Company Name: Stonehenge Advisors, Inc
Contact: Sablosky (POC), Dan
Phone Number: (215) 320-3777

Hello Dan,

     Your ticket 3460304 is actively being worked on by Christopher Clarke

Discussion Dan Sablosky (POC) 2/19/2026 12:06 PM- {      "@context": "http://schema.org",      "@type": "EmailMessage",      "potentialAction": {        "@type": "ViewAction",        "target": "https://desk.cyflare.cloud/portal/ticket/304011",        "name": "View Ticket "      },      "description": "View Ticket"    }     Dear IH-Atlantic_Stonehenge Advisors, A ticket has been created with the following details: Account Name: Atlantic_Stonehenge Advisors Ticket ID:  304011 Priority:  Low Subject:  Low - SentinelOne Threat - Stonehenge Advisors, Inc - ScreenConnect.Client.exe - 02/19/26 Description: Description: SentinelOne flagged ScreenConnect.Client.exe (sha1: 3b3b1268ff469be9e68379b8fb3cc9aedfbef2a8, sha256: 3e61172a...) located at \Device\HarddiskVolume3\Users\WFS Maintenance\Downloads\ScreenConnect.Client.exe. Agent policy initiated mitigations (quarantine, kill) successfully. Indicators: imports debugger/kernel-exception functions, runtime dynamic linking, file/registry persistence behaviors, OpenSSL RSA use, file read/write and process termination capabilities. File path is in a user Downloads folder, not a standard Windows install location; this reduces likelihood of being a legitimate system component. Threat Status: Mitigated - Contained Priority: Low Time Of Detection:2026-02-19 12:00:43 UTC-05 Alert Link:https://usea1-008.sentinelone.net/incidents/threats/2418365587363666779/overview Threat Details: Threat Name: ScreenConnect.Client.exe Threat Classification: General Detection Engine: On-Write DFI - Suspicious File Path: \Device\HarddiskVolume3\Users\WFS Maintenance\Downloads\ScreenConnect.Client.exe File SHA1 Hash: 3b3b1268ff469be9e68379b8fb3cc9aedfbef2a8 File Publisher Name: CONNECTWISE, LLC File Publisher Signed & Verified: Revoked Command Line: Threat Status: Threat Quarantine status: quarantine Threat Killed status: kill Endpoint Details: Endpoint Name: DESKTOP-C17AEOC Endpoint IP Address: 192.168.58.149 Site Name: Atlantic_Stonehenge Advisors Group Name: Stonehenge Advisors Inc - HQ SentinelOne Mitigation Policy: protect SentinelOne Mitigation Status: mitigated SOC Response Actions: Isolate Endpoint: N/A Initiate Full Disk Scan: N/A Timeline for additional findings: Alfie AI Summarization (Beta) * The threat indicators describe a malicious file capable of various harmful actions while avoiding detection. It can raise kernel exceptions and import debugger functions, indicating advanced capabilities. The file can delay its execution to evade security measures and has the ability to list files on the system and retrieve specific values. It poses a significant risk by being able to encrypt data using OpenSSL RSA. Additionally, it can create, open, and write to files, terminate processes, and accept command line arguments, highlighting its potential for persistence and data manipulation on the system. SOC Recommended Actions 1. Quarantine the endpoint DESKTOP-C17AEOC (agent UUID 7ed87071d94f47899ff91f3a7236df93) to prevent further execution of ScreenConnect.Client.exe. Remove the file at \Device\HarddiskVolume3\Users\WFS Maintenance\Downloads\ScreenConnect.Client.exe and delete any additional copies from the user profile and common download locations. Disable or remove the local user account WFS Maintenance if not required, and rotate credentials for any accounts that used this endpoint. Block the publisher CONNECTWISE, LLC and the file hash 3e61172ad78b61fce351b0b3dd4bb170d51ffaaa85c0a67b4a47c76034ca1207 at the endpoint and in central allow/block lists. Reimage the affected system if reinstallation is feasible, or perform a full malware remediation and verify the agent version is updated to 25.1.3.334 with agent mitigation mode set to protect. Alfie Insights (Beta) Case Details Case Created Time: 02/19/2026 12:01:56 EST Case Assigned Time: None Ticket Creation Time: None Ticket Number: None Case Closed Time: None Case Name: SCREENCONNECT.CLIENT.EXE Case Source: SentinelOneV2 Org Name: Atlantic_Stonehenge Advisors Msp Name: Atlantic Entity Enrichment Sentinelonev2: Client Knowledge Base Lookup: Threat Hunting Stellar Searches: Ticket Correlation Ticket Searches: * Query: Tickets related to the same Alert Type with the same Hash Result: 0 matching tickets Threshold Checks Verified for the presence of any suspicious entities Verified if the mitigation mode is detect only Confirmed if the client is subscribed to Stellar Verified if the hash is marked malicious or not in OSINT Verified if the threat status is mitigated - contained Confirmed whether the case is flagged as malicious in S1 or not Verified whether the hash is flagged as malicious in OSINT or not Verified if the threat name contains Ransomware or Interactive Session OR Isolation Validated the activity was on the blocklist Validated the activity was mitigated Response Actions None You can view all details here: 304011

You can check the status of your Service Ticket by calling our Customer Care Hotline at (212) 507-9420

134 West 26th Street | New York, NY 10001 | ©2020 Atlantic.