674-0\log4net.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\96c-0\Greenshot.exe	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\4e4-0\GreenshotPlugin.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index144.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\7b4-0\LinqBridge.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC717.tmp\GreenshotPlugin.dll	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe

Executes dropped EXE 4 IoCs

pid	Process
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
3016	_setup64.tmp
2124	Greenshot.exe
888	greenshotocrcommand.exe

Loads dropped DLL 16 IoCs

pid	Process
2648	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
1652	mscorsvw.exe
1252	mscorsvw.exe
2412	mscorsvw.exe
1252	mscorsvw.exe
1972	mscorsvw.exe
284	mscorsvw.exe
284	mscorsvw.exe
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2124	Greenshot.exe
2124	Greenshot.exe
2124	Greenshot.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	greenshotocrcommand.exe

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "16"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\getgreenshot.org	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\getgreenshot.org\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\paypal.com\Total = "16"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BDA6F9B1-703F-11EF-9527-EAF82BEC9AF0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.paypal.com\ = "16"	IEXPLORE.EXE

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot\shell\open\command	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open\command	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\.greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.greenshot\ = "Greenshot"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot\DefaultIcon	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\ = "Greenshot File"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\DefaultIcon\ = "C:\\Program Files\\Greenshot\\Greenshot.EXE,0"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open\command\ = "\"C:\\Program Files\\Greenshot\\Greenshot.EXE\" --openfile \"%1\""	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2124	Greenshot.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2124	Greenshot.exe

Suspicious use of FindShellTrayWindow 46 IoCs

pid	Process
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
1060	iexplore.exe
2124	Greenshot.exe
2124	Greenshot.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2124	Greenshot.exe
2124	Greenshot.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1060	iexplore.exe
1060	iexplore.exe
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE
756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2768	2648	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	30
PID 2648 wrote to memory of 2768	2648	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	30
PID 2648 wrote to memory of 2768	2648	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	30
PID 2648 wrote to memory of 2768	2648	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	30
PID 2648 wrote to memory of 2768	2648	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	30
PID 2648 wrote to memory of 2768	2648	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	30
PID 2648 wrote to memory of 2768	2648	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	30
PID 2768 wrote to memory of 3016	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	31
PID 2768 wrote to memory of 3016	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	31
PID 2768 wrote to memory of 3016	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	31
PID 2768 wrote to memory of 3016	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	31
PID 2768 wrote to memory of 1168	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	33
PID 2768 wrote to memory of 1168	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	33
PID 2768 wrote to memory of 1168	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	33
PID 2768 wrote to memory of 1168	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	33
PID 2768 wrote to memory of 2208	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	40
PID 2768 wrote to memory of 2208	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	40
PID 2768 wrote to memory of 2208	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	40
PID 2768 wrote to memory of 2208	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	40
PID 2768 wrote to memory of 1060	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	44
PID 2768 wrote to memory of 1060	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	44
PID 2768 wrote to memory of 1060	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	44
PID 2768 wrote to memory of 1060	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	44
PID 1060 wrote to memory of 756	1060	iexplore.exe	45
PID 1060 wrote to memory of 756	1060	iexplore.exe	45
PID 1060 wrote to memory of 756	1060	iexplore.exe	45
PID 1060 wrote to memory of 756	1060	iexplore.exe	45
PID 2768 wrote to memory of 2124	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	48
PID 2768 wrote to memory of 2124	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	48
PID 2768 wrote to memory of 2124	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	48
PID 2768 wrote to memory of 2124	2768	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	48
PID 2124 wrote to memory of 888	2124	Greenshot.exe	49
PID 2124 wrote to memory of 888	2124	Greenshot.exe	49
PID 2124 wrote to memory of 888	2124	Greenshot.exe	49
PID 2124 wrote to memory of 888	2124	Greenshot.exe	49

C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
"C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Users\Admin\AppData\Local\Temp\is-6CP17.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-6CP17.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$50150,1293027,131584,C:\Users\Admin\AppData\Local\Temp\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\is-R1MV0.tmp\_isetup\_setup64.tmp
    helper 105 0x2A8
    3⤵
    - Executes dropped EXE
    PID:3016
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\Greenshot.exe"
    3⤵
    PID:1168
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 104 -InterruptEvent 0 -NGENProcess f4 -Pipe 100 -Comment "NGen Worker Process"
      4⤵
      PID:1648
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 164 -InterruptEvent 0 -NGENProcess 104 -Pipe 15c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:2412
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 184 -InterruptEvent 0 -NGENProcess 168 -Pipe 180 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:1652
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ac -InterruptEvent 0 -NGENProcess 18c -Pipe 17c -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:1252
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1ac -InterruptEvent 0 -NGENProcess 164 -Pipe 1b8 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:1972
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\GreenshotPlugin.dll"
    3⤵
    PID:2208
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 104 -InterruptEvent 0 -NGENProcess f4 -Pipe 100 -Comment "NGen Worker Process"
      4⤵
      PID:1084
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 104 -InterruptEvent 0 -NGENProcess fc -Pipe f4 -Comment "NGen Worker Process"
      4⤵
      Drops file in Windows directory
      Loads dropped DLL
      PID:284
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1060
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1060 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:756
- - C:\Program Files\Greenshot\Greenshot.exe
    "C:\Program Files\Greenshot\Greenshot.exe" /language en
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2124
  - - C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe
      "C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe" -c
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Greenshot\Greenshot.exe.config

Filesize
423B

MD5
607cf0cb207fe62914afb1d252002de5

SHA1
7e9979e5244f6cd3640cf5bc429c29ea9f80c656

SHA256
e1f91b7391b071117b03be8e8a21fb644e83a624bfa9ea76a4389e8f2ea7027c

SHA512
552c0b846b8a9a487aa27a9158ec01dc35f47f4cf932540adbf3bebad34ed85422213e73ab9f826648d9340ab0d867eab71d23c4b7b06ca1f0775aab9683d096

Download Submit
C:\Program Files\Greenshot\GreenshotPlugin.dll

Filesize
447KB

MD5
9ffceb225f44cf2aeb6fbb51c77fd12d

SHA1
3658d7ec2f0de037f909d59c8a51783fa2ec885e

SHA256
697f06fe82a419c2a32d5f8819ff857e70c2052e253389780469ce114bd8efe7

SHA512
8ba2910c71b347eea24650b996bc26dff3393c0416be0ac8a6fb6014cc61a9e705e770bc9909c2247dae025e1c13738c9a4f249ef9414ffd8ef668a4caa9eeb1

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-cs-CZ.xml

Filesize
1KB

MD5
f85c6c79b6ac8001561f3a9a41d4213b

SHA1
d3590b973f13bb92d843ae032ebae5c32cb59f9e

SHA256
934453e0626a9d0e4e12bfe834b14b7e757219017ff023ee87becfd98ab0ef04

SHA512
0f4103c09b38430c8d37a09ebbbab5ecaa0be72b6ab9f741d71faa26bfe25b320c190fa6209e194eb2d55584ec41deccc6a25f850106a32fb395747d092d2cda

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-de-DE.xml

Filesize
837B

MD5
ef2cf55aa8273433ac9bc0c94e5932b6

SHA1
fd6c91b7b9def2e864ab6cf5632d0ca81f58de11

SHA256
51cae4140a51f8c272dbdebe1706dddda7d7b1f9769b0cf8942534eb83acc531

SHA512
aa73fe1f50849574fb0e67b6c7c54c206d7b43528ad234904990147b986933c91563847a224acf61bbd28b6a04bc63cf3f3cfef987925ea5741664021add3627

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-en-US.xml

Filesize
826B

MD5
83120bb41321702ee5397446cfcdf818

SHA1
02fd4679077abcd1fea3e428bf41d2dd9b9a7202

SHA256
e0655468f017198446450d7aef03185ace03be27681098b054910c94aaf7c099

SHA512
5f6d1a87b8851e4d654473765345ba383eec186c41295c66f030cfc7204716eb63cf06ed69c9e4b3088e391367ad99744686bdee5ac7a5b201aa4b87b8bcff0d

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-fr-FR.xml

Filesize
988B

MD5
0714716280bd8617fb4093c8e06c996a

SHA1
b3a9d237bd099497dc6bb75b75717f76a9492196

SHA256
29e108a62595fb9cda547610a9d03d2cbd9832321ab21be675f52afedcc4da52

SHA512
2e3fac8b6a84e7409dd0dd3ae12eaab7c73a589d7108528a3c4a3de93ae5a158fbfb810ada6aa980630eadf9b0b86b9a9d2422005e41751aea502cf0cbb70e99

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-id-ID.xml

Filesize
831B

MD5
45f8640a4e0a240cf956037c53717953

SHA1
7d0d95b2840e83703d76661da4a2b6d26f07449d

SHA256
0fcf1341dd0c48173f3a075d12a3044d22a1c0dedc13f1fc6e0dd9b74a9eb16d

SHA512
b5e8d65381530955fed17f4bdefb3abc75f549002944883dc35a13652ead56daa8d00ef01bbf078d53a260bf45311c9095dbf7958923a17175467f74d50e3a9c

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-it-IT.xml

Filesize
880B

MD5
e234ddd5b696af23528acb79041ea5c1

SHA1
3f73cca399ca197b989f3e66b9b9b2b85a8e0a67

SHA256
d58c99e7c871d30ee507bda8c26318842cf680be776f63e55357380dbabf13dd

SHA512
66505c0eff22d30c36c38d7c80092c865642ebdb592f0bd2140b15558169db148b6968cc902c0d83d8e044e9198267e292251cdf4ed15fda2b8050eca9b109db

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-kab-DZ.xml

Filesize
876B

MD5
b30ace96b6f310d36c57daedb3407faf

SHA1
a452551329cf0be9ec6cda5ab67ef226179183ca

SHA256
0ae11b78905df0feea86b433c398bf402c18c7e2d5a0b4e8bca711d240e4ae73

SHA512
e51e6583c0809a9a4e5258186d5bcee98a805e7232284e8c0233f539fed09827756df8f40c1fdb96e62d8b1069644e3f2eb6c07b0016190f7950807f1ef5b4e4

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-ko-KR.xml

Filesize
830B

MD5
22bc36f022dfc5898802671989bbe675

SHA1
41d6356a9df17ea8633042ec328272f85125b718

SHA256
2f0305a5410f4d011382ca43b8725c250b04ee722c5550ee1b9d7c0d72f2cc94

SHA512
0b1dad40d98b9fbca75a4fac486238c06ee142c173c2bf51835d93262c0240d6fdce508277e9e198a03821682795e2dc34214e67ea99d67467d9d06575065770

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-lv-LV.xml

Filesize
953B

MD5
0ec47cf5b351478277db1478c4deaee2

SHA1
1fc3660b7ebae1e64500e3255da2c4e23005e3ee

SHA256
50ea016bcc3e7640104d32bd117377835db18cec434f1aa49ca11f4612e409e5

SHA512
491f3294e5a5e29e63a631054b2a543635bb57016c5eededea4dd8fa1ac36a6e5f4521bbf779624fbecf15aa742ae1cbffff3815f38f7afa624deb9bd809018f

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-pl-PL.xml

Filesize
818B

MD5
083528c290d361ae7405e8780d362644

SHA1
133defc3f9819cffa65ad9ceb607fc97277712a1

SHA256
e0ebdb22913227ef364ed6c39b172bb98ed3cae39267155cbd5e9e66a278dc37

SHA512
fc45ad5e81eb1432a9de8bf69b19d54ab04f6c702fa5097b544522a28daa4d21043b8508fb327eae6f7ccd872c1dc923bb5322980ab7324109134dcf84399865

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-pt-PT.xml

Filesize
879B

MD5
7c8b9112f06592b5d9235591b384aa9a

SHA1
e62443cd751a865155ddd2526909f93e06a8fe23

SHA256
62b67c344917bf9421b69bfa6f71a1ca6ceb6f00261ac09a9b10ab3e7742c4d0

SHA512
33a9d2f7a510c72d0ef7e8bcfa612bc93b52914880a2a9f434a842fcb911f10e03e5ca7fbdcb865ec828b1e9467ab63d6d414038fc05b1e6c9bc158ca82347ba

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-ru-RU.xml

Filesize
984B

MD5
ec5828c7ffc2cc2ec74c44e61e88ba3d

SHA1
1c9f283d286e0286fd41d1aa9ccf4a56a7c7eb95

SHA256
5ed053da2ed8dca0cab3736f9d8d5ad82a68c206b7f91d50a94aa3bc4786027d

SHA512
6ee766938573f3e259acf8cedd620e2f3d1d4a3f6c9f79db2acc69338d3dacdf993ff596a15b52efabeb2409f8182345ff82c1ccc3f4565c1efbd04ec5c92fc3

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-sr-RS.xml

Filesize
981B

MD5
1e1daf76d8bfffb4416fec8e1089db7f

SHA1
06b31943aadb13e3ab9a38a744fdd2eea653186e

SHA256
f29fa78b558df082e3577baf52727659a3861204d3f4fdbc91ae63bb2465b4f1

SHA512
c6133c1e01e6ae7bc23ab3696e24a212927c3976ee1ac120d93d6f0d6844aaf143c95671caf93cfe08d3133d9b782c0bd57a705c58ab94d1f787dd817feb28c8

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-sv-SE.xml

Filesize
834B

MD5
ab4385501114e551b4ab278275d20b98

SHA1
091c8ac4a31d630775b3a79fe3d86adc1e13a198

SHA256
ea1b3f5625589801605daf252eccb991c068c7cf15f3a7ab4214f96a0ac216c2

SHA512
3b1b57710a5662c4aa4de55b2cf5ba3204bb9e9b30088501f980b4884b2f0ff16e3d0ac055fe1169145cb269f6f2d7659980dd34c7b9937243ea7a1b982eed41

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-uk-UA.xml

Filesize
1018B

MD5
4fd30f7bca5af7ff55e838b07c4b87df

SHA1
163bc11a03799d17532b7912c03d3f114b6b55d5

SHA256
5cae7eacd630f3ddd7dcb59b21ecc3d00716b33f8492959a197f953bc06aae2d

SHA512
a5f212dfb5cc0266afb52ba1f5bc3e2499de09b38ead835b488b3731855ba0c74cc4cf75eba047a31b6678a1d51570634e81f4c8bd0a16033ae6a4938de85ac6

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-zh-CN.xml

Filesize
793B

MD5
1340d586beb7a3b072f60d26f3a12799

SHA1
3784a5876ddb1f5d5abee22ec41f6fd8f5d29bc5

SHA256
6f30934f2799aa14ca32b9861a856a65610e8c36d70f1af812ff1b2fce24ecc4

SHA512
9b57cb298fae2645573ddfc022ff380b77bdad386b7bbfe6758e7c3c2a799c0fc987ba67aa26a0f9f5563cf150814d5c48c686cc7bfb418f8e49bc5ace4e6e30

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotBoxPlugin\language_boxplugin-zh-TW.xml

Filesize
783B

MD5
edcfd6acd102c2babc62ab31b66d9369

SHA1
a1543bf3839cd8c437af5316ff68b00f606b5020

SHA256
3d305372db9f22f2db2601abfcd21ecf34e5b3621fb4b3afe4234ba45f7e3b31

SHA512
9d4f8dabe70c21bef5ceb04561806a50a20c86b6a41127333d367d373f6aecf03b71530bc7f3dbd2634cd7a0794385e42b7d551108af81bbb05c0bdc1493e636

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-cs-CZ.xml

Filesize
1KB

MD5
60838b7578ba1ceb12423df9c2e802e2

SHA1
1186289ee5708a5e98927bcbbc9e3d9dd450c4f1

SHA256
8c3de8eaec780b3a8c9be5c366376274fca2f7f6ca1fc247af450aa2684dc7a3

SHA512
e65dc8b74f10787fbaa4565d5eb914cd6664640867a04ce231d0fc2d828047c4d533adf132180b7898051379bfdb2b8857f5b8c84f92c74e80c9602ea583aeee

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-de-DE.xml

Filesize
1KB

MD5
8392ecab0955c5b169757926d2a75371

SHA1
7c1cd9c1569cf8776cbd13b8524b17ada695fa04

SHA256
f19c8d03558136d2b7d174c4c89bcd5b3063422d56f0173d19b9a24355261062

SHA512
8a01fe1770ca16005044b094ab8e88d277b639b513d4ead7f4040c0b4ab0021908877df4347a01c025457c3b6c0bcc8e112109751d9f444b353945f8a6cc1a1b

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-en-US.xml

Filesize
1KB

MD5
b1c7501ba80d7d0061c185cc91fb7560

SHA1
25a2c42901851f1cdd70d80b431f81eb360aa2a2

SHA256
6ed010c12dd4d5c90b7fa9a0925c65749449513f9571bf965b1ff78598c62997

SHA512
9a04ff454c4a25812c5bc59fb7b70b4e453607a4244fb2627114e8bb57d03f1f03101446fc9f036f54ac77d14d53c2640f86d3dd8ced58e3574f4cdaf7804883

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-fr-FR.xml

Filesize
1KB

MD5
2228f3e0d562c70d83d94e7478f8c348

SHA1
1f4e48014e742e592a5dda73fe847d4b92811019

SHA256
a9e5b6e333f5c108ac866d9f73245a44aac4fa39bab6c2bb55bcc9e1fe8a1dd3

SHA512
06fa34c68525e3a30d416ca1cc1499fb664e47442d8b2c52b3e35cdfca18c5ce17e298e32ce96b79cd3887b38c4ea8cae24ba9a242d4c8108b63ba256cf2e137

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-id-ID.xml

Filesize
1KB

MD5
353c3f660cd3e1b675f4d9f1cad5a25c

SHA1
b52b7ce937cd6cebfecd5c06628c0c76a2033af3

SHA256
b395cc9ff8d580f586248d9b31c00ab830aacb7e0a76c8c57faa6d79431fdbca

SHA512
53eca30e44e28b96cb3de211336de3a5960fdb6f2430ede31f3e2526e2088404194a5f16441b9aa3eb1cdc8f4ee1a02fc8a398720602f76ac7141209cefbe787

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-it-IT.xml

Filesize
2KB

MD5
18d2d9cb43d45fa5142d2eb342179676

SHA1
fe1c216a2049f8d5ca6ebc36ada2d25fc7fc1a24

SHA256
e28f3366530654d6b1b02c01af006fdf84b42e71f050c1abac01c347a2db0345

SHA512
2f5e5bdceae55a438eb2d370522f58c5d1f13b87711845faf6a76c2351d383168416c016da5abf772b665da64ef5110d8def99f08b82b9c57ded7a48325cecbf

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-kab-DZ.xml

Filesize
1KB

MD5
e4d7b72913116e3969e0c562e2a8566b

SHA1
9821e4988dd14d2a46b823758d04877867359902

SHA256
bd73ff2fe611cdd5e21b1ce9588f003f8bbceb2da43c619b4690814551f8e7ac

SHA512
1ae63dc9ddc31ba738d5e6078f16f87673a686f27a0ae1019f21be4cfb93a3c5c588b36a22babc2746c496c6aaa780aec7f69e6d753646bf9a2b0aaed9ce88b0

Download Submit
C:\Program Files\Greenshot\Languages\Plugins\GreenshotConfluencePlugin\language_confluenceplugin-ko-KR.xml

Filesize
1KB

MD5
edd0212a02cfe7970d8f2e23fee320e2

SHA1
58aba56b8f203dfe263a84ed2c08801d7ef8bf1c

SHA256
b16ea1e11c22c7bd55a2407a5e700663b51b2d1dd6ebd69ef80311d69f607706

SHA512
96b3946957930cd695c0d5868786c6882eaa35404f48c06fb2338a3c1debef1c3d8c0243cf29d3b5e3dba9ac3cabbb16477a8e4ab8b0c4260c6bafb54d15ef9f

Download Submit
C:\Program Files\Greenshot\Languages\language-de-DE.xml

Filesize
23KB

MD5
5bb8d3f5032b557249b155200f8e9de2

SHA1
a888b88b71c89067f79bbd570c523f96cdec7f6e

SHA256
fc84949780d112cbc2534868cc2a2f7c098d6d40753ada576411b0ece82a44d0

SHA512
61b2e5101898015a6e391eac2e572a6fba86f686060c30ec2cdc4b4030214d4157a10aebef1bdf273719608689d32fb96f472ca4b38196c4b1f73f83234db0f5

Download Submit
C:\Program Files\Greenshot\Languages\language-en-US.xml

Filesize
22KB

MD5
3933519bb13fbbd82a22c762e97db486

SHA1
34bf3736bbf3ca9fd40ec9e514079f24221f40e0

SHA256
8713627e6eec1b09ecffa0d9e71d3d0d4ae99b75408ba0da8c1115a7cdca6114

SHA512
25ea729a2065574324db3b96cf9490bd6f58c1dac192d52e7402e8cb32eed5fa134534e2beeb04797ab5e1b6bc3a16e8ca45b58d313ac5da935f8253f4e0b7ed

Download Submit
C:\Program Files\Greenshot\Languages\language-nl-NL.xml

Filesize
22KB

MD5
f84c21e890cd14ac30c96727791e60df

SHA1
f54d1ed6288eaf4162c492bb0897dcad93bb5405

SHA256
85230847998029548872f95ffa4e9a2018f1084a581939f8fc5d4346ea6db7ad

SHA512
e84497e61dda1270ae461129b808dc5f749e16a465ae432f7cbc0bb3e5e4d5f36d73863670634f7e5a8914ca9e6f1f28e612058dc5170611a0452941932e718c

Download Submit
C:\Program Files\Greenshot\LinqBridge.dll

Filesize
72KB

MD5
8786edae35ac469b8a80e443d387e968

SHA1
cd51f58c61c8c8a8ebd4428f6a2e4b98a446c215

SHA256
e9d98dcf877357127db02dd36d2a0c6eb6c8561ea802d910b6a9c62c75243e94

SHA512
ea0074b3b0ae46a8c9faeba13305147748104787757b5c78e1915be73d5a33e39f108cca2c5e6c70e3b0f76f3a6adc7365d3a14afd16de198201a7f31e245571

Download Submit
C:\Program Files\Greenshot\log4net.dll

Filesize
216KB

MD5
c10193a05427df7e422abbbd733e059e

SHA1
d8db7f68218bd39c0e758fcde4a7c0f18ce1cb81

SHA256
b44c644dcb302ef0fe827a40f947c68e689cb20a162defed655599e90a47fba6

SHA512
12ec16a5127deba51e5e35b63645f7ba710cac146d4969b35545f0aab01ed3f9d32e887fa6b5187195d65df9b7a7a7da8764bf0e5a69887a2002c0b8a0c7a13a

Download Submit
C:\Program Files\Greenshot\log4net.xml

Filesize
1KB

MD5
76b1bef0cad73c9c8bc52294221e15c0

SHA1
1f9c4975b0fc35c17dae9c0cfc635bb0c7eff878

SHA256
73f2751080ccf92ef64b2096bed37608219acb4353e9b6d7c5a463c035014448

SHA512
c3d2e11663be659c018f2967428871e7a3fcf57ebe16c436f8b8f1657cd659d334df6715a61620244a8b64353b69da3eb76aaf79bd74dedeb340e665bb52e456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6525274CBC2077D43D7D17A33C868C4F

Filesize
959B

MD5
d5e98140c51869fc462c8975620faa78

SHA1
07e032e020b72c3f192f0628a2593a19a70f069e

SHA256
5c58468d55f58e497e743982d2b50010b6d165374acf83a7d4a32db768c4408e

SHA512
9bd164cc4b9ef07386762d3775c6d9528b82d4a9dc508c3040104b8d41cfec52eb0b7e6f8dc47c5021ce2fe3ca542c4ae2b54fd02d76b0eabd9724484621a105

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
1021169586c32c8b1f7865d16c1b24a1

SHA1
daa6f51c6ae2c3667fc1a912b6f441335049c907

SHA256
876c4691aa01a3e3c8ab94caaba195df9fd22b8201c5fc204ffcbac14174b8c8

SHA512
f6b27d6b6349f5c5fd7b3d9d079abe4199547f170c4089c7aa1cc1d4e0099de997e2cdce6f7ad3f7b6613df4c8833628443810a04a540eece2a40da881eaf23e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6525274CBC2077D43D7D17A33C868C4F

Filesize
192B

MD5
20301312ce12fc013633e13454a01a6e

SHA1
23013caa1010e38256d7447f287dbb1b1ffa6176

SHA256
4fc13eaf7ec1445130572e96009be55f85830d8f42026c4293d3d37779549b75

SHA512
1f35011f5f15ffae5ba9858accf92785087f75650584f6c5405983c5ab30f3a9b06183669056780eba84ffba2cdee7e7ee6abe32bdc1e905f52d61841bdc24f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98afcc9cf47c74162c317bb200355867

SHA1
a031def5fc697b59748ee4abae09e15910a58ca4

SHA256
92837288870527c752f231aeb5bf2ffdcf96c564f77b2ca819c7f9f0764a5360

SHA512
26b08349cab244efe780f9e95e7d9b1d70d149fb9a91c7f5f9d3e28ff1f2515aa2956dab6b861b15724692f493984bef5d2676aa3d3d56d9b833d6d71f72ab63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c63040e2b5b01dd12abc32ccf2b729eb

SHA1
a6a51ee2d1da613219b9ded66298a26b695ddcf3

SHA256
66e28ac5255f44fda8077a18d84ef8fe8e4825e783c13ac11bf431a941d6f7f9

SHA512
056d6acc4d7756d5aa4769d37781493ef2c523af8d09302dfe37feda4358aee64ba0ff725ec4768db7b345cc13c0f61b6aa5c17ba175dbb074c11c9fe28f3aba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d61e54fbd41b8d04362055de2f448ef

SHA1
5703ee1133b57d77f8ad1cedd2df1fce06b56a26

SHA256
453dc86bf772d4e2f50c3f14608336980269bfe08de036c8708a0551a777e0f8

SHA512
7a6a9f43fa8a1a2898672e7e9ba473cce1ed0094777787a91bff79caed4d2eb496beb0318f682b22973fac5e041c6943d58ff35912fb5f2910a153386134aee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c5471be84be5232140c0e446ac19213

SHA1
94cd96afd80116882677acf570b8a47a204ddc99

SHA256
04182d41363541e044fee383340d7ec5f2f4e3a601e262507986d3ca9c01e9c2

SHA512
9ddefc490c1908f57020684be7ec8f4ae08daa0e26205122710d38c482793b9dba5498f308225adda0fe6d77c5108febd6d1ea1ccd1cbc44ea2ab32cc43277c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5bc7bdb8d8e26cca6c8dda8c67ff2f2

SHA1
ab79127580b94dcd572473cdcc27c70fad38e7df

SHA256
39dfc756dfef80b379f35b32a8067ee8651c2db118a4006e6811d89db8bf6141

SHA512
464c4ca18c11e912bfb5c40fe5c10e5ee8291d5c05064ea55ffd08b26d4d1090923c0e9032bc319803f9e75bda36cf717f7e268fb51bb57a2e62ea81ea3bbedf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32818eb2d1f68d5d8128d5e6c51fcfc6

SHA1
8b90b8dd49bfabc6785d1fc06c192fe69b4107f3

SHA256
86c0d37f7ba1fb32be7b5117d9a37b864c28f06d1046fd4a0f700191e4627220

SHA512
fe18b49c1d536e6ef3c327963b05fbfd6ce4a8ec108eb268cd0b320daf41cc71d2528cf8fc33c8fc67ad25b9b125e0c80c21ac6dc19e785fa6bd96d9c2e26fe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
647e8900591f7e509402d94356d62e33

SHA1
27a6d73904fb87ba92ac1d89fe91aac55cee781f

SHA256
9c78f12de2a8eb64649e32075d8bfa2428da5aad416607510c2480858ba4f55c

SHA512
e0c9618131f8ac72141c936fef30f05802c95ce81d301ea747cd343e64b150bddac7bba9ddec64da79e7a1774d3a37c91ab24030ef83fede1242596ca2446760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdbaf43da6a9068fde51c13bf46f1763

SHA1
65f01288cacd2188f6124474bbfc3289a1f8dfc4

SHA256
8989b7fa5802d4d0c4afc0699cbcb3b266adca1a52554b30cb5f1f92ee348794

SHA512
be0458de5affa68ddad34afcb22c6991104381f298de1c8b85f051ceec4bba9884b79247a5776aa5be5371bbb24e06defd5395a783895a0b38be9e7dd05821f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
616e7f1924ebd72e3f892efe5d7be9e6

SHA1
33a87f6d02388addd0fe39d3ca6a371c3d8b5930

SHA256
81a4f5a1f018e4b9987a7d25f1c2c738f03c5e89d5604a5d85d8c09cbecc8289

SHA512
a569ac5777e8a6baf201938f539d58b9dc3ad435fe8c68c9c8585168856a56d505aeb2be2c52b3aa527a6404bac0a580add1fbdb3148cc587db09617ef6f2f07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55cc9415b465cab961841168e968c62d

SHA1
48382fda8bc6aa3b7fb6526c5219acfbc4a35b25

SHA256
321e4cbffc85a08e64afcc587b62fc1591f1a36250baf039e66498240c1945b2

SHA512
c88315b6a0f80988b2bd248465dc18f864c1b5ba9b6729f5cbf403c5b3af5f931d214a0a4519d96682298c67225e6f89a91b48acc42348e1c80d248a445f9e61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b11a25fe04a5d5276ab4cb6c9c95c283

SHA1
1c62aef183a9c77e27f4426ef23320f30e4e92fa

SHA256
7a78fbc0d1bb930f35850f3676e71bec4be1c39057ca88f550bd6e8b21818d4b

SHA512
9b53887a2b50761d57ef77299b984d5a4f9c218f8c17015753d569e2eaddcae9bef264884ffd0dcd78bbce3c389ea884be7421586666dec74fbc55152f73fc0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29ba9eda921c57989c293b2e0f828fd9

SHA1
7dbfe2bfbd911a9913ca00d70e05e4f7ba72d23e

SHA256
a0384c9e73e3ce0aeeed5dc7ff0dbe1c0b8b3bdcd3a3ec4d242f26da896e180f

SHA512
43917c38665b589773f4d84f429a3451f15b9dc2250eae2478c886823aba514f4af1cfba39b10de7b521556ecfd66d5e69740ce94d7d7f0b9d087f571cadbffd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0aa126021644191fc0dc8a7a11ee302d

SHA1
f5bf031865261359b8a1191b60e5385648cbd889

SHA256
518fcd96c3614f1f293ee28c6e3140b78ec9fe35c9b7bfdad509a54995634128

SHA512
842a9c5e3a3d79e64b969faf07a8f9dc8f31c53a01f117efdb513aba7e3e13ab822f1ecefe0bf0ca2dcbac18e4e2c8c8b96a626318e85a1733f95d24aa064137

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab874B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar87BB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\f604cef4931b67f5ec2985bc665b55e4\GreenshotPlugin.ni.dll.aux

Filesize
1KB

MD5
abb373bbe092eb2ea459d4e1d830b51e

SHA1
b49e6e7417c698fc73e7dda96dbf4934f8643fd2

SHA256
a3b6054a7eca7ac3ccb0fb9465b30fbbe340705673e2261202cdaf20c82b562c

SHA512
2352f64c4fa1bd738c064421dfc6444e291763a315c69e80f9b0e3c381be57b832356771278ac60e8df10dd935e4167553d28d62deb0e8910d82667900bc74dc

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\a29ea947e6999e5552446b01be2b13d0\Greenshot.ni.exe.aux

Filesize
1KB

MD5
856804206c0e0df38dd3aeff11747be6

SHA1
859acd975848004e54373e613ad6d72672402f00

SHA256
e6815fcba8258649da63856a446fc4f0b3985138b0c7843032d522c6fec7ffe8

SHA512
a7787df63c593fc45f2e1c6801591a9efea939341148df42fc800edd4359c82269faa1f660ddcbd21ce4467a95aa01b5a8af23f881eac2af7143eee973c7f2f7

Download Submit
C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\a9f816e307a807784823161bb6f8ed0d\log4net.ni.dll.aux

Filesize
1KB

MD5
a210ef148e0aef8ce5c76161f1bbfdd8

SHA1
eee022e6bb666710ed30c6b3821d0566019e1deb

SHA256
03473dd96c499e0936736da90bea5750d2d874c2f8464168848213c4a62bc65b

SHA512
4866d49d30dc2c547c96561225b5890e812b4c7a40971f05b2f2a9dc461642b4df0674ee11402e86294b393ae26de9272d22822344de0e89fe8bcd7d84a2ffc0

Download Submit
\Program Files\Greenshot\Greenshot.exe

Filesize
515KB

MD5
346d22939e3079901f0dfac7add71c94

SHA1
67ea9f4f56c7c4189745aab05c614a6e615d9e7e

SHA256
fdc3900da9cf5b4b7f4b461eb54f2f7abf2af104de8bfdd0b7f6a46f092f9cc6

SHA512
3d845aee807f6fc711f212229595ba2dfeec760c649b7b0f4398cba8091fab8eb63dd551b46f49840a2de2c2b872130b4b5e90f95ff2757381e96be4b066122d

Download Submit
\Users\Admin\AppData\Local\Temp\is-6CP17.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Filesize
1.1MB

MD5
d1a078992e232919ea834226aea627a8

SHA1
53f5af8c06721ef5b62f56037e3b57dc4b517eaf

SHA256
655da9c7f64ef8f0f48160c76b8dc5443aaba63e8c6b3534a266e9cd5a18489f

SHA512
e056370322e58725961c024d1f322d31066bffd8b8d77f80fc14d2b5861788ef00e5ebc3fa6f51a6b0a94bdb02e8fffea48926716275754dd77bbe0fb8e221f8

Download Submit
\Users\Admin\AppData\Local\Temp\is-R1MV0.tmp\_isetup\_setup64.tmp

Filesize
6KB

MD5
e4211d6d009757c078a9fac7ff4f03d4

SHA1
019cd56ba687d39d12d4b13991c9a42ea6ba03da

SHA256
388a796580234efc95f3b1c70ad4cb44bfddc7ba0f9203bf4902b9929b136f95

SHA512
17257f15d843e88bb78adcfb48184b8ce22109cc2c99e709432728a392afae7b808ed32289ba397207172de990a354f15c2459b6797317da8ea18b040c85787e

Download Submit
\Users\Admin\AppData\Local\Temp\is-R1MV0.tmp\isxdl.dll

Filesize
121KB

MD5
48ad1a1c893ce7bf456277a0a085ed01

SHA1
803997ef17eedf50969115c529a2bf8de585dc91

SHA256
b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3

SHA512
7c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4

Download Submit
\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC717.tmp\GreenshotPlugin.dll

Filesize
2.1MB

MD5
18636b26f461955f45a861b1e238fdab

SHA1
69a2e699fa20994af476ee2e9601c1089a1f04de

SHA256
7b9771bfa18574531a9aed48dd13b81963339a9ebe56c76ac127f7366848b307

SHA512
c90fe72f21daee6a4457b6a19bf6c9fddab11c103725e0a90de7fd8e086e3ad0023fea8fb28e943ceea317143c59d27135978d466acf0ff06495c1ae382d8d27

Download Submit
\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\f604cef4931b67f5ec2985bc665b55e4\GreenshotPlugin.ni.dll

Filesize
1.8MB

MD5
235bc7a5abe1eb7e6fab66d50556c7e1

SHA1
e82532e11007aa42f5a23a3bcf91697864f1d3ee

SHA256
898debd19872d654e27e8c8b1ae04be81c6b83fb2cf4fecaf455827863629369

SHA512
45d8a7d293c21d8829607fd9e88ac7165fe249932bee25c3daa66025b48a18111300742e647eef86315daa46e9b625ec000cfe276c4abcbd4b24b055aa0ce82b

Download Submit
\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\a29ea947e6999e5552446b01be2b13d0\Greenshot.ni.exe

Filesize
1.8MB

MD5
49c2bbef95580b062063343e1a696e73

SHA1
a9680d3a2697820547ee43960913ef26d93d254e

SHA256
3f6622c5619ff7ee8c39c50df826a4ca4fe82fe6347c7fab27794a54ca73d45f

SHA512
49b40289e749159743643083c439faaf845838ebb2e9cc670ad9f420bc417fd95193933d6f5f3ee2522002988f5a63e69fc31f0ce583695712fd56bb2f417b03

Download Submit
\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\f00868af4598f427f377a5354f13804c\LinqBridge.ni.dll

Filesize
742KB

MD5
19db047bc5e65a81b06529a0a1c97cdb

SHA1
e73ca748bc02c996afc52bfa358c3930721f289e

SHA256
c19b7bcc48ce4570b8d18038969daa31981eaa66d9cf1cb18e6c5d688b17f174

SHA512
e78cba55e9a1d90b8f02e03928f8eeb4be3e3a8f3d70230ca96a75ab4029eeeecc617cf04964502c27be1f86f95563f85dfad206892a8c6cb6b2e1ed5931d6fc

Download Submit
\Windows\assembly\NativeImages_v4.0.30319_64\log4net\a9f816e307a807784823161bb6f8ed0d\log4net.ni.dll

Filesize
705KB

MD5
564dda83dc43601512edf5edfac81b55

SHA1
4fc863f9fa052686c266ae23e46af00a9638178a

SHA256
deb47d0d26108ae06195c46ff7a0c3ab3ebd400c021a0b5bad3fd2f911179398

SHA512
50f28d72ca71677f53b0832b1865f3d945cd4705dfd73a1a088f4b9afef52a0eb8eb482e11c4e77595b2765505f20e56a802b992d75e19ef493a5df041690157

Download Submit
memory/284-854-0x0000000002690000-0x0000000002700000-memory.dmp

Filesize
448KB

Download
memory/284-1068-0x000000001D4C0000-0x000000001D98E000-memory.dmp

Filesize
4.8MB

Download
memory/284-1069-0x0000000002130000-0x000000000216A000-memory.dmp

Filesize
232KB

Download
memory/284-1070-0x0000000002700000-0x0000000002716000-memory.dmp

Filesize
88KB

Download
memory/888-1746-0x0000000000DE0000-0x0000000000DEA000-memory.dmp

Filesize
40KB

Download
memory/1084-741-0x0000000001FA0000-0x0000000001FB6000-memory.dmp

Filesize
88KB

Download
memory/1084-526-0x0000000001F20000-0x0000000001F90000-memory.dmp

Filesize
448KB

Download
memory/1084-740-0x0000000000320000-0x000000000035A000-memory.dmp

Filesize
232KB

Download
memory/1252-495-0x00000644A0000000-0x00000644A01D0000-memory.dmp

Filesize
1.8MB

Download
memory/1648-451-0x0000000002A00000-0x0000000002A82000-memory.dmp

Filesize
520KB

Download
memory/1648-454-0x00000000005F0000-0x000000000062A000-memory.dmp

Filesize
232KB

Download
memory/1648-458-0x0000000000630000-0x0000000000646000-memory.dmp

Filesize
88KB

Download
memory/1648-456-0x0000000002170000-0x00000000021E0000-memory.dmp

Filesize
448KB

Download
memory/1652-459-0x0000000000150000-0x000000000018A000-memory.dmp

Filesize
232KB

Download
memory/1652-462-0x00000644A2000000-0x00000644A20B3000-memory.dmp

Filesize
716KB

Download
memory/1972-510-0x0000000000160000-0x0000000000176000-memory.dmp

Filesize
88KB

Download
memory/1972-511-0x000006448A000000-0x000006448A0BC000-memory.dmp

Filesize
752KB

Download
memory/2124-1738-0x000000001A820000-0x000000001A82C000-memory.dmp

Filesize
48KB

Download
memory/2124-1741-0x000000001AF30000-0x000000001AF3A000-memory.dmp

Filesize
40KB

Download
memory/2124-1754-0x000000001E970000-0x000000001E992000-memory.dmp

Filesize
136KB

Download
memory/2124-1696-0x0000000000330000-0x0000000000346000-memory.dmp

Filesize
88KB

Download
memory/2124-1745-0x000000001BD10000-0x000000001BD1A000-memory.dmp

Filesize
40KB

Download
memory/2124-1744-0x000000001B8D0000-0x000000001B8DC000-memory.dmp

Filesize
48KB

Download
memory/2124-1743-0x000000001B8C0000-0x000000001B8CC000-memory.dmp

Filesize
48KB

Download
memory/2124-1742-0x000000001B8A0000-0x000000001B8BA000-memory.dmp

Filesize
104KB

Download
memory/2124-1740-0x000000001BC70000-0x000000001BCD2000-memory.dmp

Filesize
392KB

Download
memory/2124-1739-0x000000001A830000-0x000000001A840000-memory.dmp

Filesize
64KB

Download
memory/2124-1692-0x0000000001010000-0x0000000001092000-memory.dmp

Filesize
520KB

Download
memory/2124-1694-0x00000000002C0000-0x0000000000330000-memory.dmp

Filesize
448KB

Download
memory/2124-1737-0x0000000001000000-0x000000000100E000-memory.dmp

Filesize
56KB

Download
memory/2124-1695-0x0000000000460000-0x000000000049A000-memory.dmp

Filesize
232KB

Download
memory/2124-1736-0x0000000000BC0000-0x0000000000BCA000-memory.dmp

Filesize
40KB

Download
memory/2124-1734-0x00000000004B0000-0x00000000004BC000-memory.dmp

Filesize
48KB

Download
memory/2124-1735-0x0000000000EF0000-0x0000000000F08000-memory.dmp

Filesize
96KB

Download
memory/2412-461-0x0000000000560000-0x0000000000576000-memory.dmp

Filesize
88KB

Download
memory/2412-480-0x0000064488000000-0x00000644881CA000-memory.dmp

Filesize
1.8MB

Download
memory/2412-460-0x0000000002030000-0x00000000020A0000-memory.dmp

Filesize
448KB

Download
memory/2648-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2648-14-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2648-1753-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2648-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/2768-19-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2768-692-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2768-1183-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2768-17-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2768-15-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2768-1752-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download
memory/2768-8-0x0000000000400000-0x000000000052F000-memory.dmp

Filesize
1.2MB

Download