URL:

https://go.getscreen.me/invite/132245822

Full analysis: https://app.any.run/tasks/f3c2605e-6374-4495-a9fa-bc7882343a71
Verdict: Malicious activity
Analysis date: February 23, 2024, 11:03:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

7E6E502B43012C545AAA648248A493D1

SHA1:

266208211000E1AF70FB19C81322E2F33E2124AE

SHA256:

264053A9914C21340527ADC6D04D5F7DA00F0A8780B3E8D905AE7DA4AF988722

SSDEEP:

3:N8r29ERLU+9:2q9egu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • getscreen-132245822-x86.exe (PID: 2596)

  • SUSPICIOUS

    • Reads the Internet Settings

      • getscreen-132245822-x86.exe (PID: 2256)
      • getscreen-132245822-x86.exe (PID: 2596)

    • Reads security settings of Internet Explorer

      • getscreen-132245822-x86.exe (PID: 2256)

    • Application launched itself

      • getscreen-132245822-x86.exe (PID: 2256)
      • getscreen-132245822-x86.exe (PID: 2596)

    • Executable content was dropped or overwritten

      • getscreen-132245822-x86.exe (PID: 2596)

    • Changes Internet Explorer settings (feature browser emulation)

      • getscreen-132245822-x86.exe (PID: 1644)

    • Executes as Windows Service

      • uuvoxnxhphamwqryjrjdznkicgrysss-elevate.exe (PID: 1576)

    • Connects to unusual port

      • getscreen-132245822-x86.exe (PID: 2596)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3864)
      • chrome.exe (PID: 3004)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 2044)
      • iexplore.exe (PID: 3864)
      • chrome.exe (PID: 1352)

    • Reads the computer name

      • getscreen-132245822-x86.exe (PID: 2256)
      • getscreen-132245822-x86.exe (PID: 2596)
      • getscreen-132245822-x86.exe (PID: 1644)
      • uuvoxnxhphamwqryjrjdznkicgrysss-elevate.exe (PID: 1576)
      • getscreen-132245822-x86.exe (PID: 1216)
      • getscreen-132245822-x86.exe (PID: 3540)
      • getscreen-132245822-x86.exe (PID: 532)

    • Checks supported languages

      • getscreen-132245822-x86.exe (PID: 2256)
      • getscreen-132245822-x86.exe (PID: 2596)
      • getscreen-132245822-x86.exe (PID: 1644)
      • uuvoxnxhphamwqryjrjdznkicgrysss-elevate.exe (PID: 1576)
      • getscreen-132245822-x86.exe (PID: 3540)
      • getscreen-132245822-x86.exe (PID: 1216)
      • getscreen-132245822-x86.exe (PID: 532)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 3864)
      • iexplore.exe (PID: 2044)
      • chrome.exe (PID: 1352)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3864)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3864)
      • getscreen-132245822-x86.exe (PID: 2256)
      • getscreen-132245822-x86.exe (PID: 2596)
      • chrome.exe (PID: 3004)
      • chrome.exe (PID: 3520)

    • Creates files or folders in the user directory

      • getscreen-132245822-x86.exe (PID: 2596)

    • Creates files in the program directory

      • getscreen-132245822-x86.exe (PID: 2596)

    • Reads the machine GUID from the registry

      • getscreen-132245822-x86.exe (PID: 2596)

    • Manual execution by a user

      • SndVol.exe (PID: 2876)
      • chrome.exe (PID: 3004)

    • Reads mouse settings

      • getscreen-132245822-x86.exe (PID: 532)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
104
Monitored processes
60
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe getscreen-132245822-x86.exe no specs getscreen-132245822-x86.exe getscreen-132245822-x86.exe no specs uuvoxnxhphamwqryjrjdznkicgrysss-elevate.exe no specs getscreen-132245822-x86.exe getscreen-132245822-x86.exe no specs getscreen-132245822-x86.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs sndvol.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
268"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=1976 --field-trial-handle=1172,i,4487644146878540663,3268482951271024995,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
532"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\getscreen-132245822-x86.exe" -cpipe \\.\pipe\PCommand96ukvftzjtqdedezf -childC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\getscreen-132245822-x86.exe
getscreen-132245822-x86.exe
User:
SYSTEM
Company:
Getscreen.me
Integrity Level:
SYSTEM
Exit code:
0
Version:
2.16.2
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\78rfyb7z\getscreen-132245822-x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
948"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2228 --field-trial-handle=1172,i,4487644146878540663,3268482951271024995,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
984"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=3136 --field-trial-handle=1172,i,4487644146878540663,3268482951271024995,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1028"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3744 --field-trial-handle=1172,i,4487644146878540663,3268482951271024995,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1028"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=3804 --field-trial-handle=1172,i,4487644146878540663,3268482951271024995,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1168"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --mojo-platform-channel-handle=1344 --field-trial-handle=1172,i,4487644146878540663,3268482951271024995,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1216"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\getscreen-132245822-x86.exe" -epipe \\.\pipe\PCommand98phqghumeaylnlfd -environmentC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\getscreen-132245822-x86.exegetscreen-132245822-x86.exe
User:
admin
Company:
Getscreen.me
Integrity Level:
HIGH
Exit code:
1
Version:
2.16.2
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\78rfyb7z\getscreen-132245822-x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
1348"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=4776 --field-trial-handle=1172,i,4487644146878540663,3268482951271024995,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
1352"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --mojo-platform-channel-handle=4072 --field-trial-handle=1172,i,4487644146878540663,3268482951271024995,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exe
chrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
109.0.5414.120
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\109.0.5414.120\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
Total events
38 789
Read events
38 501
Write events
222
Delete events
66

Modification events

(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31090247
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
242045592
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31090248
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3864) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
8
Suspicious files
458
Text files
205
Unknown types
155

Dropped files

PID
Process
Filename
Type
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:0FE5B229A2700580174EAD67F481E77E
SHA256:C33AF2A8184C7F972AE2B82B5F8352A7C09742781A6992915FBCEC0245D622CB
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\DOTBATAV\go.getscreen[1].xmltext
MD5:C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA256:B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\main-ts1en1708678573[1].jstext
MD5:1BF1BDD5E3DF0B7B282049FAB37684B8
SHA256:B2086F573B471ED0699011FE7BBBD72A9D8A16526B30258589DDF837901EFB76
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\main[1].csstext
MD5:A4982FA3A47B5CEA2DB209759F782379
SHA256:D17550B6302C5AA0B0A72344A15C48FE8BCD125925E31E2336019969BAFBAE05
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\styles-ts1en1691073868[1].csstext
MD5:AADBB208E1C5DE4049CCA665DBE8C3C4
SHA256:21706294939EF8ED7C4AB37856F70BE33619272554A71883E06828FE32F08ACA
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main-ts1en1708678591[1].csstext
MD5:AE3963C0D801ED2B8A78460149E8111A
SHA256:3E31BC065A73E86482567114A9F384B3A5314045B1B0C1DAF575CE3DB0ED1509
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\main[1].jstext
MD5:463F61E30EE50796E82DC7AEC4BC0BB8
SHA256:9314677BD24771D56FE482C66F00097950BDCA41FB1A349B3621BAA785DBEDD6
2044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\logo[1].svgimage
MD5:1FCF454C8A4BE8A885833A5B1626E805
SHA256:2DD3A1A91484CD0E0581A60A87281FAC8B0157FF65F04D8DCB33D43FE860B350
2044iexplore.exeC:\Users\admin\AppData\Local\Temp\Low\CabF58B.tmpcompressed
MD5:AC05D27423A85ADC1622C714F2CB6184
SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
2044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506compressed
MD5:AC05D27423A85ADC1622C714F2CB6184
SHA256:C6456E12E5E53287A547AF4103E0397CB9697E466CF75844312DC296D43D144D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
39
TCP/UDP connections
240
DNS requests
230
Threats
792

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2044
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a08f35fbea17b647
unknown
unknown
2044
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?545e1839169dd0e6
unknown
unknown
2044
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?86b4b67e50f1d6bf
unknown
compressed
65.2 Kb
unknown
2044
iexplore.exe
GET
200
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?fa310b6d6a2541a6
unknown
compressed
65.2 Kb
unknown
2044
iexplore.exe
GET
200
2.18.97.144:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
3864
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?70d85e3b0e586cab
unknown
unknown
2044
iexplore.exe
GET
200
95.101.54.113:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNXj2h26IMu8V5srOP0WZDg7Q%3D%3D
unknown
binary
503 b
unknown
3864
iexplore.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?96c8eb5dfc595a04
unknown
unknown
3864
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAzlnDD9eoNTLi0BRrMy%2BWU%3D
unknown
binary
313 b
unknown
3864
iexplore.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2044
iexplore.exe
148.251.219.3:443
go.getscreen.me
Hetzner Online GmbH
DE
unknown
1080
svchost.exe
224.0.0.252:5355
unknown
2044
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
2044
iexplore.exe
2.18.97.144:80
x1.c.lencr.org
Akamai International B.V.
FR
unknown
2044
iexplore.exe
95.101.54.113:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
2044
iexplore.exe
78.47.165.25:443
getscreen.me
Hetzner Online GmbH
DE
unknown
3864
iexplore.exe
148.251.219.3:443
go.getscreen.me
Hetzner Online GmbH
DE
unknown
3864
iexplore.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted

DNS requests

Domain
IP
Reputation
go.getscreen.me
  • 148.251.219.3
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
x1.c.lencr.org
  • 2.18.97.144
whitelisted
r3.o.lencr.org
  • 95.101.54.113
  • 95.101.54.194
  • 95.101.54.115
  • 95.101.54.139
  • 95.101.54.145
  • 95.101.54.137
  • 95.101.54.201
  • 95.101.54.138
  • 95.101.54.121
shared
getscreen.me
  • 78.47.165.25
  • 5.75.168.191
unknown
api.bing.com
  • 13.107.5.80
whitelisted
www.bing.com
  • 104.75.170.155
  • 104.75.170.107
  • 104.75.170.104
  • 104.75.170.152
  • 104.75.170.178
  • 104.75.170.106
  • 104.75.170.114
  • 104.75.170.176
  • 104.75.170.145
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
r20swj13mr.microsoft.com
  • 152.199.19.161
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

PID
Process
Class
Message
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
2596
getscreen-132245822-x86.exe
Misc activity
ET INFO Session Traversal Utilities for NAT (STUN Binding Request)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://go.getscreen.me/invite/132245822