Edit tour

Windows Analysis Report
https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe

Overview

General Information

Sample URL:	https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
Analysis ID:	1572350
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected hidden input values containing email addresses (often used in phishing pages)

Detected potential crypto function

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTML page contains hidden javascript code

HTTP GET or POST without a user agent

May sleep (evasive loops) to hinder dynamic analysis

PE file contains executable resources (Code or Archives)

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Searches for the Microsoft Outlook file path

Sigma detected: Usage Of Web Request Commands And Cmdlets

Sigma detected: Use Short Name Path in Command Line

Stores large binary data to the registry

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Uses insecure TLS / SSL version for HTTPS connection

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

cmd.exe (PID: 7232 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" > cmdline.out 2>&1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

wget.exe (PID: 7312 cmdline: wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)

Greenshot-INSTALLER-1.2.10.6-RELEASE.exe (PID: 1424 cmdline: "C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" MD5: C16F86882D5A102ED7A0FBBC0874D102)

Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp (PID: 5960 cmdline: "C:\Users\user~1\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$20446,1293027,131584,C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" MD5: D1A078992E232919EA834226AEA627A8)

_setup64.tmp (PID: 8068 cmdline: helper 105 0x4F4 MD5: E4211D6D009757C078A9FAC7FF4F03D4)

conhost.exe (PID: 8076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ngen.exe (PID: 8116 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\Greenshot.exe" MD5: B6C3FE33B436E5006514403824F17C66)

conhost.exe (PID: 8124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mscorsvw.exe (PID: 8172 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 0 -NGENProcess 1c4 -Pipe 1d0 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 1412 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2a0 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 5732 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2b0 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 968 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 268 -Pipe 264 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 7128 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2c0 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 7172 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2ec -Pipe 2ac -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 7248 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2e0 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 7324 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 2cc -Pipe 274 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 7388 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 2dc -Pipe 2f4 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

ngen.exe (PID: 1504 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\GreenshotPlugin.dll" MD5: B6C3FE33B436E5006514403824F17C66)

conhost.exe (PID: 3020 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mscorsvw.exe (PID: 1748 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 0 -NGENProcess 1bc -Pipe 1cc -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 2176 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 240 -InterruptEvent 0 -NGENProcess 1d8 -Pipe 234 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 2840 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 264 -Pipe 258 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 2516 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 25c -Pipe 264 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 7888 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 254 -InterruptEvent 0 -NGENProcess 280 -Pipe 268 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 6212 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 0 -NGENProcess 278 -Pipe 260 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 2648 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 278 -Pipe 238 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

mscorsvw.exe (PID: 5696 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 250 -Pipe 278 -Comment "NGen Worker Process" MD5: 412A3FB0C25743DA59375C1E298933EA)

chrome.exe (PID: 968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 7388 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1960,i,9764115327004208509,2367936537875850385,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

Greenshot.exe (PID: 6512 cmdline: "C:\Program Files\Greenshot\Greenshot.exe" /language en MD5: 346D22939E3079901F0DFAC7ADD71C94)

Greenshot.exe (PID: 6996 cmdline: "C:\Program Files\Greenshot\Greenshot.exe" MD5: 346D22939E3079901F0DFAC7ADD71C94)

GreenshotOCRCommand.exe (PID: 7076 cmdline: "C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe" -c MD5: 7FA84430DF989E08A34EAFDBA8C9B86E)

cleanup

Sigma Signatures

System Summary

Sigma detected: Invoke-Obfuscation CLIP+ Launcher

Source: Process started

Author: Jonathan Cheong, oscd.community: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1020, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" > cmdline.out 2>&1, ProcessId: 7232, ProcessName: cmd.exe

Sigma detected: Invoke-Obfuscation VAR+ Launcher

Source: Process started

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" > cmdline.out 2>&1, CommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" > cmdline.out 2>&1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1020, ProcessCommandLine: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" > cmdline.out 2>&1, ProcessId: 7232, ProcessName: cmd.exe

Sigma detected: Use Short Name Path in Command Line

Source: Process started

Author: frack113, Nasreddine Bencherchali: Data: Command: "C:\Users\user~1\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$20446,1293027,131584,C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" , CommandLine: "C:\Users\user~1\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$20446,1293027,131584,C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, NewProcessName: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, OriginalFileName: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, ParentCommandLine: "C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe", ParentImage: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, ParentProcessId: 1424, ParentProcessName: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, ProcessCommandLine: "C:\Users\user~1\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$20446,1293027,131584,C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" , ProcessId: 5960, ProcessName: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Suricata Signatures

ETPRO MALWARE Common Downloader Header Pattern H

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-10T13:39:03.540452+0100	2803305	3	Unknown Traffic	192.168.2.7	49732	172.67.164.214	80	TCP
2024-12-10T13:39:05.202487+0100	2803305	3	Unknown Traffic	192.168.2.7	49733	172.67.164.214	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6

HTTP Parser: getgreenshot@gmail.com

Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6

HTTP Parser: Base64 decoded: [null,null,null,3]

Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	HTTP Parser: No favicon
Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	HTTP Parser: No favicon
Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	HTTP Parser: No favicon
Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	HTTP Parser: No favicon
Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	HTTP Parser: No favicon
Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	HTTP Parser: No favicon
Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	HTTP Parser: No favicon
Source: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 172.67.164.214:443 -> 192.168.2.7:49730 version: TLS 1.0

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation. GNU GENERAL PUBLIC LICENSE Version 3 29 June 2007 Copyright (C) 2007 Free Software Foundation Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The GNU General Public License is a free copyleft license forsoftware and other kinds of works. The licenses for most software and other practical works are designedto take away your freedom to share and change the works. By contrastthe GNU General Public License is intended to guarantee your freedom toshare and change all versions of a program--to make sure it remains freesoftware for all its users. We the Free Software Foundation use theGNU General Public License for most of our software; it applies also toany other work released this way by its authors. You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthem if you wish) that you receive source code or can get it if youwant it that you can change the software or use pieces of it in newfree programs and that you know you can do these things. To protect your rights we need to prevent others from denying youthese rights or asking you to surrender the rights. Therefore you havecertain responsibilities if you distribute copies of the software or ifyou modify it: responsibilities to respect the freedom of others. For example if you distribute copies of such a program whethergratis or for a fee you must pass on to the recipients the samefreedoms that you received. You must make sure that they too receiveor can get the source code. And you must show them these terms so theyknow their rights. Developers that use the GNU GPL protect your rights with two steps:(1) assert copyright on the software and (2) offer you this Licensegiving you legal permission to copy distribute and/or modify it. For the developers' and authors' protection the GPL clearly explainsthat there is no warranty for this free software. For both users' andauthors' sake the GPL requires that modified versions be marked aschanged so that their problems will not be attributed erroneously toauthors of previous versions. Some devices are designed to deny users access to install or runmodified versions of the software inside them although the manufacturercan do so. This is fundamentally incompatible with the aim ofprotecting users' freedom to change the software. The systematicpattern of such abuse occurs in the area of products for individuals touse which is precisely where it is most unacceptable. Therefore wehave designed this version of t
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation. GNU GENERAL PUBLIC LICENSE Version 3 29 June 2007 Copyright (C) 2007 Free Software Foundation Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The GNU General Public License is a free copyleft license forsoftware and other kinds of works. The licenses for most software and other practical works are designedto take away your freedom to share and change the works. By contrastthe GNU General Public License is intended to guarantee your freedom toshare and change all versions of a program--to make sure it remains freesoftware for all its users. We the Free Software Foundation use theGNU General Public License for most of our software; it applies also toany other work released this way by its authors. You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthem if you wish) that you receive source code or can get it if youwant it that you can change the software or use pieces of it in newfree programs and that you know you can do these things. To protect your rights we need to prevent others from denying youthese rights or asking you to surrender the rights. Therefore you havecertain responsibilities if you distribute copies of the software or ifyou modify it: responsibilities to respect the freedom of others. For example if you distribute copies of such a program whethergratis or for a fee you must pass on to the recipients the samefreedoms that you received. You must make sure that they too receiveor can get the source code. And you must show them these terms so theyknow their rights. Developers that use the GNU GPL protect your rights with two steps:(1) assert copyright on the software and (2) offer you this Licensegiving you legal permission to copy distribute and/or modify it. For the developers' and authors' protection the GPL clearly explainsthat there is no warranty for this free software. For both users' andauthors' sake the GPL requires that modified versions be marked aschanged so that their problems will not be attributed erroneously toauthors of previous versions. Some devices are designed to deny users access to install or runmodified versions of the software inside them although the manufacturercan do so. This is fundamentally incompatible with the aim ofprotecting users' freedom to change the software. The systematicpattern of such abuse occurs in the area of products for individuals touse which is precisely where it is most unacceptable. Therefore wehave designed this version of t

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-9BKE2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-3402H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-G9E21.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-GVUTT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-RVI0E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-27J1D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-7U8BG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-E5BO5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-KO0QL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-MC6NE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-IRQOL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-2ONKT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-CHBHE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-7C8CC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-95VG8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-KBTLU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-NUHDI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\is-G7CBU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-DUKD2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-MRB0V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-9BCBO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-FDC5S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-USGTQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-GVCVO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-LJMSO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-4I4DV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-6ES59.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-CUV03.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-KVI5B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-QQIRU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-DU2Q6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-8IOJL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-1KBU9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-7IKBI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-KPD7A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-09RG9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-TB4K9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-CS2SJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-R1LBC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-OV1FK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\is-FRL84.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-N6JIO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-K0SP5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-JFAFH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-NCLEH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-M0KLP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-UV2ND.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-U1AHL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-CP1G8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-MHBHF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-B3Q0Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-UDNRQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-4Q0A2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-GBILI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-KKV47.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-OOONO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-069CN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-R9NLP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-G2E4A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-UCHJ6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\is-3MASU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-E2P9S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-1EONR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-O4IVT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-PTFJG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-D85DK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-54S9J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-7Q7JK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-884T4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-PSN0P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-NANO9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-42284.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-8F0QI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-NKK72.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-G11MM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-QABR4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-0F80J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-9EC87.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-GVUBH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\unins000.msg	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Greenshot_is1

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.7:49700 version: TLS 1.2

Source:	Binary string: System.Deployment.ni.pdbRSDS source: System.Deployment.dll.22.dr
Source:	Binary string: C:\projects\greenshot-72hao\GreenshotPlugin\obj\Release\GreenshotPlugin.pdbH source: GreenshotPlugin.dll.31.dr
Source:	Binary string: c:\dev\pub\LINQBridge\src\obj\Release\LinqBridge.pdb source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569380621.0000000002E32000.00000002.00000001.01000000.00000018.sdmp, is-27J1D.tmp.12.dr
Source:	Binary string: Greenshot.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: System.Runtime.Serialization.Formatters.Soap.pdbH source: System.Runtime.Serialization.Formatters.Soap.dll.39.dr
Source:	Binary string: log4net.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2058297328.00007FFB1C340000.00000020.00000001.01000000.0000000F.sdmp, log4net.dll.24.dr
Source:	Binary string: System.Security.ni.pdbRSDS source: Greenshot.exe, 00000022.00000002.2588319126.00007FFB0B8EA000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: System.Deployment.pdb source: System.Deployment.dll.22.dr
Source:	Binary string: System.Security.pdbH source: System.Security.dll.38.dr
Source:	Binary string: System.Data.SqlXml.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2585647048.00007FFB0A5D5000.00000020.00000001.01000000.00000015.sdmp, System.Data.SqlXml.dll.20.dr
Source:	Binary string: c:\dev\pub\LINQBridge\src\obj\Release\LinqBridge.pdb source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569380621.0000000002E32000.00000002.00000001.01000000.00000018.sdmp, LinqBridge.dll.26.dr, is-27J1D.tmp.12.dr, LinqBridge.dll.42.dr
Source:	Binary string: System.Data.SqlXml.ni.pdbRSDS2 source: Greenshot.exe, 00000022.00000002.2585647048.00007FFB0A5D5000.00000020.00000001.01000000.00000015.sdmp, System.Data.SqlXml.dll.20.dr
Source:	Binary string: C:\projects\greenshot-72hao\GreenshotPlugin\obj\Release\GreenshotPlugin.pdb source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr
Source:	Binary string: System.Security.pdb source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2588319126.00007FFB0B8EA000.00000020.00000001.01000000.00000014.sdmp, System.Security.dll.38.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.Soap.pdb source: System.Runtime.Serialization.Formatters.Soap.dll.39.dr, System.Runtime.Serialization.Formatters.Soap.dll.23.dr
Source:	Binary string: C:\projects\greenshot-72hao\Greenshot\obj\Release\Greenshot.pdb source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: GreenshotPlugin.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: d:\Bjornar\SVN\istool\isxdl\trunk\source\Release\isxdl.pdb source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, isxdl.dll.12.dr
Source:	Binary string: c:\dev\pub\LINQBridge\src\obj\Release\LinqBridge.pdbH source: LinqBridge.dll.42.dr
Source:	Binary string: System.Data.SqlXml.pdb source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2585647048.00007FFB0A5D5000.00000020.00000001.01000000.00000015.sdmp, System.Data.SqlXml.dll.20.dr, System.Data.SqlXml.dll.33.dr
Source:	Binary string: LinqBridge.ni.pdb source: LinqBridge.dll.26.dr
Source:	Binary string: GreenshotPlugin.ni.pdbRSDS source: Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: LinqBridge.ni.pdbRSDSC source: LinqBridge.dll.26.dr
Source:	Binary string: System.Security.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2588319126.00007FFB0B8EA000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: System.Deployment.ni.pdb source: System.Deployment.dll.22.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.Soap.ni.pdbRSDS source: System.Runtime.Serialization.Formatters.Soap.dll.23.dr
Source:	Binary string: Greenshot.ni.pdbRSDS source: Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: System.Data.SqlXml.pdbH source: System.Data.SqlXml.dll.33.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.Soap.ni.pdb source: System.Runtime.Serialization.Formatters.Soap.dll.23.dr
Source:	Binary string: C:\projects\greenshot-72hao\GreenshotImgurPlugin\obj\Release\GreenshotImgurPlugin.pdb source: Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\Local\Temp\is-G0Q8E.tmp\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\	Jump to behavior

Source: global traffic	HTTP traffic detected: GET /project-feed/ HTTP/1.1Host: getgreenshot.org
Source: global traffic	HTTP traffic detected: GET /project-feed/ HTTP/1.1Host: getgreenshot.org

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49732 -> 172.67.164.214:80
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.7:49733 -> 172.67.164.214:443

Source: unknown

HTTPS traffic detected: 172.67.164.214:443 -> 192.168.2.7:49730 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 40.81.94.65
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: github.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /github-production-release-asset-2e65be/36756917/239aedb0-7d29-11e7-9f9c-d36ec4466ade?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241210T123752Z&X-Amz-Expires=300&X-Amz-Signature=701b82f72e9824a14055b0ba2b558b900cdd163eeb2d7e05257d383f92379f85&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DGreenshot-INSTALLER-1.2.10.6-RELEASE.exe&response-content-type=application%2Foctet-stream HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like GeckoAccept: /Accept-Encoding: identityHost: objects.githubusercontent.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /project-feed/ HTTP/1.1Host: getgreenshot.org
Source: global traffic	HTTP traffic detected: GET /en_US/i/btn/btn_donate_SM.gif HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /en_US/i/scr/pixel.gif HTTP/1.1Host: www.paypalobjects.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /en_US/i/btn/btn_donate_SM.gif HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www.paypalobjects.com/en_US/i/scr/pixel.gif?resize=1%2C1&ssl=1 HTTP/1.1Host: i1.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /en_US/i/scr/pixel.gif HTTP/1.1Host: www.paypalobjects.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www.paypalobjects.com/en_US/i/scr/pixel.gif?resize=1%2C1&ssl=1 HTTP/1.1Host: i1.wp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getconfig/sodar?sv=200&tid=gda&tv=r20241205&st=env HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://getgreenshot.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/html/r20241205/r20190131/zrt_lookup_fy2021.html HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&h=280&slotname=6875409483&adk=755143415&adf=2071877279&pi=t.ma~as.6875409483&w=728&abgtt=9&fwrn=4&fwrnh=100&lmt=1723972423&rafmt=1&format=728x280&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032217&bpp=8&bdt=6466&idt=3963&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=5666469010253&frm=20&pv=2&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=273&ady=28&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=3987 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&h=600&slotname=7992105487&adk=2585668214&adf=2175242420&pi=t.ma~as.7992105487&w=160&abgtt=9&fwrn=4&fwrnh=100&lmt=1723972423&rafmt=1&format=160x600&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032225&bpp=1&bdt=6475&idt=3995&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x280&correlator=5666469010253&frm=20&pv=1&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=847&ady=1332&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4002 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1723972423&plaf=2%3A2&plat=1%3A16777216%2C3%3A65536%2C4%3A65536%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=29_18~30_19&aiixl=29_5~30_6&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032226&bpp=18&bdt=6475&idt=4012&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x280%2C160x600&nras=1&correlator=5666469010253&frm=20&pv=1&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fsapi=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&fsb=1&dtd=4019 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2.js HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rtimp?a=imp&cr=carmax_ng&d=getgreenshot.org&gid=&im=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo&p=Z1g2egAAb00JHUgeAA9H_H6qw2u5BGnAjTxAng&sid=c81371f9-b6f3-11ef-af82-e26199aa924a HTTP/1.1Host: g.rtbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/polyfills-a3f452c3.js HTTP/1.1Host: cdn.rtbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-3059519d.js HTTP/1.1Host: cdn.rtbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-a5279e2a.css HTTP/1.1Host: cdn.rtbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=C-L59ejZYZ83eAZ6Q9fgP_I-9OL2qz8116aLc1sQSwI23ARABIABgyQaCARdjYS1wdWItODQ4NDg0NjQ0MjM3NjEzNsgBCagDAcgDAqoE8wFP0MhR3hqXkZQE2fUWBf3Bb3S5g292P6eUxUBHL5GYS8IAEqOfE8oLwhteeqW0MJ_VlEKEvbDBtLCE9bD7Jt2xJykoLO_dLpAiMU2sB4cErAf7yFLT2PvYg1zs3TX1z5nhXTDzNSI3qYyJ15BXwq0kbC7F8LWWIWGbuwAajbBzZrDm-gIMJ3_p74KvVPcoPA3yuwwizgWfZPCGXOYPzk8FastSL6NoXTpggnijcT_39M_hsgsgnp-fUVp9dykiU1gNGGYrQL7TuvCYWrJ6WjpCoyN5zT4YsE6DJnWwyP9VKmBdq3zyu0cBUfHLrxxeA4lTwNaABpippfDUnNG1wgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggkCIBhEAEyAooCOguAQIDAgICAoKiAAki9_cE6WLLh_amcnYoDgAoB-gsCCAGADAHQFQGAFwGyFxwKGBIUcHViLTg0ODQ4NDY0NDIzNzYxMzYYABgM&sigh=LE62tMTwQ9U&uach_m=%5BUACH%5D&cid=CAQSTgCa7L7dkUEwvysm0omZeyqmMY2IecxIT5i9jyZEkSh9328Jb_yQutv-Dvmbf7Ijzfdr6nTQSw53ndWIbiiJ1308boz5Uk9NphtuuIRomhgB HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&h=600&slotname=7992105487&adk=2585668214&adf=2175242420&pi=t.ma~as.7992105487&w=160&abgtt=9&fwrn=4&fwrnh=100&lmt=1723972423&rafmt=1&format=160x600&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032225&bpp=1&bdt=6475&idt=3995&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x280&correlator=5666469010253&frm=20&pv=1&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=847&ady=1332&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=4002Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic	HTTP traffic detected: GET /rtimp?a=imp&cr=ext_download_ghst_inss&d=getgreenshot.org&gid=&im=iJvJQRYYxVLUTnxY11srwZ9dznCv0UIHp9dE0CV_3LsDI3m0jJAOgF0Zajbw7YWcQ4ILez6nNRnitwUOcInviVtG_OLFkOLnRn-VUms5btfXLhXBuHlrO8q3mAerQSYZgajYp48cDrvdIHPGO_iFQIEvsbdvxV4uvBZheSGcnc__GhKSRPcobOba82MfPdOsR4oQGmORGJsGqC46WEqPBTc5OMtYZQLR9EePwiLSbsF-JdIFUhOBEj2IyPx8PjrqLTd7B3s1G0k2ZB-7puPed9hhC7gBXwqAgGZld14ZmKZJMS8cLVHosdEtAoKGgFNqt10dQkJ1HsYIDH45TLZ10cpaIDDKO5W5SruprYJHADttusuQHCMJ7xDK0Ev5YK701yyqvGvfbwbphCUWhl75HA&p=Z1g2egAASr0JHV4uACWP6MSw3tfFij6Sy6wWdA&sid=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0 HTTP/1.1Host: g.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-a5279e2a.css HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/polyfills-a3f452c3.js HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-3059519d.js HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/polyfills-a3f452c3.js HTTP/1.1Host: cdn.rtbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-3059519d.js HTTP/1.1Host: cdn.rtbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; sid_cross=c81371f9-b6f3-11ef-af82-e26199aa924a
Source: global traffic	HTTP traffic detected: GET /sig.js?rpclid=c81371f9-b6f3-11ef-af82-e26199aa924a&params=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo HTTP/1.1Host: serve.rtbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; sid_cross=c81371f9-b6f3-11ef-af82-e26199aa924a
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/aframe HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2/232/runner.html HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2.js HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/adview?ai=Cg_5dejZYZ72VAa689fgP6J-WiQq9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTg0ODQ4NDY0NDIzNzYxMzbIAQmoAwHIAwKqBO4BT9BaH_Xsayn0jrRizsVJb12-2qoA290oDT_oNduzws0yHNMwiGv2SC3G4be9vpdwIpHzsKnQOcgi0iXlS_1-yiiWHcg2m0mOP-uTZ6lhrJ-SGRtQ8vcj5kqlIOR_tKa26hwZHkUOirLY-Qfu35GhOfs-hcjHy1EYeUoQ9js7EQIWpVxsfJEpnq46aZJJKVuNfcIREkWBYUF__-BnsjmrvZLb_YVh2WXJj0K9rWwH2WTJcMqaqwtuuLLLqgU98nzLMrT35oqSZ0mUpsTq_lxnR5YxTuAM0x2KMG2XbZEGC7PUT8A5W5WDP2goNP9NyYAGnaSUm9G6s9j4AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCQIgGEQATICigI6C4BAgMCAgICgqIACSL39wTpYoZz9qZydigOACgH6CwIIAYAMAdAVAYAXAbIXHAoYEhRwdWItODQ4NDg0NjQ0MjM3NjEzNhgAGAw&sigh=fNH2etI9AxE&uach_m=%5BUACH%5D&cid=CAQSTwCa7L7de9ATykTwRm-jhetQQwZQRHe0Bx4W-YwhJTwgyBRcMze5exyX3tPOljHhMNup4ZWjnAQnJfXm3AL4ck9Fw6NEOT20LaryUcfU4BcYAQ HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUl7bEiM1pMffYYFORw3NI3bmRBeLznbIFuSND5_fmhhNS6nppnXaPPN1HjeziA
Source: global traffic	HTTP traffic detected: GET /sig.js?rpclid=c81371f9-b6f3-11ef-af82-e26199aa924a&params=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo HTTP/1.1Host: serve.rtbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; sid_cross=c81371f9-b6f3-11ef-af82-e26199aa924a
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/polyfills-a3f452c3.js HTTP/1.1Host: cdn.bidbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0
Source: global traffic	HTTP traffic detected: GET /sig.js?rpclid=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0&params=iJvJQRYYxVLUTnxY11srwZ9dznCv0UIHp9dE0CV_3LsDI3m0jJAOgF0Zajbw7YWcQ4ILez6nNRnitwUOcInviVtG_OLFkOLnRn-VUms5btfXLhXBuHlrO8q3mAerQSYZgajYp48cDrvdIHPGO_iFQIEvsbdvxV4uvBZheSGcnc__GhKSRPcobOba82MfPdOsR4oQGmORGJsGqC46WEqPBTc5OMtYZQLR9EePwiLSbsF-JdIFUhOBEj2IyPx8PjrqLTd7B3s1G0k2ZB-7puPed9hhC7gBXwqAgGZld14ZmKZJMS8cLVHosdEtAoKGgFNqt10dQkJ1HsYIDH45TLZ10cpaIDDKO5W5SruprYJHADttusuQHCMJ7xDK0Ev5YK701yyqvGvfbwbphCUWhl75HA HTTP/1.1Host: serve.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0
Source: global traffic	HTTP traffic detected: GET /sig.js?rpclid=c812f8fb-b6f3-11ef-b5ce-4a840417bddb&params=d5B36PTD6GfsEN-e7fxJaNcDMUSKi5P70KsDpxFAmaxAsM8KDqOFqu6b2mpH6lXAoarZ5Ya1NVxc9LL9JF6qsc2AaxY530LyCtUeiS-4fWrV0PJAbIDbxJTlY6K613jNsTw1TZ38uAZMMxdghlTHgQ7XV2HI5z5m6wpEft1-7ylyfHNUsREaUBYkXQWjjeZ9TQvVLVfnHPdiFsGvDe8f43mDFj1aljNHC6pCtIdxHZNXOQMq91mnpF2Qdumxe1UAyLrAM1NyrIdgxghUVnvvl4bnFnQB1JUiriZniGxbgyNPMVQQqwnAll_TqRxt2waHm3eqKrWf2bZOyyprVsi3leKtsDtFJiFwyX4TXoDhPoElK9AWjprOnaA6zirFVrqWNxpsA7bIB1xBKDSaeu67Fw HTTP/1.1Host: serve.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-3059519d.js HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /compressedFonts/RobotoRegular.woff2 HTTP/1.1Host: cdn.rtbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20241205&jk=1514068227346676&bg=!ISKlIm3NAAbFeMsx5Xg7ADQBe5WfOB9119Cj1DcyUMgddx4gDxsWDbiOkBVYSjIHlsTSj-fAWxcPhdA7X-4RGC9yhhQsAgAAAidSAAAABGgBB34ANsJ2BL9gXZ-v3P0G4SKo8D96TE0qrceCXb4NI-pkYZRFm6hO86raecEOw0Qvv6KN-vhhNK4BnJkCh9Z6CuHiy0sA8bZ09YAHwOa17RJA0-N6N8p0MAk3mY2Red2Hu6q6H2IN0YRk5wFaiDuF2mt-KFNQjsIhAcfYx9E2alDbH3eYTa3RCwmkuZc7_Pm-L-XXZuC5VwxgR4gbSXg0xjr5XQkoJefbj4DUaDFT45_HNsNRPXI5pbyXRUN8fJPhF15nJ9B4CnoNnvMzbgoOv9J7db4x8j9smw89EKqxGfUa9iZRl41uaYDB4yEQcl1X-d-ljIqhj3QMNj07etMRhm5Gaq6zI02h-elkEeK3uGGzGS747kPqKVhUFJNj71rAJFwPvicg8NO9UyeyC-vt2ijBXWhCwbijJjz0qDeVjCYSUwDcLEPqgAzozm4gB0F2-lE9eheCBkwG7u_yT5QZLgJrexANolekbAc2NNyNOSX-IbD0gqf-3BLCR5V71dIF9o5d0UKjQoAc2o6NmHmT94-B-kB27abRsy0jmKFSOPMmY-nfStKrmXHeyWR9Tm-f5OBdfgn69UfKYvy3FER9owoNc6Kw_AeVk3KtoXz4gHjvNNnco0vpszCCuFPH3onP78MITZBtQrBXl4wHzCpRqBdkQtZueIPu1lzH-joRT2lqKbPyowRhHd7no_Pm_TejgY4QfUXetH_sJbx42Jbbqh2vTND9ZmcIjipkg9XWH3ZUzXL3VzxAi7Npk4cFTvzo6tujSDjOuLD1nX-extz0Is95hBQPJScCgtFce2Hgsp5pp_D3JpwiEANEt6i1r4TfzNFRiT7OvHyn1iEPRuBTEHy881FEmBcKZBT8Y-3olg2kTBq4yB7f5d50xoAHyH9NlM_rM-i8vkCvzhCcqpdTmN9V4WbRxmIH4o1e1JfnY7gBvphA HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://getgreenshot.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sig.js?rpclid=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0&params=iJvJQRYYxVLUTnxY11srwZ9dznCv0UIHp9dE0CV_3LsDI3m0jJAOgF0Zajbw7YWcQ4ILez6nNRnitwUOcInviVtG_OLFkOLnRn-VUms5btfXLhXBuHlrO8q3mAerQSYZgajYp48cDrvdIHPGO_iFQIEvsbdvxV4uvBZheSGcnc__GhKSRPcobOba82MfPdOsR4oQGmORGJsGqC46WEqPBTc5OMtYZQLR9EePwiLSbsF-JdIFUhOBEj2IyPx8PjrqLTd7B3s1G0k2ZB-7puPed9hhC7gBXwqAgGZld14ZmKZJMS8cLVHosdEtAoKGgFNqt10dQkJ1HsYIDH45TLZ10cpaIDDKO5W5SruprYJHADttusuQHCMJ7xDK0Ev5YK701yyqvGvfbwbphCUWhl75HA HTTP/1.1Host: serve.bidbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c812f8fb-b6f3-11ef-b5ce-4a840417bddb
Source: global traffic	HTTP traffic detected: GET /sig.js?rpclid=c812f8fb-b6f3-11ef-b5ce-4a840417bddb&params=d5B36PTD6GfsEN-e7fxJaNcDMUSKi5P70KsDpxFAmaxAsM8KDqOFqu6b2mpH6lXAoarZ5Ya1NVxc9LL9JF6qsc2AaxY530LyCtUeiS-4fWrV0PJAbIDbxJTlY6K613jNsTw1TZ38uAZMMxdghlTHgQ7XV2HI5z5m6wpEft1-7ylyfHNUsREaUBYkXQWjjeZ9TQvVLVfnHPdiFsGvDe8f43mDFj1aljNHC6pCtIdxHZNXOQMq91mnpF2Qdumxe1UAyLrAM1NyrIdgxghUVnvvl4bnFnQB1JUiriZniGxbgyNPMVQQqwnAll_TqRxt2waHm3eqKrWf2bZOyyprVsi3leKtsDtFJiFwyX4TXoDhPoElK9AWjprOnaA6zirFVrqWNxpsA7bIB1xBKDSaeu67Fw HTTP/1.1Host: serve.bidbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c812f8fb-b6f3-11ef-b5ce-4a840417bddb
Source: global traffic	HTTP traffic detected: GET /ext/download-icon_1697445891.svg+xml HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c812f8fb-b6f3-11ef-b5ce-4a840417bddb
Source: global traffic	HTTP traffic detected: GET /rtimp?sid=c81371f9-b6f3-11ef-af82-e26199aa924a&d=getgreenshot.org&cr=carmax_ng&gid=&im=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo&p=Z1g2egAAb00JHUgeAA9H_H6qw2u5BGnAjTxAng&r=1824723530&a=ipv4&ow=1050&oh=964&iw=160&ih=600&tzof=300&tz=America%2FNew_York&pxr=1&cts=1733838048.462&cto=5169&edx=8&furl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fus_privacy%3D1---%26client%3Dca-pub-8484846442376136%26output%3Dhtml%26h%3D600%26slotname%3D7992105487%26adk%3D2585668214%26adf%3D2175242420%26pi%3Dt.ma~as.7992105487%26w%3D160%26abgtt%3D9%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1723972423%26rafmt%3D1%26format%3D160x600%26url%3Dhttps%253A%252F%252Fgetgreenshot.org%252Fthank-you%252F%253Flanguage%253Den%2526version%253D1.2.10.6%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.%26dt%3D1733838032225%26bpp%3D1%26bdt%3D6475%26idt%3D3995%26shv%3Dr20241205%26mjsv%3Dm202412040102%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie_enabled%3D1%26eoidce%3D1%26prev_fmts%3D728x280%26correlator%3D5666469010253%26frm%3D20%26pv%3D1%26u_tz%3D-300%26u_his%3D1%26u_h%3D1024%26u_w%3D1280%26u_ah%3D984%26u_aw%3D1280%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D847%26ady%3D1332%26biw%3D1017%26bih%3D870%26scr_x%3D0%26scr_y%3D0%26eid%3D31089337%252C95344791%252C95347444%252C95345966%26oid%3D2%26pvsid%3D1514068227346676%26tmod%3D1978764241%26uas%3D0%26nvt%3D1%26fc%3D896%26brdim%3D10%252C10%252C10%252C10%252C1280%252C0%252C1050%252C964%252C1034%252C870%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26bz%3D1.02%26td%3D1%26tdf%3D0%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26nt%3D1%26ifi%3D2%26uci%3Da!2%26btvi%3D1%26fsb%3D1%26dtd%3D4002&ctp=creative&cnm=carmax_ng HTTP/1.1Host: g4.rtbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; sid_cross=c81371f9-b6f3-11ef-af82-e26199aa924a
Source: global traffic	HTTP traffic detected: GET /ng-assets/creative/assets/index-3059519d.js HTTP/1.1Host: cdn.bidbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c812f8fb-b6f3-11ef-b5ce-4a840417bddb
Source: global traffic	HTTP traffic detected: GET /compressedFonts/RobotoRegular.woff2 HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ext/download-icon_1697445891.svg+xml HTTP/1.1Host: cdn.bidbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c812f8fb-b6f3-11ef-b5ce-4a840417bddb; uid=ca740cdc-b6f3-11ef-8869-8e971abbe572; mid=c812f8fb-b6f3-11ef-b5ce-4a840417bddb
Source: global traffic	HTTP traffic detected: GET /ext/download-icon_1697445891.svg+xml HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://googleads.g.doubleclick.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "6974aee9af84143b4ac5c739f1707c95"If-Modified-Since: Mon, 16 Oct 2023 08:44:50 GMT
Source: global traffic	HTTP traffic detected: GET /compressedFonts/RobotoBold.woff2 HTTP/1.1Host: cdn.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://googleads.g.doubleclick.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ext/download-icon_1697445891.svg+xml HTTP/1.1Host: cdn.bidbrain.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c812f8fb-b6f3-11ef-b5ce-4a840417bddb; uid=ca740cdc-b6f3-11ef-8869-8e971abbe572; mid=c812f8fb-b6f3-11ef-b5ce-4a840417bddbIf-None-Match: "6974aee9af84143b4ac5c739f1707c95"If-Modified-Since: Mon, 16 Oct 2023 08:44:50 GMT
Source: global traffic	HTTP traffic detected: GET /rtimp?sid=c812f8fb-b6f3-11ef-b5ce-4a840417bddb&d=getgreenshot.org&cr=ext_download_ghst_inss&gid=&im=d5B36PTD6GfsEN-e7fxJaNcDMUSKi5P70KsDpxFAmaxAsM8KDqOFqu6b2mpH6lXAoarZ5Ya1NVxc9LL9JF6qsc2AaxY530LyCtUeiS-4fWrV0PJAbIDbxJTlY6K613jNsTw1TZ38uAZMMxdghlTHgQ7XV2HI5z5m6wpEft1-7ylyfHNUsREaUBYkXQWjjeZ9TQvVLVfnHPdiFsGvDe8f43mDFj1aljNHC6pCtIdxHZNXOQMq91mnpF2Qdumxe1UAyLrAM1NyrIdgxghUVnvvl4bnFnQB1JUiriZniGxbgyNPMVQQqwnAll_TqRxt2waHm3eqKrWf2bZOyyprVsi3leKtsDtFJiFwyX4TXoDhPoElK9AWjprOnaA6zirFVrqWNxpsA7bIB1xBKDSaeu67Fw&p=Z1g2egAAWW0JHUZ-ADklyrwLHwZQwsqy7w3aMA&r=1987032298&a=ipv4&ow=1050&oh=964&iw=0&ih=0&tzof=300&tz=America%2FNew_York&pxr=1&cts=1733838056.788&cto=9419&edx=9&furl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20241205%2Fr20190131%2Fzrt_lookup_fy2021.html%23RS-0-%26adk%3D1812271802%26client%3Dca-pub-8484846442376136%26fa%3D2%26ifi%3D4%26uci%3Da!4%26btvi%3D2&ctp=creative&cnm=ext_download_ghst_inss HTTP/1.1Host: g4.bidbrain.appConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; sid_cross=c812f8fb-b6f3-11ef-b5ce-4a840417bddb
Source: global traffic	HTTP traffic detected: GET /project-feed/ HTTP/1.1Host: getgreenshot.org

Source: global traffic	DNS traffic detected: DNS query: github.com
Source: global traffic	DNS traffic detected: DNS query: objects.githubusercontent.com
Source: global traffic	DNS traffic detected: DNS query: getgreenshot.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: consent.cookiebot.com
Source: global traffic	DNS traffic detected: DNS query: www.paypalobjects.com
Source: global traffic	DNS traffic detected: DNS query: i1.wp.com
Source: global traffic	DNS traffic detected: DNS query: consentcdn.cookiebot.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: imgsct.cookiebot.com
Source: global traffic	DNS traffic detected: DNS query: api.flattr.com
Source: global traffic	DNS traffic detected: DNS query: ep1.adtrafficquality.google
Source: global traffic	DNS traffic detected: DNS query: ep2.adtrafficquality.google
Source: global traffic	DNS traffic detected: DNS query: g.rtbrain.app
Source: global traffic	DNS traffic detected: DNS query: cdn.rtbrain.app
Source: global traffic	DNS traffic detected: DNS query: g.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: cdn.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: fundingchoicesmessages.google.com
Source: global traffic	DNS traffic detected: DNS query: serve.rtbrain.app
Source: global traffic	DNS traffic detected: DNS query: serve.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: g4.rtbrain.app
Source: global traffic	DNS traffic detected: DNS query: g6.rtbrain.app
Source: global traffic	DNS traffic detected: DNS query: g4.bidbrain.app
Source: global traffic	DNS traffic detected: DNS query: g6.bidbrain.app

Source: unknown

HTTP traffic detected: POST /rtimp HTTP/1.1Host: g.rtbrain.appConnection: keep-aliveContent-Length: 1876sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://googleads.g.doubleclick.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uid_cross=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; sid_cross=c81371f9-b6f3-11ef-af82-e26199aa924a

Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.000000000213D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1332524001.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002301000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://counter-strike.com.ua/
Source: wget.exe, 00000002.00000002.1321268966.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320961141.0000000000B82000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
Source: wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1321255834.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320931350.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://crl.certum.pl/ctnca.crl0k
Source: Greenshot.exe, 00000022.00000002.2580462560.000000001F158000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: wget.exe, 00000002.00000002.1321268966.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320961141.0000000000B82000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://cscasha2.ocsp-certum.com04
Source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2585647048.00007FFB0A5D5000.00000020.00000001.01000000.00000015.sdmp, System.Data.SqlXml.dll.20.dr, System.Data.SqlXml.dll.33.dr	String found in binary or memory: http://exslt.org/common
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.000000000218A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1332524001.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002301000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1711896153.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2009204020.0000000000774000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1711839336.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004980686.00000000034A5000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2014398248.0000000009C20000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1359937256.00000000007AA000.00000004.00000020.00020000.00000000.sdmp, is-MC6NE.tmp.12.dr	String found in binary or memory: http://fsf.org/
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://getgreenshot.org
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org)
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1332524001.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org.http://getgreenshot.org.http://getgreenshot.org
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/?locale=default&page=support
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/?locale=default&page=support
Source: is-KBTLU.tmp.12.dr	String found in binary or memory: http://getgreenshot.org/downloads/
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://getgreenshot.org/help/
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://getgreenshot.org/project-feed/
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://getgreenshot.org/project-feed/4Windows.UI.Core.CoreWindow
Source: is-KBTLU.tmp.12.dr	String found in binary or memory: http://getgreenshot.org/support/
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://getgreenshot.org/support/?version=
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004980686.00000000034E3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023AB000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you/?language=
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2009204020.000000000074C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2013367959.00000000007DC000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.00000000007DB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6$5
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023AB000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6.2.10.6Q
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2009204020.000000000074C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6.tmp
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.00000000007B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6=
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2009204020.000000000074C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6C&T
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023B2000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6lnkqm;
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://getgreenshot.org/tickets/
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://getgreenshot.org/tickets/?version=
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.0000000002201000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023FA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.org1
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://getgreenshot.org5Authorize
Source: Greenshot.exe, 00000022.00000002.2569538071.000000000363A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.orgpV
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.0000000002201000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023FA000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://getgreenshot.orgq
Source: chromecache_242.50.dr	String found in binary or memory: http://google.com
Source: chromecache_233.50.dr, chromecache_274.50.dr, chromecache_242.50.dr	String found in binary or memory: http://googleads.g.doubleclick.net
Source: is-FRL84.tmp.12.dr	String found in binary or memory: http://i.imgur.com/
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002395000.00000004.00001000.00020000.00000000.sdmp, unins000.dat.12.dr	String found in binary or memory: http://imgur.com)
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023CF000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://imgur.com))
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.0000000000789000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2012948297.00000000007A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://imgur.com)Confluence
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002395000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://imgur.com)aS9
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://internet.e-mail
Source: Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://logging.apache.org/l
Source: Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp, is-7U8BG.tmp.12.dr	String found in binary or memory: http://logging.apache.org/log4net/release/sdk/log4net.Layout.PatternLayout.html
Source: chromecache_242.50.dr	String found in binary or memory: http://mathiasbynens.be/
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2580312791.000000001D162000.00000002.00000001.01000000.0000001C.sdmp, is-G7CBU.tmp.12.dr	String found in binary or memory: http://microsoftmercenary.com/wp/outlook-excel-interop-calls-breaking-solved/
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://p.yusukekamiyamane.com
Source: chromecache_233.50.dr, chromecache_274.50.dr, chromecache_242.50.dr	String found in binary or memory: http://pagead2.googlesyndication.com
Source: wget.exe, 00000002.00000002.1321268966.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320961141.0000000000B82000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://repository.certum.pl/cscasha2.cer0
Source: wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1321255834.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320931350.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer0
Source: wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe.2.dr	String found in binary or memory: http://repository.certum.pl/ctnca.cer09
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sapfir.ucoz.ru
Source: System.Runtime.Serialization.Formatters.Soap.dll.39.dr, System.Runtime.Serialization.Formatters.Soap.dll.23.dr	String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: Greenshot.exe, 00000022.00000002.2569538071.00000000035E6000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sourceforge.net
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.000000000218A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1332524001.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.0000000000789000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002301000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2003508227.0000000009C21000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004980686.00000000034A5000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1411026812.00000000007BF000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1465016123.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, is-IRQOL.tmp.12.dr	String found in binary or memory: http://sourceforge.net/p/greenshot/bugs
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.000000000218A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1332524001.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.0000000000789000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002301000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2003508227.0000000009C21000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004980686.00000000034A5000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1411026812.00000000007BF000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1465016123.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, is-IRQOL.tmp.12.dr	String found in binary or memory: http://sourceforge.net/p/greenshot/discussion/676082/thread/31a08c8c
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://sourceforge.net/projects/greenshot/files/
Source: Greenshot.exe, 00000022.00000002.2569538071.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.0000000003070000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sourceforge/projects/greenshot/files/release/Greenshot/Greenshot-INSTALLER-1.2.10.6-RELEASE.e
Source: wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1321255834.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320931350.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://subca.ocsp-certum.com01
Source: wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1321255834.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320931350.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	String found in binary or memory: http://www.certum.pl/CPS0
Source: is-MC6NE.tmp.12.dr	String found in binary or memory: http://www.gnu.org/licenses/
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002301000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004666525.0000000000776000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1465306385.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1359892340.00000000007AC000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004980686.00000000034A5000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1411026812.00000000007BF000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1654899357.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004555973.0000000009C21000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2013367959.0000000000800000.00000004.00000020.00020000.00000000.sdmp, is-MC6NE.tmp.12.dr	String found in binary or memory: http://www.gnu.org/philosophy/why-not-lgpl.html
Source: chromecache_248.50.dr, chromecache_289.50.dr	String found in binary or memory: http://www.google-analytics.com
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000000.1334046551.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr	String found in binary or memory: http://www.innosetup.com/
Source: isxdl.dll.12.dr	String found in binary or memory: http://www.istool.org/
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, is-KO0QL.tmp.12.dr	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000000.1331714722.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe.2.dr	String found in binary or memory: http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, is-KO0QL.tmp.12.dr	String found in binary or memory: http://www.jrsoftware.org/isinfo.php
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000000.1334046551.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr	String found in binary or memory: http://www.remobjects.com/ps
Source: System.Deployment.dll.22.dr	String found in binary or memory: http://www.xrml.org/schema/2001/11/xrml2core
Source: chromecache_299.50.dr, chromecache_256.50.dr	String found in binary or memory: https://adsense.com.
Source: Greenshot.exe, 00000022.00000002.2569538071.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.imgur.com/3
Source: Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	String found in binary or memory: https://api.imgur.com/3V
Source: Greenshot.exe, 00000022.00000002.2569538071.0000000003552000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://api.imgur.com/3p
Source: is-FRL84.tmp.12.dr	String found in binary or memory: https://api.imgur.com/oauth2/authorize?response_type=token&client_id=
Source: Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	String found in binary or memory: https://api.imgur.com/oauth2/token
Source: Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	String found in binary or memory: https://api.imgur.com/oauth2/token#https://imgur.com
Source: chromecache_242.50.dr	String found in binary or memory: https://cdn.ampproject.org/amp4ads-host-v0.js
Source: chromecache_242.50.dr	String found in binary or memory: https://cdn.ampproject.org/rtv/$
Source: chromecache_242.50.dr	String found in binary or memory: https://cse.google.com/cse.js
Source: chromecache_283.50.dr, chromecache_304.50.dr	String found in binary or memory: https://ep1.adtrafficquality.google/bg/
Source: chromecache_242.50.dr	String found in binary or memory: https://ep1.adtrafficquality.google/getconfig/sodar
Source: chromecache_283.50.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=231
Source: chromecache_304.50.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=232
Source: chromecache_283.50.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=231
Source: chromecache_304.50.dr	String found in binary or memory: https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232
Source: chromecache_304.50.dr	String found in binary or memory: https://ep2.adtrafficquality.google
Source: chromecache_304.50.dr	String found in binary or memory: https://ep2.adtrafficquality.google/sodar/
Source: chromecache_242.50.dr	String found in binary or memory: https://ep2.adtrafficquality.google/sodar/$
Source: chromecache_242.50.dr	String found in binary or memory: https://ep3.adtrafficquality.google/ivt/worklet/caw.js
Source: chromecache_242.50.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Google
Source: chromecache_242.50.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Google
Source: chromecache_244.50.dr	String found in binary or memory: https://fonts.gstatic.com/s/bangers/v24/FeVQS0BTqb0h60ACH55Q2A.woff2)
Source: chromecache_244.50.dr	String found in binary or memory: https://fonts.gstatic.com/s/bangers/v24/FeVQS0BTqb0h60ACH5BQ2Ixi.woff2)
Source: chromecache_244.50.dr	String found in binary or memory: https://fonts.gstatic.com/s/bangers/v24/FeVQS0BTqb0h60ACH5FQ2Ixi.woff2)
Source: chromecache_244.50.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2)
Source: chromecache_244.50.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXjeu.woff2)
Source: chromecache_242.50.dr	String found in binary or memory: https://fundingchoicesmessages.google.com/i/$
Source: Greenshot.exe, 00000022.00000002.2569538071.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000035FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getgreenshot.org
Source: Greenshot.exe	String found in binary or memory: https://getgreenshot.org/downloads/
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://getgreenshot.org/downloads/Rhttps://getgreenshot.org/version-history/:http://getgreenshot.or
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://getgreenshot.org/downloads/SSkipping
Source: Greenshot.exe, 00000022.00000002.2569538071.00000000035FB000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getgreenshot.org/project-feed/
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://getgreenshot.org/version-history/
Source: Greenshot.exe, 00000022.00000002.2569538071.000000000304B000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getgreenshot.orgH
Source: Greenshot.exe, 00000022.00000002.2569538071.000000000363A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://getgreenshot.orgh
Source: Greenshot.exe, 00000022.00000002.2569538071.00000000030C4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/greenshot/gre
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	String found in binary or memory: https://github.com/greenshot/greenshot
Source: wget.exe, 00000002.00000002.1321294495.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320907380.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, cmdline.out.0.dr	String found in binary or memory: https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTAL
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/piotrex)
Source: chromecache_274.50.dr, chromecache_242.50.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_242.50.dr	String found in binary or memory: https://googleads.g.doubleclick.net/pagead/html/$
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.000000000218A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1332524001.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002301000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1465055695.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004666525.0000000000776000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1411063884.00000000007B5000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1654659923.00000000007C3000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004980686.00000000034A5000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1654659923.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2012923723.0000000000787000.00000004.00000020.00020000.00000000.sdmp, is-IRQOL.tmp.12.dr	String found in binary or memory: https://greenshot.atlassian.net
Source: Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	String found in binary or memory: https://imgur.com/
Source: Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	String found in binary or memory: https://imgur.com/delete/
Source: cmdline.out.0.dr	String found in binary or memory: https://objects.githubusercontent.com/github-production-release-asset-2e65be/36756917/239aedb0-7d29-
Source: chromecache_242.50.dr, chromecache_256.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_283.50.dr, chromecache_304.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/bg/
Source: chromecache_242.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/getconfig/sodar
Source: chromecache_270.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=fccs&
Source: chromecache_299.50.dr, chromecache_256.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=plmetrics
Source: chromecache_233.50.dr, chromecache_274.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=rcs_internal
Source: chromecache_283.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=231
Source: chromecache_304.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=232
Source: chromecache_242.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/html/$
Source: chromecache_242.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/$
Source: chromecache_233.50.dr, chromecache_274.50.dr, chromecache_242.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
Source: chromecache_242.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=
Source: chromecache_242.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=$
Source: chromecache_233.50.dr, chromecache_299.50.dr, chromecache_274.50.dr, chromecache_242.50.dr, chromecache_256.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/err_rep.js
Source: chromecache_299.50.dr, chromecache_242.50.dr, chromecache_256.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/logging_library.js
Source: chromecache_256.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/$
Source: chromecache_242.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping
Source: chromecache_242.50.dr, chromecache_256.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/ping?e=1
Source: chromecache_306.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?
Source: chromecache_283.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=231
Source: chromecache_304.50.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=232
Source: chromecache_242.50.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/pagead/js/car.js
Source: chromecache_242.50.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/pagead/js/cocar.js
Source: chromecache_242.50.dr	String found in binary or memory: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://sourceforge.net/tracker/?group_id=191585&atid=1368020
Source: is-KBTLU.tmp.12.dr	String found in binary or memory: https://sourceforge.net/tracker/?group_id=191585&atid=1368020
Source: chromecache_248.50.dr, chromecache_289.50.dr	String found in binary or memory: https://ssl.google-analytics.com
Source: chromecache_248.50.dr, chromecache_289.50.dr	String found in binary or memory: https://ssl.google-analytics.com/j/__utm.gif
Source: chromecache_248.50.dr, chromecache_289.50.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect?
Source: chromecache_304.50.dr	String found in binary or memory: https://tpc.googlesyndication.com
Source: chromecache_304.50.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/
Source: chromecache_242.50.dr	String found in binary or memory: https://tpc.googlesyndication.com/sodar/$
Source: wget.exe, 00000002.00000002.1321268966.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320961141.0000000000B82000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	String found in binary or memory: https://www.certum.pl/CPS0
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe.2.dr	String found in binary or memory: https://www.certum.pl/repository.0
Source: chromecache_289.50.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences?
Source: chromecache_304.50.dr	String found in binary or memory: https://www.google.com
Source: chromecache_299.50.dr, chromecache_256.50.dr	String found in binary or memory: https://www.google.com/adsense
Source: chromecache_242.50.dr	String found in binary or memory: https://www.google.com/adsense/search/async-ads.js
Source: chromecache_248.50.dr, chromecache_289.50.dr	String found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: chromecache_283.50.dr, chromecache_304.50.dr, chromecache_242.50.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/aframe
Source: chromecache_242.50.dr	String found in binary or memory: https://www.google.com/s2/favicons?sz=64&domain_url=
Source: chromecache_242.50.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_242.50.dr	String found in binary or memory: https://www.gstatic.com/prose/protected/$

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49902 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49929
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49916
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49912
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49902
Source: unknown	Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 49888 -> 443

Source: unknown	HTTPS traffic detected: 20.233.83.145:443 -> 192.168.2.7:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.199.108.133:443 -> 192.168.2.7:49700 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngennicupdatelock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\3f81a7bb9cb5c841c787b5f8e7087938	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\3f81a7bb9cb5c841c787b5f8e7087938\Greenshot.ni.exe.aux.tmp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll.aux.tmp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll.aux.tmp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll.aux.tmp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\bef4167ac26334e37dfdd6779e0e721f	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\bef4167ac26334e37dfdd6779e0e721f\log4net.ni.dll.aux.tmp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\640d702947a17bd64ce0d09ce4450679	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\640d702947a17bd64ce0d09ce4450679\GreenshotPlugin.ni.dll.aux.tmp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\d95399e05834d6aded146f09c1c648c9
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\d95399e05834d6aded146f09c1c648c9\LinqBridge.ni.dll.aux.tmp
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngenserviceclientlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	File created: C:\Windows\Microsoft.NET\ngennicupdatelock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\index24.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\GreenshotPlugin
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\GreenshotPlugin\64ff5ac26a7fac0e0e9900e64081ce83
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\index25.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\log4net
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\log4net\e35ce8ad24a41d4dfd8dfb00f0507e24
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\index26.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\16199a7d871674f25644ad247e013f87
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\index27.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\7d4c2b88cefbbd5152e23ec3fc975733
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\index28.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\67dad641fa48ad8859a213d891ab9860
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\index29.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\02ef882e5aeb37aa7cce829e9e62f474
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\GACLock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\ngenlock.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\index2a.dat
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\LinqBridge
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\LinqBridge\0d3686d11484216ee5f6a532c4fd843f

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

File deleted: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\584-0

Jump to behavior

Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFB0A5D9710	34_2_00007FFB0A5D9710
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFB0A5D9390	34_2_00007FFB0A5D9390
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFB0A5DC430	34_2_00007FFB0A5DC430
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFB0A5DB900	34_2_00007FFB0A5DB900

Source: C:\Program Files\Greenshot\Greenshot.exe

Code function: String function: 00007FFB0A5D5E50 appears 59 times

Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-9BKE2.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
Source: is-9BKE2.tmp.12.dr	Static PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Source: is-MRB0V.tmp.12.dr	Static PE information: Resource name: RT_VERSION type: ARC archive data, squeezed

Source: C:\Program Files\Greenshot\Greenshot.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE
Source: C:\Program Files\Greenshot\Greenshot.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: classification engine

Classification label: mal48.evad.win@76/365@91/23

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

File created: C:\Program Files\Greenshot

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File created: C:\Users\user\Desktop\cmdline.out

Jump to behavior

Source: C:\Program Files\Greenshot\Greenshot.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8124:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8076:120:WilError_03
Source: C:\Program Files\Greenshot\Greenshot.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\F48E86D3-E34C-4DB7-8F8F-9A0EA55F0D08
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3020:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7244:120:WilError_03

Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe

File created: C:\Users\user~1\AppData\Local\Temp\is-S77MD.tmp

Jump to behavior

Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

File read: C:\Program Files\desktop.ini

Jump to behavior

Source: C:\Windows\SysWOW64\wget.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganization

Jump to behavior

Source: Greenshot.exe	String found in binary or memory: ion:<<<<<<<4 <!DOCTYPE> <HTML> <HEAD> <TITLE>Greenshot capture</TITLE> </HEAD> <BODY> <!--StartFragment --> <img border='0
Source: Greenshot.exe	String found in binary or memory: <!--StartFragment -->

Source: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\_setup64.tmp

Evasive API call chain: GetCommandLine,DecisionNodes,ExitProcess

graph_14-67

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
Source: unknown	Process created: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe "C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Process created: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp "C:\Users\user~1\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$20446,1293027,131584,C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\_setup64.tmp helper 105 0x4F4
Source: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\_setup64.tmp	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\Greenshot.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 0 -NGENProcess 1c4 -Pipe 1d0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2a0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2b0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 268 -Pipe 264 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2c0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2ec -Pipe 2ac -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2e0 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 2cc -Pipe 274 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 2dc -Pipe 2f4 -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\GreenshotPlugin.dll"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 0 -NGENProcess 1bc -Pipe 1cc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 240 -InterruptEvent 0 -NGENProcess 1d8 -Pipe 234 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 264 -Pipe 258 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 25c -Pipe 264 -Comment "NGen Worker Process"
Source: unknown	Process created: C:\Program Files\Greenshot\Greenshot.exe "C:\Program Files\Greenshot\Greenshot.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 254 -InterruptEvent 0 -NGENProcess 280 -Pipe 268 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 0 -NGENProcess 278 -Pipe 260 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 278 -Pipe 238 -Comment "NGen Worker Process"
Source: C:\Program Files\Greenshot\Greenshot.exe	Process created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe "C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe" -c
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 250 -Pipe 278 -Comment "NGen Worker Process"
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Program Files\Greenshot\Greenshot.exe "C:\Program Files\Greenshot\Greenshot.exe" /language en
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1960,i,9764115327004208509,2367936537875850385,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"	Jump to behavior
Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Process created: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp "C:\Users\user~1\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$20446,1293027,131584,C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\_setup64.tmp helper 105 0x4F4	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\Greenshot.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\GreenshotPlugin.dll"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 268 -Pipe 264 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process created: C:\Program Files\Greenshot\Greenshot.exe "C:\Program Files\Greenshot\Greenshot.exe" /language en	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d4 -InterruptEvent 0 -NGENProcess 1c4 -Pipe 1d0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2a0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b4 -InterruptEvent 0 -NGENProcess 2a8 -Pipe 2b0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 268 -Pipe 264 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2b8 -Pipe 2c0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2ec -Pipe 2ac -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f4 -InterruptEvent 0 -NGENProcess 298 -Pipe 2e0 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1cc -InterruptEvent 0 -NGENProcess 2cc -Pipe 274 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 298 -InterruptEvent 0 -NGENProcess 2dc -Pipe 2f4 -Comment "NGen Worker Process"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1d0 -InterruptEvent 0 -NGENProcess 1bc -Pipe 1cc -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 240 -InterruptEvent 0 -NGENProcess 1d8 -Pipe 234 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 264 -Pipe 258 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 238 -InterruptEvent 0 -NGENProcess 25c -Pipe 264 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 254 -InterruptEvent 0 -NGENProcess 280 -Pipe 268 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 250 -InterruptEvent 0 -NGENProcess 278 -Pipe 260 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 278 -Pipe 238 -Comment "NGen Worker Process"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 264 -InterruptEvent 0 -NGENProcess 250 -Pipe 278 -Comment "NGen Worker Process"
Source: C:\Program Files\Greenshot\Greenshot.exe	Process created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe "C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe" -c
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1960,i,9764115327004208509,2367936537875850385,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\wget.exe	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: msimg32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: explorerframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: sfc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: mlang.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\_setup64.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: fusion.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wofutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wofutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wofutil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wofutil.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: fusion.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptnet.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: version.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: wldp.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: profapi.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: dwrite.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: textshaping.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: windowscodecs.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: propsys.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: edputil.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: urlmon.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: iertutil.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: srvcli.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: netutils.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: sspicli.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: appresolver.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: slc.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: userenv.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: sppc.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: rasapi32.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: rasman.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: rtutils.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: mswsock.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: winhttp.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: dnsapi.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: winnsi.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: secur32.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: schannel.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ntasn1.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ncrypt.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: msasn1.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: gpapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Section loaded: apphelp.dll
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Section loaded: version.dll
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: uxtheme.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: sxs.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: windows.storage.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: wldp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: profapi.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: cryptbase.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: msasn1.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: riched20.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: usp10.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: msls31.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Section loaded: gpapi.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: mscoree.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: version.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: uxtheme.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: cryptsp.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: rsaenh.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: cryptbase.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: windows.storage.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: wldp.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: profapi.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: textinputframework.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: coreuicomponents.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: coremessaging.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: ntmarta.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: wintypes.dll
Source: C:\Program Files\Greenshot\Greenshot.exe	Section loaded: textshaping.dll

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32

Jump to behavior

Source: C:\Program Files\Greenshot\Greenshot.exe

File written: C:\Users\user\AppData\Roaming\Greenshot\Greenshot.ini

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwner

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Window found: window name: TSelectLanguageForm

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: OK
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Install
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: I accept the agreement
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Automated click: Next >
Source: C:\Program Files\Greenshot\Greenshot.exe	Automated click: OK
Source: C:\Program Files\Greenshot\Greenshot.exe	Automated click: OK

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

File opened: C:\Windows\SysWOW64\MSFTEDIT.DLL

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation. GNU GENERAL PUBLIC LICENSE Version 3 29 June 2007 Copyright (C) 2007 Free Software Foundation Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The GNU General Public License is a free copyleft license forsoftware and other kinds of works. The licenses for most software and other practical works are designedto take away your freedom to share and change the works. By contrastthe GNU General Public License is intended to guarantee your freedom toshare and change all versions of a program--to make sure it remains freesoftware for all its users. We the Free Software Foundation use theGNU General Public License for most of our software; it applies also toany other work released this way by its authors. You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthem if you wish) that you receive source code or can get it if youwant it that you can change the software or use pieces of it in newfree programs and that you know you can do these things. To protect your rights we need to prevent others from denying youthese rights or asking you to surrender the rights. Therefore you havecertain responsibilities if you distribute copies of the software or ifyou modify it: responsibilities to respect the freedom of others. For example if you distribute copies of such a program whethergratis or for a fee you must pass on to the recipients the samefreedoms that you received. You must make sure that they too receiveor can get the source code. And you must show them these terms so theyknow their rights. Developers that use the GNU GPL protect your rights with two steps:(1) assert copyright on the software and (2) offer you this Licensegiving you legal permission to copy distribute and/or modify it. For the developers' and authors' protection the GPL clearly explainsthat there is no warranty for this free software. For both users' andauthors' sake the GPL requires that modified versions be marked aschanged so that their problems will not be attributed erroneously toauthors of previous versions. Some devices are designed to deny users access to install or runmodified versions of the software inside them although the manufacturercan do so. This is fundamentally incompatible with the aim ofprotecting users' freedom to change the software. The systematicpattern of such abuse occurs in the area of products for individuals touse which is precisely where it is most unacceptable. Therefore wehave designed this version of t
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Window detected: License AgreementPlease read the following important information before continuing.Please read the following License Agreement. You must accept the terms of this agreement before continuing with the installation. GNU GENERAL PUBLIC LICENSE Version 3 29 June 2007 Copyright (C) 2007 Free Software Foundation Inc. <http://fsf.org/> Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed. Preamble The GNU General Public License is a free copyleft license forsoftware and other kinds of works. The licenses for most software and other practical works are designedto take away your freedom to share and change the works. By contrastthe GNU General Public License is intended to guarantee your freedom toshare and change all versions of a program--to make sure it remains freesoftware for all its users. We the Free Software Foundation use theGNU General Public License for most of our software; it applies also toany other work released this way by its authors. You can apply it toyour programs too. When we speak of free software we are referring to freedom notprice. Our General Public Licenses are designed to make sure that youhave the freedom to distribute copies of free software (and charge forthem if you wish) that you receive source code or can get it if youwant it that you can change the software or use pieces of it in newfree programs and that you know you can do these things. To protect your rights we need to prevent others from denying youthese rights or asking you to surrender the rights. Therefore you havecertain responsibilities if you distribute copies of the software or ifyou modify it: responsibilities to respect the freedom of others. For example if you distribute copies of such a program whethergratis or for a fee you must pass on to the recipients the samefreedoms that you received. You must make sure that they too receiveor can get the source code. And you must show them these terms so theyknow their rights. Developers that use the GNU GPL protect your rights with two steps:(1) assert copyright on the software and (2) offer you this Licensegiving you legal permission to copy distribute and/or modify it. For the developers' and authors' protection the GPL clearly explainsthat there is no warranty for this free software. For both users' andauthors' sake the GPL requires that modified versions be marked aschanged so that their problems will not be attributed erroneously toauthors of previous versions. Some devices are designed to deny users access to install or runmodified versions of the software inside them although the manufacturercan do so. This is fundamentally incompatible with the aim ofprotecting users' freedom to change the software. The systematicpattern of such abuse occurs in the area of products for individuals touse which is precisely where it is most unacceptable. Therefore wehave designed this version of t

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dll

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\unins000.dat	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-9BKE2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-3402H.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-G9E21.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-GVUTT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-RVI0E.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-27J1D.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-7U8BG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-E5BO5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-KO0QL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-MC6NE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\is-IRQOL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-2ONKT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-CHBHE.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-7C8CC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-95VG8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-KBTLU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\is-NUHDI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\is-G7CBU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-DUKD2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-MRB0V.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-9BCBO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-FDC5S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-USGTQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-GVCVO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-LJMSO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-4I4DV.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-6ES59.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-CUV03.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-KVI5B.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-QQIRU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-DU2Q6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-8IOJL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-1KBU9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-7IKBI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-KPD7A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-09RG9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-TB4K9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-CS2SJ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-R1LBC.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-OV1FK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\is-FRL84.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-N6JIO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-K0SP5.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-JFAFH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-NCLEH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-M0KLP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-UV2ND.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-U1AHL.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-CP1G8.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-MHBHF.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-B3Q0Q.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-UDNRQ.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-4Q0A2.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-GBILI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-KKV47.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-OOONO.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-069CN.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-R9NLP.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-G2E4A.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-UCHJ6.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\is-3MASU.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-E2P9S.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-1EONR.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-O4IVT.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-PTFJG.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-D85DK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-54S9J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-7Q7JK.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-884T4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-PSN0P.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-NANO9.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-42284.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-8F0QI.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-NKK72.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-G11MM.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-QABR4.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-0F80J.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-9EC87.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-GVUBH.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Directory created: C:\Program Files\Greenshot\unins000.msg	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Greenshot_is1

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Source:	Binary string: System.Deployment.ni.pdbRSDS source: System.Deployment.dll.22.dr
Source:	Binary string: C:\projects\greenshot-72hao\GreenshotPlugin\obj\Release\GreenshotPlugin.pdbH source: GreenshotPlugin.dll.31.dr
Source:	Binary string: c:\dev\pub\LINQBridge\src\obj\Release\LinqBridge.pdb source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569380621.0000000002E32000.00000002.00000001.01000000.00000018.sdmp, is-27J1D.tmp.12.dr
Source:	Binary string: Greenshot.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: System.Runtime.Serialization.Formatters.Soap.pdbH source: System.Runtime.Serialization.Formatters.Soap.dll.39.dr
Source:	Binary string: log4net.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2058297328.00007FFB1C340000.00000020.00000001.01000000.0000000F.sdmp, log4net.dll.24.dr
Source:	Binary string: System.Security.ni.pdbRSDS source: Greenshot.exe, 00000022.00000002.2588319126.00007FFB0B8EA000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: System.Deployment.pdb source: System.Deployment.dll.22.dr
Source:	Binary string: System.Security.pdbH source: System.Security.dll.38.dr
Source:	Binary string: System.Data.SqlXml.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2585647048.00007FFB0A5D5000.00000020.00000001.01000000.00000015.sdmp, System.Data.SqlXml.dll.20.dr
Source:	Binary string: c:\dev\pub\LINQBridge\src\obj\Release\LinqBridge.pdb source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569380621.0000000002E32000.00000002.00000001.01000000.00000018.sdmp, LinqBridge.dll.26.dr, is-27J1D.tmp.12.dr, LinqBridge.dll.42.dr
Source:	Binary string: System.Data.SqlXml.ni.pdbRSDS2 source: Greenshot.exe, 00000022.00000002.2585647048.00007FFB0A5D5000.00000020.00000001.01000000.00000015.sdmp, System.Data.SqlXml.dll.20.dr
Source:	Binary string: C:\projects\greenshot-72hao\GreenshotPlugin\obj\Release\GreenshotPlugin.pdb source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr
Source:	Binary string: System.Security.pdb source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2588319126.00007FFB0B8EA000.00000020.00000001.01000000.00000014.sdmp, System.Security.dll.38.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.Soap.pdb source: System.Runtime.Serialization.Formatters.Soap.dll.39.dr, System.Runtime.Serialization.Formatters.Soap.dll.23.dr
Source:	Binary string: C:\projects\greenshot-72hao\Greenshot\obj\Release\Greenshot.pdb source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: GreenshotPlugin.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: d:\Bjornar\SVN\istool\isxdl\trunk\source\Release\isxdl.pdb source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, isxdl.dll.12.dr
Source:	Binary string: c:\dev\pub\LINQBridge\src\obj\Release\LinqBridge.pdbH source: LinqBridge.dll.42.dr
Source:	Binary string: System.Data.SqlXml.pdb source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2585647048.00007FFB0A5D5000.00000020.00000001.01000000.00000015.sdmp, System.Data.SqlXml.dll.20.dr, System.Data.SqlXml.dll.33.dr
Source:	Binary string: LinqBridge.ni.pdb source: LinqBridge.dll.26.dr
Source:	Binary string: GreenshotPlugin.ni.pdbRSDS source: Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp
Source:	Binary string: LinqBridge.ni.pdbRSDSC source: LinqBridge.dll.26.dr
Source:	Binary string: System.Security.ni.pdb source: Greenshot.exe, Greenshot.exe, 00000022.00000002.2588319126.00007FFB0B8EA000.00000020.00000001.01000000.00000014.sdmp
Source:	Binary string: System.Deployment.ni.pdb source: System.Deployment.dll.22.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.Soap.ni.pdbRSDS source: System.Runtime.Serialization.Formatters.Soap.dll.23.dr
Source:	Binary string: Greenshot.ni.pdbRSDS source: Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp
Source:	Binary string: System.Data.SqlXml.pdbH source: System.Data.SqlXml.dll.33.dr
Source:	Binary string: System.Runtime.Serialization.Formatters.Soap.ni.pdb source: System.Runtime.Serialization.Formatters.Soap.dll.23.dr
Source:	Binary string: C:\projects\greenshot-72hao\GreenshotImgurPlugin\obj\Release\GreenshotImgurPlugin.pdb source: Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr

Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFB0A5DFC3C push rdi; ret	34_2_00007FFB0A5DFC3D
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFB0A5DFC37 push rsi; ret	34_2_00007FFB0A5DFC3A
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFB0A5DFD02 push rbp; ret	34_2_00007FFB0A5DFD0A
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFB0A5E05D0 push 9BBDBBD7h; iretd	34_2_00007FFB0A5E05DA
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFAA984625D push eax; ret	34_2_00007FFAA984632D
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFAA9847555 push ebx; iretd	34_2_00007FFAA984756A
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFAA98434A8 push E95CEE10h; ret	34_2_00007FFAA98434C9
Source: C:\Program Files\Greenshot\Greenshot.exe	Code function: 34_2_00007FFAA9840FFD push eax; ret	34_2_00007FFAA9841061

Source: C:\Windows\SysWOW64\wget.exe	File created: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\LinqBridge.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c9c-0\GreenshotPlugin.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\584-0\Greenshot.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\16199a7d871674f25644ad247e013f87\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\is-3402H.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\d95399e05834d6aded146f09c1c648c9\LinqBridge.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\is-FRL84.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\02ef882e5aeb37aa7cce829e9e62f474\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\GreenshotImgurPlugin.gsp (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEBFC.tmp\log4net.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\7d4c2b88cefbbd5152e23ec3fc975733\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRPlugin.gsp (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\bef4167ac26334e37dfdd6779e0e721f\log4net.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	File created: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\GreenshotOfficePlugin.gsp (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\_setup64.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\log4net\e35ce8ad24a41d4dfd8dfb00f0507e24\log4net.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\unins000.exe (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\log4net.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\is-27J1D.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP129.tmp\System.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\is-3MASU.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\isxdl.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\3c8-0\System.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\is-RVI0E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\GreenshotExternalCommandPlugin.gsp (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\GreenshotPlugin\64ff5ac26a7fac0e0e9900e64081ce83\GreenshotPlugin.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c04-0\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE053.tmp\GreenshotPlugin.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\is-G7CBU.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c50-0\log4net.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\LinqBridge\0d3686d11484216ee5f6a532c4fd843f\LinqBridge.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-MRB0V.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\GreenshotPlugin.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1664-0\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\is-G9E21.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP754.tmp\System.Deployment.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\3f81a7bb9cb5c841c787b5f8e7087938\Greenshot.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP101E.tmp\LinqBridge.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1bd8-0\System.Deployment.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\is-9BKE2.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\67dad641fa48ad8859a213d891ab9860\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\640d702947a17bd64ce0d09ce4450679\GreenshotPlugin.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-DUKD2.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File created: C:\Program Files\Greenshot\Greenshot.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4A4.tmp\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEF09.tmp\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cdc-0\LinqBridge.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\3c8-0\System.Security.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\GreenshotPlugin\64ff5ac26a7fac0e0e9900e64081ce83\GreenshotPlugin.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c04-0\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE053.tmp\GreenshotPlugin.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c50-0\log4net.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c9c-0\GreenshotPlugin.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\584-0\Greenshot.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\16199a7d871674f25644ad247e013f87\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\LinqBridge\0d3686d11484216ee5f6a532c4fd843f\LinqBridge.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1664-0\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\d95399e05834d6aded146f09c1c648c9\LinqBridge.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP754.tmp\System.Deployment.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\02ef882e5aeb37aa7cce829e9e62f474\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\3f81a7bb9cb5c841c787b5f8e7087938\Greenshot.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP101E.tmp\LinqBridge.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEBFC.tmp\log4net.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\7d4c2b88cefbbd5152e23ec3fc975733\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1bd8-0\System.Deployment.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\67dad641fa48ad8859a213d891ab9860\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\640d702947a17bd64ce0d09ce4450679\GreenshotPlugin.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\bef4167ac26334e37dfdd6779e0e721f\log4net.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\log4net\e35ce8ad24a41d4dfd8dfb00f0507e24\log4net.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4A4.tmp\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEF09.tmp\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP129.tmp\System.Security.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	File created: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cdc-0\LinqBridge.dll	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Greenshot			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Registry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Greenshot			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\Roots\C:/Program Files/Greenshot/Greenshot.exe\0 ImageList

Jump to behavior

Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Greenshot.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files\Greenshot\Greenshot.exe	Memory allocated: 2CF0000 memory reserve \| memory write watch
Source: C:\Program Files\Greenshot\Greenshot.exe	Memory allocated: 1AEA0000 memory reserve \| memory write watch
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Memory allocated: AF0000 memory reserve \| memory write watch
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Memory allocated: 27B0000 memory reserve \| memory write watch
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Memory allocated: 25B0000 memory reserve \| memory write watch
Source: C:\Program Files\Greenshot\Greenshot.exe	Memory allocated: E20000 memory reserve \| memory write watch
Source: C:\Program Files\Greenshot\Greenshot.exe	Memory allocated: 1A830000 memory reserve \| memory write watch

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 600000
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599879
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599690
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599519
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599388
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599260
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599138
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599030
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598897
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598789
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598670
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598541
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598430
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598320
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598200
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598090
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597971
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597835
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597731
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597615
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597499
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597383
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597261
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597127
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 596919
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 596620
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 596165
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 595244
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594933
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594811
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594683
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594566
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594448
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594312
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594204
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594073
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593960
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593850
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593743
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593628
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593495
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593381
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593257
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593148
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593040
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592909
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592773
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592559
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592398
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592283
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592148
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592036
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591914
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591801
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591664
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591557
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591446
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591337
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 922337203685477

Source: C:\Program Files\Greenshot\Greenshot.exe	Window / User API: threadDelayed 3999
Source: C:\Program Files\Greenshot\Greenshot.exe	Window / User API: threadDelayed 5799

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\isxdl.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\3c8-0\System.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\is-RVI0E.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\GreenshotExternalCommandPlugin.gsp (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\LinqBridge.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\GreenshotPlugin\64ff5ac26a7fac0e0e9900e64081ce83\GreenshotPlugin.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c04-0\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE053.tmp\GreenshotPlugin.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c50-0\log4net.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\is-G7CBU.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c9c-0\GreenshotPlugin.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\584-0\Greenshot.exe	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\16199a7d871674f25644ad247e013f87\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\LinqBridge\0d3686d11484216ee5f6a532c4fd843f\LinqBridge.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\GreenshotPlugin.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\d95399e05834d6aded146f09c1c648c9\LinqBridge.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1664-0\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP754.tmp\System.Deployment.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\is-G9E21.tmp	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\is-FRL84.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\02ef882e5aeb37aa7cce829e9e62f474\System.Deployment.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\GreenshotImgurPlugin.gsp (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\3f81a7bb9cb5c841c787b5f8e7087938\Greenshot.ni.exe (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP101E.tmp\LinqBridge.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEBFC.tmp\log4net.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\7d4c2b88cefbbd5152e23ec3fc975733\System.Security.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1bd8-0\System.Deployment.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\67dad641fa48ad8859a213d891ab9860\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRPlugin.gsp (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\640d702947a17bd64ce0d09ce4450679\GreenshotPlugin.ni.dll (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\bef4167ac26334e37dfdd6779e0e721f\log4net.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\GreenshotOfficePlugin.gsp (copy)	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\log4net\e35ce8ad24a41d4dfd8dfb00f0507e24\log4net.ni.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-DUKD2.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4A4.tmp\System.Runtime.Serialization.Formatters.Soap.dll	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEF09.tmp\System.Data.SqlXml.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\log4net.dll (copy)	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\is-27J1D.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP129.tmp\System.Security.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Dropped PE file which has not been started: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\is-3MASU.tmp	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Dropped PE file which has not been started: C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cdc-0\LinqBridge.dll	Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 5608	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7368	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7344	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 1088	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 3040	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 1432	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 1920	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 576	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 6836	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 1532	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 5748	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 7812	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 5344	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -41505174165846465s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -600000s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -599879s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -599690s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -599519s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -599388s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -599260s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -599138s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -599030s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -598897s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -598789s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -598670s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -598541s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -598430s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -598320s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -598200s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -598090s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -597971s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -597835s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -597731s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -597615s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -597499s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -597383s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -597261s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -597127s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -596919s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -596620s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -596165s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -595244s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -594933s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -594811s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -594683s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -594566s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -594448s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -594312s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -594204s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -594073s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593960s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593850s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593743s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593628s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593495s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593381s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593257s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593148s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -593040s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -592909s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -592773s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -592559s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -592398s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -592283s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -592148s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -592036s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -591914s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -591801s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -591664s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -591557s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -591446s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 6768	Thread sleep time: -591337s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 1032	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 4220	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 2024	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe TID: 7960	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe TID: 64	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files\Greenshot\Greenshot.exe TID: 7324	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809			Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 600000
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599879
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599690
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599519
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599388
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599260
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599138
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 599030
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598897
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598789
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598670
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598541
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598430
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598320
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598200
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 598090
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597971
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597835
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597731
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597615
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597499
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597383
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597261
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 597127
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 596919
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 596620
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 596165
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 595244
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594933
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594811
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594683
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594566
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594448
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594312
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594204
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 594073
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593960
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593850
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593743
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593628
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593495
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593381
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593257
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593148
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 593040
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592909
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592773
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592559
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592398
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592283
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592148
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 592036
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591914
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591801
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591664
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591557
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591446
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 591337
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files\Greenshot\Greenshot.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\Local\Temp\is-G0Q8E.tmp\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\Local\Temp\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\Local\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	File opened: C:\Users\user~1\AppData\	Jump to behavior

Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: ;Windows Small Business ServerGStandard Server (core installation)gStandard Server without Hyper-V (core installation)
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft Hyper-V Server
Source: Greenshot.exe	Binary or memory string: Windows Essential Server Solutions without Hyper-V
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: Home Premium N1Microsoft Hyper-V Server
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: YWindows Essential Business Management ServerWWindows Essential Business Messaging ServerUWindows Essential Business Security ServerEWindows Essential Server SolutionseWindows Essential Server Solutions without Hyper-V
Source: Greenshot.exe	Binary or memory string: Enterprise Server without Hyper-V
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2009204020.000000000074C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}l=
Source: Greenshot.exe	Binary or memory string: Enterprise Server without Hyper-V (core installation)
Source: Greenshot.exe, 00000022.00000002.2569538071.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 2Windows Essential Server Solutions without Hyper-V
Source: Greenshot.exe, 00000022.00000002.2569538071.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 5Enterprise Server without Hyper-V (core installation)
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2009204020.000000000074C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\msO=<
Source: Greenshot.exe, 00000022.00000002.2569538071.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: !Enterprise Server without Hyper-V
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: ?Standard Server without Hyper-V
Source: Greenshot.exe, 00000022.00000002.2569538071.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 3Standard Server without Hyper-V (core installation)
Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Standard Server without Hyper-V
Source: Greenshot.exe	Binary or memory string: Standard Server without Hyper-V (core installation)
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: CEnterprise Server without Hyper-V
Source: wget.exe, 00000002.00000002.1321334315.0000000000D07000.00000004.00000020.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2577716275.000000001B826000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	Binary or memory string: Enterprise NKEnterprise Server (core installation)kEnterprise Server without Hyper-V (core installation)

Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Program Files\Greenshot\Greenshot.exe

Process token adjusted: Debug

Source: C:\Program Files\Greenshot\Greenshot.exe

Memory allocated: page read and write | page guard

Source: unknown	Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/greenshot/greenshot/releases/download/greenshot-release-1.2.10.6/greenshot-installer-1.2.10.6-release.exe" > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/greenshot/greenshot/releases/download/greenshot-release-1.2.10.6/greenshot-installer-1.2.10.6-release.exe"
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "https://github.com/greenshot/greenshot/releases/download/greenshot-release-1.2.10.6/greenshot-installer-1.2.10.6-release.exe"	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\_setup64.tmp

Code function: 14_2_0000000140001000 GetNamedSecurityInfoW,AllocateAndInitializeSid,SetEntriesInAclW,SetNamedSecurityInfoW,LocalFree,FreeSid,LocalFree,GetLastError,

14_2_0000000140001000

Source: Greenshot.exe, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr

Binary or memory string: Progman

Source: C:\Windows\SysWOW64\wget.exe	Queries volume information: C:\Users\user\Desktop\download VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\Greenshot.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\Greenshot.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\Greenshot.exe VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\GreenshotExternalCommandPlugin.gsp VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRPlugin.gsp VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\GreenshotOfficePlugin.gsp VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
Source: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Queries volume information: C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\Greenshot.exe VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\GreenshotPlugin.dll VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\log4net.dll VolumeInformation
Source: C:\Program Files\Greenshot\Greenshot.exe	Queries volume information: C:\Program Files\Greenshot\LinqBridge.dll VolumeInformation

Source: C:\Windows\SysWOW64\wget.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\07E032E020B72C3F192F0628A2593A19A70F069E Blob

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	OS Credential Dumping	3 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	13 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	1 Deobfuscate/Decode Files or Information	LSASS Memory	22 System Information Discovery	Remote Desktop Protocol	1 Email Collection	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	12 Process Injection	2 Obfuscated Files or Information	Security Account Manager	1 Security Software Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	NTDS	2 Process Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 File Deletion	LSA Secrets	31 Virtualization/Sandbox Evasion	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	23 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Modify Registry	DCSync	2 System Owner/User Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	31 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	12 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner
C:\Program Files\Greenshot\Greenshot.exe (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\GreenshotPlugin.dll (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\LinqBridge.dll (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\GreenshotExternalCommandPlugin.gsp (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\is-3MASU.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\GreenshotImgurPlugin.gsp (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\is-FRL84.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRPlugin.gsp (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-DUKD2.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-MRB0V.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\GreenshotOfficePlugin.gsp (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\is-G7CBU.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\is-27J1D.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\is-3402H.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\is-9BKE2.tmp	2%	ReversingLabs
C:\Program Files\Greenshot\is-G9E21.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\is-RVI0E.tmp	0%	ReversingLabs
C:\Program Files\Greenshot\log4net.dll (copy)	0%	ReversingLabs
C:\Program Files\Greenshot\unins000.exe (copy)	2%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\_isetup\_setup64.tmp	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-G0Q8E.tmp\isxdl.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp	2%	ReversingLabs
C:\Users\user\Desktop\download\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\7d4c2b88cefbbd5152e23ec3fc975733\System.Security.ni.dll (copy)	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP129.tmp\System.Security.dll	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\640d702947a17bd64ce0d09ce4450679\GreenshotPlugin.ni.dll (copy)	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Greenshot\3f81a7bb9cb5c841c787b5f8e7087938\Greenshot.ni.exe (copy)	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\d95399e05834d6aded146f09c1c648c9\LinqBridge.ni.dll (copy)	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\78d6922d3a02a93359e189f060d76f47\System.Data.SqlXml.ni.dll (copy)	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Deployment\4fa111e50d95d3e08c2d856a5394af3b\System.Deployment.ni.dll (copy)	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f975db3abcedde8df2408b15e2c6dd09\System.Runtime.Serialization.Formatters.Soap.ni.dll (copy)	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Security\bde2021ecdaa53585a395f095971633c\System.Security.ni.dll (copy)	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1664-0\System.Data.SqlXml.dll	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1bd8-0\System.Deployment.dll	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c04-0\System.Runtime.Serialization.Formatters.Soap.dll	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c50-0\log4net.dll	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1c9c-0\GreenshotPlugin.dll	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1cdc-0\LinqBridge.dll	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\3c8-0\System.Security.dll	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\584-0\Greenshot.exe	0%	ReversingLabs
C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\bef4167ac26334e37dfdd6779e0e721f\log4net.ni.dll (copy)	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.jrsoftware.org/isinfo.php	0%	Avira URL Cloud	safe
http://logging.apache.org/l	0%	Avira URL Cloud	safe
http://sourceforge/projects/greenshot/files/release/Greenshot/Greenshot-INSTALLER-1.2.10.6-RELEASE.e	0%	Avira URL Cloud	safe
http://getgreenshot.orgq	0%	Avira URL Cloud	safe
https://g4.rtbrain.app/rtimp?sid=c81371f9-b6f3-11ef-af82-e26199aa924a&d=getgreenshot.org&cr=carmax_ng&gid=&im=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo&p=Z1g2egAAb00JHUgeAA9H_H6qw2u5BGnAjTxAng&r=1824723530&a=ipv4&ow=1050&oh=964&iw=160&ih=600&tzof=300&tz=America%2FNew_York&pxr=1&cts=1733838048.462&cto=5169&edx=8&furl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fus_privacy%3D1---%26client%3Dca-pub-8484846442376136%26output%3Dhtml%26h%3D600%26slotname%3D7992105487%26adk%3D2585668214%26adf%3D2175242420%26pi%3Dt.ma~as.7992105487%26w%3D160%26abgtt%3D9%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1723972423%26rafmt%3D1%26format%3D160x600%26url%3Dhttps%253A%252F%252Fgetgreenshot.org%252Fthank-you%252F%253Flanguage%253Den%2526version%253D1.2.10.6%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.%26dt%3D1733838032225%26bpp%3D1%26bdt%3D6475%26idt%3D3995%26shv%3Dr20241205%26mjsv%3Dm202412040102%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie_enabled%3D1%26eoidce%3D1%26prev_fmts%3D728x280%26correlator%3D5666469010253%26frm%3D20%26pv%3D1%26u_tz%3D-300%26u_his%3D1%26u_h%3D1024%26u_w%3D1280%26u_ah%3D984%26u_aw%3D1280%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D847%26ady%3D1332%26biw%3D1017%26bih%3D870%26scr_x%3D0%26scr_y%3D0%26eid%3D31089337%252C95344791%252C95347444%252C95345966%26oid%3D2%26pvsid%3D1514068227346676%26tmod%3D1978764241%26uas%3D0%26nvt%3D1%26fc%3D896%26brdim%3D10%252C10%252C10%252C10%252C1280%252C0%252C1050%252C964%252C1034%252C870%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26bz%3D1.02%26td%3D1%26tdf%3D0%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26nt%3D1%26ifi%3D2%26uci%3Da!2%26btvi%3D1%26fsb%3D1%26dtd%3D4002&ctp=creative&cnm=carmax_ng	0%	Avira URL Cloud	safe
http://imgur.com))	0%	Avira URL Cloud	safe
http://getgreenshot.org)	0%	Avira URL Cloud	safe
http://microsoftmercenary.com/wp/outlook-excel-interop-calls-breaking-solved/	0%	Avira URL Cloud	safe
http://internet.e-mail	0%	Avira URL Cloud	safe
http://sapfir.ucoz.ru	0%	Avira URL Cloud	safe
http://logging.apache.org/log4net/release/sdk/log4net.Layout.PatternLayout.html	0%	Avira URL Cloud	safe
http://getgreenshot.org1	0%	Avira URL Cloud	safe
http://getgreenshot.org5Authorize	0%	Avira URL Cloud	safe
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
ep1.adtrafficquality.google	172.217.19.162	true	false	high
serve.rtbrain.app	104.26.3.190	true	false	high
github.com	20.233.83.145	true	false	high
g.rtbrain.app	104.26.3.190	true	false	high
i1.wp.com	192.0.77.2	true	false	high
g4.bidbrain.app	34.8.123.242	true	false	high
ep2.adtrafficquality.google	172.217.19.193	true	false	high
g4.rtbrain.app	34.8.97.127	true	false	unknown
cs1150.wpc.betacdn.net	192.229.221.25	true	false	high
googleads.g.doubleclick.net	172.217.19.194	true	false	high
www3.l.google.com	172.217.17.46	true	false	high
cdn.bidbrain.app	104.21.80.92	true	false	high
www.google.com	142.250.181.100	true	false	high
cdn.rtbrain.app	104.26.2.190	true	false	high
objects.githubusercontent.com	185.199.108.133	true	false	high
serve.bidbrain.app	104.21.80.92	true	false	high
getgreenshot.org	172.67.164.214	true	false	high
g.bidbrain.app	104.21.80.92	true	false	high
g6.bidbrain.app	unknown	unknown	false	high
fundingchoicesmessages.google.com	unknown	unknown	false	high
imgsct.cookiebot.com	unknown	unknown	false	high
g6.rtbrain.app	unknown	unknown	false	unknown
consentcdn.cookiebot.com	unknown	unknown	false	high
consent.cookiebot.com	unknown	unknown	false	high
api.flattr.com	unknown	unknown	false	unknown
www.paypalobjects.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://i1.wp.com/www.paypalobjects.com/en_US/i/scr/pixel.gif?resize=1%2C1&ssl=1	false		high
https://cdn.bidbrain.app/ng-assets/creative/assets/polyfills-a3f452c3.js	false		high
https://g.rtbrain.app/rtimp	false		high
https://cdn.rtbrain.app/compressedFonts/RobotoRegular.woff2	false		high
https://googleads.g.doubleclick.net/pagead/adview?ai=C-L59ejZYZ83eAZ6Q9fgP_I-9OL2qz8116aLc1sQSwI23ARABIABgyQaCARdjYS1wdWItODQ4NDg0NjQ0MjM3NjEzNsgBCagDAcgDAqoE8wFP0MhR3hqXkZQE2fUWBf3Bb3S5g292P6eUxUBHL5GYS8IAEqOfE8oLwhteeqW0MJ_VlEKEvbDBtLCE9bD7Jt2xJykoLO_dLpAiMU2sB4cErAf7yFLT2PvYg1zs3TX1z5nhXTDzNSI3qYyJ15BXwq0kbC7F8LWWIWGbuwAajbBzZrDm-gIMJ3_p74KvVPcoPA3yuwwizgWfZPCGXOYPzk8FastSL6NoXTpggnijcT_39M_hsgsgnp-fUVp9dykiU1gNGGYrQL7TuvCYWrJ6WjpCoyN5zT4YsE6DJnWwyP9VKmBdq3zyu0cBUfHLrxxeA4lTwNaABpippfDUnNG1wgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggkCIBhEAEyAooCOguAQIDAgICAoKiAAki9_cE6WLLh_amcnYoDgAoB-gsCCAGADAHQFQGAFwGyFxwKGBIUcHViLTg0ODQ4NDY0NDIzNzYxMzYYABgM&sigh=LE62tMTwQ9U&uach_m=%5BUACH%5D&cid=CAQSTgCa7L7dkUEwvysm0omZeyqmMY2IecxIT5i9jyZEkSh9328Jb_yQutv-Dvmbf7Ijzfdr6nTQSw53ndWIbiiJ1308boz5Uk9NphtuuIRomhgB	false		high
https://cdn.bidbrain.app/ng-assets/creative/assets/index-3059519d.js	false		high
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&h=280&slotname=6875409483&adk=755143415&adf=2071877279&pi=t.ma~as.6875409483&w=728&abgtt=9&fwrn=4&fwrnh=100&lmt=1723972423&rafmt=1&format=728x280&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032217&bpp=8&bdt=6466&idt=3963&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=5666469010253&frm=20&pv=2&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=273&ady=28&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=3987	false		high
https://www.paypalobjects.com/en_US/i/btn/btn_donate_SM.gif	false		high
https://serve.rtbrain.app/sig.js?rpclid=c81371f9-b6f3-11ef-af82-e26199aa924a&params=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo	false		high
https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html	false		high
https://cdn.rtbrain.app/ng-assets/creative/assets/index-3059519d.js	false		high
https://cdn.bidbrain.app/ext/download-icon_1697445891.svg+xml	false		high
https://g4.rtbrain.app/rtimp?sid=c81371f9-b6f3-11ef-af82-e26199aa924a&d=getgreenshot.org&cr=carmax_ng&gid=&im=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo&p=Z1g2egAAb00JHUgeAA9H_H6qw2u5BGnAjTxAng&r=1824723530&a=ipv4&ow=1050&oh=964&iw=160&ih=600&tzof=300&tz=America%2FNew_York&pxr=1&cts=1733838048.462&cto=5169&edx=8&furl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fus_privacy%3D1---%26client%3Dca-pub-8484846442376136%26output%3Dhtml%26h%3D600%26slotname%3D7992105487%26adk%3D2585668214%26adf%3D2175242420%26pi%3Dt.ma~as.7992105487%26w%3D160%26abgtt%3D9%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1723972423%26rafmt%3D1%26format%3D160x600%26url%3Dhttps%253A%252F%252Fgetgreenshot.org%252Fthank-you%252F%253Flanguage%253Den%2526version%253D1.2.10.6%26fwr%3D0%26rpe%3D1%26resp_fmts%3D4%26wgl%3D1%26uach%3DWyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.%26dt%3D1733838032225%26bpp%3D1%26bdt%3D6475%26idt%3D3995%26shv%3Dr20241205%26mjsv%3Dm202412040102%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26cookie_enabled%3D1%26eoidce%3D1%26prev_fmts%3D728x280%26correlator%3D5666469010253%26frm%3D20%26pv%3D1%26u_tz%3D-300%26u_his%3D1%26u_h%3D1024%26u_w%3D1280%26u_ah%3D984%26u_aw%3D1280%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D847%26ady%3D1332%26biw%3D1017%26bih%3D870%26scr_x%3D0%26scr_y%3D0%26eid%3D31089337%252C95344791%252C95347444%252C95345966%26oid%3D2%26pvsid%3D1514068227346676%26tmod%3D1978764241%26uas%3D0%26nvt%3D1%26fc%3D896%26brdim%3D10%252C10%252C10%252C10%252C1280%252C0%252C1050%252C964%252C1034%252C870%26vis%3D1%26rsz%3D%257C%257CeEbr%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26bz%3D1.02%26td%3D1%26tdf%3D0%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26nt%3D1%26ifi%3D2%26uci%3Da!2%26btvi%3D1%26fsb%3D1%26dtd%3D4002&ctp=creative&cnm=carmax_ng	false	Avira URL Cloud: safe	unknown
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241205&st=env	false		high
https://a.nel.cloudflare.com/report/v4?s=i%2BV%2FjFT4Q2PtnpofDjlPm4y4My4hQl%2FvB31ENK1iZsRGlaOknTWq%2Fs7%2BqgBYeMd3Zmf0haZd8pEdB6Kg6%2B2FaXlcUFF6DQFTmfXIsd%2BkUUuSFWlZJEWXrSRpxTePdSAFkl9O	false		high
https://g.bidbrain.app/rtimp?a=imp&cr=ext_download_ghst_inss&d=getgreenshot.org&gid=&im=iJvJQRYYxVLUTnxY11srwZ9dznCv0UIHp9dE0CV_3LsDI3m0jJAOgF0Zajbw7YWcQ4ILez6nNRnitwUOcInviVtG_OLFkOLnRn-VUms5btfXLhXBuHlrO8q3mAerQSYZgajYp48cDrvdIHPGO_iFQIEvsbdvxV4uvBZheSGcnc__GhKSRPcobOba82MfPdOsR4oQGmORGJsGqC46WEqPBTc5OMtYZQLR9EePwiLSbsF-JdIFUhOBEj2IyPx8PjrqLTd7B3s1G0k2ZB-7puPed9hhC7gBXwqAgGZld14ZmKZJMS8cLVHosdEtAoKGgFNqt10dQkJ1HsYIDH45TLZ10cpaIDDKO5W5SruprYJHADttusuQHCMJ7xDK0Ev5YK701yyqvGvfbwbphCUWhl75HA&p=Z1g2egAASr0JHV4uACWP6MSw3tfFij6Sy6wWdA&sid=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0	false		high
https://googleads.g.doubleclick.net/pagead/adview?ai=Cg_5dejZYZ72VAa689fgP6J-WiQq9qs_Ndemi3NbEEsCNtwEQASAAYMkGggEXY2EtcHViLTg0ODQ4NDY0NDIzNzYxMzbIAQmoAwHIAwKqBO4BT9BaH_Xsayn0jrRizsVJb12-2qoA290oDT_oNduzws0yHNMwiGv2SC3G4be9vpdwIpHzsKnQOcgi0iXlS_1-yiiWHcg2m0mOP-uTZ6lhrJ-SGRtQ8vcj5kqlIOR_tKa26hwZHkUOirLY-Qfu35GhOfs-hcjHy1EYeUoQ9js7EQIWpVxsfJEpnq46aZJJKVuNfcIREkWBYUF__-BnsjmrvZLb_YVh2WXJj0K9rWwH2WTJcMqaqwtuuLLLqgU98nzLMrT35oqSZ0mUpsTq_lxnR5YxTuAM0x2KMG2XbZEGC7PUT8A5W5WDP2goNP9NyYAGnaSUm9G6s9j4AaAGIagHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQKoB62-sQLYBwDSCCQIgGEQATICigI6C4BAgMCAgICgqIACSL39wTpYoZz9qZydigOACgH6CwIIAYAMAdAVAYAXAbIXHAoYEhRwdWItODQ4NDg0NjQ0MjM3NjEzNhgAGAw&sigh=fNH2etI9AxE&uach_m=%5BUACH%5D&cid=CAQSTwCa7L7de9ATykTwRm-jhetQQwZQRHe0Bx4W-YwhJTwgyBRcMze5exyX3tPOljHhMNup4ZWjnAQnJfXm3AL4ck9Fw6NEOT20LaryUcfU4BcYAQ	false		high
https://g.rtbrain.app/rtimp?a=imp&cr=carmax_ng&d=getgreenshot.org&gid=&im=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo&p=Z1g2egAAb00JHUgeAA9H_H6qw2u5BGnAjTxAng&sid=c81371f9-b6f3-11ef-af82-e26199aa924a	false		high
https://cdn.bidbrain.app/compressedFonts/RobotoRegular.woff2	false		high
https://cdn.rtbrain.app/ng-assets/creative/assets/polyfills-a3f452c3.js	false		high
https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1723972423&plaf=2%3A2&plat=1%3A16777216%2C3%3A65536%2C4%3A65536%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=29_18~30_19&aiixl=29_5~30_6&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032226&bpp=18&bdt=6475&idt=4012&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x280%2C160x600&nras=1&correlator=5666469010253&frm=20&pv=1&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fsapi=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&fsb=1&dtd=4019	false		high
https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	false		high
https://ep2.adtrafficquality.google/sodar/sodar2.js	false		high
https://cdn.rtbrain.app/ng-assets/creative/assets/index-a5279e2a.css	false		high
https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://internet.e-mail	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://sourceforge.net	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	false		high
http://crl.microsoft	Greenshot.exe, 00000022.00000002.2580462560.000000001F158000.00000004.00000020.00020000.00000000.sdmp	false		high
https://objects.githubusercontent.com/github-production-release-asset-2e65be/36756917/239aedb0-7d29-	cmdline.out.0.dr	false		high
https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTAL	wget.exe, 00000002.00000002.1321294495.0000000000CA5000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320907380.0000000000B4B000.00000004.00000020.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, cmdline.out.0.dr	false		high
https://github.com/greenshot/greenshot	Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	false		high
https://ep2.adtrafficquality.google	chromecache_304.50.dr	false		high
http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6=	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.00000000007B4000.00000004.00000020.00020000.00000000.sdmp	false		high
http://sourceforge.net/projects/greenshot/files/	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	false		high
http://logging.apache.org/l	Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://sourceforge/projects/greenshot/files/release/Greenshot/Greenshot-INSTALLER-1.2.10.6-RELEASE.e	Greenshot.exe, 00000022.00000002.2569538071.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.0000000003070000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://getgreenshot.org/tickets/	Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	false		high
http://getgreenshot.org/project-feed/	Greenshot.exe, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr	false		high
https://www.google.com	chromecache_304.50.dr	false		high
http://microsoftmercenary.com/wp/outlook-excel-interop-calls-breaking-solved/	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2580312791.000000001D162000.00000002.00000001.01000000.0000001C.sdmp, is-G7CBU.tmp.12.dr	false	Avira URL Cloud: safe	unknown
https://fundingchoicesmessages.google.com/i/$	chromecache_242.50.dr	false		high
http://www.jrsoftware.org/isinfo.php	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, is-KO0QL.tmp.12.dr	false	Avira URL Cloud: safe	unknown
http://imgur.com))	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023CF000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://getgreenshot.org/?locale=default&page=support	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	false		high
https://getgreenshot.org/downloads/Rhttps://getgreenshot.org/version-history/:http://getgreenshot.or	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	false		high
http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6lnkqm;	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023B2000.00000004.00001000.00020000.00000000.sdmp	false		high
https://cdn.ampproject.org/amp4ads-host-v0.js	chromecache_242.50.dr	false		high
http://getgreenshot.org/project-feed/4Windows.UI.Core.CoreWindow	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr	false		high
https://googleads.g.doubleclick.net/pagead/html/$	chromecache_242.50.dr	false		high
http://getgreenshot.orgq	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.0000000002201000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023FA000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	Greenshot.exe, 00000022.00000002.2569538071.00000000035E6000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.certum.pl/CPS0	wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1321255834.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320931350.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	false		high
https://api.imgur.com/oauth2/authorize?response_type=token&client_id=	is-FRL84.tmp.12.dr	false		high
http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6$5	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2013367959.00000000007DC000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.00000000007DB000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/greenshot/gre	Greenshot.exe, 00000022.00000002.2569538071.00000000030C4000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/adsense	chromecache_299.50.dr, chromecache_256.50.dr	false		high
http://getgreenshot.org)	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.innosetup.com/	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FD20000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000024D0000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000000.1334046551.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr	false		high
https://getgreenshot.org/downloads/	Greenshot.exe	false		high
https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=231	chromecache_283.50.dr	false		high
http://p.yusukekamiyamane.com	Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	false		high
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=232	chromecache_304.50.dr	false		high
https://ep1.adtrafficquality.google/pagead/gen_204?id=sodar2&v=232	chromecache_304.50.dr	false		high
http://www.gnu.org/philosophy/why-not-lgpl.html	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002301000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004666525.0000000000776000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1465306385.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1359892340.00000000007AC000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.00000000007DB000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004980686.00000000034A5000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1411026812.00000000007BF000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1654899357.00000000007D5000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004555973.0000000009C21000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2013367959.0000000000800000.00000004.00000020.00020000.00000000.sdmp, is-MC6NE.tmp.12.dr	false		high
http://crl.certum.pl/ctnca.crl0k	wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1321255834.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320931350.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	false		high
http://exslt.org/common	Greenshot.exe, Greenshot.exe, 00000022.00000002.2585647048.00007FFB0A5D5000.00000020.00000001.01000000.00000015.sdmp, System.Data.SqlXml.dll.20.dr, System.Data.SqlXml.dll.33.dr	false		high
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, is-KO0QL.tmp.12.dr	false		high
http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2009204020.000000000074C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://securepubads.g.doubleclick.net/pagead/js/cocar.js	chromecache_242.50.dr	false		high
https://securepubads.g.doubleclick.net/pagead/js/car.js	chromecache_242.50.dr	false		high
http://mathiasbynens.be/	chromecache_242.50.dr	false		high
http://sapfir.ucoz.ru	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.certum.pl/repository.0	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe.2.dr	false		high
http://getgreenshot.org	Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	false		high
https://sourceforge.net/tracker/?group_id=191585&atid=1368020	is-KBTLU.tmp.12.dr	false		high
https://www.google.com/adsense/search/async-ads.js	chromecache_242.50.dr	false		high
https://stats.g.doubleclick.net/j/collect?	chromecache_248.50.dr, chromecache_289.50.dr	false		high
http://logging.apache.org/log4net/release/sdk/log4net.Layout.PatternLayout.html	Greenshot.exe, 00000030.00000002.2041578628.0000000002831000.00000004.00000800.00020000.00000000.sdmp, is-7U8BG.tmp.12.dr	false	Avira URL Cloud: safe	unknown
https://api.imgur.com/oauth2/token	Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	false		high
http://sourceforge.net/p/greenshot/discussion/676082/thread/31a08c8c	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.000000000218A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1332524001.0000000002390000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004076390.0000000000789000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.0000000002301000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2003508227.0000000009C21000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2004980686.00000000034A5000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1411026812.00000000007BF000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1465016123.00000000007C4000.00000004.00000020.00020000.00000000.sdmp, is-IRQOL.tmp.12.dr	false		high
http://www.gnu.org/licenses/gpl.html	Greenshot.exe, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	false		high
http://googleads.g.doubleclick.net	chromecache_233.50.dr, chromecache_274.50.dr, chromecache_242.50.dr	false		high
http://getgreenshot.org1	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.2014854414.0000000002201000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023FA000.00000004.00001000.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://getgreenshot.org5Authorize	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000030.00000002.2054284401.00007FFB05499000.00000020.00000001.01000000.0000000E.sdmp, GreenshotPlugin.dll.31.dr, is-G9E21.tmp.12.dr	false	Avira URL Cloud: safe	unknown
https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=231	chromecache_283.50.dr	false		high
https://getgreenshot.org/downloads/SSkipping	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004CA0000.00000004.00001000.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000000.1869659394.0000000000C82000.00000002.00000001.01000000.0000000B.sdmp, Greenshot.exe, 00000030.00000002.2056650905.00007FFB0690D000.00000020.00000001.01000000.0000000D.sdmp	false		high
https://ep2.adtrafficquality.google/sodar/$	chromecache_242.50.dr	false		high
https://api.imgur.com/oauth2/token#https://imgur.com	Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	false		high
http://getgreenshot.org/thank-you/?language=	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2007188045.00000000023AB000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1335130768.0000000003200000.00000004.00001000.00020000.00000000.sdmp	false		high
https://api.imgur.com/3p	Greenshot.exe, 00000022.00000002.2569538071.0000000003552000.00000004.00000800.00020000.00000000.sdmp	false		high
http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.2009204020.000000000074C000.00000004.00000020.00020000.00000000.sdmp	false		high
http://repository.certum.pl/cscasha2.cer0	wget.exe, 00000002.00000002.1321268966.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320885332.0000000000B81000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B77000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320452553.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1320961141.0000000000B82000.00000004.00000020.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333418866.000000007FE35000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000003.1333174540.00000000025E9000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F40000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000002.2010069700.000000000018D000.00000004.00000010.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004F4A000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004D3D000.00000004.00001000.00020000.00000000.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DAD000.00000004.00001000.00020000.00000000.sdmp, is-MRB0V.tmp.12.dr, is-DUKD2.tmp.12.dr, Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp.11.dr, is-3MASU.tmp.12.dr, is-27J1D.tmp.12.dr, is-FRL84.tmp.12.dr, is-G7CBU.tmp.12.dr, is-G9E21.tmp.12.dr	false		high
https://imgur.com/delete/	Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	false		high
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe, 0000000B.00000000.1331714722.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Greenshot-INSTALLER-1.2.10.6-RELEASE.exe.2.dr	false	Avira URL Cloud: safe	unknown
https://getgreenshot.org	Greenshot.exe, 00000022.00000002.2569538071.00000000030C1000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000030C4000.00000004.00000800.00020000.00000000.sdmp, Greenshot.exe, 00000022.00000002.2569538071.00000000035FB000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/envelope/	System.Runtime.Serialization.Formatters.Soap.dll.39.dr, System.Runtime.Serialization.Formatters.Soap.dll.23.dr	false		high
https://sourceforge.net/tracker/?group_id=191585&atid=1368020	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp, 0000000C.00000003.1982194233.0000000004DE6000.00000004.00001000.00020000.00000000.sdmp	false		high
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html	chromecache_242.50.dr	false		high
http://google.com	chromecache_242.50.dr	false		high
https://api.imgur.com/3V	Greenshot.exe, 00000022.00000002.2580131940.000000001D122000.00000002.00000001.01000000.0000001A.sdmp, is-FRL84.tmp.12.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.176.164	unknown	United States	13335	CLOUDFLARENETUS	false
104.26.2.190	cdn.rtbrain.app	United States	13335	CLOUDFLARENETUS	false
104.21.10.247	unknown	United States	13335	CLOUDFLARENETUS	false
34.8.97.127	g4.rtbrain.app	United States	2686	ATGS-MMD-ASUS	false
192.229.221.25	cs1150.wpc.betacdn.net	United States	15133	EDGECASTUS	false
172.217.19.194	googleads.g.doubleclick.net	United States	15169	GOOGLEUS	false
172.217.19.193	ep2.adtrafficquality.google	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
192.0.77.2	i1.wp.com	United States	2635	AUTOMATTICUS	false
20.233.83.145	github.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.250.181.100	www.google.com	United States	15169	GOOGLEUS	false
34.8.123.242	g4.bidbrain.app	United States	2686	ATGS-MMD-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.19.162	ep1.adtrafficquality.google	United States	15169	GOOGLEUS	false
142.250.181.1	unknown	United States	15169	GOOGLEUS	false
172.67.74.191	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.80.92	cdn.bidbrain.app	United States	13335	CLOUDFLARENETUS	false
185.199.108.133	objects.githubusercontent.com	Netherlands	54113	FASTLYUS	false
104.26.3.190	serve.rtbrain.app	United States	13335	CLOUDFLARENETUS	false
142.250.181.33	unknown	United States	15169	GOOGLEUS	false
142.250.181.98	unknown	United States	15169	GOOGLEUS	false
172.67.164.214	getgreenshot.org	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.7

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1572350
Start date and time:	2024-12-10 13:36:56 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	urldownload.jbs
Sample URL:	https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	52
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.evad.win@76/365@91/23
EGA Information:	Successful, ratio: 25%
HCA Information:	Failed

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.214.172, 172.217.21.35, 172.217.19.238, 64.233.162.84, 172.217.17.46, 172.217.19.170, 2.21.20.4, 2.21.20.7, 142.250.181.99, 142.250.181.66, 23.45.111.185, 172.217.17.66, 142.250.181.104, 172.217.17.40, 172.217.21.33, 172.217.17.35, 13.107.246.63, 20.12.23.50, 104.85.0.109
Excluded domains from analysis (whitelisted): fonts.googleapis.com, fs.microsoft.com, e3849.dsca.akamaiedge.net, accounts.google.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, time.windows.com, pagead2.googlesyndication.com, fe3cr.delivery.mp.microsoft.com, ssl.google-analytics.com, clients2.google.com, redirector.gvt1.com, imgsct.cookiebot.com.edgekey.net, tpc.googlesyndication.com, update.googleapis.com, consent.cookiebot.com-v2.edgekey.net, clients.l.google.com, consentcdn.cookiebot.com-v1.edgekey.net, e110990.dsca.akamaiedge.net
Execution Graph export aborted for target Greenshot.exe, PID 6512 because there are no executed function
Execution Graph export aborted for target Greenshot.exe, PID 6996 because it is empty
Execution Graph export aborted for target GreenshotOCRCommand.exe, PID 7076 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe

Simulations

Behavior and APIs

Time	Type	Description
08:40:13	API Interceptor	1629x Sleep call for process: Greenshot.exe modified
14:39:59	Autostart	Run: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run Greenshot C:\Program Files\Greenshot\Greenshot.exe

LLM Input / Output

Input	Output
URL: https://github.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": true, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://github.com
URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Donate", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false }

URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "brands": [ "PayPal", "Amazon" ] }
	{ "brands": [ "PayPal", "Amazon" ] }
URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "brands": [ "PayPal", "Amazon" ] }
	{ "brands": [ "PayPal", "Amazon" ] }
URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "brands": [ "PayPal", "Amazon" ] }
	{ "brands": [ "PayPal", "Amazon" ] }
URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "brands": [ "Greenshot", "PayPal", "Amazon" ] }
	{ "brands": [ "Greenshot", "PayPal", "Amazon" ] }
URL: https://getgreenshot.org/thank-you/?language=en&version=1.2.10.6 Model: Joe Sandbox AI	{ "brands": [ "PayPal", "Amazon" ] }
	{ "brands": [ "PayPal", "Amazon" ] }

Process:	C:\Users\user\AppData\Local\Temp\is-S77MD.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	527792
Entropy (8bit):	6.1036017278120385
Encrypted:	false
SSDEEP:	12288:qIska30pZKIpno9eKXt2w3Po52QIUtMbYKUnwLu8m3mkDGYP8/Gc5oTr6zG/P9PI:YxUR5LgcOoINdSjQk2
MD5:	346D22939E3079901F0DFAC7ADD71C94
SHA1:	67EA9F4F56C7C4189745AAB05C614A6E615D9E7E
SHA-256:	FDC3900DA9CF5B4B7F4B461EB54F2F7ABF2AF104DE8BFDD0B7F6A46F092F9CC6
SHA-512:	3D845AEE807F6FC711F212229595BA2DFEEC760C649B7B0F4398CBA8091FAB8EB63DD551B46F49840A2DE2C2B872130B4B5E90F95FF2757381E96BE4B066122D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....+.Y.........."...0..p...`......6.... ........@.. ....................... ......J.....@....................................O........I...............-........................................................... ............... ..H............text....l... ...p.................. ..`.rsrc....I.......P..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	ASCII text, with very long lines (561), with CRLF line terminators
Category:	modified
Size (bytes):	4723
Entropy (8bit):	4.156268870930375
Encrypted:	false
SSDEEP:	48:iE654re398Vre398ODuDW6gvocfw38w7164SVoqy:x6ADgQr37Y4Tj
MD5:	B806835DE5FBD3E0AA7E2F010EAF956B
SHA1:	752D742A35F2E97BED162A6AB2CB44922007BAA2
SHA-256:	A1D42FECF0534613FC51B5870169907ED30C33D3598B7576E1819820A189D275
SHA-512:	83EE44A9AA818D2CED8BD147635201519ABCC7BB142248F6145B1D6547130CACBE4123B4CD8323F1414949406E110B10A648962F99CE10E19B65054E518B0A42
Malicious:	false
Reputation:	low
Preview:	--2024-12-10 07:37:49-- https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe..Resolving github.com (github.com)... 20.233.83.145..Connecting to github.com (github.com)\|20.233.83.145\|:443... connected...HTTP request sent, awaiting response... 302 Found..Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/36756917/239aedb0-7d29-11e7-9f9c-d36ec4466ade?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241210T123752Z&X-Amz-Expires=300&X-Amz-Signature=701b82f72e9824a14055b0ba2b558b900cdd163eeb2d7e05257d383f92379f85&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DGreenshot-INSTALLER-1.2.10.6-RELEASE.exe&response-content-type=application%2Foctet-stream [following]..--2024-12-10 07:37:52-- https://objects.githubusercontent.com/github-production-release-asset-2e65be/36756917/239

Process:	C:\Windows\SysWOW64\wget.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1783200
Entropy (8bit):	7.955817712928208
Encrypted:	false
SSDEEP:	49152:Cjt17kLz5P3mucJZCliSAbFXHrZy0HCxgdjmyZ3xog:AjkLlP2bClDC9Fjd
MD5:	C16F86882D5A102ED7A0FBBC0874D102
SHA1:	4E3AC7A53F0F368B9218BF717162D5E073A0F7DF
SHA-256:	1687311B4E7A3720BE20490E8ED6CC772A32336A7BED8896E475B8EC616C6B81
SHA-512:	90B7AAC54467B266A9DD9CE7C83A156D3D99F7AEB1AD0E3E2EF5516B38270112DAE07892E3E80765C3508484E3EE66E7439DB0512A63B48F64E6B15E83285F67
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	low
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......W..................................... ....@..................................J....@......@.......................................................-...........................................................................................text...D........................... ..`.itext..d........................... ..`.data........ ......................@....bss.....V...0...........................idata..............................@....tls.................&...................rdata...............&..............@..@.rsrc................(..............@..@....................................@..@........................................................................................................................................

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	modified
Size (bytes):	363497
Entropy (8bit):	5.364056943039391
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgau/:zTtbmkExhMJCIpEO
MD5:	129CD082FB29BB08FDD65B8367B798B9
SHA1:	E612C52B7851EABA04E906934F73A978B57DBB50
SHA-256:	CE1DD3EFE2E830F97C2AA1F1B8A70FA9BCDB84D1675507AEAEFA166F82A499B7
SHA-512:	CBEC9CE080CFE38FCE5E89B7958B99D072353064747FFCCE4C3C087A7A1F1C898FB96A916E7D0D6235E957B39B8719CA9B064CDF843070FD468901682B339474
Malicious:	false
Reputation:	low
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3533)
Category:	dropped
Size (bytes):	222749
Entropy (8bit):	5.453364917537705
Encrypted:	false
SSDEEP:	6144:Giwcm/IpG4DMcdc/Fa9BDrk7m7U7ozJgs:yP/I5jMI
MD5:	ADB4D93F80755314547B699C181145BD
SHA1:	87BBCFD9E29A8BBB0ED8177AEB0F930499592AB7
SHA-256:	AF6B15D8917BD5AB039B73DB5F939C17DF1ACA2ACF7D4AC9D8F44A005EDAF6D6
SHA-512:	39DD81FFB91A9340D97B77E689B06D7D45201511CDF44352F3F1406AC3FEEAF2B786ECF13F08ADD5F0725610ECC3F24B2E87D5A8518CC2818F765921A0CA626C
Malicious:	false
Reputation:	low
Preview:	(function(){var n,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");},da=.ca(this),p=function(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.p("Symbol",function(a){if(a)return a;var b=function(f,g){this.Lg=f;ba(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.Lg};var c="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",d=0,e=function(f){if(this instanceof e

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 10, 2024 13:37:50.171041012 CET	59585	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:37:50.313745022 CET	53	59585	1.1.1.1	192.168.2.7
Dec 10, 2024 13:37:52.903665066 CET	50014	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:37:53.044850111 CET	53	50014	1.1.1.1	192.168.2.7
Dec 10, 2024 13:37:58.519097090 CET	123	123	192.168.2.7	40.81.94.65
Dec 10, 2024 13:37:59.852190018 CET	123	123	40.81.94.65	192.168.2.7
Dec 10, 2024 13:38:52.731740952 CET	138	138	192.168.2.7	192.168.2.255
Dec 10, 2024 13:38:59.241219997 CET	50924	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:38:59.384212017 CET	53	50924	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:04.966734886 CET	63562	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:04.966962099 CET	59688	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:05.113426924 CET	53	63562	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:05.114852905 CET	53	64454	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:05.125622988 CET	53	59688	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:05.369796038 CET	53	63326	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:05.585027933 CET	55619	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:05.585179090 CET	55210	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:05.726696968 CET	53	55210	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:05.726712942 CET	53	55619	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:08.397783995 CET	53	63733	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:08.878844976 CET	54351	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:08.878998995 CET	57022	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:09.023125887 CET	53	54351	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:09.023242950 CET	53	57022	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:09.046308994 CET	57613	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:09.046468973 CET	62035	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:09.191175938 CET	53	50610	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:09.763720036 CET	58696	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:09.763875961 CET	57719	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:09.900551081 CET	53	57719	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:09.901000977 CET	53	58696	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:10.275954008 CET	54278	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:10.276118040 CET	61873	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:10.414875031 CET	53	54278	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:10.800914049 CET	61495	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:10.801074982 CET	59656	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:10.940721989 CET	53	61495	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:10.941772938 CET	53	59656	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:11.026910067 CET	53	61873	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:11.715861082 CET	53042	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:11.716005087 CET	55980	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:11.946666002 CET	54919	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:11.946805954 CET	50489	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:12.055120945 CET	60567	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:12.055262089 CET	59439	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:12.792164087 CET	63081	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:12.792406082 CET	56524	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:12.931016922 CET	53	56524	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:13.012028933 CET	53	63081	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:14.399048090 CET	55354	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:14.399214983 CET	61835	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:14.423789978 CET	51516	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:14.424901962 CET	57853	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:14.537780046 CET	53	61835	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:14.538486958 CET	53	55354	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:15.367309093 CET	62116	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:15.367579937 CET	52142	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:15.416625023 CET	50382	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:15.416809082 CET	51584	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:15.622169018 CET	53	59246	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:15.865123987 CET	53	50382	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:15.865137100 CET	53	51584	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:15.960036039 CET	53476	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:16.101376057 CET	53	53476	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:16.464107037 CET	62688	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:16.464344978 CET	58716	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:16.602627993 CET	53	58716	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:16.602677107 CET	53	62688	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:17.776698112 CET	61553	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:17.776844978 CET	55137	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:18.656591892 CET	53	60187	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:19.511535883 CET	52077	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:19.511682987 CET	61154	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:19.512958050 CET	62212	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:19.513195992 CET	54003	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:19.648612022 CET	53	52077	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:19.651096106 CET	53	62212	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:19.651106119 CET	53	54003	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:19.651197910 CET	53	61154	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:22.393670082 CET	53063	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:22.394160032 CET	62369	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:22.395611048 CET	51568	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:22.395957947 CET	59537	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:22.537214041 CET	53	53063	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:22.538753033 CET	53	62369	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:22.539869070 CET	53	59537	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:22.539915085 CET	53	51568	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.079632044 CET	59120	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.079931974 CET	64215	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.086955070 CET	65463	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.087212086 CET	63841	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.098006010 CET	59382	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.098146915 CET	65101	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.102967978 CET	63010	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.103543997 CET	65159	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.312666893 CET	53	64215	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.312889099 CET	53	59120	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.313087940 CET	53	65463	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.313155890 CET	53	63841	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.336220026 CET	53	49995	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.437860012 CET	53	63010	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.438188076 CET	53	59382	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.441382885 CET	53	65159	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.442327976 CET	53	65101	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.531982899 CET	60206	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.532519102 CET	55034	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:23.676136017 CET	53	55034	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:23.677345037 CET	53	60206	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.007791996 CET	52224	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.008102894 CET	52376	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.147258997 CET	53	52224	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.147552013 CET	53	52376	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.401633978 CET	59783	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.401781082 CET	54728	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.402134895 CET	54638	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.402267933 CET	59677	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.478404999 CET	55429	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.478575945 CET	56268	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.538790941 CET	53	59677	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.538887978 CET	53	59783	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.539176941 CET	53	54638	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.539341927 CET	53	54728	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.620002985 CET	53	55429	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.620228052 CET	53	56268	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.634032965 CET	54290	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.634202957 CET	60749	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.651504993 CET	65058	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.651643038 CET	60192	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:25.656208992 CET	53	60673	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.775832891 CET	53	54290	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.776617050 CET	53	60749	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.789231062 CET	53	65058	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:25.790800095 CET	53	60192	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:26.410505056 CET	51149	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:26.410645008 CET	55462	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:26.488177061 CET	58150	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:26.488579988 CET	52354	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:26.534770966 CET	53	62369	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:26.550223112 CET	53	51149	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:26.550235033 CET	53	55462	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:26.638331890 CET	53	58150	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:26.638344049 CET	53	52354	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:26.967823029 CET	64142	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:26.968014002 CET	53119	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:26.970304966 CET	61895	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:26.970665932 CET	60053	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:27.113756895 CET	53	64142	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:27.114078045 CET	53	53119	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:27.115788937 CET	53	61895	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:27.115806103 CET	53	60053	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:27.489834070 CET	50147	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:27.489968061 CET	58957	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:27.627463102 CET	53	58957	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:27.629486084 CET	53	50147	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:29.590859890 CET	59305	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:29.591129065 CET	60799	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:29.729806900 CET	53	59305	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:29.731879950 CET	53	60799	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:31.753916979 CET	61754	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:31.754061937 CET	64665	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:31.754998922 CET	63963	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:31.755136013 CET	60261	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:31.901855946 CET	53	63963	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:31.902266026 CET	53	60261	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:31.902998924 CET	60852	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:31.903951883 CET	53	64665	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:31.907601118 CET	53	61754	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:32.045772076 CET	53	60852	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:40.055990934 CET	65323	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:40.056124926 CET	51031	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:40.056556940 CET	57443	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:40.056682110 CET	62042	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:40.196080923 CET	53	65323	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:40.196093082 CET	53	51031	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:40.196230888 CET	53	62042	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:40.196558952 CET	53	57443	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:40.197494030 CET	53975	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:40.335799932 CET	53	53975	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:44.763403893 CET	53	51662	1.1.1.1	192.168.2.7
Dec 10, 2024 13:39:58.132276058 CET	61579	53	192.168.2.7	1.1.1.1
Dec 10, 2024 13:39:58.273704052 CET	53	61579	1.1.1.1	192.168.2.7
Dec 10, 2024 13:40:04.444315910 CET	53	64014	1.1.1.1	192.168.2.7

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 13:38:59.542570114 CET	80	OUT	HEAD /project-feed/ HTTP/1.1 Host: getgreenshot.org Connection: Keep-Alive
Dec 10, 2024 13:39:00.631874084 CET	866	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 10 Dec 2024 12:39:00 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Tue, 10 Dec 2024 13:39:00 GMT Location: https://getgreenshot.org/project-feed/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kL3S8pqs%2FG9X9K4hHzOZ1YaJwvLGmHu%2BE%2BwKRN2lV7TyZy0uTzbWBtgYpq6J3vkOtaZyI0%2Fc13EQnIb4qEq0iI5cz3HRfVn6GhJLHUdGgYvtcXSl1QjFHKLzYTJmf2UAPWme"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efd4b93e8da0f84-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1503&min_rtt=1503&rtt_var=751&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=80&delivery_rate=0&cwnd=242&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"

Timestamp	Bytes transferred	Direction	Data
Dec 10, 2024 13:39:02.433283091 CET	55	OUT	GET /project-feed/ HTTP/1.1 Host: getgreenshot.org
Dec 10, 2024 13:39:03.528378010 CET	1033	IN	HTTP/1.1 301 Moved Permanently Date: Tue, 10 Dec 2024 12:39:03 GMT Content-Type: text/html Content-Length: 167 Connection: keep-alive Cache-Control: max-age=3600 Expires: Tue, 10 Dec 2024 13:39:03 GMT Location: https://getgreenshot.org/project-feed/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PzVJg3%2FX5QIA%2B9YlUJIbm9H8xtRxA9Hq4o97UyBWwVZG3ro%2FwG8wNGklXB38OO1IMENOgUQiQIwu385TH6aD9No2miJKvnTgHJKLKS09ipOdp6O13iRJG6%2B3NiUTLFRxBPyZ"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efd4ba60c7f4405-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1675&min_rtt=1675&rtt_var=837&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=55&delivery_rate=0&cwnd=219&unsent_bytes=0&cid=0000000000000000&ts=0&x=0" Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 63 6c 6f 75 64 66 6c 61 72 65 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>cloudflare</center></body></html>

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:37:51 UTC	291	OUT	GET /greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko Accept: / Accept-Encoding: identity Host: github.com Connection: Keep-Alive
2024-12-10 12:37:52 UTC	986	IN	HTTP/1.1 302 Found Server: GitHub.com Date: Tue, 10 Dec 2024 12:37:52 GMT Content-Type: text/html; charset=utf-8 Vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With Location: https://objects.githubusercontent.com/github-production-release-asset-2e65be/36756917/239aedb0-7d29-11e7-9f9c-d36ec4466ade?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241210T123752Z&X-Amz-Expires=300&X-Amz-Signature=701b82f72e9824a14055b0ba2b558b900cdd163eeb2d7e05257d383f92379f85&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DGreenshot-INSTALLER-1.2.10.6-RELEASE.exe&response-content-type=application%2Foctet-stream Cache-Control: no-cache Strict-Transport-Security: max-age=31536000; includeSubdomains; preload X-Frame-Options: deny X-Content-Type-Options: nosniff X-XSS-Protection: 0 Referrer-Policy: no-referrer-when-downgrade
2024-12-10 12:37:52 UTC	3380	IN	Data Raw: 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 20 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 20 63 68 69 6c 64 2d 73 72 63 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 77 65 62 70 61 63 6b 2f 20 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 20 67 69 73 74 2e 67 69 74 68 75 62 2e 63 6f 6d 2f 61 73 73 65 74 73 2d 63 64 6e 2f 77 6f 72 6b 65 72 2f 3b 20 63 6f 6e 6e 65 63 74 2d 73 72 63 20 27 73 65 6c 66 27 20 75 70 6c 6f 61 64 73 2e 67 69 74 68 75 62 2e 63 6f 6d 20 77 77 77 2e 67 69 74 68 75 62 73 74 61 74 75 73 2e 63 6f 6d 20 63 6f 6c 6c 65 63 74 6f 72 2e 67 69 74 68 75 62 2e 63 6f Data Ascii: Content-Security-Policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ github.com/webpack/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.co

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:37:54 UTC	703	OUT	GET /github-production-release-asset-2e65be/36756917/239aedb0-7d29-11e7-9f9c-d36ec4466ade?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=releaseassetproduction%2F20241210%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20241210T123752Z&X-Amz-Expires=300&X-Amz-Signature=701b82f72e9824a14055b0ba2b558b900cdd163eeb2d7e05257d383f92379f85&X-Amz-SignedHeaders=host&response-content-disposition=attachment%3B%20filename%3DGreenshot-INSTALLER-1.2.10.6-RELEASE.exe&response-content-type=application%2Foctet-stream HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko Accept: / Accept-Encoding: identity Host: objects.githubusercontent.com Connection: Keep-Alive
2024-12-10 12:37:54 UTC	877	IN	HTTP/1.1 200 OK Connection: close Content-Length: 1783200 Content-Type: application/octet-stream Last-Modified: Tue, 07 Dec 2021 22:44:10 GMT ETag: "0x8D9B9D315B919E7" Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 7b2acf29-501e-0037-2619-1333f9000000 x-ms-version: 2023-11-03 x-ms-creation-time: Tue, 17 Aug 2021 21:27:55 GMT x-ms-blob-content-md5: wW+GiC1aEC7XoPu8CHTRAg== x-ms-lease-status: unlocked x-ms-lease-state: available x-ms-blob-type: BlockBlob Content-Disposition: attachment; filename=Greenshot-INSTALLER-1.2.10.6-RELEASE.exe x-ms-server-encrypted: true Via: 1.1 varnish, 1.1 varnish Fastly-Restarts: 1 Accept-Ranges: bytes Age: 4814 Date: Tue, 10 Dec 2024 12:37:54 GMT X-Served-By: cache-iad-kjyo7100087-IAD, cache-ewr-kewr1740027-EWR X-Cache: HIT, HIT X-Cache-Hits: 38068, 0 X-Timer: S1733834275.613070,VS0,VE1
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZP@!L!This program must be run under Win32$7
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: 18 93 41 00 8b c0 ff 25 14 93 41 00 8b c0 ff 25 60 93 41 00 8b c0 ff 25 5c 93 41 00 8b c0 ff 25 0c 93 41 00 8b c0 ff 25 08 93 41 00 8b c0 ff 25 04 93 41 00 8b c0 ff 25 58 93 41 00 8b c0 ff 25 54 93 41 00 8b c0 ff 25 50 93 41 00 8b c0 ff 25 4c 93 41 00 8b c0 ff 25 48 93 41 00 8b c0 53 83 c4 bc bb 0a 00 00 00 c7 04 24 44 00 00 00 54 e8 4a ff ff ff f6 44 24 2c 01 74 05 0f b7 5c 24 30 8b c3 83 c4 44 5b c3 8d 40 00 ff 25 44 93 41 00 8b c0 ff 25 40 93 41 00 8b c0 ff 25 3c 93 41 00 8b c0 e4 04 01 00 ff ff ff ff 5a 00 00 00 46 61 73 74 4d 4d 20 42 6f 72 6c 61 6e 64 20 45 64 69 74 69 6f 6e 20 28 63 29 20 32 30 30 34 20 2d 20 32 30 30 38 20 50 69 65 72 72 65 20 6c 65 20 52 69 63 68 65 20 2f 20 50 72 6f 66 65 73 73 69 6f 6e 61 6c 20 53 6f 66 74 77 61 72 65 20 44 65 Data Ascii: A%A%`A%\A%A%A%A%XA%TA%PA%LA%HAS$DTJD$,t\$0D[@%DA%@A%<AZFastMM Borland Edition (c) 2004 - 2008 Pierre le Riche / Professional Software De
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: e8 23 fb ff ff 8b d8 85 db 74 30 8b fb 89 6f 08 83 ce 04 89 77 0c e8 7d ff ff ff a1 cc 5a 41 00 c7 07 c8 5a 41 00 89 1d cc 5a 41 00 89 47 04 89 18 c6 05 c4 5a 41 00 00 83 c3 10 8b c3 5d 5f 5e 5b c3 8b c0 53 56 57 55 83 c4 dc 8b f0 83 ee 10 e8 43 ff ff ff 8b c6 8b 10 89 14 24 8b 50 04 89 54 24 04 8b 50 0c f6 c2 08 75 1a 68 00 80 00 00 6a 00 56 e8 b8 fa ff ff 85 c0 74 04 33 ff eb 3f 83 cf ff eb 3a 8b de 8b ea 83 e5 f0 33 ff 6a 1c 8d 44 24 0c 50 53 e8 19 fa ff ff 68 00 80 00 00 6a 00 53 e8 88 fa ff ff 85 c0 75 05 83 cf ff eb 0e 8b 74 24 14 3b ee 76 06 2b ee 01 f3 eb cf 85 ff 75 13 8b 44 24 04 8b 14 24 89 10 8b 04 24 8b 54 24 04 89 50 04 c6 05 c4 5a 41 00 00 8b c7 83 c4 24 5d 5f 5e 5b c3 90 53 56 57 55 83 c4 e0 8b f2 8b f8 8b c7 83 e8 04 8b 00 8b d8 83 e3 f0 Data Ascii: #t0ow}ZAZAZAGZA]_^[SVWUC$PT$PuhjVt3?:3jD$PShjSut$;v+uD$$$T$PZA$]_^[SVWU
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: 15 40 3a 41 00 bf f0 ff ff ff 23 7e fc 89 fa 29 da 74 1f 8d 04 33 8d 4a 03 89 48 fc 89 54 02 f8 81 fa 30 0b 00 00 72 0f e8 c5 f8 ff ff eb 08 90 90 90 80 64 37 fc f7 8d 4b 02 89 4e fc c6 05 34 3a 41 00 00 89 f0 5f 5e 5b c3 5b 85 c0 0f 89 2b fa ff ff 31 c0 c3 8b 50 fc f6 c2 07 89 c1 53 8a 1d 4d 30 41 00 0f 85 e3 00 00 00 84 db 8b 1a 75 61 83 6a 0c 01 8b 42 08 74 2c 85 c0 89 4a 08 8d 40 01 89 41 fc 74 07 31 c0 88 03 5b c3 90 8b 4b 04 89 5a 14 89 4a 04 89 51 14 89 53 04 c6 03 00 31 c0 5b c3 90 90 85 c0 74 13 8b 42 14 8b 4a 04 89 48 04 89 41 14 31 c0 39 53 10 75 03 89 43 0c 88 03 89 d0 8b 52 fc 8a 1d 4d 30 41 00 e9 85 00 00 00 b8 00 01 00 00 f0 0f b0 23 74 94 f3 90 80 3d d5 38 41 00 00 75 ea 51 52 6a 00 e8 e5 f4 ff ff 5a 59 b8 00 01 00 00 f0 0f b0 23 0f 84 6f Data Ascii: @:A#~)t3JHT0rd7KN4:A_^[[+1PSM0AuajBt,J@At1[KZJQS1[tBJHA19SuCRM0A#t=8AuQRjZY#o
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: c0 c3 8b c0 53 8d 58 ff 83 e3 fc e8 60 f7 ff ff 83 f8 01 19 c9 8d 14 03 09 cb 81 fb 2c 0a 04 00 73 12 f7 db d9 ee dd 14 13 83 c3 08 78 f8 89 0a dd c0 d9 f7 5b c3 8b c0 8b c8 8b d1 83 ea 04 8b 12 83 e2 f0 03 d1 8b c2 8b d0 83 ea 04 8b 12 83 e2 f0 85 d2 75 02 33 c0 c3 8d 40 00 83 3d 3c 3a 41 00 00 74 1a 8b 15 38 3a 41 00 3b d0 72 10 8b d0 81 c2 f0 ff 13 00 3b 15 38 3a 41 00 73 04 83 c0 10 c3 81 3d 3c 3a 41 00 e0 ff 13 00 74 07 a1 38 3a 41 00 eb 02 33 c0 c3 8d 40 00 53 56 8b d8 83 c3 20 89 1a 8b 10 3b 42 10 75 08 8b 5a 08 3b 5a 0c 76 19 8b f0 8b de 83 eb 04 8b 1b 83 e3 f0 03 de 0f b7 42 02 2b d8 89 19 5e 5b c3 8b 42 08 48 89 01 5e 5b c3 8b c0 57 89 d7 83 c0 01 ba 41 5f 70 89 f7 e2 c1 e8 1e 89 d1 81 e2 ff ff ff 1f c1 e9 1d 8d 14 92 01 c2 89 c8 83 c8 30 88 07 Data Ascii: SX`,sx[u3@=<:At8:A;r;8:As=<:At8:A3@SV ;BuZ;ZvB+^[BH^[WA_p0
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: d4 80 7d e3 00 74 08 8b 45 e8 80 38 20 73 04 33 c0 eb 02 b0 01 88 45 e3 ff 45 e8 ff 4d d4 75 e1 80 7d e3 00 0f 84 81 00 00 00 8b 45 e8 80 38 00 75 79 bb 01 00 00 00 eb 72 8b 45 dc 83 c0 0c 89 45 e4 8b 45 f4 85 c0 7e 24 89 45 d4 80 7d e3 00 74 09 8b 45 e4 66 83 38 20 73 04 33 c0 eb 02 b0 01 88 45 e3 83 45 e4 02 ff 4d d4 75 df 80 7d e3 00 74 38 8b 45 e4 66 83 38 00 75 2f bb 02 00 00 00 eb 28 bb 03 00 00 00 3b 3c de 74 0f 83 3c de 00 74 09 43 81 fb ff 00 00 00 7e ec 81 fb ff 00 00 00 7f 05 89 3c de eb 02 33 db ff 44 de 04 8b 45 fc 8b 00 0f b7 40 02 01 45 dc 8b 45 dc 3b 45 d8 0f 86 81 fe ff ff 5f 5e 5b 8b e5 5d c3 55 8b ec 50 b8 27 00 00 00 81 c4 04 f0 ff ff 50 48 75 f6 8b 45 fc 81 c4 e0 f7 ff ff 53 56 57 8d 85 00 48 fe ff 33 c9 ba 00 b8 01 00 e8 67 0a 00 00 Data Ascii: }tE8 s3EEMu}E8uyrEEE~$E}tEf8 s3EEMu}t8Ef8u/(;<t<tC~<3DE@EE;E_^[]UP'PHuESVWH3g
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: 88 53 e5 c1 e0 0d 66 05 30 0b 66 89 43 fc 0f b7 7b e6 0f b7 c7 8b c8 c1 e1 04 8d 0c 49 81 c1 ef 00 00 00 81 e1 00 ff ff ff 83 c1 30 81 f9 30 73 00 00 73 05 b9 30 73 00 00 81 f9 30 ff 00 00 76 05 b9 30 ff 00 00 8b c1 83 e8 20 0f b7 d7 8b ca 33 d2 f7 f1 66 f7 ef 66 05 ef 00 66 25 00 ff 66 83 c0 30 66 89 43 fe 83 c3 20 4e 0f 85 30 ff ff ff e8 da fe ff ff c7 05 24 3a 41 00 24 3a 41 00 c7 05 28 3a 41 00 24 3a 41 00 be 00 04 00 00 ba c4 3a 41 00 8b c2 89 00 89 40 04 83 c2 08 4e 75 f3 c7 05 c8 5a 41 00 c8 5a 41 00 c7 05 cc 5a 41 00 c8 5a 41 00 5f 5e 5b c3 8d 40 00 53 56 57 55 bb 24 3a 41 00 be c8 5a 41 00 8b 7b 04 eb 12 8b 6f 04 68 00 80 00 00 6a 00 57 e8 c9 e4 ff ff 8b fd 3b fb 75 ea ba 37 00 00 00 b8 5c 20 41 00 8b c8 89 48 14 8b c8 89 48 04 c7 40 08 01 00 00 Data Ascii: Sf0fC{I00ss0s0v0 3fff%f0fC N0$:A$:A(:A$:A:A@NuZAZAZAZA_^[@SVWU$:AZA{ohjW;u7\ AHH@
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: f0 85 f6 75 07 8b c3 ff 53 24 8b f0 85 f6 74 1b 8b c6 e8 c7 fd ff ff eb 12 81 fb 54 30 41 00 74 0a b8 67 00 00 00 e8 b3 fd ff ff 8b c6 5e 5b c3 8b c0 53 56 51 89 ce c1 ee 02 74 26 8b 08 8b 1a 39 d9 75 45 4e 74 15 8b 48 04 8b 5a 04 39 d9 75 38 83 c0 08 83 c2 08 4e 75 e2 eb 06 83 c0 04 83 c2 04 5e 83 e6 03 74 36 8a 08 3a 0a 75 30 4e 74 13 8a 48 01 3a 4a 01 75 25 4e 74 08 8a 48 02 3a 4a 02 75 1a 31 c0 5e 5b c3 5e 38 d9 75 10 38 fd 75 0c c1 e9 10 c1 eb 10 38 d9 75 02 38 fd 5e 5b c3 90 83 fa 20 88 cd 7c 3f 66 89 08 66 89 48 02 66 89 48 04 66 89 48 06 83 ea 10 dd 00 dd 14 02 dd 54 02 08 89 c1 83 e1 07 83 e9 08 29 c8 01 ca 01 d0 f7 da dd 14 02 dd 54 02 08 83 c2 10 7c f4 dd c0 d9 f7 c3 90 90 90 85 d2 7e 50 88 4c 02 ff 83 e2 fe f7 da 8d 14 55 ea 32 40 00 ff e2 90 Data Ascii: uS$tT0Atg^[SVQt&9uENtHZ9u8Nu^t6:u0NtH:Ju%NtH:Ju1^[^8u8u8u8^[ \|?ffHfHfHT)T\|~PLU2@
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: c3 5b c3 90 55 8b ec 83 c4 f4 0f b7 05 1c 20 41 00 89 45 f8 8d 45 fc 50 6a 01 6a 00 68 ac 37 40 00 68 02 00 00 80 e8 25 da ff ff 85 c0 75 4d 33 c0 55 68 85 37 40 00 64 ff 30 64 89 20 c7 45 f4 04 00 00 00 8d 45 f4 50 8d 45 f8 50 6a 00 6a 00 68 e4 37 40 00 8b 45 fc 50 e8 fa d9 ff ff 33 c0 5a 59 59 64 89 10 68 8c 37 40 00 8b 45 fc 50 e8 d4 d9 ff ff c3 e9 1e 07 00 00 eb ef 0f b7 05 1c 20 41 00 66 25 c0 ff 0f b7 55 f8 66 83 e2 3f 66 0b c2 66 a3 1c 20 41 00 8b e5 5d c3 53 00 4f 00 46 00 54 00 57 00 41 00 52 00 45 00 5c 00 42 00 6f 00 72 00 6c 00 61 00 6e 00 64 00 5c 00 44 00 65 00 6c 00 70 00 68 00 69 00 5c 00 52 00 54 00 4c 00 00 00 46 00 50 00 55 00 4d 00 61 00 73 00 6b 00 56 00 61 00 6c 00 75 00 65 00 00 00 00 00 db e3 9b d9 2d 1c 20 41 00 c3 8b c0 b0 05 e9 Data Ascii: [U AEEPjjh7@h%uM3Uh7@d0d EEPEPjjh7@EP3ZYYdh7@EP Af%Uf?ff A]SOFTWARE\Borland\Delphi\RTLFPUMaskValue- A
2024-12-10 12:37:54 UTC	1378	IN	Data Raw: 04 8b 48 0c eb 30 89 c2 8b 44 24 04 8b 48 0c 80 3d 24 20 41 00 01 76 1e 80 3d 20 20 41 00 00 77 15 50 8d 44 24 08 52 51 50 e8 18 d4 ff ff 83 f8 00 59 5a 58 74 70 83 48 04 02 53 31 db 56 57 55 64 8b 1b 53 50 52 51 8b 54 24 28 6a 00 50 68 cc 3c 40 00 52 ff 15 18 30 41 00 8b 7c 24 28 e8 b3 28 00 00 ff b0 00 00 00 00 89 a0 00 00 00 00 8b 6f 08 8b 5f 04 c7 47 04 f8 3c 40 00 83 c3 05 e8 66 fe ff ff ff e3 e9 53 02 00 00 e8 86 28 00 00 8b 88 00 00 00 00 8b 11 89 90 00 00 00 00 8b 41 08 e9 7c fb ff ff b8 01 00 00 00 c3 8b c0 8b 44 24 04 f7 40 04 06 00 00 00 0f 85 6f 01 00 00 81 38 de fa ed 0e 74 1f fc e8 c1 fa ff ff 8b 15 0c 30 41 00 85 d2 0f 84 53 01 00 00 ff d2 85 c0 75 0a e9 48 01 00 00 8b 40 18 8b 00 8b 54 24 08 53 56 57 55 8b 4a 04 8b 59 05 8d 71 09 89 c5 8b Data Ascii: H0D$H=$ Av= AwPD$RQPYZXtpHS1VWUdSPRQT$(jPh<@R0A\|$((o_G<@fS(A\|D$@o8t0ASuH@T$SVWUJYq

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:01 UTC	80	OUT	HEAD /project-feed/ HTTP/1.1 Host: getgreenshot.org Connection: Keep-Alive
2024-12-10 12:39:02 UTC	1031	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 12:39:02 GMT Content-Type: application/xml Connection: close Last-Modified: Sun, 18 Aug 2024 09:13:43 GMT Vary: Accept-Encoding Access-Control-Allow-Origin: * ETag: W/"66c1bb47-33c" expires: Tue, 10 Dec 2024 11:08:01 GMT Cache-Control: max-age=14400 x-proxy-cache: MISS X-GitHub-Request-Id: D1D6:F49EE:2146018:24DC2A6:6746DE7C CF-Cache-Status: HIT Age: 6061 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=60hbW7L1qBRtQIifvMy%2FCquDpnwP4p0wX6yAGiEH4EbmKca%2FMxFWWifnwL6ve7Di0OaMfeQZKVmeyo%2BB17i7zEsv5F0NieaHWpDNDjBSnbHncT9CvWw103dKHWXU%2B9F8uQry"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efd4b9e5a507c96-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2019&min_rtt=2011&rtt_var=760&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=694&delivery_rate=1452013&cwnd=173&unsent_bytes=0&cid=d332130d42823a8a&ts=446&x=0"

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:04 UTC	55	OUT	GET /project-feed/ HTTP/1.1 Host: getgreenshot.org
2024-12-10 12:39:05 UTC	1059	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 12:39:05 GMT Content-Type: application/xml Transfer-Encoding: chunked Connection: close Last-Modified: Sun, 18 Aug 2024 09:13:43 GMT Vary: Accept-Encoding Access-Control-Allow-Origin: * ETag: W/"66c1bb47-33c" expires: Tue, 10 Dec 2024 11:08:01 GMT Cache-Control: max-age=14400 x-proxy-cache: MISS X-GitHub-Request-Id: D1D6:F49EE:2146018:24DC2A6:6746DE7C CF-Cache-Status: HIT Age: 6064 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zHh18AOlzDibM%2BX82TBtzGGwhW2hR8KV4WQ6JDpqVeMthiBxyx4yqAhbAPO1fFvavz4tC3%2Fw7DY1mkPY69hqYWvOx%2BCxiVr5sNS8CHrhjsWp5P2Hc9%2Fbn9unjTJQjzfnQPxh"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efd4bb07a3d41c6-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1602&min_rtt=1599&rtt_var=606&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2836&recv_bytes=693&delivery_rate=1796923&cwnd=199&unsent_bytes=0&cid=d909d312e42039ae&ts=453&x=0"
2024-12-10 12:39:05 UTC	310	IN	Data Raw: 33 33 63 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 72 73 73 20 76 65 72 73 69 6f 6e 3d 22 32 2e 30 22 3e 0d 0a 09 3c 63 68 61 6e 6e 65 6c 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 47 72 65 65 6e 73 68 6f 74 3c 2f 74 69 74 6c 65 3e 0d 0a 09 09 3c 6c 69 6e 6b 3e 68 74 74 70 73 3a 2f 2f 67 65 74 67 72 65 65 6e 73 68 6f 74 2e 6f 72 67 3c 2f 6c 69 6e 6b 3e 0d 0a 09 09 3c 64 65 73 63 72 69 70 74 69 6f 6e 3e 47 72 65 65 6e 73 68 6f 74 20 75 70 64 61 74 65 20 66 65 65 64 3c 2f 64 65 73 63 72 69 70 74 69 6f 6e 3e 0d 0a 09 09 0d 0a 09 09 3c 69 74 65 6d 3e 0d 0a 09 09 09 3c 74 69 74 6c 65 3e 47 72 65 65 6e 73 68 6f 74 2d 49 4e 53 54 41 4c 4c 45 52 2d 31 2e 32 2e 31 30 2e 36 2d 52 45 4c Data Ascii: 33c<?xml version="1.0" encoding="utf-8"?><rss version="2.0"><channel><title>Greenshot</title><link>https://getgreenshot.org</link><description>Greenshot update feed</description><item><title>Greenshot-INSTALLER-1.2.10.6-REL
2024-12-10 12:39:05 UTC	525	IN	Data Raw: 2f 67 72 65 65 6e 73 68 6f 74 2f 72 65 6c 65 61 73 65 73 2f 64 6f 77 6e 6c 6f 61 64 2f 47 72 65 65 6e 73 68 6f 74 2d 52 45 4c 45 41 53 45 2d 31 2e 32 2e 31 30 2e 36 2f 47 72 65 65 6e 73 68 6f 74 2d 49 4e 53 54 41 4c 4c 45 52 2d 31 2e 32 2e 31 30 2e 36 2d 52 45 4c 45 41 53 45 2e 65 78 65 3c 2f 6c 69 6e 6b 3e 0d 0a 09 09 09 3c 70 75 62 44 61 74 65 3e 57 65 64 2c 20 30 39 20 41 75 67 20 32 30 31 37 20 31 35 3a 33 35 3a 33 30 20 2b 30 30 30 30 3c 2f 70 75 62 44 61 74 65 3e 0d 0a 09 09 09 3c 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 2f 64 65 73 63 72 69 70 74 69 6f 6e 3e 0d 0a 09 09 3c 2f 69 74 65 6d 3e 0d 0a 09 09 0d 0a 09 09 3c 69 74 65 6d 3e 0d 0a 09 09 09 3c 74 69 74 6c 65 3e 47 72 65 65 6e 73 68 6f 74 2d 49 4e 53 54 41 4c 4c 45 52 2d 31 2e 32 2e 31 30 2e 36 Data Ascii: /greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe</link><pubDate>Wed, 09 Aug 2017 15:35:30 +0000</pubDate><description></description></item><item><title>Greenshot-INSTALLER-1.2.10.6
2024-12-10 12:39:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:12 UTC	610	OUT	GET /en_US/i/btn/btn_donate_SM.gif HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:12 UTC	666	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: image/gif Date: Tue, 10 Dec 2024 12:39:12 GMT DC: ccg11-origin-www-1.paypal.com Etag: "5d5637bd-5a7" Expires: Tue, 10 Dec 2024 13:39:12 GMT Last-Modified: Fri, 16 Aug 2019 04:57:33 GMT Paypal-Debug-Id: b880d2d92dd3b Server: ECAcc (lhd/35C3) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-0000000000000000000b880d2d92dd3b-a0ab302186978f60-01 X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 1447 Connection: close
2024-12-10 12:39:12 UTC	1447	IN	Data Raw: 47 49 46 38 39 61 4a 00 15 00 f7 cf 00 fe c3 39 fe c3 38 da a7 31 fe c4 39 28 1e 08 d9 a6 30 08 06 01 e0 ac 32 63 4c 16 ff c3 39 f0 b8 35 fc c1 38 ea b3 34 ff c4 3a f4 bb 36 ff c5 3e 09 06 02 01 00 00 02 01 00 05 03 01 59 44 13 e9 b3 34 ff c6 41 fe c2 39 9c 77 22 20 18 07 40 31 0e 0e 0a 03 03 02 00 f7 bd 37 22 1a 07 ff da 82 e1 ac 32 ff d0 61 d8 a6 30 f3 ba 35 36 29 0c fb cb 58 e8 b3 37 da a8 30 ff ce 5b dc a8 31 fd c2 38 df ab 32 dc a8 30 f3 ba 36 43 33 0e 2a 20 09 ed b5 34 ff cb 53 e8 b2 33 ff c9 4a fe d3 70 f0 b8 36 55 41 13 18 12 05 f8 c2 44 ee b8 38 e2 ad 33 62 4b 15 07 05 01 cb 9c 2d 21 19 07 49 38 10 fc c9 4e fb c0 38 25 1c 08 06 04 01 30 24 0a ff dc 89 15 10 04 fe d0 66 fd c5 42 f8 be 37 fa c2 41 3f 30 0e b9 8e 29 f4 c7 57 5c 46 14 e2 af 32 f9 bf Data Ascii: GIF89aJ9819(02cL9584:6>YD4A9w" @17"2a056)X70[18206C3* 4S3Jp6UAD83bK-!I8N8%0$fB7A?0)W\F2

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:14 UTC	602	OUT	GET /en_US/i/scr/pixel.gif HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:15 UTC	663	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: image/gif Date: Tue, 10 Dec 2024 12:39:14 GMT DC: ccg11-origin-www-1.paypal.com Etag: "5d5637be-2b" Expires: Tue, 10 Dec 2024 13:39:14 GMT Last-Modified: Fri, 16 Aug 2019 04:57:34 GMT Paypal-Debug-Id: 7c560b8947f60 Server: ECAcc (lhd/35D5) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-00000000000000000007c560b8947f60-33e6e1abd4d45569-01 X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 43 Connection: close
2024-12-10 12:39:15 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:15 UTC	631	OUT	GET /www.paypalobjects.com/en_US/i/scr/pixel.gif?resize=1%2C1&ssl=1 HTTP/1.1 Host: i1.wp.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:15 UTC	558	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 10 Dec 2024 12:39:15 GMT Content-Type: image/webp Content-Length: 34 Connection: close Last-Modified: Fri, 21 Apr 2023 10:49:58 GMT Expires: Sun, 20 Apr 2025 22:49:58 GMT Cache-Control: public, max-age=63115200 Link: <https://www.paypalobjects.com/en_US/i/scr/pixel.gif>; rel="canonical" X-Content-Type-Options: nosniff ETag: "257eb0b0264b430c" Vary: Accept X-nc: HIT jfk 4 Alt-Svc: h3=":443"; ma=86400 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD Timing-Allow-Origin: *
2024-12-10 12:39:15 UTC	34	IN	Data Raw: 52 49 46 46 1a 00 00 00 57 45 42 50 56 50 38 4c 0d 00 00 00 2f 00 00 00 10 07 10 11 11 88 88 fe 07 00 Data Ascii: RIFFWEBPVP8L/

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:16 UTC	366	OUT	GET /en_US/i/scr/pixel.gif HTTP/1.1 Host: www.paypalobjects.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:17 UTC	663	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: s-maxage=31536000, public,max-age=3600 Content-Type: image/gif Date: Tue, 10 Dec 2024 12:39:17 GMT DC: ccg11-origin-www-1.paypal.com Etag: "5d5637be-2b" Expires: Tue, 10 Dec 2024 13:39:17 GMT Last-Modified: Fri, 16 Aug 2019 04:57:34 GMT Paypal-Debug-Id: 7c560b8947f60 Server: ECAcc (lhd/35D5) Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Timing-Allow-Origin: https://www.paypal.com,https://www.sandbox.paypal.com Traceparent: 00-00000000000000000007c560b8947f60-33e6e1abd4d45569-01 X-Cache: HIT X-Content-Type-Options: nosniff Content-Length: 43 Connection: close
2024-12-10 12:39:17 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 c0 c0 c0 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:17 UTC	395	OUT	GET /www.paypalobjects.com/en_US/i/scr/pixel.gif?resize=1%2C1&ssl=1 HTTP/1.1 Host: i1.wp.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:18 UTC	557	IN	HTTP/1.1 200 OK Server: nginx Date: Tue, 10 Dec 2024 12:39:18 GMT Content-Type: image/gif Content-Length: 69 Connection: close Last-Modified: Fri, 21 Apr 2023 16:20:37 GMT Expires: Mon, 21 Apr 2025 04:20:37 GMT Cache-Control: public, max-age=63115200 Link: <https://www.paypalobjects.com/en_US/i/scr/pixel.gif>; rel="canonical" X-Content-Type-Options: nosniff Vary: Accept ETag: "99345a3657109995" X-nc: HIT jfk 4 Alt-Svc: h3=":443"; ma=86400 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, HEAD Timing-Allow-Origin: *
2024-12-10 12:39:18 UTC	69	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 00 ff 00 21 f9 04 01 00 00 00 00 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 80 ff ff ff ff ff ff 02 02 4c 01 00 21 fe 0e 61 75 74 6f 6d 61 74 74 69 63 5f 69 6e 63 00 3b Data Ascii: GIF89a!!,L!automattic_inc;

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:21 UTC	607	OUT	GET /getconfig/sodar?sv=200&tid=gda&tv=r20241205&st=env HTTP/1.1 Host: ep1.adtrafficquality.google Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://getgreenshot.org Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:22 UTC	586	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Origin: * Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="f.txt" Date: Tue, 10 Dec 2024 12:39:21 GMT Server: cafe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-10 12:39:22 UTC	804	IN	Data Raw: 34 34 33 65 0d 0a 7b 22 73 6f 64 61 72 5f 71 75 65 72 79 5f 69 64 22 3a 22 65 54 5a 59 5a 36 61 4f 4d 5f 33 46 68 63 49 50 6e 4b 44 30 77 41 77 22 2c 22 69 6e 6a 65 63 74 6f 72 5f 62 61 73 65 6e 61 6d 65 22 3a 22 73 6f 64 61 72 32 22 2c 22 62 67 5f 68 61 73 68 5f 62 61 73 65 6e 61 6d 65 22 3a 22 39 59 61 64 5a 4b 41 76 44 66 56 73 31 59 48 6e 4f 47 53 5f 59 70 41 47 50 78 61 73 34 33 71 43 43 4d 74 75 33 47 56 78 52 61 77 22 2c 22 62 67 5f 62 69 6e 61 72 79 22 3a 22 72 55 72 51 72 6a 69 69 75 72 63 68 44 55 35 73 64 35 66 31 69 73 4b 44 34 45 30 38 41 4a 59 66 6e 4a 69 71 55 61 66 53 5a 51 72 75 78 68 73 58 30 63 30 70 50 5a 7a 50 61 37 57 73 49 76 36 44 2b 5a 6c 63 47 56 49 73 70 56 4a 78 4b 75 78 6d 55 52 72 76 70 39 57 4d 41 72 76 59 6e 6c 53 41 43 45 Data Ascii: 443e{"sodar_query_id":"eTZYZ6aOM_3FhcIPnKD0wAw","injector_basename":"sodar2","bg_hash_basename":"9YadZKAvDfVs1YHnOGS_YpAGPxas43qCCMtu3GVxRaw","bg_binary":"rUrQrjiiurchDU5sd5f1isKD4E08AJYfnJiqUafSZQruxhsX0c0pPZzPa7WsIv6D+ZlcGVIspVJxKuxmURrvp9WMArvYnlSACE
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 35 4c 72 35 79 78 44 62 37 79 4e 54 4c 45 38 74 4a 73 53 38 43 2b 55 4f 44 4b 31 51 4f 53 65 34 63 4e 66 6e 67 50 63 30 37 55 70 4d 34 55 54 65 74 62 7a 70 72 45 33 42 79 79 35 5a 70 6f 75 68 55 6c 49 67 66 79 33 54 78 6f 36 6e 2b 6b 34 4b 47 78 30 55 66 2b 2b 33 6c 69 58 76 4e 31 31 50 6f 4f 64 53 47 59 51 67 4b 44 69 66 52 65 77 37 47 44 54 39 70 4d 33 74 5a 50 64 33 31 64 55 74 68 65 42 30 79 2b 68 4a 59 51 50 58 6e 6b 66 72 77 34 70 70 55 7a 4a 6c 49 4e 5a 6a 51 6f 48 43 58 4c 66 6c 57 43 62 42 39 7a 30 70 72 57 49 35 58 4e 65 35 59 54 7a 67 69 30 35 37 41 49 67 34 70 66 43 53 32 32 79 65 67 68 37 43 6e 55 4a 53 67 63 64 4b 6f 6e 74 7a 76 4e 4a 6c 45 63 4b 50 43 6c 51 62 46 63 75 31 72 6b 4c 44 78 61 30 4e 6b 73 36 63 47 64 65 46 64 58 57 6a 66 73 39 Data Ascii: 5Lr5yxDb7yNTLE8tJsS8C+UODK1QOSe4cNfngPc07UpM4UTetbzprE3Byy5ZpouhUlIgfy3Txo6n+k4KGx0Uf++3liXvN11PoOdSGYQgKDifRew7GDT9pM3tZPd31dUtheB0y+hJYQPXnkfrw4ppUzJlINZjQoHCXLflWCbB9z0prWI5XNe5YTzgi057AIg4pfCS22yegh7CnUJSgcdKontzvNJlEcKPClQbFcu1rkLDxa0Nks6cGdeFdXWjfs9
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 76 55 59 4c 52 71 50 33 47 50 35 30 6d 68 73 6c 2f 53 70 43 6e 59 5a 53 6a 38 6e 38 35 73 62 6c 74 6e 50 39 6d 51 34 78 76 4c 78 6c 36 73 67 57 69 6c 47 39 43 37 39 49 78 64 38 37 50 6e 4d 7a 78 6c 50 61 6a 6a 62 34 65 6d 63 4d 63 4f 2b 41 49 38 67 54 44 4f 72 41 4d 52 38 36 4b 53 48 50 6a 67 78 71 43 4f 30 46 58 43 6a 6f 54 72 72 4d 74 6e 49 34 69 6a 56 63 58 61 4a 36 55 66 71 78 44 48 34 54 4d 6d 69 50 4b 42 41 4f 6f 59 64 70 34 34 69 77 57 33 6e 7a 6d 47 74 6f 6b 43 59 62 67 37 69 49 70 38 6f 56 54 6e 59 45 67 64 37 71 56 36 4e 4e 6d 56 50 79 37 53 6d 34 77 4b 46 6a 73 35 6e 45 49 76 30 72 39 4a 6a 4f 55 38 71 4f 54 36 47 70 4e 30 32 36 63 6e 69 61 4b 78 37 37 38 4c 43 6a 7a 37 59 5a 6d 51 61 70 48 46 52 73 6a 57 32 42 34 4e 75 75 68 4d 34 36 57 49 4c Data Ascii: vUYLRqP3GP50mhsl/SpCnYZSj8n85sbltnP9mQ4xvLxl6sgWilG9C79Ixd87PnMzxlPajjb4emcMcO+AI8gTDOrAMR86KSHPjgxqCO0FXCjoTrrMtnI4ijVcXaJ6UfqxDH4TMmiPKBAOoYdp44iwW3nzmGtokCYbg7iIp8oVTnYEgd7qV6NNmVPy7Sm4wKFjs5nEIv0r9JjOU8qOT6GpN026cniaKx778LCjz7YZmQapHFRsjW2B4NuuhM46WIL
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 47 6a 79 45 75 30 70 4d 71 2b 39 53 74 46 54 41 50 50 64 71 58 32 67 36 5a 65 6a 71 57 6a 49 65 72 6f 30 44 32 79 46 77 53 44 4d 2b 37 72 33 4f 66 4f 50 5a 2f 62 6e 5a 78 66 72 38 6f 34 4a 67 55 52 5a 74 44 36 79 54 32 5a 2b 41 6b 53 31 67 2f 50 70 77 55 46 51 70 4e 44 61 4b 70 69 46 69 35 30 53 4f 4f 4b 32 53 69 2b 6d 38 78 54 43 62 30 68 42 53 45 7a 63 66 49 6b 7a 44 30 6d 43 4f 44 36 74 6e 7a 6b 65 61 4c 56 2b 6a 53 39 58 67 6b 72 54 33 44 76 33 31 6a 53 53 65 64 50 49 6d 7a 51 64 63 4f 79 4b 55 4e 56 4f 49 56 54 68 56 6d 78 73 32 77 41 4f 4f 51 78 38 69 69 6e 46 52 32 69 4e 2f 6e 5a 4a 6f 6b 7a 47 4b 6d 72 67 76 65 49 4d 30 77 4e 32 6d 39 62 51 73 62 49 4f 43 52 66 2b 6b 7a 2b 4f 78 47 46 66 73 50 32 41 44 4b 66 41 45 37 39 51 36 4b 67 39 35 4e 47 43 Data Ascii: GjyEu0pMq+9StFTAPPdqX2g6ZejqWjIero0D2yFwSDM+7r3OfOPZ/bnZxfr8o4JgURZtD6yT2Z+AkS1g/PpwUFQpNDaKpiFi50SOOK2Si+m8xTCb0hBSEzcfIkzD0mCOD6tnzkeaLV+jS9XgkrT3Dv31jSSedPImzQdcOyKUNVOIVThVmxs2wAOOQx8iinFR2iN/nZJokzGKmrgveIM0wN2m9bQsbIOCRf+kz+OxGFfsP2ADKfAE79Q6Kg95NGC
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 41 51 47 6c 31 75 66 61 64 72 43 63 68 54 68 47 6f 33 54 62 65 31 47 7a 76 61 51 70 64 73 4c 2b 4d 72 4a 78 6a 59 78 6c 64 4b 33 58 41 31 48 77 48 42 4a 33 55 34 47 45 56 35 65 49 54 59 47 58 53 35 59 57 34 64 78 7a 79 4d 76 76 41 30 46 71 39 42 59 76 70 54 77 54 6b 71 4a 70 77 59 69 43 73 37 5a 43 45 54 6f 35 4e 35 58 4c 31 62 44 4b 4f 41 61 6b 70 51 72 52 6a 38 37 66 6b 41 63 2f 63 63 78 2f 69 51 49 64 2b 39 66 4c 51 66 4c 62 5a 32 4d 51 59 41 46 74 30 62 63 4e 4a 37 63 6e 52 50 4c 33 70 37 36 6f 32 7a 48 44 59 66 66 6d 30 6b 53 48 30 4d 46 76 41 39 6b 78 42 4a 6e 31 6d 76 6f 65 69 45 61 79 57 41 43 65 30 73 71 4e 79 4c 50 48 59 73 41 48 62 50 74 31 45 57 71 7a 34 64 6b 75 71 59 77 44 46 62 57 45 72 71 37 6d 73 4c 67 32 69 71 2f 49 63 30 75 37 48 74 78 Data Ascii: AQGl1ufadrCchThGo3Tbe1GzvaQpdsL+MrJxjYxldK3XA1HwHBJ3U4GEV5eITYGXS5YW4dxzyMvvA0Fq9BYvpTwTkqJpwYiCs7ZCETo5N5XL1bDKOAakpQrRj87fkAc/ccx/iQId+9fLQfLbZ2MQYAFt0bcNJ7cnRPL3p76o2zHDYffm0kSH0MFvA9kxBJn1mvoeiEayWACe0sqNyLPHYsAHbPt1EWqz4dkuqYwDFbWErq7msLg2iq/Ic0u7Htx
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 33 55 6c 39 2b 45 4b 31 4f 63 68 72 73 30 69 2f 33 33 2b 4a 35 2f 2b 49 73 65 51 41 6d 39 5a 6d 36 43 44 55 46 4d 63 36 56 76 4a 58 44 73 43 31 51 65 36 67 38 51 4e 59 2b 47 61 38 5a 67 74 79 6b 74 6f 72 78 75 6f 71 50 43 2f 48 4f 53 55 72 4b 70 7a 6a 75 47 38 39 2b 41 39 34 4a 69 48 56 4c 6d 44 46 37 35 50 31 6a 6e 44 31 76 6f 76 32 67 34 75 35 44 65 41 53 66 65 79 43 42 6f 69 43 41 31 36 30 71 75 38 61 35 4c 31 31 4e 50 77 73 64 66 71 64 38 7a 34 46 36 65 77 58 44 71 78 56 33 59 59 33 55 4c 4f 64 4d 47 71 51 6f 36 55 30 45 69 48 4f 4e 41 45 74 51 66 58 57 2f 51 53 31 6e 66 46 51 4c 5a 48 34 6e 68 56 2b 58 6b 4a 55 77 4c 32 77 2b 77 68 4b 78 69 45 65 76 72 67 68 39 43 33 51 75 6d 31 2f 6a 72 68 31 7a 34 33 69 6b 70 7a 2b 66 2b 4b 72 6b 6b 31 65 67 56 4a Data Ascii: 3Ul9+EK1Ochrs0i/33+J5/+IseQAm9Zm6CDUFMc6VvJXDsC1Qe6g8QNY+Ga8ZgtyktorxuoqPC/HOSUrKpzjuG89+A94JiHVLmDF75P1jnD1vov2g4u5DeASfeyCBoiCA160qu8a5L11NPwsdfqd8z4F6ewXDqxV3YY3ULOdMGqQo6U0EiHONAEtQfXW/QS1nfFQLZH4nhV+XkJUwL2w+whKxiEevrgh9C3Qum1/jrh1z43ikpz+f+Krkk1egVJ
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 76 36 62 6a 46 43 71 79 4c 6a 58 48 4e 53 78 70 49 63 47 32 6d 57 44 73 31 6d 41 64 61 69 6e 2f 30 77 70 53 49 7a 64 38 4e 44 52 33 44 55 72 36 5a 73 46 4d 42 6d 74 7a 32 6e 38 74 64 58 59 4a 71 71 4d 50 61 71 74 65 37 4e 6c 51 6b 79 52 45 56 57 55 79 4d 54 6a 38 6e 58 45 44 52 78 46 73 30 36 54 71 67 4f 73 41 67 78 6a 4e 64 65 62 69 58 68 5a 43 68 66 6f 70 4b 4b 43 59 79 6e 47 79 42 79 6d 73 69 6f 31 7a 46 53 66 72 4c 52 42 39 31 4b 36 35 50 47 65 67 4e 48 55 53 6c 68 39 4b 30 47 38 38 72 66 6a 64 4f 65 37 36 4c 52 2b 67 56 69 59 53 58 54 51 44 37 37 6a 72 5a 43 48 35 4f 54 70 4c 59 71 34 54 30 7a 39 66 64 31 37 46 33 4d 63 76 63 51 61 69 36 39 5a 4c 62 42 7a 2b 6b 65 41 48 6f 57 74 75 44 6f 6f 77 73 46 59 2f 75 56 6b 73 6e 42 6e 38 6d 42 56 73 4e 70 73 Data Ascii: v6bjFCqyLjXHNSxpIcG2mWDs1mAdain/0wpSIzd8NDR3DUr6ZsFMBmtz2n8tdXYJqqMPaqte7NlQkyREVWUyMTj8nXEDRxFs06TqgOsAgxjNdebiXhZChfopKKCYynGyBymsio1zFSfrLRB91K65PGegNHUSlh9K0G88rfjdOe76LR+gViYSXTQD77jrZCH5OTpLYq4T0z9fd17F3McvcQai69ZLbBz+keAHoWtuDoowsFY/uVksnBn8mBVsNps
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 55 42 69 2f 30 36 31 53 49 71 4f 42 55 79 50 51 53 38 53 4a 66 30 4b 52 74 48 52 67 47 6c 42 6c 4c 56 34 71 4c 51 4b 4b 4a 6e 75 4c 59 44 4e 57 55 35 4a 42 6c 70 44 37 53 46 37 6b 59 72 77 38 2f 4c 35 74 61 69 53 44 6f 62 56 31 44 31 48 35 34 64 63 4b 53 47 6e 6b 5a 6a 61 69 64 31 6a 68 79 59 6d 2b 75 62 5a 43 2f 54 4c 62 6e 32 4d 55 55 42 62 38 6c 6c 64 67 54 78 32 4c 4f 35 31 55 39 63 38 4a 66 2f 33 45 47 67 4f 6f 62 76 77 4d 78 30 38 6f 2b 63 67 39 52 74 6d 4a 39 4d 4f 43 36 62 2b 72 57 4f 6f 35 7a 73 4d 78 4e 41 4c 79 69 62 44 32 75 77 6f 77 61 38 4a 58 4a 58 6b 42 4f 6d 50 68 4d 37 33 68 35 6b 68 2b 45 4b 56 45 6b 67 66 6d 71 44 71 78 33 64 43 7a 6f 6f 7a 32 72 67 63 69 70 64 6a 6a 54 67 51 6f 33 66 6d 47 30 35 5a 67 45 70 4a 77 55 56 6c 2f 39 79 44 Data Ascii: UBi/061SIqOBUyPQS8SJf0KRtHRgGlBlLV4qLQKKJnuLYDNWU5JBlpD7SF7kYrw8/L5taiSDobV1D1H54dcKSGnkZjaid1jhyYm+ubZC/TLbn2MUUBb8lldgTx2LO51U9c8Jf/3EGgOobvwMx08o+cg9RtmJ9MOC6b+rWOo5zsMxNALyibD2uwowa8JXJXkBOmPhM73h5kh+EKVEkgfmqDqx3dCzooz2rgcipdjjTgQo3fmG05ZgEpJwUVl/9yD
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 2f 36 66 50 33 31 71 4a 51 46 4a 47 4b 78 63 64 38 66 39 53 6e 49 74 4f 6b 35 68 37 7a 38 31 4b 47 68 50 44 6d 66 56 42 4d 57 69 6b 43 57 62 63 41 2b 6a 68 6a 5a 54 64 33 72 32 55 6d 30 6a 62 34 35 6c 4e 59 43 6d 4f 73 50 7a 53 33 6a 39 4c 32 6b 34 67 74 4d 48 50 6d 4b 2f 4e 70 31 4b 43 6c 59 62 45 6a 50 37 30 63 32 5a 33 2f 59 62 5a 2b 41 36 2b 38 6b 75 63 6f 51 6b 71 45 46 69 6c 4c 47 4b 74 54 31 44 62 73 66 6f 6f 2f 52 34 61 4b 78 36 4c 32 31 54 35 7a 42 4a 31 7a 67 44 75 66 50 66 62 63 33 49 74 51 32 46 4c 51 75 55 7a 72 35 57 6c 36 7a 2f 62 67 7a 79 4d 72 39 6b 71 30 30 67 43 6f 65 59 68 45 53 6e 68 78 64 44 6c 37 46 61 63 79 2f 5a 77 42 38 53 56 4c 71 2b 79 6a 36 6e 4a 6d 6b 58 68 35 67 52 36 71 59 33 75 75 57 33 61 64 65 32 5a 66 78 55 59 4e 47 4e Data Ascii: /6fP31qJQFJGKxcd8f9SnItOk5h7z81KGhPDmfVBMWikCWbcA+jhjZTd3r2Um0jb45lNYCmOsPzS3j9L2k4gtMHPmK/Np1KClYbEjP70c2Z3/YbZ+A6+8kucoQkqEFilLGKtT1Dbsfoo/R4aKx6L21T5zBJ1zgDufPfbc3ItQ2FLQuUzr5Wl6z/bgzyMr9kq00gCoeYhESnhxdDl7Facy/ZwB8SVLq+yj6nJmkXh5gR6qY3uuW3ade2ZfxUYNGN
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 71 35 2f 39 63 68 62 53 59 6f 2b 70 62 54 4f 62 57 57 57 53 51 73 48 31 6f 72 4b 63 39 67 57 54 2b 74 56 45 6f 69 57 31 49 57 69 6c 33 54 71 6d 73 75 4a 30 55 56 59 59 62 39 65 2f 6e 76 6e 37 6d 61 43 75 2f 70 36 6e 79 41 68 50 50 64 38 34 61 6a 2b 49 56 78 63 77 67 55 68 6a 5a 79 57 52 64 6c 76 6f 4c 63 6d 65 37 71 31 69 42 39 4c 34 77 41 6e 30 32 32 39 44 70 36 66 65 53 6d 31 63 5a 4e 59 7a 4f 71 6c 34 7a 57 2f 50 6f 30 53 67 36 65 30 59 68 39 2f 33 35 6a 7a 78 58 63 57 6f 31 6c 56 6d 4c 5a 64 2b 74 4b 43 36 39 78 64 4a 4d 4d 4a 47 6d 67 72 4a 31 4c 4b 71 4c 6c 58 4b 38 58 78 79 4e 6f 7a 70 71 42 44 78 39 79 59 62 59 4a 2f 38 71 55 61 4f 61 71 33 6d 5a 33 4c 68 71 48 5a 43 57 6e 4e 73 70 4c 48 51 50 45 53 33 72 36 76 44 67 65 78 56 4f 67 66 30 41 6a 75 Data Ascii: q5/9chbSYo+pbTObWWWSQsH1orKc9gWT+tVEoiW1IWil3TqmsuJ0UVYYb9e/nvn7maCu/p6nyAhPPd84aj+IVxcwgUhjZyWRdlvoLcme7q1iB9L4wAn0229Dp6feSm1cZNYzOql4zW/Po0Sg6e0Yh9/35jzxXcWo1lVmLZd+tKC69xdJMMJGmgrJ1LKqLlXK8XxyNozpqBDx9yYbYJ/8qUaOaq3mZ3LhqHZCWnNspLHQPES3r6vDgexVOgf0Aju

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:21 UTC	829	OUT	GET /pagead/html/r20241205/r20190131/zrt_lookup_fy2021.html HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:22 UTC	639	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Server: cafe Content-Length: 9039 X-XSS-Protection: 0 Date: Mon, 09 Dec 2024 22:27:19 GMT Expires: Mon, 23 Dec 2024 22:27:19 GMT Cache-Control: public, max-age=1209600 ETag: 17661348622971093804 Content-Type: text/html; charset=UTF-8 Vary: Accept-Encoding Age: 51123 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-10 12:39:22 UTC	751	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 6c 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 6e 2c 70 3b 61 3a 7b 66 6f 72 28 76 61 72 20 61 61 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 77 3d 6c 2c 7a 3d 30 3b 7a 3c 61 61 2e 6c 65 6e 67 74 68 3b 7a 2b 2b 29 69 66 28 77 3d 77 5b 61 61 5b 7a 5d 5d 2c 77 3d 3d 6e 75 6c 6c 29 7b 70 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 70 3d 77 Data Ascii: <!DOCTYPE html><script>(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0*/var l=this\|\|self;var n,p;a:{for(var aa=["CLOSURE_FLAGS"],w=l,z=0;z<aa.length;z++)if(w=w[aa[z]],w==null){p=null;break a}p=w
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 20 47 28 61 29 7b 47 5b 22 20 22 5d 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 47 5b 22 20 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 76 61 72 20 66 61 3d 63 61 28 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2e 69 6e 64 65 78 4f 66 28 22 77 65 62 6b 69 74 22 29 21 3d 2d 31 26 26 21 43 28 22 45 64 67 65 22 29 3b 21 43 28 22 41 6e 64 72 6f 69 64 22 29 7c 7c 46 28 29 3b 46 28 29 3b 43 28 22 53 61 66 61 72 69 22 29 26 26 28 46 28 29 7c 7c 28 45 28 29 3f 30 3a 43 28 22 43 6f 61 73 74 22 29 29 7c 7c 28 45 28 29 3f 30 3a 43 28 22 4f 70 65 72 61 22 29 29 7c 7c 28 45 28 29 3f 30 3a 43 28 22 45 64 67 65 22 29 29 7c 7c 28 45 28 29 3f 42 28 22 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 22 29 3a 43 28 22 45 64 67 2f 22 29 29 7c 7c 45 28 29 26 26 42 28 22 4f 70 65 72 Data Ascii: G(a){G[" "](a);return a}G[" "]=function(){};var fa=ca().toLowerCase().indexOf("webkit")!=-1&&!C("Edge");!C("Android")\|\|F();F();C("Safari")&&(F()\|\|(E()?0:C("Coast"))\|\|(E()?0:C("Opera"))\|\|(E()?0:C("Edge"))\|\|(E()?B("Microsoft Edge"):C("Edg/"))\|\|E()&&B("Oper
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 5f 72 65 71 75 65 73 74 73 3d 5b 5d 29 3b 63 6f 6e 73 74 20 62 3d 70 61 28 6c 2e 64 6f 63 75 6d 65 6e 74 29 3b 62 2e 73 72 63 3d 61 3b 6c 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 2e 70 75 73 68 28 62 29 7d 3b 6c 65 74 20 4a 3d 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 72 61 28 29 7b 69 66 28 21 4a 29 62 3a 7b 76 61 72 20 61 3d 6e 61 28 29 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 62 2b 2b 29 74 72 79 7b 63 6f 6e 73 74 20 63 3d 61 5b 62 5d 2e 66 72 61 6d 65 73 2e 67 6f 6f 67 6c 65 5f 65 73 66 3b 69 66 28 63 26 26 49 28 63 29 29 7b 4a 3d 63 3b 62 72 65 61 6b 20 62 7d 7d 63 61 74 63 68 28 63 29 7b 7d 4a 3d 6e 75 6c 6c 7d 28 61 3d 4a 29 3f 28 28 62 3d 61 2e 65 73 66 5f 70 72 6f 70 41 72 72 61 79 29 7c 7c Data Ascii: _requests=[]);const b=pa(l.document);b.src=a;l.google_image_requests.push(b)};let J=null;function ra(){if(!J)b:{var a=na();for(var b=0;b<a.length;b++)try{const c=a[b].frames.google_esf;if(c&&I(c)){J=c;break b}}catch(c){}J=null}(a=J)?((b=a.esf_propArray)\|\|
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 6e 69 71 75 65 49 64 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 7d 7d 3b 63 6f 6e 73 74 20 4f 3d 6c 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2c 46 61 3d 21 21 28 4f 26 26 4f 2e 6d 61 72 6b 26 26 4f 2e 6d 65 61 73 75 72 65 26 26 4f 2e 63 6c 65 61 72 4d 61 72 6b 73 29 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6c 65 74 20 62 3d 21 31 2c 63 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 62 7c 7c 28 63 3d 61 28 29 2c 62 3d 21 30 29 3b 72 65 74 75 72 6e 20 63 7d 7d 28 28 29 3d 3e 7b 76 61 72 20 61 3b 69 66 28 61 3d 46 61 29 7b 76 61 72 20 62 3b 69 66 28 4d 3d 3d 3d 6e 75 6c 6c 29 7b 4d 3d 22 22 3b 74 72 79 7b 61 3d 22 22 3b 74 72 79 7b 61 3d 6c 2e 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 2e 68 61 73 68 7d 63 61 74 63 68 28 63 29 7b 61 3d 6c 2e 6c 6f 63 61 74 Data Ascii: niqueId=Math.random()}};const O=l.performance,Fa=!!(O&&O.mark&&O.measure&&O.clearMarks),P=function(a){let b=!1,c;return function(){b\|\|(c=a(),b=!0);return c}}(()=>{var a;if(a=Fa){var b;if(M===null){M="";try{a="";try{a=l.top.location.hash}catch(c){a=l.locat
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 62 2c 63 2c 64 2b 31 2c 66 29 29 3b 72 65 74 75 72 6e 20 65 2e 6a 6f 69 6e 28 63 5b 64 5d 29 7d 7d 65 6c 73 65 20 69 66 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 20 66 7c 7c 28 66 3d 30 29 2c 66 3c 32 3f 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 49 61 28 61 2c 62 2c 63 2c 64 2c 66 2b 31 29 29 3a 22 2e 2e 2e 22 3b 72 65 74 75 72 6e 20 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 53 74 72 69 6e 67 28 61 29 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 61 28 61 29 7b 6c 65 74 20 62 3d 31 3b 66 6f 72 28 63 6f 6e 73 74 20 63 20 69 6e 20 61 2e 68 29 63 2e 6c 65 6e 67 74 68 3e 62 26 26 28 62 3d 63 2e 6c 65 6e 67 74 68 29 3b 72 65 74 75 72 6e 20 33 39 39 37 2d 62 2d 61 2e 69 2e 6c 65 6e 67 74 68 2d 31 7d 0a Data Ascii: b,c,d+1,f));return e.join(c[d])}}else if(typeof a==="object")return f\|\|(f=0),f<2?encodeURIComponent(Ia(a,b,c,d,f+1)):"...";return encodeURIComponent(String(a))}function Ka(a){let b=1;for(const c in a.h)c.length>b&&(b=c.length);return 3997-b-a.i.length-1}
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 26 26 67 2e 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 2e 6c 65 6e 67 74 68 3d 3d 6b 2e 6c 65 6e 67 74 68 2d 31 29 66 6f 72 28 72 3d 31 3b 72 3c 6b 2e 6c 65 6e 67 74 68 3b 2b 2b 72 29 7b 76 61 72 20 78 3d 6b 5b 72 5d 3b 78 2e 75 72 6c 7c 7c 28 78 2e 75 72 6c 3d 67 2e 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 5b 72 2d 31 5d 7c 7c 22 22 2c 78 2e 6c 3d 21 30 29 7d 76 61 72 20 75 3d 6b 3b 6c 65 74 20 4e 3d 6e 65 77 20 42 61 28 6c 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2c 21 31 29 3b 67 3d 6e 75 6c 6c 3b 63 6f 6e 73 74 20 58 3d 75 2e 6c 65 6e 67 74 68 2d 31 3b 66 6f 72 28 78 3d 58 3b 78 3e 3d 30 3b 2d 2d 78 29 7b 76 61 72 20 76 Data Ascii: location.ancestorOrigins&&g.location.ancestorOrigins.length==k.length-1)for(r=1;r<k.length;++r){var x=k[r];x.url\|\|(x.url=g.location.ancestorOrigins[r-1]\|\|"",x.l=!0)}var u=k;let N=new Ba(l.location.href,!1);g=null;const X=u.length-1;for(x=X;x>=0;--x){var v
2024-12-10 12:39:22 UTC	1338	IN	Data Raw: 69 6e 64 6f 77 2e 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3d 3d 22 63 6f 6d 70 6c 65 74 65 22 3f 51 61 28 29 3a 55 2e 67 26 26 68 61 28 28 29 3d 3e 7b 51 61 28 29 7d 29 7d 29 28 29 3b 76 61 72 20 52 61 3d 61 3d 3e 7b 54 2e 67 3d 62 3d 3e 7b 65 61 28 61 2c 63 3d 3e 7b 63 28 62 29 7d 29 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 53 61 28 61 29 7b 61 3d 61 3d 3d 3d 6e 75 6c 6c 3f 22 6e 75 6c 6c 22 3a 61 3d 3d 3d 76 6f 69 64 20 30 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 61 3b 48 3d 3d 3d 76 6f 69 64 20 30 26 26 28 48 3d 6a 61 28 29 29 3b 76 61 72 20 62 3d 48 3b 72 65 74 75 72 6e 20 6e 65 77 20 6b 61 28 62 3f 62 2e 63 72 65 61 74 65 48 54 4d 4c 28 61 29 3a 61 29 7d 3b 76 61 72 20 56 3b 69 66 28 56 3d 66 61 29 7b 76 61 72 20 57 3d 22 49 46 52 41 4d 45 Data Ascii: indow.document.readyState=="complete"?Qa():U.g&&ha(()=>{Qa()})})();var Ra=a=>{T.g=b=>{ea(a,c=>{c(b)})}};function Sa(a){a=a===null?"null":a===void 0?"undefined":a;H===void 0&&(H=ja());var b=H;return new ka(b?b.createHTML(a):a)};var V;if(V=fa){var W="IFRAME

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:21 UTC	1909	OUT	GET /pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&h=280&slotname=6875409483&adk=755143415&adf=2071877279&pi=t.ma~as.6875409483&w=728&abgtt=9&fwrn=4&fwrnh=100&lmt=1723972423&rafmt=1&format=728x280&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&fwr=0&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032217&bpp=8&bdt=6466&idt=3963&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&correlator=5666469010253&frm=20&pv=2&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=273&ady=28&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C% [TRUNCATED] Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:22 UTC	788	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Observe-Browsing-Topics: ?1 Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 10 Dec 2024 12:39:22 GMT Server: cafe X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 10-Dec-2024 12:54:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Tue, 10 Dec 2024 12:39:22 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2024-12-10 12:39:22 UTC	602	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 6a 73 63 56 65 72 73 69 6f 6e 20 3d 20 27 72 32 30 32 34 31 32 30 35 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 67 6f 6f 67 6c 65 5f 63 61 73 6d 3d 5b 5d 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 6c 65 66 74 4d 61 72 67 69 6e 3d 22 30 22 20 74 6f 70 4d 61 72 67 69 6e 3d 22 30 22 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 22 30 22 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 22 30 22 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 64 69 63 6e 66 20 3d 20 7b 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 61 74 61 2d 6a 63 3d 22 34 32 22 20 64 61 74 61 2d 6a 63 2d 76 Data Ascii: 8000<!doctype html><html><head><script>var jscVersion = 'r20241205';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {};</script><script data-jc="42" data-jc-v
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 2f 20 76 61 72 20 75 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 77 2c 78 3b 61 3a 7b 66 6f 72 28 76 61 72 20 61 61 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 79 3d 75 2c 41 3d 30 3b 41 3c 61 61 2e 6c 65 6e 67 74 68 3b 41 2b 2b 29 69 66 28 79 3d 79 5b 61 61 5b 41 5d 5d 2c 79 3d 3d 6e 75 6c 6c 29 7b 78 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 78 3d 79 7d 76 61 72 20 62 61 3d 78 26 26 78 5b 36 31 30 34 30 31 33 30 31 5d 3b 77 3d 62 61 21 3d 6e 75 6c 6c 3f 62 61 3a 21 31 3b 76 61 72 20 42 3b 63 6f 6e 73 74 20 63 61 3d 75 2e 6e 61 76 69 67 61 74 6f 72 3b 42 3d 63 61 3f 63 61 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 45 28 61 29 7b 72 65 74 75 72 6e 20 77 3f 42 3f 42 2e 62 72 61 Data Ascii: / var u=this\|\|self;var w,x;a:{for(var aa=["CLOSURE_FLAGS"],y=u,A=0;A<aa.length;A++)if(y=y[aa[A]],y==null){x=null;break a}x=y}var ba=x&&x[610401301];w=ba!=null?ba:!1;var B;const ca=u.navigator;B=ca?ca.userAgentData\|\|null:null;function E(a){return w?B?B.bra
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 74 22 3a 72 65 74 75 72 6e 20 61 3e 3d 6b 61 26 26 61 3c 3d 6c 61 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 4b 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 6c 65 74 20 62 3d 22 22 2c 63 3d 30 3b 63 6f 6e 73 74 20 64 3d 61 2e 6c 65 6e 67 74 68 2d 31 30 32 34 30 3b 66 6f 72 28 3b 63 3c 64 3b 29 62 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 2e 73 75 62 61 72 Data Ascii: t":return a>=ka&&a<=la?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(K(a))return}else if(a!=null&&a instanceof Uint8Array){let b="",c=0;const d=a.length-10240;for(;c<d;)b+=String.fromCharCode.apply(null,a.subar
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 20 45 72 72 6f 72 28 22 66 61 72 72 22 29 3b 69 66 28 63 26 36 34 29 62 72 65 61 6b 20 61 3b 62 3d 3d 3d 31 7c 7c 62 3d 3d 3d 32 7c 7c 28 63 7c 3d 36 34 29 3b 62 3d 61 3b 76 61 72 20 64 3d 62 2e 6c 65 6e 67 74 68 3b 69 66 28 64 26 26 28 2d 2d 64 2c 6a 61 28 62 5b 64 5d 29 29 29 7b 63 7c 3d 32 35 36 3b 62 3d 64 2d 28 2b 21 21 28 63 26 35 31 32 29 2d 31 29 3b 69 66 28 62 3e 3d 31 30 32 34 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 76 74 6c 6d 74 22 29 3b 63 3d 63 26 2d 33 33 35 32 31 36 36 35 7c 28 62 26 31 30 32 33 29 3c 3c 31 35 7d 7d 61 5b 4a 5d 3d 63 7d 74 68 69 73 2e 6c 3d 61 7d 74 6f 4a 53 4f 4e 28 29 7b 72 65 74 75 72 6e 20 78 61 28 74 68 69 73 29 7d 7d 3b 4e 2e 70 72 6f 74 6f 74 79 70 65 2e 41 3d 66 61 3b 4e 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f Data Ascii: Error("farr");if(c&64)break a;b===1\|\|b===2\|\|(c\|=64);b=a;var d=b.length;if(d&&(--d,ja(b[d]))){c\|=256;b=d-(+!!(c&512)-1);if(b>=1024)throw Error("pvtlmt");c=c&-33521665\|(b&1023)<<15}}a[J]=c}this.l=a}toJSON(){return xa(this)}};N.prototype.A=fa;N.prototype.to
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 4c 69 73 74 65 6e 65 72 26 26 61 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 7d 3b 76 61 72 20 47 61 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24 22 29 3b 66 75 6e 63 74 69 6f 6e 20 48 61 28 61 2c 62 2c 63 2c 64 29 7b 63 6f 6e 73 74 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 3b 28 62 3d 61 2e 69 6e 64 65 78 4f 66 28 63 2c 62 29 29 3e 3d 30 26 26 62 Data Ascii: Listener&&a.removeEventListener(b,c,!1)};var Ga=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#])@)?([^\\\\/?#]?)(?::([0-9]+))?(?=[\\\\/?#]\|$))?([^?#]+)?(?:\\?([^#]))?(?:#([\\s\\S]))?$");function Ha(a,b,c,d){const e=c.length;for(;(b=a.indexOf(c,b))>=0&&b
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 61 2c 62 29 7d 66 75 6e 63 74 69 6f 6e 20 55 61 28 61 2c 62 29 7b 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 7c 7c 28 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 3d 5b 5d 29 3b 63 6f 6e 73 74 20 63 3d 53 61 28 75 2e 64 6f 63 75 6d 65 6e 74 29 3b 69 66 28 62 29 7b 63 6f 6e 73 74 20 64 3d 65 3d 3e 7b 62 26 26 62 28 65 29 3b 46 61 28 63 2c 22 6c 6f 61 64 22 2c 64 29 3b 46 61 28 63 2c 22 65 72 72 6f 72 22 2c 64 29 7d 3b 51 28 63 2c 22 6c 6f 61 64 22 2c 64 29 3b 51 28 63 2c 22 65 72 72 6f 72 22 2c 64 29 7d 63 2e 73 72 63 3d 61 3b 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 2e 70 75 73 68 28 63 29 7d 3b 6c 65 74 20 56 61 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 57 61 28 61 2c 62 3d 6e 75 6c Data Ascii: a,b)}function Ua(a,b){u.google_image_requests\|\|(u.google_image_requests=[]);const c=Sa(u.document);if(b){const d=e=>{b&&b(e);Fa(c,"load",d);Fa(c,"error",d)};Q(c,"load",d);Q(c,"error",d)}c.src=a;u.google_image_requests.push(c)};let Va=0;function Wa(a,b=nul
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 67 45 78 70 28 22 5c 6e 20 2a 22 2c 22 67 22 29 2c 22 5c 6e 22 29 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 64 29 7b 62 3d 63 3b 62 72 65 61 6b 20 61 7d 62 3d 76 6f 69 64 20 30 7d 72 65 74 75 72 6e 20 62 7d 3b 63 6f 6e 73 74 20 62 62 3d 52 65 67 45 78 70 28 22 5e 68 74 74 70 73 3f 3a 2f 2f 28 5c 5c 77 7c 2d 29 2b 5c 5c 2e 63 64 6e 5c 5c 2e 61 6d 70 70 72 6f 6a 65 63 74 5c 5c 2e 28 6e 65 74 7c 6f 72 67 29 28 5c 5c 3f 7c 2f 7c 24 29 22 29 3b 76 61 72 20 63 62 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 2c 62 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 69 3d 62 7d 7d 2c 64 62 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 2c 62 29 7b 74 68 69 73 2e 75 72 6c 3d 61 3b 74 68 69 73 2e 75 3d 21 21 62 3b 74 68 69 73 2e 64 65 70 Data Ascii: gExp("\n *","g"),"\n");break a}catch(d){b=c;break a}b=void 0}return b};const bb=RegExp("^https?://(\\w\|-)+\\.cdn\\.ampproject\\.(net\|org)(\\?\|/\|$)");var cb=class{constructor(a,b){this.g=a;this.i=b}},db=class{constructor(a,b){this.url=a;this.u=!!b;this.dep
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 67 6f 6f 67 5f 24 7b 61 2e 6c 61 62 65 6c 7d 5f 24 7b 61 2e 75 6e 69 71 75 65 49 64 7d 5f 73 74 61 72 74 60 3b 54 26 26 55 28 29 26 26 54 2e 6d 61 72 6b 28 62 29 3b 72 65 74 75 72 6e 20 61 7d 65 6e 64 28 61 29 7b 69 66 28 74 68 69 73 2e 67 26 26 74 79 70 65 6f 66 20 61 2e 76 61 6c 75 65 3d 3d 3d 22 6e 75 6d 62 65 72 22 29 7b 61 2e 64 75 72 61 74 69 6f 6e 3d 28 66 62 28 29 7c 7c 65 62 28 29 29 2d 61 2e 76 61 6c 75 65 3b 76 61 72 20 62 3d 60 67 6f 6f 67 5f 24 7b 61 2e 6c 61 62 65 6c 7d 5f 24 7b 61 2e 75 6e 69 71 75 65 49 64 7d 5f 65 6e 64 60 3b 54 26 26 55 28 29 26 26 54 2e 6d 61 72 6b 28 62 29 3b 21 74 68 69 73 2e 67 7c 7c 74 68 69 73 2e 69 2e 6c 65 6e 67 74 68 3e 20 32 30 34 38 7c 7c 74 68 69 73 2e 69 2e 70 75 73 68 28 61 29 7d 7d 7d 3b 66 75 6e 63 74 69 Data Ascii: goog_${a.label}_${a.uniqueId}_start`;T&&U()&&T.mark(b);return a}end(a){if(this.g&&typeof a.value==="number"){a.duration=(fb()\|\|eb())-a.value;var b=`goog_${a.label}_${a.uniqueId}_end`;T&&U()&&T.mark(b);!this.g\|\|this.i.length> 2048\|\|this.i.push(a)}}};functi
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 2c 61 2e 67 2e 65 6e 64 28 66 29 29 3a 65 3d 63 28 29 7d 63 61 74 63 68 28 67 29 7b 63 3d 21 30 3b 74 72 79 7b 69 62 28 66 29 2c 63 3d 61 2e 42 28 62 2c 6e 65 77 20 24 61 28 67 2c 7b 6d 65 73 73 61 67 65 3a 61 62 28 67 29 7d 29 2c 76 6f 69 64 20 30 2c 64 29 7d 63 61 74 63 68 28 6c 29 7b 61 2e 6d 28 32 31 37 2c 6c 29 7d 69 66 28 63 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 3f 2e 65 72 72 6f 72 3f 2e 28 67 29 3b 65 6c 73 65 20 74 68 72 6f 77 20 67 3b 7d 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 71 62 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 58 3b 72 65 74 75 72 6e 28 2e 2e 2e 66 29 3d 3e 70 62 28 65 2c 61 2c 28 29 3d 3e 62 2e 61 70 70 6c 79 28 63 2c 66 29 2c 64 29 7d 20 76 61 72 20 73 62 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 Data Ascii: ,a.g.end(f)):e=c()}catch(g){c=!0;try{ib(f),c=a.B(b,new $a(g,{message:ab(g)}),void 0,d)}catch(l){a.m(217,l)}if(c)window.console?.error?.(g);else throw g;}return e}function qb(a,b,c,d){var e=X;return(...f)=>pb(e,a,()=>b.apply(c,f),d)} var sb=class{construct
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 61 5d 29 3b 66 3d 6e 65 77 20 63 62 28 6d 61 2c 72 29 3b 69 66 28 66 2e 69 29 7b 71 3d 43 3b 76 61 72 20 74 3d 66 2e 69 2e 75 72 6c 7c 7c 22 22 3b 71 2e 67 2e 70 75 73 68 28 34 29 3b 71 2e 69 5b 34 5d 3d 57 28 22 74 6f 70 22 2c 74 29 7d 76 61 72 20 44 3d 7b 75 72 6c 3a 66 2e 67 2e 75 72 6c 7c 7c 22 22 7d 3b 69 66 28 66 2e 67 2e 75 72 6c 29 7b 63 6f 6e 73 74 20 76 3d 66 2e 67 2e 75 72 6c 2e 6d 61 74 63 68 28 47 61 29 3b 76 61 72 20 7a 3d 76 5b 31 5d 2c 4f 61 3d 76 5b 33 5d 2c 50 61 3d 76 5b 34 5d 3b 74 3d 22 22 3b 7a 26 26 28 74 2b 3d 7a 2b 22 3a 22 29 3b 4f 61 26 26 28 74 2b 3d 22 2f 2f 22 2c 74 2b 3d 4f 61 2c 50 61 26 26 28 74 2b 3d 22 3a 22 2b 50 61 29 29 3b 76 61 72 20 51 61 3d 74 7d 65 6c 73 65 20 51 61 3d 22 22 3b 7a 3d 43 3b 44 3d 5b 44 2c 7b 75 72 Data Ascii: a]);f=new cb(ma,r);if(f.i){q=C;var t=f.i.url\|\|"";q.g.push(4);q.i[4]=W("top",t)}var D={url:f.g.url\|\|""};if(f.g.url){const v=f.g.url.match(Ga);var z=v[1],Oa=v[3],Pa=v[4];t="";z&&(t+=z+":");Oa&&(t+="//",t+=Oa,Pa&&(t+=":"+Pa));var Qa=t}else Qa="";z=C;D=[D,{ur

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:21 UTC	1939	OUT	GET /pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&h=600&slotname=7992105487&adk=2585668214&adf=2175242420&pi=t.ma~as.7992105487&w=160&abgtt=9&fwrn=4&fwrnh=100&lmt=1723972423&rafmt=1&format=160x600&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032225&bpp=1&bdt=6475&idt=3995&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x280&correlator=5666469010253&frm=20&pv=1&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=847&ady=1332&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fc=896&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034 [TRUNCATED] Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:22 UTC	788	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Observe-Browsing-Topics: ?1 Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 10 Dec 2024 12:39:22 GMT Server: cafe X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 10-Dec-2024 12:54:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Tue, 10 Dec 2024 12:39:22 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2024-12-10 12:39:22 UTC	602	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 6a 73 63 56 65 72 73 69 6f 6e 20 3d 20 27 72 32 30 32 34 31 32 30 35 27 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 76 61 72 20 67 6f 6f 67 6c 65 5f 63 61 73 6d 3d 5b 5d 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 20 6c 65 66 74 4d 61 72 67 69 6e 3d 22 30 22 20 74 6f 70 4d 61 72 67 69 6e 3d 22 30 22 20 6d 61 72 67 69 6e 77 69 64 74 68 3d 22 30 22 20 6d 61 72 67 69 6e 68 65 69 67 68 74 3d 22 30 22 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 64 69 63 6e 66 20 3d 20 7b 7d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 64 61 74 61 2d 6a 63 3d 22 34 32 22 20 64 61 74 61 2d 6a 63 2d 76 Data Ascii: 8000<!doctype html><html><head><script>var jscVersion = 'r20241205';</script><script>var google_casm=[];</script></head><body leftMargin="0" topMargin="0" marginwidth="0" marginheight="0"><script>window.dicnf = {};</script><script data-jc="42" data-jc-v
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 2f 20 76 61 72 20 75 3d 74 68 69 73 7c 7c 73 65 6c 66 3b 76 61 72 20 77 2c 78 3b 61 3a 7b 66 6f 72 28 76 61 72 20 61 61 3d 5b 22 43 4c 4f 53 55 52 45 5f 46 4c 41 47 53 22 5d 2c 79 3d 75 2c 41 3d 30 3b 41 3c 61 61 2e 6c 65 6e 67 74 68 3b 41 2b 2b 29 69 66 28 79 3d 79 5b 61 61 5b 41 5d 5d 2c 79 3d 3d 6e 75 6c 6c 29 7b 78 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 7d 78 3d 79 7d 76 61 72 20 62 61 3d 78 26 26 78 5b 36 31 30 34 30 31 33 30 31 5d 3b 77 3d 62 61 21 3d 6e 75 6c 6c 3f 62 61 3a 21 31 3b 76 61 72 20 42 3b 63 6f 6e 73 74 20 63 61 3d 75 2e 6e 61 76 69 67 61 74 6f 72 3b 42 3d 63 61 3f 63 61 2e 75 73 65 72 41 67 65 6e 74 44 61 74 61 7c 7c 6e 75 6c 6c 3a 6e 75 6c 6c 3b 66 75 6e 63 74 69 6f 6e 20 45 28 61 29 7b 72 65 74 75 72 6e 20 77 3f 42 3f 42 2e 62 72 61 Data Ascii: / var u=this\|\|self;var w,x;a:{for(var aa=["CLOSURE_FLAGS"],y=u,A=0;A<aa.length;A++)if(y=y[aa[A]],y==null){x=null;break a}x=y}var ba=x&&x[610401301];w=ba!=null?ba:!1;var B;const ca=u.navigator;B=ca?ca.userAgentData\|\|null:null;function E(a){return w?B?B.bra
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 74 22 3a 72 65 74 75 72 6e 20 61 3e 3d 6b 61 26 26 61 3c 3d 6c 61 3f 4e 75 6d 62 65 72 28 61 29 3a 53 74 72 69 6e 67 28 61 29 3b 63 61 73 65 20 22 62 6f 6f 6c 65 61 6e 22 3a 72 65 74 75 72 6e 20 61 3f 31 3a 30 3b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 69 66 28 61 29 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 69 66 28 4b 28 61 29 29 72 65 74 75 72 6e 7d 65 6c 73 65 20 69 66 28 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 29 7b 6c 65 74 20 62 3d 22 22 2c 63 3d 30 3b 63 6f 6e 73 74 20 64 3d 61 2e 6c 65 6e 67 74 68 2d 31 30 32 34 30 3b 66 6f 72 28 3b 63 3c 64 3b 29 62 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 2e 61 70 70 6c 79 28 6e 75 6c 6c 2c 61 2e 73 75 62 61 72 Data Ascii: t":return a>=ka&&a<=la?Number(a):String(a);case "boolean":return a?1:0;case "object":if(a)if(Array.isArray(a)){if(K(a))return}else if(a!=null&&a instanceof Uint8Array){let b="",c=0;const d=a.length-10240;for(;c<d;)b+=String.fromCharCode.apply(null,a.subar
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 20 45 72 72 6f 72 28 22 66 61 72 72 22 29 3b 69 66 28 63 26 36 34 29 62 72 65 61 6b 20 61 3b 62 3d 3d 3d 31 7c 7c 62 3d 3d 3d 32 7c 7c 28 63 7c 3d 36 34 29 3b 62 3d 61 3b 76 61 72 20 64 3d 62 2e 6c 65 6e 67 74 68 3b 69 66 28 64 26 26 28 2d 2d 64 2c 6a 61 28 62 5b 64 5d 29 29 29 7b 63 7c 3d 32 35 36 3b 62 3d 64 2d 28 2b 21 21 28 63 26 35 31 32 29 2d 31 29 3b 69 66 28 62 3e 3d 31 30 32 34 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 76 74 6c 6d 74 22 29 3b 63 3d 63 26 2d 33 33 35 32 31 36 36 35 7c 28 62 26 31 30 32 33 29 3c 3c 31 35 7d 7d 61 5b 4a 5d 3d 63 7d 74 68 69 73 2e 6c 3d 61 7d 74 6f 4a 53 4f 4e 28 29 7b 72 65 74 75 72 6e 20 78 61 28 74 68 69 73 29 7d 7d 3b 4e 2e 70 72 6f 74 6f 74 79 70 65 2e 41 3d 66 61 3b 4e 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f Data Ascii: Error("farr");if(c&64)break a;b===1\|\|b===2\|\|(c\|=64);b=a;var d=b.length;if(d&&(--d,ja(b[d]))){c\|=256;b=d-(+!!(c&512)-1);if(b>=1024)throw Error("pvtlmt");c=c&-33521665\|(b&1023)<<15}}a[J]=c}this.l=a}toJSON(){return xa(this)}};N.prototype.A=fa;N.prototype.to
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 4c 69 73 74 65 6e 65 72 26 26 61 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 7d 3b 76 61 72 20 47 61 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24 22 29 3b 66 75 6e 63 74 69 6f 6e 20 48 61 28 61 2c 62 2c 63 2c 64 29 7b 63 6f 6e 73 74 20 65 3d 63 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 3b 28 62 3d 61 2e 69 6e 64 65 78 4f 66 28 63 2c 62 29 29 3e 3d 30 26 26 62 Data Ascii: Listener&&a.removeEventListener(b,c,!1)};var Ga=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#])@)?([^\\\\/?#]?)(?::([0-9]+))?(?=[\\\\/?#]\|$))?([^?#]+)?(?:\\?([^#]))?(?:#([\\s\\S]))?$");function Ha(a,b,c,d){const e=c.length;for(;(b=a.indexOf(c,b))>=0&&b
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 61 2c 62 29 7d 66 75 6e 63 74 69 6f 6e 20 55 61 28 61 2c 62 29 7b 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 7c 7c 28 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 3d 5b 5d 29 3b 63 6f 6e 73 74 20 63 3d 53 61 28 75 2e 64 6f 63 75 6d 65 6e 74 29 3b 69 66 28 62 29 7b 63 6f 6e 73 74 20 64 3d 65 3d 3e 7b 62 26 26 62 28 65 29 3b 46 61 28 63 2c 22 6c 6f 61 64 22 2c 64 29 3b 46 61 28 63 2c 22 65 72 72 6f 72 22 2c 64 29 7d 3b 51 28 63 2c 22 6c 6f 61 64 22 2c 64 29 3b 51 28 63 2c 22 65 72 72 6f 72 22 2c 64 29 7d 63 2e 73 72 63 3d 61 3b 75 2e 67 6f 6f 67 6c 65 5f 69 6d 61 67 65 5f 72 65 71 75 65 73 74 73 2e 70 75 73 68 28 63 29 7d 3b 6c 65 74 20 56 61 3d 30 3b 66 75 6e 63 74 69 6f 6e 20 57 61 28 61 2c 62 3d 6e 75 6c Data Ascii: a,b)}function Ua(a,b){u.google_image_requests\|\|(u.google_image_requests=[]);const c=Sa(u.document);if(b){const d=e=>{b&&b(e);Fa(c,"load",d);Fa(c,"error",d)};Q(c,"load",d);Q(c,"error",d)}c.src=a;u.google_image_requests.push(c)};let Va=0;function Wa(a,b=nul
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 67 45 78 70 28 22 5c 6e 20 2a 22 2c 22 67 22 29 2c 22 5c 6e 22 29 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 64 29 7b 62 3d 63 3b 62 72 65 61 6b 20 61 7d 62 3d 76 6f 69 64 20 30 7d 72 65 74 75 72 6e 20 62 7d 3b 63 6f 6e 73 74 20 62 62 3d 52 65 67 45 78 70 28 22 5e 68 74 74 70 73 3f 3a 2f 2f 28 5c 5c 77 7c 2d 29 2b 5c 5c 2e 63 64 6e 5c 5c 2e 61 6d 70 70 72 6f 6a 65 63 74 5c 5c 2e 28 6e 65 74 7c 6f 72 67 29 28 5c 5c 3f 7c 2f 7c 24 29 22 29 3b 76 61 72 20 63 62 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 2c 62 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 69 3d 62 7d 7d 2c 64 62 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 2c 62 29 7b 74 68 69 73 2e 75 72 6c 3d 61 3b 74 68 69 73 2e 75 3d 21 21 62 3b 74 68 69 73 2e 64 65 70 Data Ascii: gExp("\n *","g"),"\n");break a}catch(d){b=c;break a}b=void 0}return b};const bb=RegExp("^https?://(\\w\|-)+\\.cdn\\.ampproject\\.(net\|org)(\\?\|/\|$)");var cb=class{constructor(a,b){this.g=a;this.i=b}},db=class{constructor(a,b){this.url=a;this.u=!!b;this.dep
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 67 6f 6f 67 5f 24 7b 61 2e 6c 61 62 65 6c 7d 5f 24 7b 61 2e 75 6e 69 71 75 65 49 64 7d 5f 73 74 61 72 74 60 3b 54 26 26 55 28 29 26 26 54 2e 6d 61 72 6b 28 62 29 3b 72 65 74 75 72 6e 20 61 7d 65 6e 64 28 61 29 7b 69 66 28 74 68 69 73 2e 67 26 26 74 79 70 65 6f 66 20 61 2e 76 61 6c 75 65 3d 3d 3d 22 6e 75 6d 62 65 72 22 29 7b 61 2e 64 75 72 61 74 69 6f 6e 3d 28 66 62 28 29 7c 7c 65 62 28 29 29 2d 61 2e 76 61 6c 75 65 3b 76 61 72 20 62 3d 60 67 6f 6f 67 5f 24 7b 61 2e 6c 61 62 65 6c 7d 5f 24 7b 61 2e 75 6e 69 71 75 65 49 64 7d 5f 65 6e 64 60 3b 54 26 26 55 28 29 26 26 54 2e 6d 61 72 6b 28 62 29 3b 21 74 68 69 73 2e 67 7c 7c 74 68 69 73 2e 69 2e 6c 65 6e 67 74 68 3e 20 32 30 34 38 7c 7c 74 68 69 73 2e 69 2e 70 75 73 68 28 61 29 7d 7d 7d 3b 66 75 6e 63 74 69 Data Ascii: goog_${a.label}_${a.uniqueId}_start`;T&&U()&&T.mark(b);return a}end(a){if(this.g&&typeof a.value==="number"){a.duration=(fb()\|\|eb())-a.value;var b=`goog_${a.label}_${a.uniqueId}_end`;T&&U()&&T.mark(b);!this.g\|\|this.i.length> 2048\|\|this.i.push(a)}}};functi
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 2c 61 2e 67 2e 65 6e 64 28 66 29 29 3a 65 3d 63 28 29 7d 63 61 74 63 68 28 67 29 7b 63 3d 21 30 3b 74 72 79 7b 69 62 28 66 29 2c 63 3d 61 2e 42 28 62 2c 6e 65 77 20 24 61 28 67 2c 7b 6d 65 73 73 61 67 65 3a 61 62 28 67 29 7d 29 2c 76 6f 69 64 20 30 2c 64 29 7d 63 61 74 63 68 28 6c 29 7b 61 2e 6d 28 32 31 37 2c 6c 29 7d 69 66 28 63 29 77 69 6e 64 6f 77 2e 63 6f 6e 73 6f 6c 65 3f 2e 65 72 72 6f 72 3f 2e 28 67 29 3b 65 6c 73 65 20 74 68 72 6f 77 20 67 3b 7d 72 65 74 75 72 6e 20 65 7d 66 75 6e 63 74 69 6f 6e 20 71 62 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 58 3b 72 65 74 75 72 6e 28 2e 2e 2e 66 29 3d 3e 70 62 28 65 2c 61 2c 28 29 3d 3e 62 2e 61 70 70 6c 79 28 63 2c 66 29 2c 64 29 7d 20 76 61 72 20 73 62 3d 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 Data Ascii: ,a.g.end(f)):e=c()}catch(g){c=!0;try{ib(f),c=a.B(b,new $a(g,{message:ab(g)}),void 0,d)}catch(l){a.m(217,l)}if(c)window.console?.error?.(g);else throw g;}return e}function qb(a,b,c,d){var e=X;return(...f)=>pb(e,a,()=>b.apply(c,f),d)} var sb=class{construct
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 61 5d 29 3b 66 3d 6e 65 77 20 63 62 28 6d 61 2c 72 29 3b 69 66 28 66 2e 69 29 7b 71 3d 43 3b 76 61 72 20 74 3d 66 2e 69 2e 75 72 6c 7c 7c 22 22 3b 71 2e 67 2e 70 75 73 68 28 34 29 3b 71 2e 69 5b 34 5d 3d 57 28 22 74 6f 70 22 2c 74 29 7d 76 61 72 20 44 3d 7b 75 72 6c 3a 66 2e 67 2e 75 72 6c 7c 7c 22 22 7d 3b 69 66 28 66 2e 67 2e 75 72 6c 29 7b 63 6f 6e 73 74 20 76 3d 66 2e 67 2e 75 72 6c 2e 6d 61 74 63 68 28 47 61 29 3b 76 61 72 20 7a 3d 76 5b 31 5d 2c 4f 61 3d 76 5b 33 5d 2c 50 61 3d 76 5b 34 5d 3b 74 3d 22 22 3b 7a 26 26 28 74 2b 3d 7a 2b 22 3a 22 29 3b 4f 61 26 26 28 74 2b 3d 22 2f 2f 22 2c 74 2b 3d 4f 61 2c 50 61 26 26 28 74 2b 3d 22 3a 22 2b 50 61 29 29 3b 76 61 72 20 51 61 3d 74 7d 65 6c 73 65 20 51 61 3d 22 22 3b 7a 3d 43 3b 44 3d 5b 44 2c 7b 75 72 Data Ascii: a]);f=new cb(ma,r);if(f.i){q=C;var t=f.i.url\|\|"";q.g.push(4);q.i[4]=W("top",t)}var D={url:f.g.url\|\|""};if(f.g.url){const v=f.g.url.match(Ga);var z=v[1],Oa=v[3],Pa=v[4];t="";z&&(t+=z+":");Oa&&(t+="//",t+=Oa,Pa&&(t+=":"+Pa));var Qa=t}else Qa="";z=C;D=[D,{ur

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Program Files\Greenshot\Greenshot.exe (copy)

C:\Program Files\Greenshot\Greenshot.exe.config (copy)

C:\Program Files\Greenshot\GreenshotPlugin.dll (copy)

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-0F80J.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-1EONR.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-42284.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-54S9J.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-7Q7JK.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-884T4.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-8F0QI.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-9EC87.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-D85DK.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-E2P9S.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-G11MM.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-GVUBH.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-NANO9.tmp

C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-NKK72.tmp

Windows Analysis Report
https://github.com/greenshot/greenshot/releases/download/Greenshot-RELEASE-1.2.10.6/Greenshot-INSTALLER-1.2.10.6-RELEASE.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:21 UTC	2257	OUT	GET /pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&adk=1812271804&adf=3025194257&abgtt=9&lmt=1723972423&plaf=2%3A2&plat=1%3A16777216%2C3%3A65536%2C4%3A65536%2C8%3A128%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1048576%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&pra=7&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~3~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aifxl=29_18~30_19&aiixl=29_5~30_6&aiapm=0.3221&aiapmi=0.33938&aiombap=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032226&bpp=18&bdt=6475&idt=4012&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x280%2C160x600&nras=1&correlator=566 [TRUNCATED] Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:22 UTC	788	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Observe-Browsing-Topics: ?1 Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 10 Dec 2024 12:39:22 GMT Server: cafe X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Tue, 10-Dec-2024 12:54:22 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Tue, 10 Dec 2024 12:39:22 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2024-12-10 12:39:22 UTC	602	IN	Data Raw: 38 30 30 30 0d 0a 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 73 72 61 5f 6c 61 74 65 72 5f 62 6c 6f 63 6b 73 20 3d 20 5b 5d 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 73 72 61 5f 6c 61 74 65 72 5f 62 6c 6f 63 6b 73 2e 70 75 73 68 28 7b 63 72 65 61 74 69 76 65 3a 27 5c 78 33 63 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 5c 78 33 65 5c 78 33 63 68 74 6d 6c 5c 78 33 65 5c 78 33 63 68 65 61 64 5c 78 33 65 5c 78 33 63 73 63 72 69 70 74 5c 78 33 65 76 61 72 20 6a 73 63 56 65 72 73 69 6f 6e 20 5c 78 33 64 20 5c 78 32 37 72 32 30 32 34 31 32 30 35 5c 78 32 37 3b 5c 78 33 63 2f 73 63 72 69 70 74 5c 78 33 65 5c 78 33 63 73 63 72 69 70 74 5c 78 33 65 76 61 72 20 67 6f 6f 67 6c 65 5f 63 61 73 6d 5c 78 33 64 5b 5d 3b 5c 78 33 63 2f 73 63 Data Ascii: 8000<script>window.sra_later_blocks = [];</script><script>window.sra_later_blocks.push({creative:'\x3c!doctype html\x3e\x3chtml\x3e\x3chead\x3e\x3cscript\x3evar jscVersion \x3d \x27r20241205\x27;\x3c/script\x3e\x3cscript\x3evar google_casm\x3d[];\x3c/sc
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 32 36 67 74 3b 60 64 6f 70 62 2f 25 5c 78 32 36 6c 74 3b 31 37 33 32 32 36 31 21 5c 78 33 64 7c 76 71 63 29 21 37 32 30 31 30 36 31 3f 5c 78 32 36 23 33 39 3b 39 65 66 6f 74 6d 28 5c 78 32 36 61 6d 70 3b 32 30 37 32 33 3b 5c 78 32 36 67 74 3b 3a 5c 78 32 36 61 6d 70 3b 5c 78 32 36 67 74 3b 60 64 6f 70 62 2f 25 5c 78 32 36 6c 74 3b 31 32 34 35 3b 30 35 21 5c 78 33 64 6e 65 68 75 60 2f 21 33 36 31 3a 5c 78 32 36 6c 74 3b 33 32 30 21 39 73 71 72 6d 28 5c 78 32 36 61 6d 70 3b 32 30 35 37 3f 36 31 5c 78 32 36 6c 74 3b 5c 78 32 36 61 6d 70 3b 5c 78 32 36 67 74 3b 60 64 6f 70 62 7e 5c 78 32 36 71 75 6f 74 3b 5d 5c 78 32 32 5c 78 33 65 28 66 75 6e 63 74 69 6f 6e 28 29 7b 5c 78 32 37 75 73 65 20 73 74 72 69 63 74 5c 78 32 37 3b 2f 2a 20 20 43 6f 70 79 72 69 67 68 Data Ascii: 26gt;`dopb/%\x26lt;1732261!\x3d\|vqc)!7201061?\x26#39;9efotm(\x26amp;20723;\x26gt;:\x26amp;\x26gt;`dopb/%\x26lt;1245;05!\x3dnehu`/!361:\x26lt;320!9sqrm(\x26amp;2057?61\x26lt;\x26amp;\x26gt;`dopb~\x26quot;]\x22\x3e(function(){\x27use strict\x27;/* Copyrigh
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 61 7c 7c 74 79 70 65 6f 66 20 61 21 5c 78 33 64 5c 78 33 64 5c 78 32 32 6f 62 6a 65 63 74 5c 78 32 32 7c 7c 61 2e 67 21 5c 78 33 64 5c 78 33 64 6d 61 29 7d 66 75 6e 63 74 69 6f 6e 20 6f 61 28 61 29 7b 72 65 74 75 72 6e 20 61 21 5c 78 33 64 5c 78 33 64 6e 75 6c 6c 5c 78 32 36 5c 78 32 36 74 79 70 65 6f 66 20 61 5c 78 33 64 5c 78 33 64 5c 78 33 64 5c 78 32 32 6f 62 6a 65 63 74 5c 78 32 32 5c 78 32 36 5c 78 32 36 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 5c 78 32 36 5c 78 32 36 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 5c 78 33 64 5c 78 33 64 5c 78 33 64 4f 62 6a 65 63 74 7d 66 75 6e 63 74 69 6f 6e 20 45 28 61 29 7b 72 65 74 75 72 6e 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 7c 7c 61 2e 6c 65 6e 67 74 68 3f 21 31 3a 28 61 5b 42 5d 7c 30 29 5c Data Ascii: a\|\|typeof a!\x3d\x3d\x22object\x22\|\|a.g!\x3d\x3dma)}function oa(a){return a!\x3d\x3dnull\x26\x26typeof a\x3d\x3d\x3d\x22object\x22\x26\x26!Array.isArray(a)\x26\x26a.constructor\x3d\x3d\x3dObject}function E(a){return!Array.isArray(a)\|\|a.length?!1:(a[B]\|0)\
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 3f 21 21 28 65 5c 78 32 36 33 32 29 3a 76 6f 69 64 20 30 3b 61 5c 78 33 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 29 3b 66 6f 72 28 6c 65 74 20 66 5c 78 33 64 30 3b 66 5c 78 33 63 61 2e 6c 65 6e 67 74 68 3b 66 2b 2b 29 61 5b 66 5d 5c 78 33 64 76 61 28 61 5b 66 5d 2c 62 2c 63 2c 64 2c 67 29 3b 63 5c 78 32 36 5c 78 32 36 63 28 65 2c 61 29 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 78 61 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 42 5c 78 33 64 5c 78 33 64 5c 78 33 64 6c 61 3f 61 2e 74 6f 4a 53 4f 4e 28 29 3a 75 61 28 61 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 46 28 61 2c 62 2c 63 29 7b 63 6f 6e 73 74 20 64 5c 78 33 64 61 2e 75 3b 6c 65 74 20 67 5c 78 33 64 64 5b 42 5d 3b 69 66 28 67 5c 78 32 36 32 29 74 68 Data Ascii: ?!!(e\x2632):void 0;a\x3dArray.prototype.slice.call(a);for(let f\x3d0;f\x3ca.length;f++)a[f]\x3dva(a[f],b,c,d,g);c\x26\x26c(e,a);return a}function xa(a){return a.B\x3d\x3d\x3dla?a.toJSON():ua(a)};function F(a,b,c){const d\x3da.u;let g\x3dd[B];if(g\x262)th
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 72 6f 74 6f 74 79 70 65 2e 42 5c 78 33 64 6c 61 3b 20 49 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 5c 78 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 48 5c 78 33 64 21 30 2c 43 61 28 74 68 69 73 29 2e 74 6f 53 74 72 69 6e 67 28 29 7d 66 69 6e 61 6c 6c 79 7b 48 5c 78 33 64 21 31 7d 7d 3b 20 66 75 6e 63 74 69 6f 6e 20 43 61 28 61 29 7b 61 5c 78 33 64 61 2e 75 3b 61 5c 78 33 64 48 3f 61 3a 77 61 28 61 2c 78 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 7b 76 61 72 20 62 5c 78 33 64 21 48 3b 6c 65 74 20 68 5c 78 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 68 29 7b 76 61 72 20 63 5c 78 33 64 61 5b 68 2d 31 5d 2c 64 5c 78 33 64 6f 61 28 63 29 3b 64 3f 68 2d 2d 3a 63 5c 78 33 64 76 6f 69 64 20 30 3b 76 61 72 Data Ascii: rototype.B\x3dla; I.prototype.toString\x3dfunction(){try{return H\x3d!0,Ca(this).toString()}finally{H\x3d!1}}; function Ca(a){a\x3da.u;a\x3dH?a:wa(a,xa,void 0,void 0,!1);{var b\x3d!H;let h\x3da.length;if(h){var c\x3da[h-1],d\x3doa(c);d?h--:c\x3dvoid 0;var
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 3f 61 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 61 2e 6c 65 6e 67 74 68 2d 37 29 2b 62 2b 5c 78 32 32 5c 78 32 36 61 64 75 72 6c 5c 78 33 64 5c 78 32 32 3a 61 2b 62 3b 66 75 6e 63 74 69 6f 6e 20 4c 28 61 5c 78 33 64 77 69 6e 64 6f 77 29 7b 72 65 74 75 72 6e 20 61 7d 3b 6c 65 74 20 4d 5c 78 33 64 71 2e 64 69 63 6e 66 7c 7c 7b 7d 3b 76 61 72 20 4e 5c 78 33 64 28 29 5c 78 33 64 5c 78 33 65 4d 2e 69 6d 70 72 74 79 70 65 5c 78 33 64 5c 78 33 64 5c 78 32 32 31 5c 78 32 32 3f 31 3a 4d 2e 69 6d 70 72 74 79 70 65 5c 78 33 64 5c 78 33 64 5c 78 32 32 32 5c 78 32 32 3f 32 3a 30 3b 66 75 6e 63 74 69 6f 6e 20 4d 61 28 61 29 7b 6c 65 74 20 62 5c 78 33 64 21 31 2c 63 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 62 7c 7c 28 63 5c 78 33 64 61 28 29 2c 62 5c 78 33 Data Ascii: ?a.substring(0,a.length-7)+b+\x22\x26adurl\x3d\x22:a+b;function L(a\x3dwindow){return a};let M\x3dq.dicnf\|\|{};var N\x3d()\x3d\x3eM.imprtype\x3d\x3d\x221\x22?1:M.imprtype\x3d\x3d\x222\x22?2:0;function Ma(a){let b\x3d!1,c;return function(){b\|\|(c\x3da(),b\x3
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 28 29 7d 63 61 74 63 68 7b 7d 7d 3b 20 76 61 72 20 57 61 5c 78 33 64 28 61 2c 62 29 5c 78 33 64 5c 78 33 65 7b 61 2e 72 65 61 64 79 53 74 61 74 65 5c 78 33 64 5c 78 33 64 5c 78 33 64 5c 78 32 32 63 6f 6d 70 6c 65 74 65 5c 78 32 32 7c 7c 61 2e 72 65 61 64 79 53 74 61 74 65 5c 78 33 64 5c 78 33 64 5c 78 33 64 5c 78 32 32 69 6e 74 65 72 61 63 74 69 76 65 5c 78 32 32 3f 28 51 2e 70 75 73 68 28 62 29 2c 51 2e 6c 65 6e 67 74 68 5c 78 33 64 5c 78 33 64 31 5c 78 32 36 5c 78 32 36 28 77 69 6e 64 6f 77 2e 50 72 6f 6d 69 73 65 3f 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 29 2e 74 68 65 6e 28 56 61 29 3a 77 69 6e 64 6f 77 2e 73 65 74 49 6d 6d 65 64 69 61 74 65 3f 73 65 74 49 6d 6d 65 64 69 61 74 65 28 56 61 29 3a 73 65 74 54 69 6d 65 6f 75 74 28 56 61 2c 30 29 Data Ascii: ()}catch{}}; var Wa\x3d(a,b)\x3d\x3e{a.readyState\x3d\x3d\x3d\x22complete\x22\|\|a.readyState\x3d\x3d\x3d\x22interactive\x22?(Q.push(b),Q.length\x3d\x3d1\x26\x26(window.Promise?Promise.resolve().then(Va):window.setImmediate?setImmediate(Va):setTimeout(Va,0)
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 32 7d 29 3b 61 2e 66 65 74 63 68 28 62 2c 64 29 7d 65 6c 73 65 20 52 28 61 2c 62 2c 76 6f 69 64 20 30 2c 21 31 2c 63 29 7d 2c 24 61 5c 78 33 64 4d 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 5c 78 32 32 72 65 66 65 72 72 65 72 50 6f 6c 69 63 79 5c 78 32 32 69 6e 20 58 61 28 5c 78 32 32 49 4d 47 5c 78 32 32 29 7d 29 3b 6c 65 74 20 61 62 5c 78 33 64 30 3b 66 75 6e 63 74 69 6f 6e 20 62 62 28 61 2c 62 5c 78 33 64 6e 75 6c 6c 29 7b 72 65 74 75 72 6e 20 62 5c 78 32 36 5c 78 32 36 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 5c 78 32 32 64 61 74 61 2d 6a 63 5c 78 32 32 29 5c 78 33 64 5c 78 33 64 5c 78 33 64 53 74 72 69 6e 67 28 61 29 3f 62 3a 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 60 5b 24 7b 5c 78 32 32 64 61 74 61 2d Data Ascii: 2});a.fetch(b,d)}else R(a,b,void 0,!1,c)},$a\x3dMa(function(){return\x22referrerPolicy\x22in Xa(\x22IMG\x22)});let ab\x3d0;function bb(a,b\x3dnull){return b\x26\x26b.getAttribute(\x22data-jc\x22)\x3d\x3d\x3dString(a)?b:document.querySelector(`[${\x22data-
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 28 63 29 5c 78 33 64 5c 78 33 64 2d 31 5c 78 32 36 5c 78 32 36 28 61 5c 78 33 64 63 2b 5c 78 32 32 5c 5c 6e 5c 78 32 32 2b 61 29 3b 6c 65 74 20 64 3b 66 6f 72 28 3b 61 21 5c 78 33 64 64 3b 29 64 5c 78 33 64 61 2c 61 5c 78 33 64 61 2e 72 65 70 6c 61 63 65 28 52 65 67 45 78 70 28 5c 78 32 32 28 28 68 74 74 70 73 3f 3a 2f 2e 2e 2a 2f 29 5b 5e 2f 3a 5d 2a 3a 5c 5c 5c 5c 64 2b 28 3f 3a 2e 7c 5c 5c 6e 29 2a 29 5c 5c 5c 5c 32 5c 78 32 32 29 2c 5c 78 32 32 24 31 5c 78 32 32 29 3b 62 5c 78 33 64 61 2e 72 65 70 6c 61 63 65 28 52 65 67 45 78 70 28 5c 78 32 32 5c 5c 6e 20 2a 5c 78 32 32 2c 5c 78 32 32 67 5c 78 32 32 29 2c 5c 78 32 32 5c 5c 6e 5c 78 32 32 29 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 64 29 7b 62 5c 78 33 64 63 3b 62 72 65 61 6b 20 61 7d 62 5c 78 33 Data Ascii: (c)\x3d\x3d-1\x26\x26(a\x3dc+\x22\\n\x22+a);let d;for(;a!\x3dd;)d\x3da,a\x3da.replace(RegExp(\x22((https?:/../)[^/:]:\\\\d+(?:.\|\\n))\\\\2\x22),\x22$1\x22);b\x3da.replace(RegExp(\x22\\n \x22,\x22g\x22),\x22\\n\x22);break a}catch(d){b\x3dc;break a}b\x3
2024-12-10 12:39:22 UTC	1390	IN	Data Raw: 7d 5f 24 7b 61 2e 75 6e 69 71 75 65 49 64 7d 5f 73 74 61 72 74 60 29 2c 55 2e 63 6c 65 61 72 4d 61 72 6b 73 28 60 67 6f 6f 67 5f 24 7b 61 2e 6c 61 62 65 6c 7d 5f 24 7b 61 2e 75 6e 69 71 75 65 49 64 7d 5f 65 6e 64 60 29 29 7d 20 63 6c 61 73 73 20 74 62 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 76 61 72 20 61 5c 78 33 64 77 69 6e 64 6f 77 3b 74 68 69 73 2e 69 5c 78 33 64 5b 5d 3b 74 68 69 73 2e 6a 5c 78 33 64 61 7c 7c 71 3b 6c 65 74 20 62 5c 78 33 64 6e 75 6c 6c 3b 61 5c 78 32 36 5c 78 32 36 28 61 2e 67 6f 6f 67 6c 65 5f 6a 73 5f 72 65 70 6f 72 74 69 6e 67 5f 71 75 65 75 65 5c 78 33 64 61 2e 67 6f 6f 67 6c 65 5f 6a 73 5f 72 65 70 6f 72 74 69 6e 67 5f 71 75 65 75 65 7c 7c 5b 5d 2c 74 68 69 73 2e 69 5c 78 33 64 61 2e 67 6f 6f 67 6c 65 5f 6a 73 5f 72 65 70 Data Ascii: }_${a.uniqueId}_start`),U.clearMarks(`goog_${a.label}_${a.uniqueId}_end`))} class tb{constructor(){var a\x3dwindow;this.i\x3d[];this.j\x3da\|\|q;let b\x3dnull;a\x26\x26(a.google_js_reporting_queue\x3da.google_js_reporting_queue\|\|[],this.i\x3da.google_js_rep

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:24 UTC	542	OUT	GET /sodar/sodar2.js HTTP/1.1 Host: ep2.adtrafficquality.google Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://getgreenshot.org/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:25 UTC	665	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs" Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} Content-Length: 17945 Date: Tue, 10 Dec 2024 12:39:24 GMT Expires: Tue, 10 Dec 2024 12:39:24 GMT Cache-Control: private, max-age=3000 ETag: "1727224258380615" X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-10 12:39:25 UTC	725	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 66 75 6e 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 76 61 72 20 6b 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 Data Ascii: (function(){'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var k=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 0a 66 75 6e 63 74 69 6f 6e 20 78 28 61 2c 62 2c 63 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 64 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 64 2e 6c 65 6e 67 74 68 3d 3d 3d 31 3b 76 61 72 20 67 3d 64 5b 30 5d 2c 66 3b 21 61 26 26 67 20 69 6e 20 72 3f 66 3d 72 3a 66 3d 6e 3b 66 6f 72 28 67 3d 30 3b 67 3c 64 2e 6c 65 6e 67 74 68 2d 31 3b 67 2b 2b 29 7b 76 61 72 20 65 3d 64 5b 67 5d 3b 69 66 28 21 28 65 20 69 6e 20 66 29 29 62 72 65 61 6b 20 61 3b 66 3d 66 5b 65 5d 7d 64 3d 64 5b 64 2e 6c 65 6e 67 74 68 2d 31 5d 3b 63 3d 70 26 26 63 3d 3d 3d 22 65 73 36 22 3f 66 5b 64 5d 3a 6e 75 6c 6c 3b 62 3d 62 28 63 29 3b 62 21 3d 6e 75 6c 6c 26 26 28 61 3f 6b 28 72 2c 64 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 Data Ascii: function x(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var g=d[0],f;!a&&g in r?f=r:f=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in f))break a;f=f[e]}d=d[d.length-1];c=p&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?k(r,d,{configurable:!0,writable:!0,va
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 72 2e 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 77 28 72 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 26 26 61 5b 77 28 72 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 61 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 53 74 72 69 6e 67 28 61 29 2b 22 20 69 73 20 6e 6f 74 20 61 6e 20 69 74 65 72 61 62 6c 65 20 6f 72 20 41 72 72 61 79 4c 69 6b 65 22 29 3b 7d 76 61 72 20 66 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 Data Ascii: {var b=typeof r.Symbol!="undefined"&&w(r.Symbol,"iterator")&&a[w(r.Symbol,"iterator")];if(b)return b.call(a);if(typeof a.length=="number")return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}var fa=typeof Object.create=="function"
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 74 75 72 6e 20 48 28 61 29 7d 0a 66 75 6e 63 74 69 6f 6e 20 47 28 61 2c 62 2c 63 2c 64 29 7b 74 72 79 7b 76 61 72 20 67 3d 62 2e 63 61 6c 6c 28 61 2e 67 2e 68 2c 63 29 3b 69 66 28 21 28 67 20 69 6e 73 74 61 6e 63 65 6f 66 20 4f 62 6a 65 63 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 49 74 65 72 61 74 6f 72 20 72 65 73 75 6c 74 20 22 2b 67 2b 22 20 69 73 20 6e 6f 74 20 61 6e 20 6f 62 6a 65 63 74 22 29 3b 69 66 28 21 67 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 61 2e 67 2e 6d 3d 21 31 2c 67 3b 76 61 72 20 66 3d 67 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 61 2e 67 2e 68 3d 6e 75 6c 6c 2c 45 28 61 2e 67 2c 65 29 2c 48 28 61 29 7d 61 2e 67 2e 68 3d 6e 75 6c 6c 3b 64 2e 63 61 6c 6c 28 61 2e 67 2c 66 29 3b 72 Data Ascii: turn H(a)}function G(a,b,c,d){try{var g=b.call(a.g.h,c);if(!(g instanceof Object))throw new TypeError("Iterator result "+g+" is not an object");if(!g.done)return a.g.m=!1,g;var f=g.value}catch(e){return a.g.h=null,E(a.g,e),H(a)}a.g.h=null;d.call(a.g,f);r
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 2e 70 72 6f 74 6f 74 79 70 65 2e 68 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 74 68 69 73 2e 67 3d 3d 6e 75 6c 6c 29 7b 74 68 69 73 2e 67 3d 5b 5d 3b 76 61 72 20 68 3d 74 68 69 73 3b 74 68 69 73 2e 69 28 66 75 6e 63 74 69 6f 6e 28 29 7b 68 2e 6d 28 29 7d 29 7d 74 68 69 73 2e 67 2e 70 75 73 68 28 65 29 7d 3b 76 61 72 20 67 3d 6e 2e 73 65 74 54 69 6d 65 6f 75 74 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 67 28 65 2c 30 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 67 26 26 74 68 69 73 2e 67 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 67 3b 74 68 69 73 2e 67 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 65 2e 6c 65 6e 67 Data Ascii: .prototype.h=function(e){if(this.g==null){this.g=[];var h=this;this.i(function(){h.m()})}this.g.push(e)};var g=n.setTimeout;c.prototype.i=function(e){g(e,0)};c.prototype.m=function(){for(;this.g&&this.g.length;){var e=this.g;this.g=[];for(var h=0;h<e.leng
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 64 22 29 72 65 74 75 72 6e 21 30 3b 74 79 70 65 6f 66 20 65 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 65 3d 6e 65 77 20 65 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 65 3d 6e 65 77 20 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 65 3d 6e 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 65 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 65 29 29 3b 65 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 65 2e Data Ascii: d")return!0;typeof e==="function"?e=new e("unhandledrejection",{cancelable:!0}):typeof h==="function"?e=new h("unhandledrejection",{cancelable:!0}):(e=n.document.createEvent("CustomEvent"),e.initCustomEvent("unhandledrejection",!1,!0,e));e.promise=this;e.
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 29 2c 6c 3d 68 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 62 7d 2c 22 65 73 36 22 29 3b 0a 78 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 6e 7d 2c 22 65 73 5f 32 30 32 30 22 29 3b 78 28 22 41 72 72 61 79 2e 66 72 6f 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 3d 63 21 3d 6e 75 6c 6c 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 7d 3b 76 61 72 20 67 3d 5b 5d 2c 66 3d 74 79 70 65 6f 66 20 72 2e 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 77 28 72 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 26 26 62 5b Data Ascii: ),l=h.next();while(!l.done)})};return b},"es6");x("globalThis",function(a){return a\|\|n},"es_2020");x("Array.from",function(a){return a?a:function(b,c,d){c=c!=null?c:function(h){return h};var g=[],f=typeof r.Symbol!="undefined"&&w(r.Symbol,"iterator")&&b[
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 32 2f 61 66 72 61 6d 65 22 5d 29 2c 74 61 3d 50 28 73 61 29 3b 66 75 6e 63 74 69 6f 6e 20 51 28 61 2c 62 2c 63 29 7b 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 75 61 28 61 2c 62 29 7b 61 2e 73 72 63 3d 72 61 28 62 29 3b 76 61 72 20 63 2c 64 3b 28 63 3d 28 62 3d 28 64 3d 28 63 3d 28 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 26 26 61 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 2e 64 65 66 61 75 6c 74 56 69 65 77 7c 7c 77 69 6e 64 6f 77 29 2e 64 6f 63 75 6d 65 6e 74 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 29 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 Data Ascii: ww.google.com/recaptcha/api2/aframe"]),ta=P(sa);function Q(a,b,c){a.addEventListener&&a.addEventListener(b,c,!1)};function ua(a,b){a.src=ra(b);var c,d;(c=(b=(d=(c=(a.ownerDocument&&a.ownerDocument.defaultView\|\|window).document).querySelector)==null?void 0
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 69 73 2e 4a 3d 62 3b 74 68 69 73 2e 68 3d 67 3b 74 68 69 73 2e 6f 3d 63 3d 3d 3d 76 6f 69 64 20 30 3f 30 3a 63 3b 74 68 69 73 2e 69 3d 28 64 3d 3d 3d 76 6f 69 64 20 30 3f 30 3a 64 29 3f 50 28 7a 61 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 29 3a 50 28 41 61 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 29 7d 66 75 6e 63 74 69 6f 6e 20 42 61 28 61 29 7b 72 65 74 75 72 6e 20 49 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 73 77 69 74 63 68 28 62 2e 67 29 7b 63 61 73 65 20 31 3a 72 65 74 75 72 6e 20 46 28 62 2c 43 61 28 61 29 2c 32 29 3b 63 61 73 65 20 32 3a 72 65 74 75 72 6e 20 46 28 62 2c 44 61 28 61 29 2c 33 29 3b 63 61 73 65 20 33 3a 69 66 28 21 28 61 2e 6f 3e 30 29 29 7b 62 2e 67 3d 34 3b 62 72 65 61 6b 7d 72 65 74 Data Ascii: is.J=b;this.h=g;this.o=c===void 0?0:c;this.i=(d===void 0?0:d)?P(za,encodeURIComponent(a)):P(Aa,encodeURIComponent(a))}function Ba(a){return I(function(b){switch(b.g){case 1:return F(b,Ca(a),2);case 2:return F(b,Da(a),3);case 3:if(!(a.o>0)){b.g=4;break}ret
2024-12-10 12:39:25 UTC	1390	IN	Data Raw: 7d 66 75 6e 63 74 69 6f 6e 20 4a 61 28 29 7b 76 61 72 20 61 3d 77 69 6e 64 6f 77 3b 69 66 28 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 29 72 65 74 75 72 6e 20 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 5b 30 5d 3b 76 61 72 20 62 3d 6e 65 77 20 72 2e 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 3d 5b 62 2c 63 5d 7d 29 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 69 6f 6e 20 4b 61 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 47 6f 6f 67 6c 65 47 63 4c 4b 68 4f 6d 73 3d 3d 3d 76 6f 69 64 20 30 3f 31 33 3a 31 7d 3b 66 75 6e 63 74 69 6f 6e 20 53 28 61 2c 62 29 7b 74 68 69 73 2e 68 3d 61 3b 74 68 69 73 2e 6a 3d 62 7d 66 75 6e 63 74 69 6f 6e 20 4c 61 28 61 2c 62 29 7b 53 2e 63 61 Data Ascii: }function Ja(){var a=window;if(a.GoogleDX5YKUSk)return a.GoogleDX5YKUSk[0];var b=new r.Promise(function(c){a.GoogleDX5YKUSk=[b,c]});return b}function Ka(){return window.GoogleGcLKhOms===void 0?13:1};function S(a,b){this.h=a;this.j=b}function La(a,b){S.ca

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:24 UTC	977	OUT	GET /rtimp?a=imp&cr=carmax_ng&d=getgreenshot.org&gid=&im=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo&p=Z1g2egAAb00JHUgeAA9H_H6qw2u5BGnAjTxAng&sid=c81371f9-b6f3-11ef-af82-e26199aa924a HTTP/1.1 Host: g.rtbrain.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:24 UTC	1354	IN	HTTP/1.1 204 No Content Date: Tue, 10 Dec 2024 12:39:24 GMT Content-Length: 0 Connection: close Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT Access-Control-Allow-Headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version Access-Control-Allow-Credentials: true Accept-Ch: Sec-Ch-Ua, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Prefers-Color-Scheme, Sec-Ch-Viewport-Width, Sec-Ch-Viewport-Height, RTT, Downlink, Device-Memory, Save-Data Set-Cookie: uid=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; Domain=.rtbrain.app; expires=Tue, 19 Jan 2038 03:14:07 GMT; Path=/ Set-Cookie: uid_cross=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; Domain=.rtbrain.app; expires=Tue, 19 Jan 2038 03:14:07 GMT; Path=/; SameSite=none; Secure Set-Cookie: sid=c81371f9-b6f3-11ef-af82-e26199aa924a; Domain=.rtbrain.app; Max-Age=7200; Path=/ Set-Cookie: sid_cross=c81371f9-b6f3-11ef-af82-e26199aa924a; Domain=.rtbrain.app; Max-Age=7200; Path=/; SameSite=none; Secure
2024-12-10 12:39:24 UTC	628	IN	Data Raw: 56 69 61 3a 20 31 2e 31 20 67 6f 6f 67 6c 65 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 39 50 4e 77 38 74 63 4a 76 41 6e 64 35 37 4c 44 65 70 45 45 49 39 32 52 63 4c 75 33 47 25 32 42 51 54 41 44 56 58 33 48 45 71 64 36 70 48 48 76 77 64 5a 5a 36 25 32 42 6b 54 33 46 6c 54 41 45 79 38 4e 63 53 75 74 4d 58 72 46 35 74 58 5a 6e 69 5a 75 36 62 45 42 71 57 37 44 56 49 51 71 6f 68 56 6e 75 77 4d 55 51 4b 73 6a 62 49 4b 47 30 59 4b 41 34 45 4d 54 31 66 6d 36 35 4b 55 56 45 59 67 34 25 33 44 Data Ascii: Via: 1.1 googleCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9PNw8tcJvAnd57LDepEEI92RcLu3G%2BQTADVX3HEqd6pHHvwdZZ6%2BkT3FlTAEy8NcSutMXrF5tXZniZu6bEBqW7DVIQqohVnuwMUQKsjbIKG0YKA4EMT1fm65KUVEYg4%3D

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:24 UTC	615	OUT	GET /ng-assets/creative/assets/polyfills-a3f452c3.js HTTP/1.1 Host: cdn.rtbrain.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://googleads.g.doubleclick.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:24 UTC	1255	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 12:39:24 GMT Content-Type: application/javascript Transfer-Encoding: chunked Connection: close x-goog-generation: 1732812719992684 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 11824 x-goog-hash: crc32c=i96MsA== x-goog-hash: md5=ZZoexljHe5yTbIVrm3KlSA== x-goog-storage-class: STANDARD Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace X-GUploader-UploadID: AFiumC58of6DupnkjbINBpsZy1THxChHGdJaXjR7UYyvpwYkx_wsYjRbpa28Sb6Hftu_Zt7hgf0 Expires: Tue, 10 Dec 2024 12:02:42 GMT Cache-Control: public, max-age=3600 Last-Modified: Thu, 28 Nov 2024 16:52:00 GMT ETag: W/"659a1ec658c77b9c936c856b9b72a548" Vary: Accept-Encoding Age: 2885 CF-Cache-Status: HIT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cfelCEbqsYFuzAesIzf%2BUSRsDrVZGCHcJyTC9jp2KdHa%2F0W9yf9JXGAkm1cbeb12k%2BVenU2Yko6HdTxFro%2BCF6VjAwbCv%2F3vK6PMkvSwT4%2BjcfOSeaxO78Ba0Up1ywsxYg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efd4c2bffa14334-EWR
2024-12-10 12:39:24 UTC	216	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 35 39 37 26 6d 69 6e 5f 72 74 74 3d 31 35 39 32 26 72 74 74 5f 76 61 72 3d 36 30 37 26 73 65 6e 74 3d 35 26 72 65 63 76 3d 36 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 32 34 26 72 65 63 76 5f 62 79 74 65 73 3d 31 31 39 33 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 31 37 38 37 30 32 35 26 63 77 6e 64 3d 32 32 34 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 33 65 34 64 33 66 63 63 34 63 62 63 62 30 66 35 26 74 73 3d 34 36 35 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1597&min_rtt=1592&rtt_var=607&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1193&delivery_rate=1787025&cwnd=224&unsent_bytes=0&cid=3e4d3fcc4cbcb0f5&ts=465&x=0"
2024-12-10 12:39:24 UTC	1267	IN	Data Raw: 32 65 33 30 0d 0a 65 78 70 6f 72 74 20 66 75 6e 63 74 69 6f 6e 20 5f 5f 76 69 74 65 5f 6c 65 67 61 63 79 5f 67 75 61 72 64 28 29 7b 69 6d 70 6f 72 74 2e 6d 65 74 61 2e 75 72 6c 3b 69 6d 70 6f 72 74 28 22 5f 22 29 2e 63 61 74 63 68 28 28 29 3d 3e 31 29 3b 28 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 2a 28 29 7b 7d 29 28 29 2e 6e 65 78 74 28 29 7d 3b 76 61 72 20 74 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 3f 77 69 6e 64 6f 77 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 3f 67 6c 6f 62 61 6c 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 73 65 Data Ascii: 2e30export function __vite_legacy_guard(){import.meta.url;import("_").catch(()=>1);(async function*(){})().next()};var t="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof se
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 50 28 6a 28 74 29 2c 38 2c 2d 31 29 7d 2c 54 3d 6f 2c 41 3d 45 2c 46 3d 4f 62 6a 65 63 74 2c 78 3d 4f 28 22 22 2e 73 70 6c 69 74 29 2c 4d 3d 54 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 46 28 22 7a 22 29 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 28 30 29 7d 29 29 3f 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 22 53 74 72 69 6e 67 22 3d 3d 3d 41 28 74 29 3f 78 28 74 2c 22 22 29 3a 46 28 74 29 7d 3a 46 2c 43 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 74 7d 2c 49 3d 43 2c 6b 3d 54 79 70 65 45 72 72 6f 72 2c 7a 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 49 28 74 29 29 74 68 72 6f 77 20 6e 65 77 20 6b 28 22 43 61 6e 27 74 20 63 61 6c Data Ascii: on(t){return P(j(t),8,-1)},T=o,A=E,F=Object,x=O("".split),M=T((function(){return!F("z").propertyIsEnumerable(0)}))?function(t){return"String"===A(t)?x(t,""):F(t)}:F,C=function(t){return null==t},I=C,k=TypeError,z=function(t){if(I(t))throw new k("Can't cal
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 6f 72 2c 70 74 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 69 66 28 66 74 28 74 29 29 72 65 74 75 72 6e 20 74 3b 74 68 72 6f 77 20 6e 65 77 20 73 74 28 6c 74 28 74 29 2b 22 20 69 73 20 6e 6f 74 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 7d 2c 79 74 3d 70 74 2c 62 74 3d 43 2c 76 74 3d 66 2c 67 74 3d 5f 2c 68 74 3d 55 2c 64 74 3d 54 79 70 65 45 72 72 6f 72 2c 6d 74 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 2c 77 74 3d 72 2c 4f 74 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 2c 53 74 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 74 72 79 7b 4f 74 28 77 74 2c 74 2c 7b 76 61 6c 75 65 3a 6e 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 7d 29 7d 63 61 74 63 68 28 72 29 7b 77 74 5b 74 5d 3d 6e 7d 72 65 74 75 72 6e 20 Data Ascii: or,pt=function(t){if(ft(t))return t;throw new st(lt(t)+" is not a function")},yt=pt,bt=C,vt=f,gt=_,ht=U,dt=TypeError,mt={exports:{}},wt=r,Ot=Object.defineProperty,St=function(t,n){try{Ot(wt,t,{value:n,configurable:!0,writable:!0})}catch(r){wt[t]=n}return
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 22 29 7d 2c 6e 6e 3d 54 79 70 65 45 72 72 6f 72 2c 72 6e 3d 59 74 28 22 74 6f 50 72 69 6d 69 74 69 76 65 22 29 2c 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 69 66 28 21 4a 74 28 74 29 7c 7c 51 74 28 74 29 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 72 2c 65 3d 5a 74 28 74 2c 72 6e 29 3b 69 66 28 65 29 7b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 6e 26 26 28 6e 3d 22 64 65 66 61 75 6c 74 22 29 2c 72 3d 48 74 28 65 2c 74 2c 6e 29 2c 21 4a 74 28 72 29 7c 7c 51 74 28 72 29 29 72 65 74 75 72 6e 20 72 3b 74 68 72 6f 77 20 6e 65 77 20 6e 6e 28 22 43 61 6e 27 74 20 63 6f 6e 76 65 72 74 20 6f 62 6a 65 63 74 20 74 6f 20 70 72 69 6d 69 74 69 76 65 20 76 61 6c 75 65 22 29 7d 72 65 74 75 72 6e 20 76 6f 69 64 20 30 3d 3d 3d 6e 26 26 28 6e 3d 22 6e 75 6d 62 65 72 22 29 Data Ascii: ")},nn=TypeError,rn=Yt("toPrimitive"),en=function(t,n){if(!Jt(t)\|\|Qt(t))return t;var r,e=Zt(t,rn);if(e){if(void 0===n&&(n="default"),r=Ht(e,t,n),!Jt(r)\|\|Qt(r))return r;throw new nn("Can't convert object to primitive value")}return void 0===n&&(n="number")
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 69 6f 6e 28 74 2c 6e 2c 72 29 7b 69 66 28 4d 6e 28 74 29 2c 6e 3d 43 6e 28 6e 29 2c 4d 6e 28 72 29 2c 46 6e 29 74 72 79 7b 72 65 74 75 72 6e 20 6b 6e 28 74 2c 6e 2c 72 29 7d 63 61 74 63 68 28 65 29 7b 7d 69 66 28 22 67 65 74 22 69 6e 20 72 7c 7c 22 73 65 74 22 69 6e 20 72 29 74 68 72 6f 77 20 6e 65 77 20 49 6e 28 22 41 63 63 65 73 73 6f 72 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 65 64 22 29 3b 72 65 74 75 72 6e 22 76 61 6c 75 65 22 69 6e 20 72 26 26 28 74 5b 6e 5d 3d 72 2e 76 61 6c 75 65 29 2c 74 7d 3b 76 61 72 20 52 6e 3d 4f 6e 2c 5f 6e 3d 67 2c 47 6e 3d 69 3f 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 72 29 7b 72 65 74 75 72 6e 20 52 6e 2e 66 28 74 2c 6e 2c 5f 6e 28 31 2c 72 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 72 29 7b 72 65 74 75 72 6e 20 74 Data Ascii: ion(t,n,r){if(Mn(t),n=Cn(n),Mn(r),Fn)try{return kn(t,n,r)}catch(e){}if("get"in r\|\|"set"in r)throw new In("Accessors not supported");return"value"in r&&(t[n]=r.value),t};var Rn=On,_n=g,Gn=i?function(t,n,r){return Rn.f(t,n,_n(1,r))}:function(t,n,r){return t
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 76 61 72 20 72 3b 69 66 28 21 66 72 28 6e 29 7c 7c 28 72 3d 51 6e 28 6e 29 29 2e 74 79 70 65 21 3d 3d 74 29 74 68 72 6f 77 20 6e 65 77 20 67 72 28 22 49 6e 63 6f 6d 70 61 74 69 62 6c 65 20 72 65 63 65 69 76 65 72 2c 20 22 2b 74 2b 22 20 72 65 71 75 69 72 65 64 22 29 3b 72 65 74 75 72 6e 20 72 7d 7d 7d 2c 4f 72 3d 4f 2c 53 72 3d 6f 2c 6a 72 3d 5f 2c 50 72 3d 4c 74 2c 45 72 3d 69 2c 54 72 3d 56 6e 2e 43 4f 4e 46 49 47 55 52 41 42 4c 45 2c 41 72 3d 74 72 2c 46 72 3d 77 72 2e 65 6e 66 6f 72 63 65 2c 78 72 3d 77 72 2e 67 65 74 2c 4d 72 3d 53 74 72 69 6e 67 2c 43 72 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 2c 49 72 3d 4f 72 28 22 22 2e 73 6c 69 63 65 29 Data Ascii: ction(t){return function(n){var r;if(!fr(n)\|\|(r=Qn(n)).type!==t)throw new gr("Incompatible receiver, "+t+" required");return r}}},Or=O,Sr=o,jr=_,Pr=Lt,Er=i,Tr=Vn.CONFIGURABLE,Ar=tr,Fr=wr.enforce,xr=wr.get,Mr=String,Cr=Object.defineProperty,Ir=Or("".slice)
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 72 3d 58 72 28 74 29 3b 72 65 74 75 72 6e 20 72 3c 30 3f 59 72 28 72 2b 6e 2c 30 29 3a 48 72 28 72 2c 6e 29 7d 2c 65 65 3d 74 65 2c 6f 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 2c 72 2c 65 29 7b 76 61 72 20 6f 3d 6e 65 28 6e 29 2c 69 3d 65 65 28 6f 29 3b 69 66 28 30 3d 3d 3d 69 29 72 65 74 75 72 6e 21 74 26 26 2d 31 3b 76 61 72 20 75 2c 63 3d 72 65 28 65 2c 69 29 3b 69 66 28 74 26 26 72 21 3d 72 29 7b 66 6f 72 28 3b 69 3e 63 3b 29 69 66 28 28 75 3d 6f 5b 63 2b 2b 5d 29 21 3d 75 29 72 65 74 75 72 6e 21 30 7d 65 6c 73 65 20 66 6f 72 28 3b 69 3e 63 3b 63 2b 2b 29 69 66 28 28 74 7c 7c 63 20 69 6e 20 6f 29 26 26 6f 5b 63 5d 3d 3d 3d 72 29 72 65 74 75 72 6e 20 74 7c Data Ascii: ction(t,n){var r=Xr(t);return r<0?Yr(r+n,0):Hr(r,n)},ee=te,oe=function(t){return function(n,r,e){var o=ne(n),i=ee(o);if(0===i)return!t&&-1;var u,c=re(e,i);if(t&&r!=r){for(;i>c;)if((u=o[c++])!=u)return!0}else for(;i>c;c++)if((t\|\|c in o)&&o[c]===r)return t\|
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 65 3a 21 31 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 65 2e 6e 6f 6e 43 6f 6e 66 69 67 75 72 61 62 6c 65 2c 77 72 69 74 61 62 6c 65 3a 21 65 2e 6e 6f 6e 57 72 69 74 61 62 6c 65 7d 29 7d 72 65 74 75 72 6e 20 74 7d 2c 44 65 3d 53 74 2c 52 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 72 29 7b 66 6f 72 28 76 61 72 20 65 3d 4f 65 28 6e 29 2c 6f 3d 6a 65 2e 66 2c 69 3d 53 65 2e 66 2c 75 3d 30 3b 75 3c 65 2e 6c 65 6e 67 74 68 3b 75 2b 2b 29 7b 76 61 72 20 63 3d 65 5b 75 5d 3b 77 65 28 74 2c 63 29 7c 7c 72 26 26 77 65 28 72 2c 63 29 7c 7c 6f 28 74 2c 63 2c 69 28 6e 2c 63 29 29 7d 7d 2c 5f 65 3d 49 65 2c 47 65 3d 45 2c 55 65 3d 41 72 72 61 79 2e 69 73 41 72 72 61 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 22 41 72 72 61 79 22 3d 3d 3d 47 65 Data Ascii: e:!1,configurable:!e.nonConfigurable,writable:!e.nonWritable})}return t},De=St,Re=function(t,n,r){for(var e=Oe(n),o=je.f,i=Se.f,u=0;u<e.length;u++){var c=e[u];we(t,c)\|\|r&&we(r,c)\|\|o(t,c,i(n,c))}},_e=Ie,Ge=E,Ue=Array.isArray\|\|function(t){return"Array"===Ge
2024-12-10 12:39:24 UTC	982	IN	Data Raw: 22 41 73 79 6e 63 46 75 6e 63 74 69 6f 6e 22 3a 63 61 73 65 22 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 22 3a 63 61 73 65 22 41 73 79 6e 63 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 22 3a 72 65 74 75 72 6e 21 31 7d 74 72 79 7b 72 65 74 75 72 6e 20 68 6f 7c 7c 21 21 67 6f 28 76 6f 2c 70 6f 28 74 29 29 7d 63 61 74 63 68 28 6e 29 7b 72 65 74 75 72 6e 21 30 7d 7d 3b 77 6f 2e 73 68 61 6d 3d 21 30 3b 76 61 72 20 4f 6f 3d 21 62 6f 7c 7c 66 6f 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3b 72 65 74 75 72 6e 20 6d 6f 28 6d 6f 2e 63 61 6c 6c 29 7c 7c 21 6d 6f 28 4f 62 6a 65 63 74 29 7c 7c 21 6d 6f 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 3d 21 30 7d 29 29 7c 7c 74 7d 29 29 3f 77 6f 3a 6d 6f 2c 53 6f 3d 55 65 2c 6a 6f 3d 4f 6f 2c 50 6f Data Ascii: "AsyncFunction":case"GeneratorFunction":case"AsyncGeneratorFunction":return!1}try{return ho\|\|!!go(vo,po(t))}catch(n){return!0}};wo.sham=!0;var Oo=!bo\|\|fo((function(){var t;return mo(mo.call)\|\|!mo(Object)\|\|!mo((function(){t=!0}))\|\|t}))?wo:mo,So=Ue,jo=Oo,Po

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:24 UTC	611	OUT	GET /ng-assets/creative/assets/index-3059519d.js HTTP/1.1 Host: cdn.rtbrain.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://googleads.g.doubleclick.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:24 UTC	1276	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 12:39:24 GMT Content-Type: text/javascript Transfer-Encoding: chunked Connection: close Expires: Tue, 10 Dec 2024 12:47:38 GMT Cache-Control: public, max-age=3600 Last-Modified: Thu, 05 Dec 2024 12:32:45 GMT ETag: W/"ae7cfe6918c378964a0e403e26233d47" x-goog-generation: 1733401965415498 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 141503 Content-Language: en x-goog-hash: crc32c=WdDJyw== x-goog-hash: md5=rnz+aRjDeJZKDkA+JiM9Rw== x-goog-storage-class: STANDARD Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace X-GUploader-UploadID: AFiumC7yGWCieW-rz8nVTzsOiCM4BBvM9QEMM3X5OaOc51ZMDZES9qxD9Z2QOZ3-FIF_G4AtdxvOa7ogmg Vary: Accept-Encoding CF-Cache-Status: HIT Age: 3056 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YpjZgn06q3MplxSwm%2FYlvaqYk%2Fz8K16okNUhDcjSn%2FvRVrJRV3VYv6nFqs3AiGW1ZSyt4I5uNB3kQLNdy%2FMbDO2Cl%2B4B006ElY23Ayq3ZoXdOz3tcHbqAxkiZDIBct38Vw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efd4c2c0f818ccc-EWR
2024-12-10 12:39:24 UTC	216	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 38 31 30 26 6d 69 6e 5f 72 74 74 3d 31 38 30 31 26 72 74 74 5f 76 61 72 3d 36 39 33 26 73 65 6e 74 3d 35 26 72 65 63 76 3d 36 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 32 35 26 72 65 63 76 5f 62 79 74 65 73 3d 31 31 38 39 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 31 35 35 38 31 36 34 26 63 77 6e 64 3d 32 30 33 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 63 39 62 36 31 37 33 32 38 37 63 66 31 63 33 66 26 74 73 3d 34 34 38 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1810&min_rtt=1801&rtt_var=693&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1189&delivery_rate=1558164&cwnd=203&unsent_bytes=0&cid=c9b6173287cf1c3f&ts=448&x=0"
2024-12-10 12:39:24 UTC	1246	IN	Data Raw: 37 61 39 33 0d 0a 76 61 72 20 6f 69 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3b 76 61 72 20 73 69 3d 28 65 2c 74 2c 6e 29 3d 3e 74 20 69 6e 20 65 3f 6f 69 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 6e 7d 29 3a 65 5b 74 5d 3d 6e 3b 76 61 72 20 50 3d 28 65 2c 74 2c 6e 29 3d 3e 28 73 69 28 65 2c 74 79 70 65 6f 66 20 74 21 3d 22 73 79 6d 62 6f 6c 22 3f 74 2b 22 22 3a 74 2c 6e 29 2c 6e 29 3b 66 75 6e 63 74 69 6f 6e 20 78 68 28 29 7b 69 6d 70 6f 72 74 2e 6d 65 74 61 2e 75 72 6c 2c 69 6d 70 6f 72 74 28 22 5f 22 29 2e 63 61 74 63 68 28 28 29 3d 3e 31 29 2c 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 2a 28 29 7b 7d 28 29 2e Data Ascii: 7a93var oi=Object.defineProperty;var si=(e,t,n)=>t in e?oi(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n;var P=(e,t,n)=>(si(e,typeof t!="symbol"?t+"":t,n),n);function xh(){import.meta.url,import("_").catch(()=>1),async function*(){}().
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 72 28 73 20 69 6e 20 74 29 73 3d 3d 22 6b 65 79 22 3f 72 3d 74 5b 73 5d 3a 73 3d 3d 22 72 65 66 22 3f 6f 3d 74 5b 73 5d 3a 69 5b 73 5d 3d 74 5b 73 5d 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 26 26 28 69 2e 63 68 69 6c 64 72 65 6e 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 33 3f 5f 6e 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3a 6e 29 2c 74 79 70 65 6f 66 20 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 65 2e 64 65 66 61 75 6c 74 50 72 6f 70 73 21 3d 6e 75 6c 6c 29 66 6f 72 28 73 20 69 6e 20 65 2e 64 65 66 61 75 6c 74 50 72 6f 70 73 29 69 5b 73 5d 3d 3d 3d 76 6f 69 64 20 30 26 26 28 69 5b 73 5d 3d 65 2e 64 65 66 61 75 6c 74 50 72 6f 70 73 5b 73 5d 29 3b 72 65 74 75 72 6e 20 7a 74 28 65 2c 69 2c 72 2c 6f 2c 6e Data Ascii: r(s in t)s=="key"?r=t[s]:s=="ref"?o=t[s]:i[s]=t[s];if(arguments.length>2&&(i.children=arguments.length>3?_n.call(arguments,2):n),typeof e=="function"&&e.defaultProps!=null)for(s in e.defaultProps)i[s]===void 0&&(i[s]=e.defaultProps[s]);return zt(e,i,r,o,n
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 2c 72 2e 5f 5f 65 21 3d 73 26 26 48 6f 28 72 29 29 2c 69 74 2e 6c 65 6e 67 74 68 3e 74 26 26 69 74 2e 73 6f 72 74 28 4e 6e 29 29 3b 65 6e 2e 5f 5f 72 3d 30 7d 66 75 6e 63 74 69 6f 6e 20 46 6f 28 65 2c 74 2c 6e 2c 72 2c 6f 2c 73 2c 69 2c 6c 2c 75 2c 61 2c 66 29 7b 76 61 72 20 63 2c 79 2c 68 2c 62 2c 41 2c 53 3d 72 26 26 72 2e 5f 5f 6b 7c 7c 55 6f 2c 6b 3d 74 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 6e 2e 5f 5f 64 3d 75 2c 63 69 28 6e 2c 74 2c 53 29 2c 75 3d 6e 2e 5f 5f 64 2c 63 3d 30 3b 63 3c 6b 3b 63 2b 2b 29 28 68 3d 6e 2e 5f 5f 6b 5b 63 5d 29 21 3d 6e 75 6c 6c 26 26 74 79 70 65 6f 66 20 68 21 3d 22 62 6f 6f 6c 65 61 6e 22 26 26 74 79 70 65 6f 66 20 68 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 79 3d 68 2e 5f 5f 69 3d 3d 3d 2d 31 3f 24 74 3a 53 5b 68 2e 5f Data Ascii: ,r.__e!=s&&Ho(r)),it.length>t&&it.sort(Nn));en.__r=0}function Fo(e,t,n,r,o,s,i,l,u,a,f){var c,y,h,b,A,S=r&&r.__k\|\|Uo,k=t.length;for(n.__d=u,ci(n,t,S),u=n.__d,c=0;c<k;c++)(h=n.__k[c])!=null&&typeof h!="boolean"&&typeof h!="function"&&(y=h.__i===-1?$t:S[h._
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 72 2b 2b 29 28 73 3d 6e 5b 72 5d 29 21 3d 6e 75 6c 6c 26 26 21 28 31 33 31 30 37 32 26 73 2e 5f 5f 75 29 26 26 28 73 2e 5f 5f 65 3d 3d 65 2e 5f 5f 64 26 26 28 65 2e 5f 5f 64 3d 61 74 28 73 29 29 2c 44 6e 28 73 2c 73 29 29 7d 66 75 6e 63 74 69 6f 6e 20 57 6f 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 6f 3b 69 66 28 74 79 70 65 6f 66 20 65 2e 74 79 70 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 7b 66 6f 72 28 72 3d 65 2e 5f 5f 6b 2c 6f 3d 30 3b 72 26 26 6f 3c 72 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 72 5b 6f 5d 26 26 28 72 5b 6f 5d 2e 5f 5f 3d 65 2c 74 3d 57 6f 28 72 5b 6f 5d 2c 74 2c 6e 29 29 3b 72 65 74 75 72 6e 20 74 7d 65 2e 5f 5f 65 21 3d 74 26 26 28 6e 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2e 5f 5f 65 2c 74 7c 7c 6e 75 6c 6c 29 2c 74 3d 65 2e 5f 5f Data Ascii: r++)(s=n[r])!=null&&!(131072&s.__u)&&(s.__e==e.__d&&(e.__d=at(s)),Dn(s,s))}function Wo(e,t,n){var r,o;if(typeof e.type=="function"){for(r=e.__k,o=0;r&&o<r.length;o++)r[o]&&(r[o].__=e,t=Wo(r[o],t,n));return t}e.__e!=t&&(n.insertBefore(e.__e,t\|\|null),t=e.__
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 3f 6a 6e 3a 4d 6e 2c 73 29 29 3a 65 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 74 2c 73 3f 6a 6e 3a 4d 6e 2c 73 29 3b 65 6c 73 65 7b 69 66 28 6f 3d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 29 74 3d 74 2e 72 65 70 6c 61 63 65 28 2f 78 6c 69 6e 6b 28 48 7c 3a 68 29 2f 2c 22 68 22 29 2e 72 65 70 6c 61 63 65 28 2f 73 4e 61 6d 65 24 2f 2c 22 73 22 29 3b 65 6c 73 65 20 69 66 28 74 21 3d 22 77 69 64 74 68 22 26 26 74 21 3d 22 68 65 69 67 68 74 22 26 26 74 21 3d 22 68 72 65 66 22 26 26 74 21 3d 22 6c 69 73 74 22 26 26 74 21 3d 22 66 6f 72 6d 22 26 26 74 21 3d 22 74 61 62 49 6e 64 65 78 22 26 26 74 21 3d 22 64 6f 77 6e 6c 6f 61 64 22 26 26 74 21 3d 22 72 6f 77 53 70 61 6e 22 26 26 74 21 3d 22 63 6f Data Ascii: ?jn:Mn,s)):e.removeEventListener(t,s?jn:Mn,s);else{if(o=="http://www.w3.org/2000/svg")t=t.replace(/xlink(H\|:h)/,"h").replace(/sName$/,"s");else if(t!="width"&&t!="height"&&t!="href"&&t!="list"&&t!="form"&&t!="tabIndex"&&t!="download"&&t!="rowSpan"&&t!="co
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 2e 70 75 73 68 28 63 2e 63 6f 6d 70 6f 6e 65 6e 74 44 69 64 4d 6f 75 6e 74 29 3b 65 6c 73 65 7b 69 66 28 4b 2e 67 65 74 44 65 72 69 76 65 64 53 74 61 74 65 46 72 6f 6d 50 72 6f 70 73 3d 3d 6e 75 6c 6c 26 26 6b 21 3d 3d 68 26 26 63 2e 63 6f 6d 70 6f 6e 65 6e 74 57 69 6c 6c 52 65 63 65 69 76 65 50 72 6f 70 73 21 3d 6e 75 6c 6c 26 26 63 2e 63 6f 6d 70 6f 6e 65 6e 74 57 69 6c 6c 52 65 63 65 69 76 65 50 72 6f 70 73 28 6b 2c 59 29 2c 21 63 2e 5f 5f 65 26 26 28 63 2e 73 68 6f 75 6c 64 43 6f 6d 70 6f 6e 65 6e 74 55 70 64 61 74 65 21 3d 6e 75 6c 6c 26 26 63 2e 73 68 6f 75 6c 64 43 6f 6d 70 6f 6e 65 6e 74 55 70 64 61 74 65 28 6b 2c 63 2e 5f 5f 73 2c 59 29 3d 3d 3d 21 31 7c 7c 74 2e 5f 5f 76 3d 3d 3d 6e 2e 5f 5f 76 29 29 7b 66 6f 72 28 74 2e 5f 5f 76 21 3d 3d 6e 2e Data Ascii: .push(c.componentDidMount);else{if(K.getDerivedStateFromProps==null&&k!==h&&c.componentWillReceiveProps!=null&&c.componentWillReceiveProps(k,Y),!c.__e&&(c.shouldComponentUpdate!=null&&c.shouldComponentUpdate(k,c.__s,Y)===!1\|\|t.__v===n.__v)){for(t.__v!==n.
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 3f 28 74 2e 5f 5f 6b 3d 6e 2e 5f 5f 6b 2c 74 2e 5f 5f 65 3d 6e 2e 5f 5f 65 29 3a 74 2e 5f 5f 65 3d 61 69 28 6e 2e 5f 5f 65 2c 74 2c 6e 2c 72 2c 6f 2c 73 2c 69 2c 75 2c 61 29 3b 28 66 3d 44 2e 64 69 66 66 65 64 29 26 26 66 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 6f 28 65 2c 74 2c 6e 29 7b 74 2e 5f 5f 64 3d 76 6f 69 64 20 30 3b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 6e 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 61 72 28 6e 5b 72 5d 2c 6e 5b 2b 2b 72 5d 2c 6e 5b 2b 2b 72 5d 29 3b 44 2e 5f 5f 63 26 26 44 2e 5f 5f 63 28 74 2c 65 29 2c 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 74 72 79 7b 65 3d 6f 2e 5f 5f 68 2c 6f 2e 5f 5f 68 3d 5b 5d 2c 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 73 29 7b 73 2e 63 61 6c 6c 28 6f 29 7d 29 7d 63 61 74 63 68 28 Data Ascii: ?(t.__k=n.__k,t.__e=n.__e):t.__e=ai(n.__e,t,n,r,o,s,i,u,a);(f=D.diffed)&&f(t)}function zo(e,t,n){t.__d=void 0;for(var r=0;r<n.length;r++)ar(n[r],n[++r],n[++r]);D.__c&&D.__c(t,e),e.some(function(o){try{e=o.__h,o.__h=[],e.some(function(s){s.call(o)})}catch(
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 65 2e 69 6e 6e 65 72 48 54 4d 4c 3d 22 22 29 2c 46 6f 28 65 2c 68 6e 28 79 29 3f 79 3a 5b 79 5d 2c 74 2c 6e 2c 72 2c 52 3d 3d 3d 22 66 6f 72 65 69 67 6e 4f 62 6a 65 63 74 22 3f 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3a 6f 2c 73 2c 69 2c 73 3f 73 5b 30 5d 3a 6e 2e 5f 5f 6b 26 26 61 74 28 6e 2c 30 29 2c 6c 2c 75 29 2c 73 21 3d 6e 75 6c 6c 29 66 6f 72 28 61 3d 73 2e 6c 65 6e 67 74 68 3b 61 2d 2d 3b 29 73 5b 61 5d 21 3d 6e 75 6c 6c 26 26 42 6f 28 73 5b 61 5d 29 3b 6c 7c 7c 28 61 3d 22 76 61 6c 75 65 22 2c 62 21 3d 3d 76 6f 69 64 20 30 26 26 28 62 21 3d 3d 65 5b 61 5d 7c 7c 52 3d 3d 3d 22 70 72 6f 67 72 65 73 73 22 26 26 21 62 7c 7c 52 3d 3d 3d 22 6f 70 74 69 6f 6e 22 26 26 62 21 3d 3d 53 5b 61 5d 29 26 26 50 Data Ascii: e.innerHTML=""),Fo(e,hn(y)?y:[y],t,n,r,R==="foreignObject"?"http://www.w3.org/1999/xhtml":o,s,i,s?s[0]:n.__k&&at(n,0),l,u),s!=null)for(a=s.length;a--;)s[a]!=null&&Bo(s[a]);l\|\|(a="value",b!==void 0&&(b!==e[a]\|\|R==="progress"&&!b\|\|R==="option"&&b!==S[a])&&P
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 7b 65 3d 6c 7d 74 68 72 6f 77 20 65 7d 7d 2c 44 6f 3d 30 2c 71 65 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 53 74 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3b 6e 3d 74 68 69 73 2e 5f 5f 73 21 3d 6e 75 6c 6c 26 26 74 68 69 73 2e 5f 5f 73 21 3d 3d 74 68 69 73 2e 73 74 61 74 65 3f 74 68 69 73 2e 5f 5f 73 3a 74 68 69 73 2e 5f 5f 73 3d 6e 74 28 7b 7d 2c 74 68 69 73 2e 73 74 61 74 65 29 2c 74 79 70 65 6f 66 20 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 65 3d 65 28 6e 74 28 7b 7d 2c 6e 29 2c 74 68 69 73 2e 70 72 6f 70 73 29 29 2c 65 26 26 6e 74 28 6e 2c 65 29 2c 65 21 3d 6e 75 6c 6c 26 26 74 68 69 73 2e 5f 5f 76 26 26 28 74 26 26 74 68 69 73 2e 5f 73 62 2e 70 75 73 68 28 74 29 2c 4f 72 28 74 68 69 73 29 29 7d 2c 71 65 2e 70 72 6f Data Ascii: {e=l}throw e}},Do=0,qe.prototype.setState=function(e,t){var n;n=this.__s!=null&&this.__s!==this.state?this.__s:this.__s=nt({},this.state),typeof e=="function"&&(e=e(nt({},n),this.props)),e&&nt(n,e),e!=null&&this.__v&&(t&&this._sb.push(t),Or(this))},qe.pro

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:24 UTC	584	OUT	GET /ng-assets/creative/assets/index-a5279e2a.css HTTP/1.1 Host: cdn.rtbrain.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:24 UTC	1172	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 12:39:24 GMT Content-Type: text/css Transfer-Encoding: chunked Connection: close X-GUploader-UploadID: AFiumC7WcgCLHLz1K69I-rce4A4R9eHJ7YfTtQ2yf2XRFrMB0t08uNQifmWB93QHYeXO23arwS7crKE Expires: Tue, 10 Dec 2024 12:12:56 GMT Cache-Control: public, max-age=3600 Last-Modified: Thu, 05 Dec 2024 12:32:45 GMT ETag: W/"6a220f6341c1912bf7868edc9c5e08f9" x-goog-generation: 1733401965891376 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 15327 Content-Language: en x-goog-hash: crc32c=olc5DQ== x-goog-hash: md5=aiIPY0HBkSv3ho7cnF4I+Q== x-goog-storage-class: STANDARD Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Type Vary: Accept-Encoding CF-Cache-Status: HIT Age: 2879 Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=O9lcpuC3U5WEqXMAvSbrsEGccUpnuqvki5b0rdWszZy3gvxSjxYnCwMp%2BszQnlZX4O6XBVymqHX6nHMNSQc%2B27WotaZyf60veDsNDKM7SD1VQY4L8P71KCp3t0o90HFgKw%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efd4c2c0faa72ab-EWR
2024-12-10 12:39:24 UTC	216	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 39 34 35 26 6d 69 6e 5f 72 74 74 3d 31 39 33 33 26 72 74 74 5f 76 61 72 3d 37 34 39 26 73 65 6e 74 3d 35 26 72 65 63 76 3d 37 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 32 34 26 72 65 63 76 5f 62 79 74 65 73 3d 31 31 36 32 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 31 34 33 37 37 31 35 26 63 77 6e 64 3d 32 30 38 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 34 31 65 37 62 35 34 36 31 33 34 33 32 62 38 37 26 74 73 3d 34 34 39 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1945&min_rtt=1933&rtt_var=749&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2824&recv_bytes=1162&delivery_rate=1437715&cwnd=208&unsent_bytes=0&cid=41e7b54613432b87&ts=449&x=0"
2024-12-10 12:39:24 UTC	1350	IN	Data Raw: 33 62 64 66 0d 0a 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2e 5f 61 64 76 65 72 74 69 73 65 72 5f 31 6a 6c 63 76 5f 31 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 7a 2d 69 6e 64 65 78 3a 35 30 31 3b 77 69 64 74 68 3a 66 69 74 2d 63 6f 6e 74 65 6e 74 3b 68 65 69 67 68 74 3a 66 69 74 2d 63 6f 6e 74 65 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 5f 61 64 76 65 72 74 69 73 65 72 4e 61 6d 65 5f 31 6a 6c 63 76 5f 31 31 7b 7a 2d 69 6e 64 65 78 3a 35 30 34 3b 63 6f 6c 6f 72 3a 23 62 39 62 38 62 38 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a Data Ascii: 3bdf@charset "UTF-8";._advertiser_1jlcv_1{position:absolute;z-index:501;width:fit-content;height:fit-content;font-size:12px;font-weight:700;background-color:transparent}._advertiserName_1jlcv_11{z-index:504;color:#b9b8b8;user-select:none;pointer-events:
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 6c 65 66 74 3a 30 7d 2e 5f 63 6c 6f 73 65 42 75 74 74 6f 6e 52 69 67 68 74 5f 35 62 34 77 62 5f 37 31 7b 74 6f 70 3a 31 32 70 78 3b 72 69 67 68 74 3a 31 35 70 78 7d 2e 5f 63 6c 6f 73 65 42 75 74 74 6f 6e 4c 65 66 74 5f 35 62 34 77 62 5f 37 36 7b 74 6f 70 3a 31 32 70 78 3b 6c 65 66 74 3a 31 35 70 78 7d 2e 5f 61 6c 74 43 6c 6f 73 65 42 75 74 74 6f 6e 52 69 67 68 74 5f 35 62 34 77 62 5f 38 31 7b 74 6f 70 3a 31 36 70 78 3b 72 69 67 68 74 3a 33 30 70 78 7d 2e 5f 61 6c 74 43 6c 6f 73 65 42 75 74 74 6f 6e 4c 65 66 74 5f 35 62 34 77 62 5f 38 36 7b 74 6f 70 3a 31 36 70 78 3b 6c 65 66 74 3a 33 30 70 78 7d 2e 5f 63 6f 75 6e 74 64 6f 77 6e 43 6c 6f 73 65 5f 35 62 34 77 62 5f 39 31 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 Data Ascii: left:0}._closeButtonRight_5b4wb_71{top:12px;right:15px}._closeButtonLeft_5b4wb_76{top:12px;left:15px}._altCloseButtonRight_5b4wb_81{top:16px;right:30px}._altCloseButtonLeft_5b4wb_86{top:16px;left:30px}._countdownClose_5b4wb_91{background-color:#fff;border
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 6f 67 72 65 73 73 56 61 6c 75 65 5f 31 69 35 38 38 5f 31 32 7b 61 6e 69 6d 61 74 69 6f 6e 3a 5f 6c 6f 61 64 5f 31 69 35 38 38 5f 31 20 6e 6f 72 6d 61 6c 20 66 6f 72 77 61 72 64 73 20 6c 69 6e 65 61 72 20 70 61 75 73 65 64 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 31 30 70 78 20 34 30 70 78 20 2d 31 30 70 78 20 23 30 30 37 37 63 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 30 37 37 63 65 3b 68 65 69 67 68 74 3a 31 30 70 78 3b 77 69 64 74 68 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 63 6f 6e 74 65 6e 74 3a 22 22 7d 40 6b 65 79 66 72 61 6d 65 73 20 5f 6c 6f 61 64 5f 31 69 35 38 38 5f 31 7b 30 25 7b 77 69 64 74 68 3a 30 7d 74 6f 7b 77 69 64 74 Data Ascii: ogressValue_1i588_12{animation:_load_1i588_1 normal forwards linear paused;box-shadow:0 10px 40px -10px #0077ce;border-radius:0;background:#0077ce;height:10px;width:0;position:relative;bottom:0;left:0;content:""}@keyframes _load_1i588_1{0%{width:0}to{widt
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 6e 2d 62 6f 74 74 6f 6d 3a 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 35 30 30 7d 2e 5f 62 75 74 74 6f 6e 5f 64 6e 7a 72 36 5f 32 32 7b 70 61 64 64 69 6e 67 3a 31 34 70 78 20 34 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 31 66 38 39 66 35 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 33 30 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 35 30 70 78 7d 2e 5f 69 6d 61 67 65 5f 64 6e 7a 72 36 5f 33 31 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 3b 77 69 64 74 68 3a 61 75 74 6f 3b 68 65 69 67 68 74 3a 32 35 76 77 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 32 70 78 7d 2e 5f 69 6e 70 75 74 5f 6d 76 39 35 36 5f 31 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f Data Ascii: n-bottom:4px;font-weight:500}._button_dnzr6_22{padding:14px 40px;background:#1f89f5;color:#fff;font-size:30px;border-radius:30px;margin-bottom:50px}._image_dnzr6_31{margin-bottom:20px;width:auto;height:25vw;border-radius:12px}._input_mv956_1{background-co
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 7d 2e 5f 73 6c 69 64 65 72 54 68 75 6d 62 5f 39 38 72 75 7a 5f 31 35 7b 77 69 64 74 68 3a 35 30 70 78 3b 68 65 69 67 68 74 3a 35 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 6c 65 66 74 3a 30 3b 6d 61 72 67 69 6e 3a 30 20 35 70 78 3b 7a 2d 69 6e 64 65 78 3a 32 7d 2e 5f 73 6c 69 64 65 72 54 68 75 6d 62 5f 39 38 72 75 7a 5f 31 35 20 69 6d 67 7b 77 69 64 74 68 3a 31 30 30 Data Ascii: ointer-events:none}._sliderThumb_98ruz_15{width:50px;height:50px;background-color:#fff;border-radius:50%;color:#fff;display:flex;align-items:center;justify-content:center;position:absolute;left:0;margin:0 5px;z-index:2}._sliderThumb_98ruz_15 img{width:100
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 62 5f 37 35 7b 61 6e 69 6d 61 74 69 6f 6e 3a 5f 72 65 76 65 72 73 65 53 6c 69 64 65 4c 65 66 74 5f 66 6a 68 61 62 5f 37 35 20 2e 34 73 20 65 61 73 65 20 66 6f 72 77 61 72 64 73 7d 40 6b 65 79 66 72 61 6d 65 73 20 5f 72 65 76 65 72 73 65 53 6c 69 64 65 4c 65 66 74 5f 66 6a 68 61 62 5f 37 35 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 30 29 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 31 30 30 76 68 29 7d 7d 2e 5f 73 6c 69 64 65 52 69 67 68 74 5f 66 6a 68 61 62 5f 38 37 7b 61 6e 69 6d 61 74 69 6f 6e 3a 5f 73 6c 69 64 65 52 69 67 68 74 5f 66 6a 68 61 62 5f 38 37 20 2e 34 73 20 65 61 73 65 20 66 6f 72 77 61 72 64 73 7d 40 6b 65 79 66 72 61 6d 65 73 20 5f 73 6c 69 64 65 52 69 67 68 74 5f 66 6a 68 61 62 5f Data Ascii: b_75{animation:_reverseSlideLeft_fjhab_75 .4s ease forwards}@keyframes _reverseSlideLeft_fjhab_75{0%{transform:translate(0)}to{transform:translate(100vh)}}._slideRight_fjhab_87{animation:_slideRight_fjhab_87 .4s ease forwards}@keyframes _slideRight_fjhab_
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 63 2d 62 65 7a 69 65 72 28 2e 31 36 35 2c 2e 38 34 2c 2e 34 34 2c 31 29 20 66 6f 72 77 61 72 64 73 7d 40 6b 65 79 66 72 61 6d 65 73 20 5f 72 65 76 65 72 73 65 55 6e 66 6f 6c 64 56 65 72 74 69 63 61 6c 5f 66 6a 68 61 62 5f 31 36 37 7b 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 59 28 31 29 20 73 63 61 6c 65 58 28 2e 30 30 35 29 7d 74 6f 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 59 28 30 29 20 73 63 61 6c 65 58 28 2e 30 30 35 29 7d 7d 2e 5f 72 65 76 65 72 73 65 55 6e 66 6f 6c 64 48 6f 72 69 7a 6f 6e 74 61 6c 5f 66 6a 68 61 62 5f 31 37 39 7b 61 6e 69 6d 61 74 69 6f 6e 3a 5f 72 65 76 65 72 73 65 55 6e 66 6f 6c 64 48 6f 72 69 7a 6f 6e 74 61 6c 5f 66 6a 68 61 62 5f 31 37 39 20 31 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 31 36 35 2c 2e Data Ascii: c-bezier(.165,.84,.44,1) forwards}@keyframes _reverseUnfoldVertical_fjhab_167{50%{transform:scaleY(1) scaleX(.005)}to{transform:scaleY(0) scaleX(.005)}}._reverseUnfoldHorizontal_fjhab_179{animation:_reverseUnfoldHorizontal_fjhab_179 1s cubic-bezier(.165,.
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 37 34 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 30 7d 2e 5f 73 74 69 63 6b 79 42 6f 74 74 6f 6d 5f 66 6a 68 61 62 5f 32 37 39 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 30 7d 2e 5f 68 69 64 65 44 69 73 70 6c 61 79 5f 66 6a 68 61 62 5f 32 38 34 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 5f 68 69 64 65 56 69 73 69 62 69 6c 69 74 79 5f 66 6a 68 61 62 5f 32 38 38 7b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 7d 2e 5f 67 72 69 64 5f 33 67 68 77 34 5f 31 7b 64 69 73 70 6c 61 79 3a 67 72 69 64 7d 2e 5f 72 6f 77 5f 33 67 68 77 34 5f 35 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 2e 5f 63 6f 6c 75 6d 6e 5f 33 67 68 77 34 5f 39 7b 77 69 64 74 68 3a 31 30 30 25 7d 2e 5f 67 61 6c 6c 65 72 79 43 6f 6e 74 61 69 6e 65 72 Data Ascii: 74{position:fixed;top:0}._stickyBottom_fjhab_279{position:fixed;bottom:0}._hideDisplay_fjhab_284{display:none}._hideVisibility_fjhab_288{visibility:hidden}._grid_3ghw4_1{display:grid}._row_3ghw4_5{height:100%}._column_3ghw4_9{width:100%}._galleryContainer
2024-12-10 12:39:24 UTC	1369	IN	Data Raw: 73 74 6f 72 79 42 61 72 57 72 61 70 70 65 72 5f 73 38 37 68 6e 5f 31 32 7b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6d 61 72 67 69 6e 3a 30 20 34 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 5f 73 74 6f 72 79 42 61 72 5f 73 38 37 68 6e 5f 31 32 7b 77 69 64 74 68 3a 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 2e 5f 73 74 6f 72 79 42 61 72 42 61 63 6b 67 72 6f 75 6e 64 5f 73 38 37 68 6e 5f 32 33 7b 6f 70 61 63 69 74 79 3a 2e 35 7d 2e 5f 73 6c 69 64 65 72 5f 65 6d 77 37 6e 5f 31 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 77 69 64 74 68 3a 31 30 30 25 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 68 65 69 67 68 74 20 2e 31 35 73 20 65 61 73 65 2d 69 6e 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 Data Ascii: storyBarWrapper_s87hn_12{flex-grow:1;margin:0 4px;position:relative}._storyBar_s87hn_12{width:100%;position:absolute}._storyBarBackground_s87hn_23{opacity:.5}._slider_emw7n_1{height:100%;margin:auto;width:100%;transition:height .15s ease-in;overflow:hidde

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:24 UTC	2621	OUT	GET /pagead/adview?ai=C-L59ejZYZ83eAZ6Q9fgP_I-9OL2qz8116aLc1sQSwI23ARABIABgyQaCARdjYS1wdWItODQ4NDg0NjQ0MjM3NjEzNsgBCagDAcgDAqoE8wFP0MhR3hqXkZQE2fUWBf3Bb3S5g292P6eUxUBHL5GYS8IAEqOfE8oLwhteeqW0MJ_VlEKEvbDBtLCE9bD7Jt2xJykoLO_dLpAiMU2sB4cErAf7yFLT2PvYg1zs3TX1z5nhXTDzNSI3qYyJ15BXwq0kbC7F8LWWIWGbuwAajbBzZrDm-gIMJ3_p74KvVPcoPA3yuwwizgWfZPCGXOYPzk8FastSL6NoXTpggnijcT_39M_hsgsgnp-fUVp9dykiU1gNGGYrQL7TuvCYWrJ6WjpCoyN5zT4YsE6DJnWwyP9VKmBdq3zyu0cBUfHLrxxeA4lTwNaABpippfDUnNG1wgGgBiGoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7ECqAetvrEC2AcA0ggkCIBhEAEyAooCOguAQIDAgICAoKiAAki9_cE6WLLh_amcnYoDgAoB-gsCCAGADAHQFQGAFwGyFxwKGBIUcHViLTg0ODQ4NDY0NDIzNzYxMzYYABgM&sigh=LE62tMTwQ9U&uach_m=%5BUACH%5D&cid=CAQSTgCa7L7dkUEwvysm0omZeyqmMY2IecxIT5i9jyZEkSh9328Jb_yQutv-Dvmbf7Ijzfdr6nTQSw53ndWIbiiJ1308boz5Uk9NphtuuIRomhgB HTTP/1.1 Host: googleads.g.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIlqHLAQiFoM0BCLnKzQEIitPNARj1yc0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://googleads.g.doubleclick.net/pagead/ads?us_privacy=1---&client=ca-pub-8484846442376136&output=html&h=600&slotname=7992105487&adk=2585668214&adf=2175242420&pi=t.ma~as.7992105487&w=160&abgtt=9&fwrn=4&fwrnh=100&lmt=1723972423&rafmt=1&format=160x600&url=https%3A%2F%2Fgetgreenshot.org%2Fthank-you%2F%3Flanguage%3Den%26version%3D1.2.10.6&fwr=0&rpe=1&resp_fmts=4&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzQiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTM0Il0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzQiXV0sMF0.&dt=1733838032225&bpp=1&bdt=6475&idt=3995&shv=r20241205&mjsv=m202412040102&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=728x280&correlator=5666469010253&frm=20&pv=1&u_tz=-300&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=847&ady=1332&biw=1017&bih=870&scr_x=0&scr_y=0&eid=31089337%2C95344791%2C95347444%2C95345966&oid=2&pvsid=1514068227346676&tmod=1978764241&uas=0&nvt=1&fc=896&brdim=10%2C10% [TRUNCATED] Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: test_cookie=CheckForPermission
2024-12-10 12:39:25 UTC	1013	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Content-Security-Policy: script-src 'none'; object-src 'none' Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: true Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Tue, 10 Dec 2024 12:39:25 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Set-Cookie: IDE=AHWqTUlK7t_aVpBnnUNT7SNUxnvejcIUaOHVeNgyPqOIl9lsAgMHT2cP6Uv0ipsqlQg; expires=Thu, 10-Dec-2026 12:39:25 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Set-Cookie: test_cookie=; expires=Fri, 01-Aug-2008 22:45:55 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Expires: Tue, 10 Dec 2024 12:39:25 GMT Cache-Control: private Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:25 UTC	1077	OUT	GET /rtimp?a=imp&cr=ext_download_ghst_inss&d=getgreenshot.org&gid=&im=iJvJQRYYxVLUTnxY11srwZ9dznCv0UIHp9dE0CV_3LsDI3m0jJAOgF0Zajbw7YWcQ4ILez6nNRnitwUOcInviVtG_OLFkOLnRn-VUms5btfXLhXBuHlrO8q3mAerQSYZgajYp48cDrvdIHPGO_iFQIEvsbdvxV4uvBZheSGcnc__GhKSRPcobOba82MfPdOsR4oQGmORGJsGqC46WEqPBTc5OMtYZQLR9EePwiLSbsF-JdIFUhOBEj2IyPx8PjrqLTd7B3s1G0k2ZB-7puPed9hhC7gBXwqAgGZld14ZmKZJMS8cLVHosdEtAoKGgFNqt10dQkJ1HsYIDH45TLZ10cpaIDDKO5W5SruprYJHADttusuQHCMJ7xDK0Ev5YK701yyqvGvfbwbphCUWhl75HA&p=Z1g2egAASr0JHV4uACWP6MSw3tfFij6Sy6wWdA&sid=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0 HTTP/1.1 Host: g.bidbrain.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-10 12:39:26 UTC	1358	IN	HTTP/1.1 204 No Content Date: Tue, 10 Dec 2024 12:39:26 GMT Content-Length: 0 Connection: close Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT Access-Control-Allow-Headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version Access-Control-Allow-Credentials: true Accept-Ch: Sec-Ch-Ua, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Prefers-Color-Scheme, Sec-Ch-Viewport-Width, Sec-Ch-Viewport-Height, RTT, Downlink, Device-Memory, Save-Data Set-Cookie: uid=ca740cdc-b6f3-11ef-8869-8e971abbe572; Domain=.bidbrain.app; expires=Tue, 19 Jan 2038 03:14:07 GMT; Path=/ Set-Cookie: uid_cross=ca740cdc-b6f3-11ef-8869-8e971abbe572; Domain=.bidbrain.app; expires=Tue, 19 Jan 2038 03:14:07 GMT; Path=/; SameSite=none; Secure Set-Cookie: sid=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0; Domain=.bidbrain.app; Max-Age=7200; Path=/ Set-Cookie: sid_cross=c8114b55-b6f3-11ef-87aa-6e76a9b69cb0; Domain=.bidbrain.app; Max-Age=7200; Path=/; SameSite=none; Secure
2024-12-10 12:39:26 UTC	672	IN	Data Raw: 56 69 61 3a 20 31 2e 31 20 67 6f 6f 67 6c 65 0d 0a 43 46 2d 43 61 63 68 65 2d 53 74 61 74 75 73 3a 20 44 59 4e 41 4d 49 43 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 71 4f 72 45 55 74 7a 46 47 6a 4a 31 46 25 32 42 38 71 63 4f 42 48 4f 63 44 6a 4e 4b 31 6a 71 68 4d 4b 35 35 55 79 61 57 43 46 59 31 6a 31 53 6d 4c 5a 4e 7a 54 41 49 25 32 42 49 4b 55 4f 49 45 4e 6e 6e 71 31 37 70 79 6b 37 42 6f 59 58 4b 25 32 42 57 25 32 42 54 25 32 46 6d 32 7a 53 46 61 5a 33 7a 62 5a 25 32 46 4d 33 58 49 77 69 52 6f 54 68 6e 5a 73 43 58 50 67 70 45 70 36 38 50 58 68 68 4e 7a 65 4e Data Ascii: Via: 1.1 googleCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qOrEUtzFGjJ1F%2B8qcOBHOcDjNK1jqhMK55UyaWCFY1j1SmLZNzTAI%2BIKUOIENnnq17pyk7BoYXK%2BW%2BT%2Fm2zSFaZ3zbZ%2FM3XIwiRoThnZsCXPgpEp68PXhhNzeN

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:26 UTC	486	OUT	GET /ng-assets/creative/assets/index-3059519d.js HTTP/1.1 Host: cdn.rtbrain.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: uid_cross=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; sid_cross=c81371f9-b6f3-11ef-af82-e26199aa924a
2024-12-10 12:39:27 UTC	1248	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 12:39:27 GMT Content-Type: text/javascript Transfer-Encoding: chunked Connection: close x-goog-generation: 1733393693308229 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 141503 x-goog-hash: crc32c=WdDJyw== x-goog-hash: md5=rnz+aRjDeJZKDkA+JiM9Rw== x-goog-storage-class: STANDARD Access-Control-Allow-Origin: * Access-Control-Expose-Headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace X-GUploader-UploadID: AFiumC5urUnQQchll1A_ZcH3iP_ZCXVnyfxJSdMz7fwPA8uvsuiERf5bToY_TGvZEji7kItYFns3l9COEA Expires: Tue, 10 Dec 2024 12:47:47 GMT Cache-Control: public, max-age=3600 Last-Modified: Thu, 05 Dec 2024 10:14:53 GMT ETag: W/"ae7cfe6918c378964a0e403e26233d47" Vary: Accept-Encoding Age: 3021 CF-Cache-Status: HIT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9e12jV2jbcxzK%2FFCFGqR6M2AxqKjMZSRQCTys4oKR2FcudvYVlVctrnQa0vfkOgyqGdvUsLakz9GRWD6C8wUcmhFFM5YetQWy4LNw63mcwXKfzDHJ1ER%2BNKzITh1Y1bX5Q%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8efd4c3a4add0ca6-EWR
2024-12-10 12:39:27 UTC	216	IN	Data Raw: 73 65 72 76 65 72 2d 74 69 6d 69 6e 67 3a 20 63 66 4c 34 3b 64 65 73 63 3d 22 3f 70 72 6f 74 6f 3d 54 43 50 26 72 74 74 3d 31 37 31 32 26 6d 69 6e 5f 72 74 74 3d 31 36 38 39 26 72 74 74 5f 76 61 72 3d 36 35 30 26 73 65 6e 74 3d 35 26 72 65 63 76 3d 37 26 6c 6f 73 74 3d 30 26 72 65 74 72 61 6e 73 3d 30 26 73 65 6e 74 5f 62 79 74 65 73 3d 32 38 32 35 26 72 65 63 76 5f 62 79 74 65 73 3d 31 30 36 34 26 64 65 6c 69 76 65 72 79 5f 72 61 74 65 3d 31 37 32 38 38 33 33 26 63 77 6e 64 3d 32 32 31 26 75 6e 73 65 6e 74 5f 62 79 74 65 73 3d 30 26 63 69 64 3d 34 34 33 31 32 38 30 61 61 33 30 61 39 62 30 64 26 74 73 3d 34 35 30 26 78 3d 30 22 0d 0a 0d 0a Data Ascii: server-timing: cfL4;desc="?proto=TCP&rtt=1712&min_rtt=1689&rtt_var=650&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2825&recv_bytes=1064&delivery_rate=1728833&cwnd=221&unsent_bytes=0&cid=4431280aa30a9b0d&ts=450&x=0"
2024-12-10 12:39:27 UTC	1274	IN	Data Raw: 37 61 61 65 0d 0a 76 61 72 20 6f 69 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3b 76 61 72 20 73 69 3d 28 65 2c 74 2c 6e 29 3d 3e 74 20 69 6e 20 65 3f 6f 69 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 6e 7d 29 3a 65 5b 74 5d 3d 6e 3b 76 61 72 20 50 3d 28 65 2c 74 2c 6e 29 3d 3e 28 73 69 28 65 2c 74 79 70 65 6f 66 20 74 21 3d 22 73 79 6d 62 6f 6c 22 3f 74 2b 22 22 3a 74 2c 6e 29 2c 6e 29 3b 66 75 6e 63 74 69 6f 6e 20 78 68 28 29 7b 69 6d 70 6f 72 74 2e 6d 65 74 61 2e 75 72 6c 2c 69 6d 70 6f 72 74 28 22 5f 22 29 2e 63 61 74 63 68 28 28 29 3d 3e 31 29 2c 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 2a 28 29 7b 7d 28 29 2e Data Ascii: 7aaevar oi=Object.defineProperty;var si=(e,t,n)=>t in e?oi(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n;var P=(e,t,n)=>(si(e,typeof t!="symbol"?t+"":t,n),n);function xh(){import.meta.url,import("_").catch(()=>1),async function*(){}().
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 22 72 65 66 22 3f 6f 3d 74 5b 73 5d 3a 69 5b 73 5d 3d 74 5b 73 5d 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 26 26 28 69 2e 63 68 69 6c 64 72 65 6e 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 33 3f 5f 6e 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3a 6e 29 2c 74 79 70 65 6f 66 20 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 65 2e 64 65 66 61 75 6c 74 50 72 6f 70 73 21 3d 6e 75 6c 6c 29 66 6f 72 28 73 20 69 6e 20 65 2e 64 65 66 61 75 6c 74 50 72 6f 70 73 29 69 5b 73 5d 3d 3d 3d 76 6f 69 64 20 30 26 26 28 69 5b 73 5d 3d 65 2e 64 65 66 61 75 6c 74 50 72 6f 70 73 5b 73 5d 29 3b 72 65 74 75 72 6e 20 7a 74 28 65 2c 69 2c 72 2c 6f 2c 6e 75 6c 6c 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 74 28 65 2c 74 2c 6e 2c 72 2c 6f 29 7b Data Ascii: "ref"?o=t[s]:i[s]=t[s];if(arguments.length>2&&(i.children=arguments.length>3?_n.call(arguments,2):n),typeof e=="function"&&e.defaultProps!=null)for(s in e.defaultProps)i[s]===void 0&&(i[s]=e.defaultProps[s]);return zt(e,i,r,o,null)}function zt(e,t,n,r,o){
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 74 26 26 69 74 2e 73 6f 72 74 28 4e 6e 29 29 3b 65 6e 2e 5f 5f 72 3d 30 7d 66 75 6e 63 74 69 6f 6e 20 46 6f 28 65 2c 74 2c 6e 2c 72 2c 6f 2c 73 2c 69 2c 6c 2c 75 2c 61 2c 66 29 7b 76 61 72 20 63 2c 79 2c 68 2c 62 2c 41 2c 53 3d 72 26 26 72 2e 5f 5f 6b 7c 7c 55 6f 2c 6b 3d 74 2e 6c 65 6e 67 74 68 3b 66 6f 72 28 6e 2e 5f 5f 64 3d 75 2c 63 69 28 6e 2c 74 2c 53 29 2c 75 3d 6e 2e 5f 5f 64 2c 63 3d 30 3b 63 3c 6b 3b 63 2b 2b 29 28 68 3d 6e 2e 5f 5f 6b 5b 63 5d 29 21 3d 6e 75 6c 6c 26 26 74 79 70 65 6f 66 20 68 21 3d 22 62 6f 6f 6c 65 61 6e 22 26 26 74 79 70 65 6f 66 20 68 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 79 3d 68 2e 5f 5f 69 3d 3d 3d 2d 31 3f 24 74 3a 53 5b 68 2e 5f 5f 69 5d 7c 7c 24 74 2c 68 2e 5f 5f 69 3d 63 2c 6c 72 28 65 2c 68 2c 79 2c 6f 2c 73 Data Ascii: t&&it.sort(Nn));en.__r=0}function Fo(e,t,n,r,o,s,i,l,u,a,f){var c,y,h,b,A,S=r&&r.__k\|\|Uo,k=t.length;for(n.__d=u,ci(n,t,S),u=n.__d,c=0;c<k;c++)(h=n.__k[c])!=null&&typeof h!="boolean"&&typeof h!="function"&&(y=h.__i===-1?$t:S[h.__i]\|\|$t,h.__i=c,lr(e,h,y,o,s
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 26 73 2e 5f 5f 75 29 26 26 28 73 2e 5f 5f 65 3d 3d 65 2e 5f 5f 64 26 26 28 65 2e 5f 5f 64 3d 61 74 28 73 29 29 2c 44 6e 28 73 2c 73 29 29 7d 66 75 6e 63 74 69 6f 6e 20 57 6f 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 6f 3b 69 66 28 74 79 70 65 6f 66 20 65 2e 74 79 70 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 7b 66 6f 72 28 72 3d 65 2e 5f 5f 6b 2c 6f 3d 30 3b 72 26 26 6f 3c 72 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 72 5b 6f 5d 26 26 28 72 5b 6f 5d 2e 5f 5f 3d 65 2c 74 3d 57 6f 28 72 5b 6f 5d 2c 74 2c 6e 29 29 3b 72 65 74 75 72 6e 20 74 7d 65 2e 5f 5f 65 21 3d 74 26 26 28 6e 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 65 2e 5f 5f 65 2c 74 7c 7c 6e 75 6c 6c 29 2c 74 3d 65 2e 5f 5f 65 29 3b 64 6f 20 74 3d 74 26 26 74 2e 6e 65 78 74 53 69 62 6c 69 6e 67 3b 77 68 69 Data Ascii: &s.__u)&&(s.__e==e.__d&&(e.__d=at(s)),Dn(s,s))}function Wo(e,t,n){var r,o;if(typeof e.type=="function"){for(r=e.__k,o=0;r&&o<r.length;o++)r[o]&&(r[o].__=e,t=Wo(r[o],t,n));return t}e.__e!=t&&(n.insertBefore(e.__e,t\|\|null),t=e.__e);do t=t&&t.nextSibling;whi
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 65 6e 65 72 28 74 2c 73 3f 6a 6e 3a 4d 6e 2c 73 29 3b 65 6c 73 65 7b 69 66 28 6f 3d 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 29 74 3d 74 2e 72 65 70 6c 61 63 65 28 2f 78 6c 69 6e 6b 28 48 7c 3a 68 29 2f 2c 22 68 22 29 2e 72 65 70 6c 61 63 65 28 2f 73 4e 61 6d 65 24 2f 2c 22 73 22 29 3b 65 6c 73 65 20 69 66 28 74 21 3d 22 77 69 64 74 68 22 26 26 74 21 3d 22 68 65 69 67 68 74 22 26 26 74 21 3d 22 68 72 65 66 22 26 26 74 21 3d 22 6c 69 73 74 22 26 26 74 21 3d 22 66 6f 72 6d 22 26 26 74 21 3d 22 74 61 62 49 6e 64 65 78 22 26 26 74 21 3d 22 64 6f 77 6e 6c 6f 61 64 22 26 26 74 21 3d 22 72 6f 77 53 70 61 6e 22 26 26 74 21 3d 22 63 6f 6c 53 70 61 6e 22 26 26 74 21 3d 22 72 6f 6c 65 22 26 26 74 20 69 6e 20 65 29 74 72 Data Ascii: ener(t,s?jn:Mn,s);else{if(o=="http://www.w3.org/2000/svg")t=t.replace(/xlink(H\|:h)/,"h").replace(/sName$/,"s");else if(t!="width"&&t!="height"&&t!="href"&&t!="list"&&t!="form"&&t!="tabIndex"&&t!="download"&&t!="rowSpan"&&t!="colSpan"&&t!="role"&&t in e)tr
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 6c 73 65 7b 69 66 28 4b 2e 67 65 74 44 65 72 69 76 65 64 53 74 61 74 65 46 72 6f 6d 50 72 6f 70 73 3d 3d 6e 75 6c 6c 26 26 6b 21 3d 3d 68 26 26 63 2e 63 6f 6d 70 6f 6e 65 6e 74 57 69 6c 6c 52 65 63 65 69 76 65 50 72 6f 70 73 21 3d 6e 75 6c 6c 26 26 63 2e 63 6f 6d 70 6f 6e 65 6e 74 57 69 6c 6c 52 65 63 65 69 76 65 50 72 6f 70 73 28 6b 2c 59 29 2c 21 63 2e 5f 5f 65 26 26 28 63 2e 73 68 6f 75 6c 64 43 6f 6d 70 6f 6e 65 6e 74 55 70 64 61 74 65 21 3d 6e 75 6c 6c 26 26 63 2e 73 68 6f 75 6c 64 43 6f 6d 70 6f 6e 65 6e 74 55 70 64 61 74 65 28 6b 2c 63 2e 5f 5f 73 2c 59 29 3d 3d 3d 21 31 7c 7c 74 2e 5f 5f 76 3d 3d 3d 6e 2e 5f 5f 76 29 29 7b 66 6f 72 28 74 2e 5f 5f 76 21 3d 3d 6e 2e 5f 5f 76 26 26 28 63 2e 70 72 6f 70 73 3d 6b 2c 63 2e 73 74 61 74 65 3d 63 2e 5f 5f Data Ascii: lse{if(K.getDerivedStateFromProps==null&&k!==h&&c.componentWillReceiveProps!=null&&c.componentWillReceiveProps(k,Y),!c.__e&&(c.shouldComponentUpdate!=null&&c.shouldComponentUpdate(k,c.__s,Y)===!1\|\|t.__v===n.__v)){for(t.__v!==n.__v&&(c.props=k,c.state=c.__
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 2e 5f 5f 65 3d 61 69 28 6e 2e 5f 5f 65 2c 74 2c 6e 2c 72 2c 6f 2c 73 2c 69 2c 75 2c 61 29 3b 28 66 3d 44 2e 64 69 66 66 65 64 29 26 26 66 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 7a 6f 28 65 2c 74 2c 6e 29 7b 74 2e 5f 5f 64 3d 76 6f 69 64 20 30 3b 66 6f 72 28 76 61 72 20 72 3d 30 3b 72 3c 6e 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 61 72 28 6e 5b 72 5d 2c 6e 5b 2b 2b 72 5d 2c 6e 5b 2b 2b 72 5d 29 3b 44 2e 5f 5f 63 26 26 44 2e 5f 5f 63 28 74 2c 65 29 2c 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 74 72 79 7b 65 3d 6f 2e 5f 5f 68 2c 6f 2e 5f 5f 68 3d 5b 5d 2c 65 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 73 29 7b 73 2e 63 61 6c 6c 28 6f 29 7d 29 7d 63 61 74 63 68 28 73 29 7b 44 2e 5f 5f 65 28 73 2c 6f 2e 5f 5f 76 29 7d 7d 29 7d 66 75 6e 63 74 69 6f Data Ascii: .__e=ai(n.__e,t,n,r,o,s,i,u,a);(f=D.diffed)&&f(t)}function zo(e,t,n){t.__d=void 0;for(var r=0;r<n.length;r++)ar(n[r],n[++r],n[++r]);D.__c&&D.__c(t,e),e.some(function(o){try{e=o.__h,o.__h=[],e.some(function(s){s.call(o)})}catch(s){D.__e(s,o.__v)}})}functio
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 3a 5b 79 5d 2c 74 2c 6e 2c 72 2c 52 3d 3d 3d 22 66 6f 72 65 69 67 6e 4f 62 6a 65 63 74 22 3f 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3a 6f 2c 73 2c 69 2c 73 3f 73 5b 30 5d 3a 6e 2e 5f 5f 6b 26 26 61 74 28 6e 2c 30 29 2c 6c 2c 75 29 2c 73 21 3d 6e 75 6c 6c 29 66 6f 72 28 61 3d 73 2e 6c 65 6e 67 74 68 3b 61 2d 2d 3b 29 73 5b 61 5d 21 3d 6e 75 6c 6c 26 26 42 6f 28 73 5b 61 5d 29 3b 6c 7c 7c 28 61 3d 22 76 61 6c 75 65 22 2c 62 21 3d 3d 76 6f 69 64 20 30 26 26 28 62 21 3d 3d 65 5b 61 5d 7c 7c 52 3d 3d 3d 22 70 72 6f 67 72 65 73 73 22 26 26 21 62 7c 7c 52 3d 3d 3d 22 6f 70 74 69 6f 6e 22 26 26 62 21 3d 3d 53 5b 61 5d 29 26 26 50 74 28 65 2c 61 2c 62 2c 53 5b 61 5d 2c 6f 29 2c 61 3d 22 63 68 65 63 6b 65 64 22 2c Data Ascii: :[y],t,n,r,R==="foreignObject"?"http://www.w3.org/1999/xhtml":o,s,i,s?s[0]:n.__k&&at(n,0),l,u),s!=null)for(a=s.length;a--;)s[a]!=null&&Bo(s[a]);l\|\|(a="value",b!==void 0&&(b!==e[a]\|\|R==="progress"&&!b\|\|R==="option"&&b!==S[a])&&Pt(e,a,b,S[a],o),a="checked",
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 74 79 70 65 2e 73 65 74 53 74 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3b 6e 3d 74 68 69 73 2e 5f 5f 73 21 3d 6e 75 6c 6c 26 26 74 68 69 73 2e 5f 5f 73 21 3d 3d 74 68 69 73 2e 73 74 61 74 65 3f 74 68 69 73 2e 5f 5f 73 3a 74 68 69 73 2e 5f 5f 73 3d 6e 74 28 7b 7d 2c 74 68 69 73 2e 73 74 61 74 65 29 2c 74 79 70 65 6f 66 20 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 28 65 3d 65 28 6e 74 28 7b 7d 2c 6e 29 2c 74 68 69 73 2e 70 72 6f 70 73 29 29 2c 65 26 26 6e 74 28 6e 2c 65 29 2c 65 21 3d 6e 75 6c 6c 26 26 74 68 69 73 2e 5f 5f 76 26 26 28 74 26 26 74 68 69 73 2e 5f 73 62 2e 70 75 73 68 28 74 29 2c 4f 72 28 74 68 69 73 29 29 7d 2c 71 65 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 63 65 55 70 64 61 74 65 3d 66 75 6e 63 74 69 6f 6e 28 Data Ascii: type.setState=function(e,t){var n;n=this.__s!=null&&this.__s!==this.state?this.__s:this.__s=nt({},this.state),typeof e=="function"&&(e=e(nt({},n),this.props)),e&&nt(n,e),e!=null&&this.__v&&(t&&this._sb.push(t),Or(this))},qe.prototype.forceUpdate=function(

Timestamp	Bytes transferred	Direction	Data
2024-12-10 12:39:26 UTC	1010	OUT	GET /sig.js?rpclid=c81371f9-b6f3-11ef-af82-e26199aa924a&params=pHR6f6126yK9dVDRzKdbV-DcPLilViWTA03S7jbTUihLzzWLqhXFuHWfA0crAYtnaBOfA4ahISzytsvmcTTfMu2hvz9Qn0BGX7xdzWVEESngV8O0O6gZU0UzJf-a0g_3WIsjkdAT9OXBGoIYYVRvQj6CV46Wppcyzx09v42oKPDYu2s42-un_LmvIzD1TwwYLqcJENlsOQz8uCDCadRpOR8aB9YV8BzS0R9_HeZaFNAVZZvtSnwiF1XYiWX6CsESH9ncf8VwAPq_CCNhljDhpm5y0oSrJAxRAt6p_o7OVYK6RWNO74aNnTtaGnO0leLo HTTP/1.1 Host: serve.rtbrain.app Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: uid_cross=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; sid_cross=c81371f9-b6f3-11ef-af82-e26199aa924a
2024-12-10 12:39:27 UTC	1146	IN	HTTP/1.1 200 OK Date: Tue, 10 Dec 2024 12:39:27 GMT Content-Type: text/javascript Content-Length: 9486 Connection: close Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Expires: 0 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET,HEAD,OPTIONS,POST,PUT Access-Control-Allow-Headers: Access-Control-Allow-Headers, Access-Control-Allow-Origin, Origin, Accept, X-Requested-With, X-Forwarded-For, Content-Type, Access-Control-Request-Method, Access-Control-Request-Headers, Authorization, Configs-Guid, X-Service-Auth, X-Client-Version Access-Control-Allow-Credentials: true Accept-Ch: Sec-Ch-Ua, Sec-Ch-Ua-Platform, Sec-Ch-Ua-Mobile, Sec-Ch-Ua-Arch, Sec-Ch-Ua-Model, Sec-Ch-Ua-Platform-Version, Sec-Ch-Ua-Full-Version-List, Sec-Ch-Prefers-Color-Scheme, Sec-Ch-Viewport-Width, Sec-Ch-Viewport-Height, RTT, Downlink, Device-Memory, Save-Data Set-Cookie: uid=c9a7b204-b6f3-11ef-8f18-ba440013d3fc; Domain=.rtbrain.app; expires=Tue, 19 Jan 2038 03:14:07 GMT; Path=/ Set-Cookie: mid=c81371f9-b6f3-11ef-af82-e26199aa924a; Domain=.rtbrain.app; Max-Age=7200; Path=/ Via: 1.1 google CF-Cache-Status: DYNAMIC
2024-12-10 12:39:27 UTC	595	IN	Data Raw: 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 5c 2f 5c 2f 61 2e 6e 65 6c 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 5c 2f 72 65 70 6f 72 74 5c 2f 76 34 3f 73 3d 7a 25 32 42 6e 6b 61 36 70 59 4e 43 57 42 77 63 39 71 31 75 31 25 32 42 65 31 76 53 35 36 41 31 63 69 6c 41 5a 6a 50 66 30 36 61 4d 6e 4d 25 32 46 39 50 39 31 52 54 6c 6b 61 35 45 70 30 49 66 56 25 32 42 4e 45 72 4e 76 39 4a 6d 48 6c 4a 50 78 56 4e 44 48 78 32 56 32 74 74 71 51 43 37 76 65 36 36 5a 54 6c 72 35 61 4e 52 4c 42 42 77 37 51 69 25 32 46 59 7a 43 63 6f 47 75 5a 45 4c 67 74 55 55 47 6f 43 55 53 75 77 46 25 32 42 62 47 22 7d 5d 2c 22 67 72 6f 75 70 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 Data Ascii: Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z%2Bnka6pYNCWBwc9q1u1%2Be1vS56A1cilAZjPf06aMnM%2F9P91RTlka5Ep0IfV%2BNErNv9JmHlJPxVNDHx2V2ttqQC7ve66ZTlr5aNRLBBw7Qi%2FYzCcoGuZELgtUUGoCUSuwF%2BbG"}],"group":"cf-nel","max_age":60
2024-12-10 12:39:27 UTC	997	IN	Data Raw: 76 61 72 20 70 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 2c 66 3d 28 6d 2c 71 2c 6e 29 3d 3e 71 20 69 6e 20 6d 3f 70 28 6d 2c 71 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 6e 7d 29 3a 6d 5b 71 5d 3d 6e 2c 68 3d 28 6d 2c 71 2c 6e 29 3d 3e 28 66 28 6d 2c 22 73 79 6d 62 6f 6c 22 21 3d 74 79 70 65 6f 66 20 71 3f 71 2b 22 22 3a 71 2c 6e 29 2c 6e 29 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 6d 28 61 2c 62 29 7b 77 69 6e 64 6f 77 2e 73 65 6e 64 45 76 65 6e 74 3f 77 69 6e 64 6f 77 2e 73 65 6e 64 45 76 65 6e 74 28 22 66 6c 5f 22 2b 61 2c 62 29 3a 28 44 7c 7c 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 71 2c 31 30 Data Ascii: var p=Object.defineProperty,f=(m,q,n)=>q in m?p(m,q,{enumerable:!0,configurable:!0,writable:!0,value:n}):m[q]=n,h=(m,q,n)=>(f(m,"symbol"!=typeof q?q+"":q,n),n);(function(){function m(a,b){window.sendEvent?window.sendEvent("fl_"+a,b):(D\|\|=setInterval(q,10
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 63 20 66 75 6e 63 74 69 6f 6e 20 4a 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 72 61 63 65 28 5b 61 2c 49 28 62 2c 63 29 5d 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 50 72 6f 6d 69 73 65 28 62 3d 3e 73 65 74 54 69 6d 65 6f 75 74 28 62 2c 61 29 29 7d 61 73 79 6e 63 20 66 75 6e 63 74 69 6f 6e 20 4c 28 61 2c 62 2c 63 29 7b 66 6f 72 28 6c 65 74 20 65 3d 30 3b 65 3c 63 3b 65 2b 2b 29 7b 76 61 72 20 64 3d 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 3b 0a 61 77 61 69 74 20 61 28 29 3b 64 3d 62 2d 28 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2d 64 29 3b 65 3c 63 2d 31 26 26 30 3c 64 26 26 61 77 61 69 74 20 4b 28 64 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4d 28 61 29 7b 69 66 28 30 3c 4f Data Ascii: c function J(a,b,c){return Promise.race([a,I(b,c)])}function K(a){return new Promise(b=>setTimeout(b,a))}async function L(a,b,c){for(let e=0;e<c;e++){var d=performance.now();await a();d=b-(performance.now()-d);e<c-1&&0<d&&await K(d)}}function M(a){if(0<O
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 64 79 28 29 7b 7d 72 65 70 6f 72 74 28 61 2c 62 29 7b 6d 28 75 2e 53 69 67 6e 61 6c 2c 7b 6e 61 6d 65 3a 74 68 69 73 2e 6e 61 6d 65 2c 73 75 63 63 65 73 73 3a 61 2c 66 61 69 6c 3a 62 7d 29 7d 72 65 70 6f 72 74 45 72 72 6f 72 28 61 2c 62 29 7b 6e 28 60 24 7b 74 68 69 73 2e 6e 61 6d 65 7d 5b 24 7b 74 68 69 73 2e 63 6f 6e 66 69 67 2e 74 79 70 65 7d 5d 3a 20 24 7b 61 7d 60 2c 62 29 7d 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 6c 65 74 20 6b 3d 30 3b 63 6f 6e 73 74 20 67 3d 72 3d 3e 7b 74 72 79 7b 62 28 72 29 7d 63 61 74 63 68 28 74 29 7b 74 68 69 73 2e 72 65 70 6f 72 74 45 72 72 6f 72 28 60 65 72 72 6f 72 20 69 6e 20 24 7b 61 7d 60 2c 74 29 2c 65 26 26 74 68 69 73 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e Data Ascii: dy(){}report(a,b){m(u.Signal,{name:this.name,success:a,fail:b})}reportError(a,b){n(`${this.name}[${this.config.type}]: ${a}`,b)}addEventListener(a,b,c,d,e){let k=0;const g=r=>{try{b(r)}catch(t){this.reportError(`error in ${a}`,t),e&&this.removeEventListen
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 29 3a 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 7d 6f 6e 45 6c 65 6d 65 6e 74 43 6c 69 63 6b 28 61 29 7b 63 6f 6e 73 74 20 62 3d 61 2e 74 61 72 67 65 74 3b 62 2e 73 74 79 6c 65 2e 70 6f 69 6e 74 65 72 45 76 65 6e 74 73 3d 22 6e 6f 6e 65 22 3b 63 6f 6e 73 74 20 63 3d 64 6f 63 75 6d 65 6e 74 2e 65 6c 65 6d 65 6e 74 46 72 6f 6d 50 6f 69 6e 74 28 61 2e 63 6c 69 65 6e 74 58 2c 61 2e 63 6c 69 65 6e 74 59 29 3b 69 66 28 62 2e 73 74 79 6c 65 2e 70 6f 69 6e 74 65 72 45 76 65 6e 74 73 3d 22 61 75 74 6f 22 2c 63 26 26 63 21 3d 3d 62 29 61 3d 6e 65 77 20 4d 6f 75 73 65 45 76 65 6e 74 28 61 2e 74 79 70 65 2c 61 29 2c 63 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 61 29 7d 7d 63 6c 61 73 73 20 50 20 65 Data Ascii: ocument.querySelector(a):document.body}onElementClick(a){const b=a.target;b.style.pointerEvents="none";const c=document.elementFromPoint(a.clientX,a.clientY);if(b.style.pointerEvents="auto",c&&c!==b)a=new MouseEvent(a.type,a),c.dispatchEvent(a)}}class P e
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 61 79 22 29 3b 74 68 69 73 2e 65 76 65 6e 74 73 57 69 6e 64 6f 77 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 65 76 65 6e 74 73 57 69 6e 64 6f 77 3f 3f 32 30 30 3b 74 68 69 73 2e 6d 69 6e 54 69 6d 65 44 65 6c 74 61 4d 73 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 6d 69 6e 54 69 6d 65 44 65 6c 74 61 4d 73 3f 3f 32 30 3b 74 68 69 73 2e 6d 69 6e 44 69 73 74 61 6e 63 65 50 78 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 6d 69 6e 44 69 73 74 61 6e 63 65 50 78 3f 3f 0a 31 30 3b 74 68 69 73 2e 76 65 6c 6f 63 69 74 79 52 65 73 6f 6c 75 74 69 6f 6e 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 76 65 6c 6f 63 69 74 79 52 65 73 6f 6c 75 74 69 6f 6e 3f 3f 35 3b 74 68 69 73 2e 61 6e 67 6c 65 52 65 73 6f 6c 75 74 69 6f 6e 3d 74 68 69 73 2e 63 6f 6e 66 69 67 2e 61 6e 67 6c 65 52 65 73 6f 6c Data Ascii: ay");this.eventsWindow=this.config.eventsWindow??200;this.minTimeDeltaMs=this.config.minTimeDeltaMs??20;this.minDistancePx=this.config.minDistancePx??10;this.velocityResolution=this.config.velocityResolution??5;this.angleResolution=this.config.angleResol
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 75 6e 74 55 6e 69 71 75 65 2b 2b 2c 6b 3d 42 29 3b 63 2e 70 75 73 68 28 41 29 3b 64 2e 70 75 73 68 28 42 29 3b 76 61 72 20 74 3d 47 2c 54 3d 74 68 69 73 2e 61 6e 67 6c 65 52 65 73 6f 6c 75 74 69 6f 6e 2c 43 3b 28 43 3d 76 6f 69 64 20 30 3d 3d 3d 67 29 7c 7c 28 74 3d 4d 61 74 68 2e 61 62 73 28 74 2d 67 29 25 33 36 30 2c 43 3d 4d 61 74 68 2e 6d 69 6e 28 33 36 30 2d 74 2c 74 29 3e 3d 54 29 3b 43 26 26 28 72 2b 2b 2c 67 3d 47 29 7d 74 68 69 73 2e 72 65 70 6f 72 74 53 69 67 6e 61 6c 73 28 61 2c 62 2c 72 29 7d 7d 63 61 6c 63 75 6c 61 74 65 28 61 2c 62 29 7b 63 6f 6e 73 74 20 63 3d 61 2e 78 2d 62 2e 78 2c 64 3d 61 2e 79 2d 62 2e 79 3b 61 3d 61 2e 74 69 6d 65 73 74 61 6d 70 4d 73 2d 62 2e 74 69 6d 65 73 74 61 6d 70 4d 73 3b 72 65 74 75 72 6e 7b 76 65 6c 6f 63 69 Data Ascii: untUnique++,k=B);c.push(A);d.push(B);var t=G,T=this.angleResolution,C;(C=void 0===g)\|\|(t=Math.abs(t-g)%360,C=Math.min(360-t,t)>=T);C&&(r++,g=G)}this.reportSignals(a,b,r)}}calculate(a,b){const c=a.x-b.x,d=a.y-b.y;a=a.timestampMs-b.timestampMs;return{veloci
2024-12-10 12:39:27 UTC	1369	IN	Data Raw: 53 4e 70 35 43 46 6d 6f 65 42 31 38 2f 41 32 64 65 42 6a 49 57 51 31 38 2f 58 6d 4a 71 41 68 70 44 58 69 4e 6e 58 6d 4a 71 41 68 70 44 58 7a 34 37 58 6c 4a 61 42 6e 49 4f 51 31 38 2b 42 68 34 43 51 32 64 65 51 67 35 43 62 67 61 57 55 68 35 53 59 68 74 66 50 6a 74 65 57 6d 5a 79 57 6e 74 66 50 6a 74 65 57 6a 64 66 50 31 35 44 62 6c 70 6d 63 6b 4a 75 42 72 64 66 5a 31 35 61 4d 31 38 2f 58 6b 4e 75 57 6d 5a 79 51 6d 34 47 73 31 39 6e 58 6e 4a 48 58 7a 39 65 51 32 34 47 55 68 35 4b 51 67 64 75 63 6b 64 57 4a 69 64 57 41 6d 35 47 51 6b 35 79 62 6b 4a 48 58 32 64 65 63 68 71 47 48 67 49 61 42 6b 4a 48 58 7a 39 65 51 32 35 79 47 6f 59 65 41 68 6f 47 51 6b 64 65 49 32 64 65 59 6d 6f 43 47 6b 49 43 46 31 38 2b 4f 31 35 69 41 6a 64 66 50 31 35 44 62 6c 70 6d 63 6b Data Ascii: SNp5CFmoeB18/A2deBjIWQ18/XmJqAhpDXiNnXmJqAhpDXz47XlJaBnIOQ18+Bh4CQ2deQg5CbgaWUh5SYhtfPjteWmZyWntfPjteWjdfP15DblpmckJuBrdfZ15aM18/XkNuWmZyQm4Gs19nXnJHXz9eQ24GUh5KQgduckdWJidWAm5GQk5ybkJHX2dechqGHgIaBkJHXz9eQ25yGoYeAhoGQkdeI2deYmoCGkICF18+O15iAjdfP15Dblpmck
2024-12-10 12:39:27 UTC	275	IN	Data Raw: 62 67 70 43 58 6b 59 65 63 67 35 43 48 31 59 6d 4a 31 59 43 62 6b 5a 43 54 6e 4a 75 51 6b 64 65 49 69 4e 6e 58 67 59 79 46 6b 4e 66 50 31 34 61 42 6c 49 47 63 6c 74 65 49 69 4e 6e 58 67 35 43 48 68 70 79 61 6d 39 66 50 78 49 67 3d 22 3b 61 3d 28 62 26 26 28 63 3d 0a 48 28 63 2c 61 29 29 2c 45 28 63 2c 53 2c 21 62 29 29 3b 66 6f 72 28 63 6f 6e 73 74 20 5b 64 2c 65 5d 6f 66 20 4f 62 6a 65 63 74 2e 65 6e 74 72 69 65 73 28 61 2e 63 6f 6c 6c 65 63 74 6f 72 73 29 29 74 72 79 7b 65 2e 61 63 74 69 76 65 26 26 4e 28 64 2c 65 29 7d 63 61 74 63 68 28 6b 29 7b 6e 28 60 66 61 69 6c 65 64 20 63 72 65 61 74 69 6e 67 20 24 7b 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 65 29 7d 60 2c 6b 29 7d 6d 28 75 2e 49 6e 69 74 2c 7b 65 78 70 65 72 69 6d 65 6e 74 3a 7b 22 6e 61 6d Data Ascii: bgpCXkYecg5CH1YmJ1YCbkZCTnJuQkdeIiNnXgYyFkNfP14aBlIGclteIiNnXg5CHhpyam9fPxIg=";a=(b&&(c=H(c,a)),E(c,S,!b));for(const [d,e]of Object.entries(a.collectors))try{e.active&&N(d,e)}catch(k){n(`failed creating ${JSON.stringify(e)}`,k)}m(u.Init,{experiment:{"nam