11241100x8000000000000000572184Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:33:35.297{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeC:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log2024-02-22 17:33:35.297NT AUTHORITY\SYSTEM 11241100x8000000000000000572178Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:33:35.265{51A89197-8530-65D7-FA05-000000001D00}7400C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log2024-02-22 17:33:35.265NT AUTHORITY\SYSTEM 11241100x8000000000000000568301Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:42.898{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.WINDOWSCLIENT.E-B421A341.pf2024-02-22 17:32:28.417NT AUTHORITY\SYSTEM 11241100x8000000000000000567972Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:40.274{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.WINDOWSCLIENT.E-B421A341.pf2024-02-22 17:32:28.417NT AUTHORITY\SYSTEM 11241100x8000000000000000567715Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:38.073{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.CLIENTSERVICE.E-A84B66F7.pf2024-02-22 17:32:28.411NT AUTHORITY\SYSTEM 11241100x8000000000000000566776Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:33.758{51A89197-8530-65D7-FA05-000000001D00}7400C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Windows\System32\user.config2024-02-22 17:32:33.757NT AUTHORITY\SYSTEM 154100x8000000000000000566472Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:32.750{51A89197-8530-65D7-FA05-000000001D00}7400C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe23.9.10.8817ScreenConnect ClientScreenConnectScreenConnect SoftwareScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe" "RunRole" "5ff25bcd-ba55-4c11-8fc2-2d2d7054b595" "System"C:\Windows\system32\NT AUTHORITY\SYSTEM{51A89197-3B87-654E-E703-000000000000}0x3e71SystemSHA1=8807695EE8345E37EFEC43CBC0874277ED9B0A66,MD5=5DEC65C4047DE914C78816B8663E3602,SHA256=71602F6B0B27C8B7D8AD624248E6126970939EFFDE785EC913ACE19052E9960E,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%2fUrqwFBZe%2fd%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%2bbUQyoqD%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%2bW3wOuobuIU%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%20Session" "1"NT AUTHORITY\SYSTEM 22542200x8000000000000000566335Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 15:13:31.392{51A89197-852C-65D7-F805-000000001D00}5632instance-ffx0xs-relay.screenconnect.com0type: 5 server-nix3a88ddf7-relay.screenconnect.com;::ffff:147.28.146.44;C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeNT AUTHORITY\SYSTEM 354300x8000000000000000566075Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 15:13:31.465{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeNT AUTHORITY\SYSTEMtcptruefalse192.168.1.205AttackBox-Win1050624-false147.28.146.44-443https 154100x8000000000000000565581Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:30.137{51A89197-852E-65D7-F905-000000001D00}6328C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe23.9.10.8817ScreenConnect ClientScreenConnectScreenConnect SoftwareScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe" "RunRole" "587036f6-2164-4505-b28b-8f0c34c95206" "User"C:\Windows\system32\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=8807695EE8345E37EFEC43CBC0874277ED9B0A66,MD5=5DEC65C4047DE914C78816B8663E3602,SHA256=71602F6B0B27C8B7D8AD624248E6126970939EFFDE785EC913ACE19052E9960E,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%2fUrqwFBZe%2fd%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%2bbUQyoqD%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%2bW3wOuobuIU%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%20Session" "1"NT AUTHORITY\SYSTEM 11241100x8000000000000000565569Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:30.127{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\wvyjiit1.newcfg2024-02-22 17:32:30.125NT AUTHORITY\SYSTEM 11241100x8000000000000000565568Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:30.125{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\wvyjiit1.tmp2024-02-22 17:32:30.125NT AUTHORITY\SYSTEM 11241100x8000000000000000565482Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:29.918{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.CLIENT.EXE-E4D62019.pf2024-02-22 17:32:27.284NT AUTHORITY\SYSTEM 11241100x8000000000000000565239Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.417{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.WINDOWSCLIENT.E-B421A341.pf2024-02-22 17:32:28.417NT AUTHORITY\SYSTEM 11241100x8000000000000000565226Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.412{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.CLIENTSERVICE.E-A84B66F7.pf2024-02-22 17:32:28.411NT AUTHORITY\SYSTEM 11241100x8000000000000000565111Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.190{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ScreenConnect.WindowsClient.exe.log2024-02-22 17:32:28.190ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000565079Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.143{51A89197-852A-65D7-F705-000000001D00}3672C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeC:\Users\VICTIM\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ScreenConnect.ClientService.exe.log2024-02-22 17:32:28.143ATTACKBOX-WIN10\VICTIM 154100x8000000000000000565025Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:28.031{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe23.9.10.8817----"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%%2fUrqwFBZe%%2fd%%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%%2bbUQyoqD%%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%%2bW3wOuobuIU%%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%%20Session" "1"C:\Windows\system32\NT AUTHORITY\SYSTEM{51A89197-3B87-654E-E703-000000000000}0x3e70SystemSHA1=EC83D37A4F45CAEB07B1605324D0315F959452E9,MD5=DC615E9D8EC81CBF2E2452516373E5A0,SHA256=E9AB064ED381C29A3930F75CA3E05605C6EE07F30A69C043F576A5461DE3BAFC,IMPHASH=5F510E22D141C137199E2FF4021A57BE{51A89197-3B87-654E-0B00-000000001D00}608C:\Windows\System32\services.exeC:\Windows\system32\services.exeNT AUTHORITY\SYSTEM 11241100x8000000000000000564828Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:27.284{51A89197-3B89-654E-1600-000000001D00}700C:\Windows\System32\svchost.exeC:\Windows\Prefetch\SCREENCONNECT.CLIENT.EXE-E4D62019.pf2024-02-22 17:32:27.284NT AUTHORITY\SYSTEM 154100x8000000000000000564533Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:26.446{51A89197-852A-65D7-F705-000000001D00}3672C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe23.9.10.8817----"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%%2fUrqwFBZe%%2fd%%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%%2bbUQyoqD%%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%%2bW3wOuobuIU%%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%%20Session" "1"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-EE01-020000000000}0x201ee1HighSHA1=EC83D37A4F45CAEB07B1605324D0315F959452E9,MD5=DC615E9D8EC81CBF2E2452516373E5A0,SHA256=E9AB064ED381C29A3930F75CA3E05605C6EE07F30A69C043F576A5461DE3BAFC,IMPHASH=5F510E22D141C137199E2FF4021A57BE{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe"ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562814Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.558{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Deployment\__su..ck___none_0000.0000_none_e7ec9ac1006005902024-02-22 17:32:18.951ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562813Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.527{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Deployment\__su..ck___none_0000.0000_none_e7ec9ac1006005902024-02-22 17:32:18.951ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562797Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.511{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Deployment\__su..ck___none_0000.0000_none_e7ec9ac1006005902024-02-22 17:32:18.951ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562784Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.480{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\Client.resources2024-02-22 17:32:23.480ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562783Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.480{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\Client.en-US.resources2024-02-22 17:32:23.480ATTACKBOX-WIN10\VICTIM 154100x8000000000000000562494Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:23.064{51A89197-8527-65D7-F205-000000001D00}4652C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe23.9.10.8817ScreenConnect ClientScreenConnectScreenConnect SoftwareScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.WindowsClient.exe"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=8807695EE8345E37EFEC43CBC0874277ED9B0A66,MD5=5DEC65C4047DE914C78816B8663E3602,SHA256=71602F6B0B27C8B7D8AD624248E6126970939EFFDE785EC913ACE19052E9960E,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"ATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562480Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.031{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files\ScreenConnect.Windows.dll_fa5f7fd8f7c108bbBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562476Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.031{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\Files\ScreenConnect.Client.dll_7b0ea606092ddbcbBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562472Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.030{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files\ScreenConnect.Core.dll_963930cc5ced28c7Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562468Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.030{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files\ScreenConnect.WindowsClient.exe_fd0fcfe1fd1a6cd2Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562464Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.029{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files\ScreenConnect.ClientService.dll_5e8c1e5c1cd8d9eeBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562460Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.029{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsFileManager.exe_74b82db4db38179eBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562456Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.028{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsBackstageShell.exe.config_bc78256f1e952942Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562452Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.028{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsClient.exe.config_432322067acab5c0Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562448Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.027{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsFileManager.exe.config_5db10293a642be8aBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562444Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.026{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsBackstageShell.exe_89b7a517a15abfdcBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562440Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:23.026{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.ClientService.exe_5e8c1e841cd8db20Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562334Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files\ScreenConnect.ClientService.dll_e781b1c636f7bfaeBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562331Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\Files\ScreenConnect.ClientService.dll_e781b1c636f7bfaeBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562318Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\Files\ScreenConnect.Client.dll_fc1d7bd48553fcabBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562315Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\Files\ScreenConnect.Client.dll_fc1d7bd48553fcabBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562302Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files\ScreenConnect.Core.dll_b96889d378047e27Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562299Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\Files\ScreenConnect.Core.dll_b96889d378047e27Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562286Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files\ScreenConnect.Windows.dll_fc0d83aff7df0b5bBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562283Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\Files\ScreenConnect.Windows.dll_fc0d83aff7df0b5bBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562270Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files\ScreenConnect.WindowsClient.exe_6492277df2db17d2Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562267Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\Files\ScreenConnect.WindowsClient.exe_6492277df2db17d2Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562254Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26beBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562251Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.777{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_adadf8219b974439\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsFileManager.exe_0e21f87bfcff26beBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562247Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562244Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_adadf8219b974439\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsBackstageShell.exe.config_61230ac9d37a71e2Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562240Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562237Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_adadf8219b974439\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsClient.exe.config_f7f106a5cc529540Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562233Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daaBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562230Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_adadf8219b974439\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsFileManager.exe.config_ceab8affc7343daaBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562226Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bcBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562223Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_adadf8219b974439\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.WindowsBackstageShell.exe_898f6d085da479bcBinary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562219Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.ClientService.exe_e781b1ee36f7c0e0Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000562216Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:22.761{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeHKU\S-1-5-21-1854396824-2342670854-3736740652-1000_Classes\Software\Microsoft\Windows\CurrentVersion\Deployment\SideBySide\2.0\Components\scre..tion_25b0fbb6ef7eb094_0017.0009_adadf8219b974439\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\Files\ScreenConnect.ClientService.exe_e781b1ee36f7c0e0Binary DataATTACKBOX-WIN10\VICTIM 13241300x8000000000000000565431Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:29.777{51A89197-852C-65D7-F805-000000001D00}5632C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exeHKLM\System\CurrentControlSet\Services\ScreenConnect Client (b380001c-a1c2-4345-9474-0bd482ff92bf)\ImagePath"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%%2fUrqwFBZe%%2fd%%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%%2bbUQyoqD%%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%%2bW3wOuobuIU%%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%%2fs38YUm5Xge4Cs9Xf&v=AQAAANCMnd8BFdERjHoAwE%%2fCl%%2bsBAAAANLvOJtk4P0up7%%2f25%%2bCmP3wAAAAACAAAAAAAQZgAAAAEAACAAAAAsIUk8g%%2fyZaevyShvXCcV640GyE%%2bZyP%%2fL8v%%2f%%2bPAaaSQgAAAAAOgAAAAAIAACAAAAATLEZQl6PH%%2ba1n1eF06Rf3qQvykFf%%2f7ROe%%2bLKfasKM%%2bqAEAABJaD2DHI0jT3GqPcNe8Ry1yzQL7Ov7VU5WmhB2v9%%2bU9BVk7mDHguOq8B2pLHoHhEF%%2bDNDJD28yhlD5x%%2bcXtVmVbSDb%%2f%%2f3ujgjVSYOFvtoiVS5m3YkZoIDHkOYd6mre9IVO394OPt9Tzkd0DzH6o42hAf69AQrhsK%%2bs7%%2bgMZwvFxOCzGt%%2fMTQ4rHFGImRZ8DtTCClponfHSo%%2fhMfDUyUGW6%%2ful%%2bIZPN3WTdsxFX3EfvzS878nb7%%2bEnEKHyLNB%%2bZdxI8SyTSFqd9Ppiiluv8dIYfR9gdsN3A44be0pFRva1t50qV0%%2fW162m2KKTIdwEMzc7QHoLpZ0akUumNY85WIKScif1EQUHFWU7o%%2fvToiRiQmBQakbKtvX9%%2fHZmjefq8mdElq59e5fNCi5MavlkeKZvv26YJVUhK71rf68T7R8LQK07OpTnb1vZGBgsw53OzV5YmhcV6hChZjvgvZgYgDJe7lf6HDCb79sWxZQ5r2xWLcTMoU5Kfzmvdx3Y1z8JnLYOrIpgpZidLGKo0E8UmuuMcxp235vrN9g0rv2q%%2fGlG4hl5sHN3o47q%%2bBVZ4ZKsyv3ARXC2fT%%2bslASmJSo2ujzQlzrASgtSc8AzygpyXvQ7Jx2kZt19JCWLgHzfih8jea6RjxcyHP3k6zrnltrVF3MdVVpmgjcQuBA9iVp%%2ffwrs6VbRxKpzg181OFSv9hMkNXhFtdb8oqUM8QnSizeBDZHs4m5NeZLmZXAdirnvRgF4hPrwxY54KDOdczufZKExX4kBEDmIZwXJbBm6ds9G9MCp%%2bWxLsJFYJqA%%2f%%2fApXiwcuFF9lskr2fuGEYGDqj9nL2Wf74Y0LYPIW1LZV35jCNViqO7eG9csylANIWIiiA0WWFIEdcH22gmoPWLp1qpA2QmVDeLCexFsRBs7uMKRIR%%2bZHgK%%2fZt1wLcQFGZsXSYlWgvNS9AHB45JOLpkHZoZMkljWTRKoyCMGQVQx1zE3UqwF76tp%%2fQUbSizAgTLF1fthDhHKaY7aAdquyrLW8eoidvxF35eyi4eNgjW0ApwR%%2bRGgi%%2fxB%%2b%%2fevIYEKWTKaim992A4%%2fmob1PZFQ%%2fQg8Qvkh%%2baE%%2futdckkDaOSs00IrFV8udnkoSBzao98YytxDdyLA%%2bFZhEifRHbt5fCIOmOG99ZuossEOk%%2byTahTaKI1aGI%%2bkJ8Z91XasM4I%%2fLe8qityFuOglT6KfFGNY6wFtASdgJmyTEi7yG%%2b%%2bXUqDnghp3t18m7PTSggVzXYwUEs6QY75v9ZDYKvmPvLtlZWF48VbfWgveeRtfb%%2b8XPs9BpgyE2iyT6P%%2fpwu6xmme6c1URkLRK6APJI7oXzhCLJ6VnwK9tHJSfYceZa6EuD6fAHj%%2ft1D6e6Biu1LIl7%%2b8Hjcx2XkI46gN6O%%2bHhmFgb4NylxfMzjmIR2u6HTVewIK14S3l1AzX4P0W3gaD2b%%2b%%2bUCYkUpdnuGU%%2buinygCKGXvkDgDvLEf2FsuD52tyWac%%2bNbTCjxtMm5%%2fnUUStZV4ApPkRi3umQS45cpyafx733UCYu8DJFLC%%2bVk8SMtpDwzHlC%%2btCKTGpm7YfE1BkJfv7eAGxTgMcgziOb60AAAACtTdz7uVRPhvYjP9HvRjNTfHWCgTC9IekGxywVy1Oye3Mwf7YvkCyNfe0QguYQdhIE%%2bmdgP7QcVVmJCtkO0gQc&r=&i=Untitled%%20Session" "1"NT AUTHORITY\SYSTEM 13241300x8000000000000000565019Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 17:32:28.018{51A89197-3B87-654E-0B00-000000001D00}608C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ScreenConnect Client (b380001c-a1c2-4345-9474-0bd482ff92bf)\ImagePath"C:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..tion_25b0fbb6ef7eb094_0017.0009_86a5358e17526f84\ScreenConnect.ClientService.exe" "?e=Support&y=Guest&h=instance-ffx0xs-relay.screenconnect.com&p=443&s=b380001c-a1c2-4345-9474-0bd482ff92bf&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%%2fUrqwFBZe%%2fd%%2bydjYIZaBpfRqHzGPXMoGpTzSDWD6%%2bbUQyoqD%%2f3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%%2bW3wOuobuIU%%2fZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%%2fs38YUm5Xge4Cs9Xf&r=&i=Untitled%%20Session" "1"NT AUTHORITY\SYSTEM 13241300x8000000000000000525115Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 13:44:04.998{51A89197-3B87-654E-0B00-000000001D00}608C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ScreenConnect Web Server\ImagePath"C:\Program Files (x86)\ScreenConnect\Bin\ScreenConnect.Service.exe"NT AUTHORITY\SYSTEM 13241300x8000000000000000525106Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 13:44:04.998{51A89197-3B87-654E-0B00-000000001D00}608C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ScreenConnect Relay\ImagePath"C:\Program Files (x86)\ScreenConnect\Bin\ScreenConnect.Service.exe"NT AUTHORITY\SYSTEM 13241300x8000000000000000525098Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 13:44:04.982{51A89197-3B87-654E-0B00-000000001D00}608C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ScreenConnect Security Manager\ImagePath"C:\Program Files (x86)\ScreenConnect\Bin\ScreenConnect.Service.exe"NT AUTHORITY\SYSTEM 13241300x8000000000000000525090Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-SetValue2024-02-22 13:44:04.982{51A89197-3B87-654E-0B00-000000001D00}608C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\ScreenConnect Session Manager\ImagePath"C:\Program Files (x86)\ScreenConnect\Bin\ScreenConnect.Service.exe"NT AUTHORITY\SYSTEM 11241100x8000000000000000562147Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.746{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..vice_4b14c015c87c1ad8_0017.0009_none_171efd5086820924\ScreenConnect.ClientService.dll2024-02-22 17:32:22.746ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562129Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.714{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..ient_4b14c015c87c1ad8_0017.0009_none_fbe0c2da0011fbbd\ScreenConnect.Client.dll2024-02-22 17:32:22.714ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562121Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.683{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..core_4b14c015c87c1ad8_0017.0009_none_65cb6507f0c2a5b9\ScreenConnect.Core.dll2024-02-22 17:32:22.683ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562115Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.628{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..dows_4b14c015c87c1ad8_0017.0009_none_6a433ce92d10b8e9\ScreenConnect.Windows.dll2024-02-22 17:32:22.628ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562098Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.590{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre..ient_4b14c015c87c1ad8_0017.0009_none_c7123e2bd9a688c6\ScreenConnect.WindowsClient.exe2024-02-22 17:32:22.590ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562091Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.543{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe2024-02-22 17:32:22.543ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562090Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.543{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe.config2024-02-22 17:32:22.543ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562089Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.527{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsClient.exe.config2024-02-22 17:32:22.527ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562088Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.527{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsFileManager.exe.config2024-02-22 17:32:22.527ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562084Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.511{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.WindowsBackstageShell.exe2024-02-22 17:32:22.511ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562069Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.496{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Apps\2.0\570TKK0R.QDR\28H545QZ.BH8\scre...exe_25b0fbb6ef7eb094_0017.0009_none_aa62037c34f7a445\ScreenConnect.ClientService.exe2024-02-22 17:32:22.496ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562046Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.449{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.ClientService.dll.genman2024-02-22 17:32:22.449ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562045Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.433{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Client.dll.genman2024-02-22 17:32:22.433ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562044Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.433{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Core.dll.genman2024-02-22 17:32:22.433ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562043Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.433{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Windows.dll.genman2024-02-22 17:32:22.433ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000562041Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.418{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsClient.exe.genman2024-02-22 17:32:22.418ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561923Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.247{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.ClientService.dll2024-02-22 17:32:22.246ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561914Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.193{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Client.dll2024-02-22 17:32:22.193ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561883Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:22.089{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Core.dll2024-02-22 17:32:22.089ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561862Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.871{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.Windows.dll2024-02-22 17:32:21.871ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561814Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.620{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsClient.exe2024-02-22 17:32:21.620ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561811Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.573{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsFileManager.exe2024-02-22 17:32:21.573ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561810Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.542{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsBackstageShell.exe.config2024-02-22 17:32:21.542ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561795Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.527{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsClient.exe.config2024-02-22 17:32:21.527ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561788Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.495{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsFileManager.exe.config2024-02-22 17:32:21.495ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561771Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.472{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsBackstageShell.exe2024-02-22 17:32:21.471ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561756Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:21.402{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.ClientService.exe2024-02-22 17:32:21.400ATTACKBOX-WIN10\VICTIM 22542200x8000000000000000561628Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 15:13:21.235{51A89197-8521-65D7-F005-000000001D00}7852detectiontest.screenconnect.com0type: 5 server-nix3a88ddf7-web.screenconnect.com;::ffff:147.28.146.46;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeATTACKBOX-WIN10\VICTIM 11241100x8000000000000000561383Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:20.660{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeC:\Users\VICTIM\AppData\Local\Temp\Deployment\RN6B8B97.431\YOT3MZ0P.DB6\ScreenConnect.WindowsClient.exe.manifest2024-02-22 17:32:20.660ATTACKBOX-WIN10\VICTIM 22542200x8000000000000000561188Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2023-11-10 15:13:21.229{51A89197-8521-65D7-F005-000000001D00}7852detectiontest.screenconnect.com0type: 5 server-nix3a88ddf7-web.screenconnect.com;::ffff:147.28.146.46;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exeATTACKBOX-WIN10\VICTIM 154100x8000000000000000561065Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:19.766{51A89197-8523-65D7-F105-000000001D00}7276C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe-----"C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe" C:\Users\VICTIM\Downloads\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207{51A89197-843C-65D7-8905-000000001D00}7380C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" ATTACKBOX-WIN10\VICTIM 154100x8000000000000000560112Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:17.535{51A89197-8521-65D7-F005-000000001D00}7852C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe4.7.3056.0 built by: NET472REL1ClickOnceMicrosoft® .NET FrameworkMicrosoft Corporationdfsvc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=F5A9B3E2FAFA695D187A71DCA0581DB397F239C7,MD5=48FD4DD682051712E3E7757C525DED71,SHA256=322865CB5258B0FBEC1D16A03F3F4744149827C6CD2B1028D5F0A580D9D068E1,IMPHASH=F34D5F2D4577ED6D9CEEC516C1F5A744{51A89197-8521-65D7-EF05-000000001D00}7812C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe"C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe" ATTACKBOX-WIN10\VICTIM 154100x8000000000000000559874Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:17.144{51A89197-8521-65D7-EF05-000000001D00}7812C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe-----"C:\Users\VICTIM\Downloads\ScreenConnect.Client.exe" C:\Users\VICTIM\Downloads\ATTACKBOX-WIN10\VICTIM{51A89197-3B8D-654E-4B02-020000000000}0x2024b1MediumSHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207{51A89197-843C-65D7-8905-000000001D00}7380C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559089Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.736{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe:Zone.Identifier2024-02-22 17:32:11.054SHA1=C47D0A483AF0CC97FC794FEDE2AEE046FC4ABEDD,MD5=9A83046AAC1E5BC21BD72B4777E19784,SHA256=5B4C6C9B3EB61D72378E51964091FFF230597AEBDA1657263493ED1FD2C3AFF2,IMPHASH=00000000000000000000000000000000[ZoneTransfer] ZoneId=3 ReferrerUrl=https://detectiontest.screenconnect.com/ HostUrl=https://detectiontest.screenconnect.com/Bin/ScreenConnect.Client.exe?h=instance-ffx0xs-relay.screenconnect.com&p=443&k=BgIAAACkAABSU0ExAAgAAAEAAQDdggorxoadw7udX06fCku1ldF7rN84hmV6d0KM%2FUrqwFBZe%2Fd%2BydjYIZaBpfRqHzGPXMoGpTzSDWD6%2BbUQyoqD%2F3SogFpx8fydSd9zu5MJyaN8mnYDVBMg1HDAd%2BW3wOuobuIU%2FZGLODLKYXG48ims7cObjXy8HPgrH8SzoeMQTxnstNvP9pgZ7PvctSVDuNEPSRb77Wc74VpPwVWhGAiJe5tEOTrQTp9k454Jg71OQuaLds5phFa2coE8XAo4sTccWH3lnrIYFJjqzrik6mDNSJXQjjACFS57R2kct5JNrTq37ommwWQak6gBaV1PUXKm9OW%2Fs38YUm5Xge4Cs9Xf&s=b380001c-a1c2-4345-9474-0bd482ff92bf&i=Untitled%20Session&e=Support&y=Guest&r= ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559088Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.734{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe2024-02-22 17:32:11.054SHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207-ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559087Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.733{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe:Zone.Identifier2024-02-22 17:32:11.054SHA1=8C77A5B8CE86173D5BAB5F6D3FCE5F72E9BD0F7E,MD5=F09CFE61B8E8D4361095FE425DECD824,SHA256=6A9B87D693A62408407BC1B4B8A866237CC21DF51001724C31FE25AB7D2EE25C,IMPHASH=00000000000000000000000000000000[ZoneTransfer] ZoneId=3 ReferrerUrl=https://detectiontest.screenconnect.com/ ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559086Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.729{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe2024-02-22 17:32:11.054SHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207-ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559085Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.728{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe:Zone.Identifier2024-02-22 17:32:11.054SHA1=D59FC84CDD5217C6CF74785703655F78DA6B582B,MD5=FBCCF14D504B7B2DBCB5A5BDA75BD93B,SHA256=EACD09517CE90D34BA562171D15AC40D302F0E691B439F91BE1B6406E25F5913,IMPHASH=00000000000000000000000000000000[ZoneTransfer] ZoneId=3 ATTACKBOX-WIN10\VICTIM 11241100x8000000000000000559084Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.727{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe:Zone.Identifier2024-02-22 17:32:11.054ATTACKBOX-WIN10\VICTIM 15241500x8000000000000000559083Microsoft-Windows-Sysmon/OperationalAttackBox-Win10-2024-02-22 17:32:14.726{51A89197-851E-65D7-EE05-000000001D00}344C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeC:\Users\VICTIM\Downloads\ScreenConnect.Client.exe2024-02-22 17:32:11.054SHA1=C7C4CE6FDC88E63ABAF8E662AEA1456161D9EABC,MD5=84296C8E9FAB976ACBA0A65907A12086,SHA256=E94CC8AAA757D0E0070E41D252ED33085006D334049A9CA626B9467F9E59F542,IMPHASH=7631A79A9071099FA4803E1C4C5DF207-ATTACKBOX-WIN10\VICTIM