11241100x8000000000000000572184Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:33:35.297{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log2024-02-22 17:33:35.297NT AUTHORITY\SYSTEM 11241100x8000000000000000572178Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:33:35.265{51A89197-8530-65D7-FA05-000000001D00}7400C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log2024-02-22 17:33:35.265NT AUTHORITY\SYSTEM 11241100x8000000000000000568301Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:42.898{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.WINDOWSCLIENT.E-B421A341.pf2024-02-22 17:32:28.417NT AUTHORITY\SYSTEM 11241100x8000000000000000567972Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:40.274{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.WINDOWSCLIENT.E-B421A341.pf2024-02-22 17:32:28.417NT AUTHORITY\SYSTEM 11241100x8000000000000000567715Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:38.073{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.CLIENTSERVICE.E-A84B66F7.pf2024-02-22 17:32:28.411NT AUTHORITY\SYSTEM 11241100x8000000000000000566776Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:33.758{51A89197-8530-65D7-FA05-000000001D00}7400C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Windows\System32\user.config2024-02-22 17:32:33.757NT AUTHORITY\SYSTEM 154100x8000000000000000566472Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:32.750{51A89197-8530-65D7-FA05-000000001D00}7400C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe23.9.10.8817ScreenConnect ClientScreenConnectScreenConnect SoftwareScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe" "RunRole" "5ff25bcd-ba55-4c11-8fc2-2d2d7054b595" "System"C:\Windows\system32\NT AUTHORITY\SYSTEM{51A89197-3B87-654E-E703-000000000000}0x3e71SystemSHA1=8807695EE8345E37EFEC43CBC0874277ED9B0A66,MD5=5DEC65C4047DE914C78816B8663E3602,SHA256=71602F6B0B27C8B7D8AD624248E6126970939EFFDE785EC913ACE19052E9960E,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%2fUrqwFBZe%2fd%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%2bbUQyoqD%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%2bW3wOuobuIU%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%20Session" "1"NT AUTHORITY\SYSTEM 22542200x8000000000000000566335Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 15:13:31.392{51A89197-852C-65D7-F805-000000001D00}5632instance-ffx0xs-relay.screenconnect.com0type: 5 server-nix3a88ddf7-relay.screenconnect.com;::ffff:147.28.146.44;C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeNT AUTHORITY\SYSTEM 354300x8000000000000000566075Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 15:13:31.465{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeNT AUTHORITY\SYSTEMtcptruefalse192.168.1.205AttackBox-Win1050624-false147.28.146.44-443https 154100x8000000000000000565581Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:30.137{51A89197-852E-65D7-F905-000000001D00}6328C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe23.9.10.8817ScreenConnect ClientScreenConnectScreenConnect SoftwareScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe" "RunRole" "587036f6-2164-4505-b28b-8f0c34c95206" "User"C:\Windows\system32\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=8807695EE8345E37EFEC43CBC0874277ED9B0A66,MD5=5DEC65C4047DE914C78816B8663E3602,SHA256=71602F6B0B27C8B7D8AD624248E6126970939EFFDE785EC913ACE19052E9960E,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%2fUrqwFBZe%2fd%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%2bbUQyoqD%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%2bW3wOuobuIU%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%20Session" "1"NT AUTHORITY\SYSTEM 11241100x8000000000000000565569Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:30.127{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\wvyjiit1.newcfg2024-02-22 17:32:30.125NT AUTHORITY\SYSTEM 11241100x8000000000000000565568Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:30.125{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\wvyjiit1.tmp2024-02-22 17:32:30.125NT AUTHORITY\SYSTEM 11241100x8000000000000000565482Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:29.918{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.CLIENT.EXE-E4D62019.pf2024-02-22 17:32:27.284NT AUTHORITY\SYSTEM 11241100x8000000000000000565239Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.417{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.WINDOWSCLIENT.E-B421A341.pf2024-02-22 17:32:28.417NT AUTHORITY\SYSTEM 11241100x8000000000000000565226Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.412{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.CLIENTSERVICE.E-A84B66F7.pf2024-02-22 17:32:28.411NT AUTHORITY\SYSTEM 11241100x8000000000000000565111Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.190{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log2024-02-22 17:32:28.190ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000565079Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.143{51A89197-852A-65D7-F705-000000001D00}3672C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeC:\Users\VICTIM\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log2024-02-22 17:32:28.143ATTACKBOX-WIN10\VICTIM 154100x8000000000000000565025Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.031{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe23.9.10.8817----"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%%2fUrqwFBZe%%2fd%%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%%2bbUQyoqD%%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%%2bW3wOuobuIU%%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%%20Session" "1"C:\Windows\system32\NT AUTHORITY\SYSTEM{51A89197-3B87-654E-E703-000000000000}0x3e70SystemSHA1=EC83D37A4F45CAEB07B1605324D0315F959452E9,MD5=DC615E9D8EC81CBF2E2452516373E5A0,SHA256=E9AB064ED381C29A3930F75CA3E05605C6EE07F30A69C043F576A5461DE3BAFC,IMPHASH=5F510E22D141C137199E2FF4021A57BE{51A89197-3B87-654E-0B00-000000001D00}608C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 11241100x8000000000000000564828Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:27.284{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.CLIENT.EXE-E4D62019.pf2024-02-22 17:32:27.284NT AUTHORITY\SYSTEM 154100x8000000000000000564533Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:26.446{51A89197-852A-65D7-F705-000000001D00}3672C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe23.9.10.8817----"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%%2fUrqwFBZe%%2fd%%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%%2bbUQyoqD%%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%%2bW3wOuobuIU%%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%%20Session" "1"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-EE01-020000000000}0x201ee1HighSHA1=EC83D37A4F45CAEB07B1605324D0315F959452E9,MD5=DC615E9D8EC81CBF2E2452516373E5A0,SHA256=E9AB064ED381C29A3930F75CA3E05605C6EE07F30A69C043F576A5461DE3BAFC,IMPHASH=5F510E22D141C137199E2FF4021A57BE{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe"ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562814Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.558{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Deployment\__su..ck___none_0000.0000_none_e7ec9ac1006005902024-02-22 17:32:18.951ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562813Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.527{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Deployment\__su..ck___none_0000.0000_none_e7ec9ac1006005902024-02-22 17:32:18.951ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562797Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.511{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Deployment\__su..ck___none_0000.0000_none_e7ec9ac1006005902024-02-22 17:32:18.951ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562784Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.480{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\Client.resources2024-02-22 17:32:23.480ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562783Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.480{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\Client.en-US.resources2024-02-22 17:32:23.480ATTACKBOX-WIN10\VICTIM 154100x8000000000000000562494Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.064{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe23.9.10.8817ScreenConnect ClientScreenConnectScreenConnect SoftwareScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=8807695EE8345E37EFEC43CBC0874277ED9B0A66,MD5=5DEC65C4047DE914C78816B8663E3602,SHA256=71602F6B0B27C8B7D8AD624248E6126970939EFFDE785EC913ACE19052E9960E,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562147Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.746{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dll2024-02-22 17:32:22.746ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562129Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.714{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dll2024-02-22 17:32:22.714ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562121Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.683{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dll2024-02-22 17:32:22.683ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562115Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.628{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\ScreenConnect.Windows.dll2024-02-22 17:32:22.628ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562098Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.590{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe2024-02-22 17:32:22.590ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562091Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.543{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe2024-02-22 17:32:22.543ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562090Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.543{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe.config2024-02-22 17:32:22.543ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562089Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.527{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsClient.exe.config2024-02-22 17:32:22.527ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562088Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.527{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe.config2024-02-22 17:32:22.527ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562084Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.511{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe2024-02-22 17:32:22.511ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562069Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.496{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.ClientService.exe2024-02-22 17:32:22.496ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562046Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.449{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.ClientService.dll.genman2024-02-22 17:32:22.449ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562045Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.433{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Client.dll.genman2024-02-22 17:32:22.433ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562044Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.433{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Core.dll.genman2024-02-22 17:32:22.433ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562043Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.433{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Windows.dll.genman2024-02-22 17:32:22.433ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562041Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.418{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsClient.exe.genman2024-02-22 17:32:22.418ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561923Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.247{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.ClientService.dll2024-02-22 17:32:22.246ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561914Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.193{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Client.dll2024-02-22 17:32:22.193ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561883Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.089{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Core.dll2024-02-22 17:32:22.089ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561862Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.871{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Windows.dll2024-02-22 17:32:21.871ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561814Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.620{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsClient.exe2024-02-22 17:32:21.620ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561811Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.573{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsFileManager.exe2024-02-22 17:32:21.573ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561810Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.542{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsBackstageShell.exe.config2024-02-22 17:32:21.542ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561795Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.527{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsClient.exe.config2024-02-22 17:32:21.527ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561788Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.495{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsFileManager.exe.config2024-02-22 17:32:21.495ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561771Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.472{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsBackstageShell.exe2024-02-22 17:32:21.471ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561756Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.402{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.ClientService.exe2024-02-22 17:32:21.400ATTACKBOX-WIN10\VICTIM 22542200x8000000000000000561628Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 15:13:21.235{51A89197-8521-65D7-F005-000000001D00}7852detectiontest.screenconnect.com0type: 5 server-nix3a88ddf7-web.screenconnect.com;::ffff:147.28.146.46;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561383Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:20.660{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsClient.exe.manifest2024-02-22 17:32:20.660ATTACKBOX-WIN10\VICTIM 22542200x8000000000000000561188Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 15:13:21.229{51A89197-8521-65D7-F005-000000001D00}7852detectiontest.screenconnect.com0type: 5 server-nix3a88ddf7-web.screenconnect.com;::ffff:147.28.146.46;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeATTACKBOX-WIN10\VICTIM 154100x8000000000000000561065Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:19.766{51A89197-8523-65D7-F105-000000001D00}7276C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe-----"C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe" C:\Users\VICTIM\Downloads\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207{51A89197-843C-65D7-8905-000000001D00}7380C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" ATTACKBOX-WIN10\VICTIM 154100x8000000000000000560112Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:17.535{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe4.7.3056.0 built by: NET472REL1ClickOnceMicrosoft® .NET FrameworkMicrosoft Corporationdfsvc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=F5A9B3E2FAFA695D187A71DCA0581DB397F239C7,MD5=48FD4DD682051712E3E7757C525DED71,SHA256=322865CB5258B0FBEC1D16A03F3F4744149827C6CD2B1028D5F0A580D9D068E1,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{51A89197-8521-65D7-EF05-000000001D00}7812C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe"C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe" ATTACKBOX-WIN10\VICTIM 154100x8000000000000000559874Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:17.144{51A89197-8521-65D7-EF05-000000001D00}7812C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe-----"C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe" C:\Users\VICTIM\Downloads\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207{51A89197-843C-65D7-8905-000000001D00}7380C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559089Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.736{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe:Zone.Identifier2024-02-22 17:32:11.054SHA1=C47D0A483AF0CC97FC794FEDE2AEE046FC4ABEDD,MD5=9A83046AAC1E5BC21BD72B4777E19784,SHA256=5B4C6C9B3EB61D72378E51964091FFF230597AEBDA1657263493ED1FD2C3AFF2,IMPHASH=00000000000000000000000000000000[ZoneTransfer] ZoneId=3 ReferrerUrl=https://detectiontest.screenconnect.com/ HostUrl=https://detectiontest.screenconnect.com/Bin/ScreenConnect.Client.exe?h=instance-ffx0xs-relay.screenconnect.com&p=443&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%2FUrqwFBZe%2Fd%2BydjYIZaBpfRqHzGPXMoGpTzSDWD6%2BbUQyoqD%2F3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%2BW3wOuobuIU%2FZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%2Fs38YUm5Xge4Cs9Xf&s=b380001c-a1c2-4345-9474-0bd482ff92bf&i=Untitled%20Session&e=Support&y=Guest&r= ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559088Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.734{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe2024-02-22 17:32:11.054SHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207-ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559087Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.733{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe:Zone.Identifier2024-02-22 17:32:11.054SHA1=8C77A5B8CE86173D5BAB5F6D3FCE5F72E9BD0F7E,MD5=F09CFE61B8E8D4361095FE425DECD824,SHA256=6A9B87D693A62408407BC1B4B8A866237CC21DF51001724C31FE25AB7D2EE25C,IMPHASH=00000000000000000000000000000000[ZoneTransfer] ZoneId=3 ReferrerUrl=https://detectiontest.screenconnect.com/ ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559086Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.729{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe2024-02-22 17:32:11.054SHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207-ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559085Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.728{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe:Zone.Identifier2024-02-22 17:32:11.054SHA1=D59FC84CDD5217C6CF74785703655F78DA6B582B,MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913,IMPHASH=00000000000000000000000000000000[ZoneTransfer] ZoneId=3 ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000559084Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.727{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe:Zone.Identifier2024-02-22 17:32:11.054ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559083Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.726{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe2024-02-22 17:32:11.054SHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207-ATTACKBOX-WIN10\VICTIM