Huntress detects when ScreenConnect is used on a host which is great, but it would be helpful to know the path from which it was run so for multi session endpoints we can identify the path/user who executed Screen Connect.