File name:

getscreen-316735001.exe

Full analysis: https://app.any.run/tasks/8242f377-5469-46ec-b962-bf006ce58ad6
Verdict: Malicious activity
Analysis date: May 15, 2025, 14:50:35
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
remote
getmescreen
getscreen
rmm-tool
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 3 sections
MD5:

BAB409F6B4C30B3CEA541FA6929163A5

SHA1:

D3DF021F843645E095FC3AA17F2BB3099AD5928C

SHA256:

D612A3E5DE683EAD13DBE2B0C5480B9BE40ADCEFA4A583B8B6FD0BE122D537B4

SSDEEP:

98304:dnV8etgqCKyP7IJr556/UfltNhVScNaKxwuWVTteSJmT8P1kmvH9w1VRxS4+bbhW:1I8vzXM5zzp63iKzZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GETMESCREEN has been detected (SURICATA)

      • getscreen-316735001.exe (PID: 6148)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • getscreen-316735001.exe (PID: 6808)
      • Cortana.exe (PID: 3304)

    • Reads the date of Windows installation

      • getscreen-316735001.exe (PID: 6808)

    • Application launched itself

      • getscreen-316735001.exe (PID: 6808)
      • getscreen-316735001.exe (PID: 6148)

    • Executable content was dropped or overwritten

      • getscreen-316735001.exe (PID: 6148)

    • Connects to unusual port

      • getscreen-316735001.exe (PID: 6148)

    • There is functionality for taking screenshot (YARA)

      • getscreen-316735001.exe (PID: 6148)

  • INFO

    • Checks supported languages

      • getscreen-316735001.exe (PID: 6808)
      • getscreen-316735001.exe (PID: 6148)
      • getscreen-316735001.exe (PID: 4300)
      • getscreen-316735001.exe (PID: 7648)
      • getscreen-316735001.exe (PID: 7992)
      • Cortana.exe (PID: 3304)

    • Reads the computer name

      • getscreen-316735001.exe (PID: 6808)
      • getscreen-316735001.exe (PID: 6148)
      • getscreen-316735001.exe (PID: 4300)
      • getscreen-316735001.exe (PID: 7648)
      • getscreen-316735001.exe (PID: 7992)
      • Cortana.exe (PID: 3304)

    • Process checks computer location settings

      • getscreen-316735001.exe (PID: 6808)

    • Creates files in the program directory

      • getscreen-316735001.exe (PID: 6808)
      • getscreen-316735001.exe (PID: 6148)
      • getscreen-316735001.exe (PID: 4300)

    • Creates files or folders in the user directory

      • getscreen-316735001.exe (PID: 6148)
      • Cortana.exe (PID: 3304)

    • GETSCREEN has been detected

      • getscreen-316735001.exe (PID: 6808)
      • getscreen-316735001.exe (PID: 1052)
      • getscreen-316735001.exe (PID: 6148)
      • getscreen-316735001.exe (PID: 4300)
      • getscreen-316735001.exe (PID: 7648)
      • getscreen-316735001.exe (PID: 7992)

    • Checks proxy server information

      • getscreen-316735001.exe (PID: 6148)
      • Cortana.exe (PID: 3304)

    • UPX packer has been detected

      • getscreen-316735001.exe (PID: 6148)

    • Reads mouse settings

      • getscreen-316735001.exe (PID: 7992)

    • Reads the software policy settings

      • slui.exe (PID: 1164)
      • Cortana.exe (PID: 3304)

    • Reads the machine GUID from the registry

      • Cortana.exe (PID: 3304)

    • Reads security settings of Internet Explorer

      • SystemSettingsBroker.exe (PID: 7896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | UPX compressed Win32 Executable (87.1)
.exe | Generic Win/DOS Executable (6.4)
.exe | DOS Executable Generic (6.4)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2025:02:19 17:10:41+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.4
CodeSize: 7753728
InitializedDataSize: 12288
UninitializedDataSize: 27189248
EntryPoint: 0x21530e0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.2.12.0
ProductVersionNumber: 3.2.12.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Unknown (0009)
CharacterSet: Unicode
CompanyName: Point B Ltd
InternalName: Getscreen.me
OriginalFileName: getscreen.exe
ProductName: Getscreen.me
FileVersion: 3.2.12
LegalCopyright: Copyright (C) 2025
ProductVersion: 3.2.12
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
11
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start getscreen-316735001.exe no specs #GETMESCREEN getscreen-316735001.exe sppextcomobj.exe no specs slui.exe getscreen-316735001.exe getscreen-316735001.exe getscreen-316735001.exe no specs getscreen-316735001.exe slui.exe no specs cortana.exe systemsettingsbroker.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1052"C:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe" -cpipe \\.\pipe\PCommand96pqgamkioyxdhvye -cmem 0000pipe0PCommand96pqgamkioyxdhvye4v1tkiydva2qqe0 -childC:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe
getscreen-316735001.exe
User:
SYSTEM
Company:
Point B Ltd
Integrity Level:
SYSTEM
Exit code:
1
Version:
3.2.12
Modules
Images
c:\windows\system32\winsta.dll
c:\windows\system32\windowscodecs.dll
1164"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msxml6.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\ondemandconnroutehelper.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\nsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\webio.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winnsi.dll
3304"C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Cortana.exe" -ServerName:App.AppX2y379sjp88wjq1y80217mddj3fargf2y.mcaC:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Cortana.exe
svchost.exe
User:
admin
Integrity Level:
MEDIUM
Description:
CortanaApp.View
Version:
1.1911.21713.0
Modules
Images
c:\program files\windowsapps\microsoft.549981c3f5f10_1.1911.21713.0_x64__8wekyb3d8bbwe\cortana.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\windowsapps\microsoft.549981c3f5f10_1.1911.21713.0_x64__8wekyb3d8bbwe\cortana.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
3884C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
4300"C:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe" -gpipe \\.\pipe\PCommand97kteoumbucmefumf5 -guiC:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe
getscreen-316735001.exe
User:
SYSTEM
Company:
Point B Ltd
Integrity Level:
SYSTEM
Version:
3.2.12
Modules
Images
c:\users\admin\appdata\local\temp\getscreen-316735001.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
4620C:\WINDOWS\system32\SppExtComObj.exe -EmbeddingC:\Windows\System32\SppExtComObj.Exesvchost.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
KMS Connection Broker
Version:
10.0.19041.3996 (WinBuild.160101.0800)
6148"C:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe" C:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe
getscreen-316735001.exe
User:
admin
Company:
Point B Ltd
Integrity Level:
HIGH
Version:
3.2.12
Modules
Images
c:\users\admin\appdata\local\temp\getscreen-316735001.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
6808"C:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe" C:\Users\admin\AppData\Local\Temp\getscreen-316735001.exeexplorer.exe
User:
admin
Company:
Point B Ltd
Integrity Level:
MEDIUM
Exit code:
0
Version:
3.2.12
Modules
Images
c:\users\admin\appdata\local\temp\getscreen-316735001.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
7648"C:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe" -epipe \\.\pipe\PCommand98phqghumeaylnlfd -environmentC:\Users\admin\AppData\Local\Temp\getscreen-316735001.exegetscreen-316735001.exe
User:
admin
Company:
Point B Ltd
Integrity Level:
HIGH
Exit code:
1
Version:
3.2.12
Modules
Images
c:\users\admin\appdata\local\temp\getscreen-316735001.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
7896C:\Windows\System32\SystemSettingsBroker.exe -EmbeddingC:\Windows\System32\SystemSettingsBroker.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
System Settings Broker
Exit code:
0
Version:
10.0.19041.3996 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\systemsettingsbroker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
Total events
5 395
Read events
5 382
Write events
13
Delete events
0

Modification events

(PID) Process:(4300) getscreen-316735001.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\GetScreen\Getscreen.me
Operation:writeName:Language
Value:
en
(PID) Process:(4300) getscreen-316735001.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001_Classes\*\shell\Download with Getscreen.me
Operation:writeName:icon
Value:
C:\Users\admin\AppData\Local\Temp\getscreen-316735001.exe
(PID) Process:(3304) Cortana.exeKey:\REGISTRY\A\{a96975fb-cafa-5299-2fcd-ae7f0a503d36}\LocalState
Operation:writeName:launchedWithDefaultSize
Value:
011540A9FBA8C5DB01
(PID) Process:(3304) Cortana.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.549981c3f5f10_8wekyb3d8bbwe\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3304) Cortana.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.549981c3f5f10_8wekyb3d8bbwe\Internet Settings\Cache\Content
Operation:writeName:CacheVersion
Value:
1
(PID) Process:(3304) Cortana.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.549981c3f5f10_8wekyb3d8bbwe\Internet Settings\Cache\Content
Operation:writeName:CacheLimit
Value:
51200
(PID) Process:(3304) Cortana.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.549981c3f5f10_8wekyb3d8bbwe\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3304) Cortana.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.549981c3f5f10_8wekyb3d8bbwe\Internet Settings\Cache\Cookies
Operation:writeName:CacheVersion
Value:
1
(PID) Process:(3304) Cortana.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.549981c3f5f10_8wekyb3d8bbwe\Internet Settings\Cache\Cookies
Operation:writeName:CacheLimit
Value:
1
(PID) Process:(3304) Cortana.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.549981c3f5f10_8wekyb3d8bbwe\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1
Suspicious files
10
Text files
3
Unknown types
2

Dropped files

PID
Process
Filename
Type
1052getscreen-316735001.exeC:\ProgramData\Getscreen.me\memory\0000pipe0PCommand96pqgamkioyxdhvye4v1tkiydva2qqe0
MD5:
SHA256:
6148getscreen-316735001.exeC:\ProgramData\Getscreen.me\memory\CC761D2FA6C5DB01EC08B7C4A8C5DB0104180000FFFFFFFF
MD5:
SHA256:
6148getscreen-316735001.exeC:\ProgramData\Getscreen.me\folder\settings.datbinary
MD5:594D0E4B4AC2DC740D2E500C3277C093
SHA256:1705FE3250F8B539490A1BEB556FBD1D34DA9A55B250E838ADDD81CB85D07DA2
6808getscreen-316735001.exeC:\ProgramData\Getscreen.me\logs\20250515.logtext
MD5:C979AF46779924DF03D4021E448E6EC3
SHA256:FFCD910A003A5BBC48880F88F7FEE9448A988BA29A421A7BFC621E6AA184C0AB
6148getscreen-316735001.exeC:\ProgramData\Getscreen.me\bhhfyjtroaexgkhkuhhdllyelyxuklq-elevate.exeexecutable
MD5:BAB409F6B4C30B3CEA541FA6929163A5
SHA256:D612A3E5DE683EAD13DBE2B0C5480B9BE40ADCEFA4A583B8B6FD0BE122D537B4
4300getscreen-316735001.exeC:\ProgramData\Getscreen.me\logs\20250515.capture.logtext
MD5:9F879EA4AF363C7217254730E09542EA
SHA256:3952ABDB38F82A25341145774E0A127A5C221676020BAEF0A550B2B3E353616E
1052getscreen-316735001.exeC:\ProgramData\Getscreen.me\logs\20250515.gui.logtext
MD5:DDF2C9D1AC6E1080EF5B954A79F0C456
SHA256:6A07551DD5A7925051F5B583F26135E929ACD4E1C29127B08585D9361DE048E7
3304Cortana.exeC:\Users\admin\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\LocalState\FeatureSettings_v2.sqlitebinary
MD5:232665D5F6F437AE406A18B4EFDBEE97
SHA256:302E2E80DB3893666664CD4835B8DF54A3DC430447F8390D53E1F8C56990D784
6148getscreen-316735001.exeC:\Users\admin\AppData\Local\Getscreen.me\folder\settings.datbinary
MD5:594D0E4B4AC2DC740D2E500C3277C093
SHA256:1705FE3250F8B539490A1BEB556FBD1D34DA9A55B250E838ADDD81CB85D07DA2
3304Cortana.exeC:\Users\admin\AppData\Local\Packages\Microsoft.549981C3F5F10_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\37C951188967C8EB88D99893D9D191FEder
MD5:0F7B8F6A846AA9CA52FA562DDDCDB5ED
SHA256:AFF90E65A81289B80D1FCC5E71B3D88E5D1AAFE22CE358EB6E28A56D1845263D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
130
DNS requests
47
Threats
39

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5496
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7188
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7188
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3304
Cortana.exe
GET
200
2.16.168.124:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3304
Cortana.exe
GET
200
92.123.22.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2924
SearchApp.exe
GET
200
2.17.190.73:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5496
MoUsoCoreWorker.exe
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
40.126.31.69:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
6148
getscreen-316735001.exe
51.89.95.37:443
getscreen.me
OVH SAS
GB
unknown

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.72
  • 2.16.168.124
  • 2.16.168.114
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 95.101.149.131
  • 92.123.22.101
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
  • 51.124.78.146
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
login.live.com
  • 40.126.31.69
  • 40.126.31.71
  • 20.190.159.71
  • 20.190.159.73
  • 40.126.31.2
  • 40.126.31.73
  • 20.190.159.75
  • 40.126.31.0
whitelisted
ocsp.digicert.com
  • 2.23.77.188
  • 2.17.190.73
whitelisted
getscreen.me
  • 51.89.95.37
  • 5.75.168.191
  • 78.47.165.25
unknown
px-br1.getscreen.me
  • 216.238.108.196
unknown
px-us2.getscreen.me
  • 5.161.108.215
unknown
px-kr1.getscreen.me
  • 158.247.230.152
unknown

Threats

PID
Process
Class
Message
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
6148
getscreen-316735001.exe
Misc activity
REMOTE [ANY.RUN] GetMeScreen Remote Desktop Software
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
getscreen-316735001.exe