Technical Information
- [<HKLM>\System\CurrentControlSet\Services\GetscreenSV] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\GetscreenSV] 'ImagePath' = '"<Full path to file>" -elevate'
- 'GetscreenSV' "<Full path to file>" -elevate
- %ALLUSERSPROFILE%\support\logs\20201123.log
- %ALLUSERSPROFILE%\getscreen.me\turbo\settings.dat
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://oc##.#ectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEDmOFlEUW2hkOrR5lqKMIlU%3D
- DNS ASK ge###reen.me
- DNS ASK microsoft.com
- DNS ASK oc##.#ectigo.com
- ClassName: 'GetscreenMeClassTurboSupport' WindowName: ''
- ClassName: 'Shell_traywnd' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''