PESCAN.IO - Analysis Report Valid Code
File Structure:
Analysis Image
Information:
Size: 5,34 MB
SHA-256 Hash: 48E927D1EAD26B45F7EBE19E48CA7E3F2EB04CBF16AAB837F8A7985EF1B01BDB
SHA-1 Hash: C4474C80C5266F7E5BD572B7556552AF1BF78728
MD5 Hash: 47C1DB083E2CE456B5D6CD71E5AE9555
Imphash: 9771EE6344923FA220489AB01239BDFD
MajorOSVersion: 5
CheckSum: 00541713
EntryPoint (rva): 14AD
SizeOfHeaders: 400
SizeOfImage: 543000
ImageBase: 400000
Architecture: x86
ImportTable: 129C4
Characteristics: 102
TimeDateStamp: 6377E6AC
Date: 18/11/2022 20:10:20
File Type: EXE
Number Of Sections: 5
ASLR: Enabled
Section Names: .text, .rdata, .data, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker
UAC Execution Level Manifest: requireAdministrator
Sections Info:
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 400 B200 1000 B1AF
.rdata 40000040 B600 6200 D000 6078
.data C0000040 (Writeable) 11800 800 14000 11E4
.rsrc 40000040 12000 52B800 16000 52B760
.reloc 42000040 53D800 1000 542000 EA8
Description:
InternalName: DotNetResolver.exe
OriginalFilename: DotNetResolver.exe
CompanyName: ScreenConnect Software
ProductName: ScreenConnect
FileVersion: 0.0.0.0
Binder/Joiner/Crypter:
14 Executable files found
Dropper code detected (EOF) - 80,77 KB
Entry Point:
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 8AD
Code -> E8C5030000E97AFEFFFF558BEC6A00FF1540D04000FF7508FF153CD0400068090400C0FF1544D0400050FF1548D040005DC3
CALL 0X13CA
JMP 0XE84
PUSH EBP
MOV EBP, ESP
PUSH 0
CALL DWORD PTR [0X40D040]
PUSH DWORD PTR [EBP + 8]
CALL DWORD PTR [0X40D03C]
PUSH 0XC0000409
CALL DWORD PTR [0X40D044]
PUSH EAX
CALL DWORD PTR [0X40D048]
POP EBP
RET

Signatures:
CheckSum Integrity Problem:
Header: 5510931
Calculated: 5637537
Rich Signature Analyzer:
Code -> 015F0EE5453E60B6453E60B6453E60B6F1A291B64F3E60B6F1A293B63F3E60B6F1A292B65D3E60B6C54565B7603E60B6C54564B7543E60B6C54563B7513E60B64C46F3B6413E60B65B6CF3B6463E60B6453E61B6253E60B6CB4569B7443E60B6CB459FB6443E60B6CB4562B7443E60B652696368453E60B6
Footprint md5 Hash -> 849DE2AC7EE0A5EA3656A6553164563A
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed and the signature is correct
Packer/Compiler:
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
AnyCPU: False
Compiler: Microsoft Visual Studio
Compiler: Microsoft Visual C ++
Detect It Easy (die)
PE: compiler: EP:Microsoft Visual C/C++(2017 v.15.5-6)[EXE32]
PE: compiler: Microsoft Visual C/C++(-)[-]
PE: linker: Microsoft Linker(14.33**)[EXE32,admin,signed]
PE: Sign tool: Windows Authenticode(2.0)[PKCS 7]
Entropy: 7.42449
Suspicious Functions:
Library Function Description
KERNEL32.DLL GetModuleFileNameA Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryW Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetModuleHandle Retrieves a handle to the specified module.
KERNEL32.DLL CreateToolhelp32Snapshot Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
SHELL32.DLL ShellExecuteW Performs a run operation on a specific file.
Windows REG:
Software\Microsoft\NET Framework Setup\NDP\v2.0.50727InstallSOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client[SERVICE_NAME]restartnoneRemote Control"[SERVICE_CLIENT_LAUNCH_PARAMETERS]"{0C94448B-0C9E-4112-AC7D-B00E6BA76D82}0.0.0.0125.0.0.0OLD_PRODUCT_1{1F85D7FE-5576-41EE-9480-E3F7F9C31B8B}OLD_PRODUCT_2OLD_PRODUCT_3NEW_VERSION
SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client[SERVICE_NAME]restartnoneRemote Control"[SERVICE_CLIENT_LAUNCH_PARAMETERS]"{0C94448B-0C9E-4112-AC7D-B00E6BA76D82}0.0.0.0125.0.0.0OLD_PRODUCT_1{1F85D7FE-5576-41EE-9480-E3F7F9C31B8B}OLD_PRODUCT_2OLD_PRODUCT_3NEW_VERSION
Windows REG (UNICODE):
SOFTWARE\Microsoft\Cryptography
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Software\Policies\Microsoft\Windows\Installer
SYSTEM\CurrentControlSet\Services\
File Access:
DotNetResolver.exe
INSTALLLOCATION]ScreenConnect.WindowsClient.exe
INSTALLLOCATION]ScreenConnect.WindowsFileManager.exeLaunchApplicationScreenConnect.WindowsClient.exe
INSTALLLOCATION]ScreenConnect.WindowsFileManager.exe
INSTALLLOCATION]ScreenConnect.WindowsBackstageShell.exe
ScreenConnect.WindowsFileManager.exe
ScreenConnect.WindowsClient.exe
ScreenConnect.WindowsBackstageShell.exe
ScreenConnect.ClientInstallerRunner.exe
mscoree.dll
ScreenConnect.WindowsCredentialProvider.dll
ScreenConnect.WindowsAuthenticationPackage.dll
SchedServiceConfigExecServiceConfigRollbackServiceConfigProgramFilesFolderTBDTARGETDIR.SourceDirFulldbbvsztr.dll|ScreenConnect.ClientService.dll24.3.17.92940ScreenConnect.Client.dll5aygg2n-.dll
SchedServiceConfigExecServiceConfigRollbackServiceConfigProgramFilesFolderTBDTARGETDIR.SourceDirFulldbbvsztr.dll|ScreenConnect.ClientService.dll24.3.17.92940ScreenConnect.Client.dll
SchedServiceConfigExecServiceConfigRollbackServiceConfigProgramFilesFolderTBDTARGETDIR.SourceDirFulldbbvsztr.dll|ScreenConnect.ClientService.dll
SchedServiceConfigExecServiceConfigRollbackServiceConfigProgramFilesFolderTBDTARGETDIR.SourceDirFulldbbvsztr.dll
601ScreenConnect.WindowsCredentialProvider.dll
601ScreenConnect.WindowsAuthenticationPackage.dll
KERNEL32.dll
VERSION.dll
ole32.dll
SHELL32.dll
OLEAUT32.dll
USER32.dll
ADVAPI32.dll
msi.dll
wixca.dll
failed to get handle to kernel32.dll
Microsoft.Deployment.Compression.Cab.dll
Microsoft.Deployment.Compression.dll
ScreenConnect.Windows.dll
ScreenConnect.Core.dll
Microsoft.Deployment.WindowsInstaller.Package.dll
Microsoft.Deployment.WindowsInstaller.dll
ScreenConnect.InstallerActions.dll
SfxCA.dll
SHLWAPI.dll
Cabinet.dll
ScreenConnect.WindowsCredentialProvider.dll
ScreenConnect.WindowsAuthenticationPackage.dll
ScreenConnect.ClientService.dll
ScreenConnect.Client.dll
ScreenConnect.WindowsInstaller.dll
libzstd.dll
zlibvc.dll
libwebp.dll
winmm.dll
ScreenConnect.Properties.libz.x86.dll
ScreenConnect.Properties.libwebp.x86.dll
ScreenConnect.Properties.libzstd.x86.dll
ScreenConnect.Properties.libz.x64.dll
ScreenConnect.Properties.libwebp.x64.dll
ScreenConnect.Properties.libzstd.x64.dll
ScreenConnect.Scr
ScreenConnect.ScreenConnect.ClientSetup.msi
ScreenConnect.UserInterfaceSettingsScreenConnect.Sys
Temp
ProgramFiles
File Access (UNICODE):
ClientSetup.msi
mscoree.dll
Core.dll
*.dll
libwebp.dll
CorExitProcessmscoree.dll
zlib.dll
Windows.dll
WindowsInstaller.dll
InstallerActions.dll
//feedback.scr
Failed to locate functions in mscoree.dll
CorBindToRuntimeExGetRequestedRuntimeInfoFailed to load mscoree.dll
SfxCA.dll
d3d9.dll
dwmapi.dll
rstrtmgr.dll
Command failed to execute.Command line returned an error.kernel32.dll
wixca.dll
ClientInstallerRunner.exe
DotNetResolver.exe
rundll32.exe
msiexec.exe
0\powershell.exe
cmd.exe
WindowsBackstageShell.exe
ClientService.exe
WindowsClient.exe
Exec - powershell.exe /c
Temp
AppData
SQL Queries:
Select WixCloseApplication, Target, Description, Condition, Attributes, Property, TerminateExitCode, Timeout FROM WixCloseApplication ORDER BY Sequence
Select Component_, Directory_, Name, Target, Attributes, IconFile, IconIndex FROM WixInternetShortcutWixSchedInternetShortcutsfailed to initialize WixSchedInternetShortcuts.WixInternetShortcutWixInternetShortcut table doesn't exist, so there are no Internet shortcuts to processfailed to initialize COM
Select WixRestartResource.WixRestartResource, WixRestartResource.Component_, WixRestartResource.Resource, WixRestartResource.Attributes FROM WixRestartResourceWixRegisterRestartResourcesWixRestartResource
Select WixRemoveFolderEx, Component_, Property, InstallMode FROM WixRemoveFolderEx
Select SecureObjects.SecureObject, SecureObjects.Table, SecureObjects.Domain, SecureObjects.User, SecureObjects.Permission, SecureObjects.Component_, Component.Attributes FROM SecureObjects,Component WHERE SecureObjects.Component_=Component.Component
Select Registry.Registry, Registry.Root, Registry.Key FROM Registry WHERE Registry.Registry=?
Select ServiceInstall.Name FROM ServiceInstall WHERE ServiceInstall.ServiceInstall=?
Select ServiceName, Component_, NewService, FirstFailureActionType, SecondFailureActionType, ThirdFailureActionType, ResetPeriodInDays, RestartServiceDelayInSeconds, ProgramCommandLine, RebootMessage FROM ServiceConfig
Select Data FROM Binary WHERE Name='%s'Failed to allocate Binary table query.Failed to open view on Binary tableFailed to retrieve request from Binary table
Select XmlFile.XmlFile, XmlFile.File, XmlFile.ElementPath, XmlFile.Name, XmlFile.Value, XmlFile.Flags, XmlFile.Component_, Component.Attributes FROM XmlFile,Component WHERE XmlFile.Component_=Component.Component ORDER BY File, SequenceXmlFile.cppfailed to allocate memory for new xml file change list elementXmlFilefailed to open view on XmlFile table
Select XmlConfig.XmlConfig, XmlConfig.File, XmlConfig.ElementPath, XmlConfig.VerifyPath, XmlConfig.Name, XmlConfig.Value, XmlConfig.Flags, XmlConfig.Component_, Component.Attributes FROM XmlConfig,Component WHERE XmlConfig.Component_=Component.Component ORDER BY File, Sequencefailed to free xml file element path in change list item
Select * FROM %s
Interest's Words:
lockbit
PADDINGX
Encrypt
Decrypt
Encryption
RunPE
PassWord
<html
<head
<body
<div
<form
<button
<link
<title
<section
<main
exec
createobject
netsh
attrib
start
pause
hostname
wmic
sdelete
shutdown
systeminfo
ping
dism
expand
getmac
replace
route
setx
Interest's Words (UNICODE):
Encrypt
Encryption
PassWord
exec
powershell
netsh
attrib
start
pause
wmic
sdelete
shutdown
rundll32
systeminfo
ping
rundll
dism
URLs:
http://ocsp.digicert.com
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
http://crl3.digicert.com/DigiCertTrustedRootG4.crl
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt
http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
URLs (UNICODE):
https://feedback.screenconnect.com/Feedback.axd
Payloads:
Unusual BP Cave > 15 Bytes - (0xCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC...)
PE Carving:
Start Offset Header End Offset Size (Bytes)
0 123D8 123D8
123D8 983D8 86000
983D8 C1DB8 299E0
C1DB8 1293C0 67608
1293C0 17E5C8 55208
17E5C8 1933D0 14E08
1933D0 1A57D8 12408
1A57D8 1F71E0 51A08
1F71E0 23C9D8 457F8
23C9D8 2575D8 1AC00
2575D8 3F1550 199F78
3F1550 4FB550 10A000
4FB550 53BFD8 40A88
53BFD8 557310 1B338
Strings/Hex Code Found With The File Rules:
Rule Text (Ascii): WinAPI Sockets (bind)
Rule Text (Unicode): WinAPI Sockets (bind)
Rule Text (Ascii): WinAPI Sockets (listen)
Rule Text (Ascii): WinAPI Sockets (accept)
Rule Text (Ascii): WinAPI Sockets (connect)
Rule Text (Unicode): WinAPI Sockets (connect)
Rule Text (Ascii): WinAPI Sockets (send)
Rule Text (Unicode): WinAPI Sockets (send)
Rule Text (Ascii): Registry (RegCreateKeyEx)
Rule Text (Ascii): Registry (RegOpenKeyEx)
Rule Text (Ascii): Registry (RegSetValueEx)
Rule Text (Ascii): File (GetTempPath)
Rule Text (Ascii): File (CopyFile)
Rule Text (Ascii): File (CreateFile)
Rule Text (Ascii): File (WriteFile)
Rule Text (Ascii): File (ReadFile)
Rule Text (Ascii): Service (OpenSCManager)
Rule Text (Ascii): Service (CreateService)
Rule Text (Unicode): Encryption (AesCryptoServiceProvider)
Rule Text (Ascii): Encryption (CreateDecryptor)
Rule Text (Ascii): Encryption (FromBase64String)
Rule Text (Ascii): Encryption (ICryptoTransform)
Rule Text (Ascii): Encryption (MD5CryptoServiceProvider)
Rule Text (Ascii): Encryption (RNGCryptoServiceProvider)
Rule Text (Ascii): Encryption (Rijndael)
Rule Text (Ascii): Encryption (RijndaelManaged)
Rule Text (Ascii): Encryption (ToBase64String)
Rule Text (Ascii): Anti-Analysis VM (IsDebuggerPresent)
Rule Text (Ascii): Anti-Analysis VM (GetSystemInfo)
Rule Text (Ascii): Anti-Analysis VM (GlobalMemoryStatusEx)
Rule Text (Ascii): Anti-Analysis VM (GetVersion)
Rule Text (Ascii): Anti-Analysis VM (CreateToolhelp32Snapshot)
Rule Text (Ascii): Stealth (VirtualAlloc)
Rule Text (Ascii): Stealth (VirtualProtect)
Rule Text (Ascii): Execution (CreateProcessA)
Rule Text (Ascii): Execution (CreateProcessW)
Rule Text (Ascii): Execution (ShellExecute)
Rule Text (Unicode): Privileges (SeDebugPrivilege)
Rule Text (Unicode): Privileges (SeShutdownPrivilege)
Rule Text (Ascii): Privileges (SE_PRIVILEGE_ENABLED)
Rule Text (Ascii): Privileges (SE_PRIVILEGE_REMOVED)
Rule Text (Ascii): Keyboard Key (ALTDOWN)
Rule Text (Ascii): Keyboard Key (LBUTTON)
Rule Text (Ascii): Keyboard Key (RBUTTON)
Rule Text (Ascii): Keyboard Key (Scroll)
Rule Text (Ascii): Keyboard Key (UpArrow)
Rule Text (Ascii): Malicious code executed after exploiting a vulnerability (Payload)
Rule Text (Ascii): Information used to authenticate a users identity (Credential)
Rule Text (Unicode): Information used to authenticate a users identity (Credential)
Rule Text (Ascii): Process of gathering information about network resources (Enumeration)
Rule Text (Ascii): Stealer malware focused on obtaining CVV codes to conduct unauthorized transactions (CVV)
Rule Text (Ascii): Information used for user authentication (Credential)
Rule Text (Unicode): Information used for user authentication (Credential)
Rule Text (Ascii): Unauthorized movement of funds or data (Transfer)
Rule Text (Unicode): Unauthorized movement of funds or data (Transfer)
Rule Text (Ascii): Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Rule Text (Ascii): Technique used to capture communications between systems (Intercept)
EP Rules: HA Archive
EP Rules: Microsoft Visual C++ 8
EP Rules: Microsoft Visual C++ 8
EP Rules: Microsoft Visual C++ v7.0
EP Rules: PE-Exe Executable Image
EP Rules: Trilobyte's RNR graphics library
EP Rules: VC8 -> Microsoft Corporation
Resources:
Path DataRVA Size FileOffset CodeTextPE/Payload
\FILES\SCREENCONNECT.CORE, VERSION=24.3.17.9294, CULTURE=NEUTRAL, PUBLICKEYTOKEN=4B14C015C87C1AD8\0 163D8 86000 123D8 4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000MZ......................@.........................(Executable found)
\FILES\SCREENCONNECT.WINDOWS, VERSION=24.3.17.9294, CULTURE=NEUTRAL, PUBLICKEYTOKEN=4B14C015C87C1AD8\0 9C3D8 1A4600 983D8 4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000MZ......................@.........................(Executable found)
\FILES\SCREENCONNECT.WINDOWSINSTALLER, VERSION=24.3.17.9294, CULTURE=NEUTRAL, PUBLICKEYTOKEN=4B14C015C87C1AD8\0 2409D8 1AC00 23C9D8 4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000MZ......................@.........................(Executable found)
\FILES\_ENTRYPOINT\0 25B5D8 2E4A00 2575D8 4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000MZ......................@.........................(Executable found)
\FILES\_RESOLVER\0 53FFD8 1600 53BFD8 4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000MZ......................@.........................(Executable found)
\24\1\1033 5415D8 188 53D5D8 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String:
• 0.0.0.0
• DotNetResolver.exe
• ScreenConnect.ClientInstallerRunner.exe
• _CorExeMainmscoree.dll
• KERNEL32.dll
• mscoree.dll
• ScreenConnect.Windows.dll
• _CorDllMainmscoree.dll
• .bss
• KERNEL32.DLL
• ZLib.DLL
• zlib.dll
• libwebp.dll
• ScreenConnect.Core.dll
• *.dll
• OLEAUT32.dll
• C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\Release\DotNetRunner.pdb
• .wiJ
• .wCK
• .wAi
• https://feedback.screenconnect.com/Feedback.axd
• .dll
• .arm
• aShowTrayIconContextMenuStoreLoginCredentialsItem
• C:\builds\cc\cwcontrol\Product\Core\obj\Release\net20\ScreenConnect.Core.pdbs
• .avi
• runas
• cmd.exe
• KWindowsPowershell\v1.0\powershell.exe
• USER32.DLL
• .exe
• Default.cab
• WScreenConnect.ScreenConnect.ClientSetup.msi
• ;ScreenConnect.ClientSetup.msi
• msiexec.exe
• ZG ScreenConnect.WindowsBackstageShell.exe
• ZJ ScreenConnect.WindowsClient.exe
• ZH ScreenConnect.WindowsFileManager.exe
• rundll32.exe
• \Microsoft.Deployment.WindowsInstaller.dll
• E:\delivery\Dev\wix37_public\build\ship\x86\SfxCA.pdb
• !"$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]_abcdefghijklmnopqrstuvwxyz{|}~SfxCA.dll
• SfxCA.dll
• CloseApps.cpp
• Failed to get SID; skipping account %lsosinfo.cpp
• d3d9.dll
• dwmapi.dll
• Unable to schedule rollback for object: %lssecureobj.cpp
• serviceconfig.cpp
• test.cpp
• Global\WixWaitForEventFail
• Failed to create the Global\WixWaitForEventFail event.
• Global\WixWaitForEventSucceed
• Failed to create the Global\WixWaitForEventSucceed event.
• XmlConfig.cpp
• memutil.cppprocutil.cpp
• proc2utl.cpp
• fileutil.cpp
• aclutil.cpprmutil.cpp
• rstrtmgr.dll
• pathutil.cpp
• xmlutil.cppkernel32.dll
• wcalog.cpp
• wcascript.cpp
• qtexec.cpp
• wcawow64.cpp
• C:\build\work\eca3d12b\wix3\build\ship\x86\wixca.pdb
• ADVAPI32.dll
• USER32.dll
• wixca.dll
• C:\builds\cc\cwcontrol\Product\ClientInstallerRunner\obj\Release\ScreenConnect.ClientInstallerRunner.pdb.
• C:\Users\jmorgan\Source\cwcontrol\Custom\DotNetRunner\DotNetResolver\obj\Debug\DotNetResolver.pdb
• +0U00SQOMhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0SQOMhttp://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0+00$+0http://ocsp.digicert.com0\+0Phttp://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0U00*Hyxgq-1A?\]o<0'8{o
• :060U00Uq]dL.g?O0U0E1-Q!m0U0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0EU>0<0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0U
• 8CommandStoreLoginCredentials
• AnnotationABlack out the remote monitor so they can't see what you're doing.Blank Guest MonitorGPrevent the user at the remote machine from interfering with your work.Block Guest InputChange ResolutionChange Sharing+Clear everyone's annotations on the screen.Clear AnnotationsJSend your clipboard to the remote machine as keystrokes. Useful for login.Send Clipboard KeystrokesControl Sharing@Enable clipboard help for the Helper to process all copied text.Enable Clipboard Help
Extra 4n4lysis:
Metric Value Percentage
Ascii Code 3516352 62,7918%
Null Byte Code 657351 11,7384%
© 2025 All rights reserved.