Technical Information
- [<HKLM>\System\CurrentControlSet\Services\GetscreenSV] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\GetscreenSV] 'ImagePath' = '"<Full path to file>" -elevate \\.\pipe\elevateGS512vivhbsi'
- 'GetscreenSV' "<Full path to file>" -elevate \\.\pipe\elevateGS512vivhbsi
- %ALLUSERSPROFILE%\getscreen.me\settings.dat
- %ALLUSERSPROFILE%\getscreen.me\logs\20220609.log
- %ALLUSERSPROFILE%\getscreen.me\memory\0000pipe0pcommand96getscreen0me
- from %ALLUSERSPROFILE%\getscreen.me\memory\0000pipe0pcommand96getscreen0me to %ALLUSERSPROFILE%\getscreen.me\memory\e0f01d7fb47bd80110100a50b77bd80118010000ffffffff
- %ALLUSERSPROFILE%\getscreen.me\memory\0000pipe0pcommand96getscreen0me
- 'si####.getscreen.me':443
- 'im###.getscreen.me':443
- 'si####.getscreen.me':443
- 'im###.getscreen.me':443
- DNS ASK si####.getscreen.me
- DNS ASK im###.getscreen.me
- ClassName: 'GetscreenMeClassGetscreen.me' WindowName: ''