File name:

digitalform.msi

Full analysis: https://app.any.run/tasks/4448d21f-c069-454a-b337-e1c3e40d095d
Verdict: Malicious activity
Analysis date: April 04, 2024, 17:27:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
generated-doc
Indicators:
MIME: application/x-msi
File info: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
MD5:

F1C935CE028022AB2A495EAE83ADACC6

SHA1:

1DD0301A120D6CBED1D22B9D1FB8C9D3D6793546

SHA256:

09E09503962A2A8022859E72B86AD8C69DCBF79839B71897C0BF8A4C4B9F4DD6

SSDEEP:

98304:ZIZTffzvns6eLKLdpRwznfsJb+7J7ERXndiWaKzPtSjXmbABY/lT8vjkZBvrePVv:23XP9No

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 2648)
      • AgentPackageUpgradeAgent.exe (PID: 3136)
      • AgentPackageTicketing.exe (PID: 1196)
      • AteraAgent.exe (PID: 1036)

    • Creates a writable file in the system directory

      • AteraAgent.exe (PID: 1036)

  • SUSPICIOUS

    • Executes as Windows Service

      • VSSVC.exe (PID: 116)
      • AteraAgent.exe (PID: 1036)

    • Starts SC.EXE for service management

      • AteraAgent.exe (PID: 1036)

    • Reads security settings of Internet Explorer

      • AteraAgent.exe (PID: 1036)

    • Process drops legitimate windows executable

      • AteraAgent.exe (PID: 1036)
      • AgentPackageUpgradeAgent.exe (PID: 3136)

    • Starts itself from another location

      • AgentPackageUpgradeAgent.exe (PID: 3136)

  • INFO

    • Checks supported languages

      • AteraAgent.exe (PID: 1036)
      • AgentPackageUpgradeAgent.exe (PID: 3136)
      • AgentPackageSTRemote.exe (PID: 3016)
      • AgentPackageUpgradeAgent.exe (PID: 3440)
      • AgentPackageHeartbeat.exe (PID: 1288)

    • Reads the computer name

      • AteraAgent.exe (PID: 1036)
      • AgentPackageUpgradeAgent.exe (PID: 3136)
      • AgentPackageSTRemote.exe (PID: 3016)
      • AgentPackageUpgradeAgent.exe (PID: 3440)
      • AgentPackageHeartbeat.exe (PID: 1288)

    • Reads security settings of Internet Explorer

      • msiexec.exe (PID: 2648)

    • Reads the software policy settings

      • msiexec.exe (PID: 2648)
      • AteraAgent.exe (PID: 1036)
      • AgentPackageHeartbeat.exe (PID: 1288)
      • AgentPackageSTRemote.exe (PID: 3016)

    • Reads the machine GUID from the registry

      • AteraAgent.exe (PID: 1036)
      • AgentPackageUpgradeAgent.exe (PID: 3136)
      • AgentPackageSTRemote.exe (PID: 3016)
      • AgentPackageUpgradeAgent.exe (PID: 3440)
      • AgentPackageHeartbeat.exe (PID: 1288)

    • Reads Environment values

      • AteraAgent.exe (PID: 1036)
      • AgentPackageSTRemote.exe (PID: 3016)
      • AgentPackageUpgradeAgent.exe (PID: 3440)
      • AgentPackageHeartbeat.exe (PID: 1288)
      • AgentPackageUpgradeAgent.exe (PID: 3136)

    • Creates files in the program directory

      • AteraAgent.exe (PID: 1036)
      • AgentPackageSTRemote.exe (PID: 3016)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.msi | Microsoft Windows Installer (98.5)
.msi | Microsoft Installer (100)

EXIF

FlashPix

CodePage: Windows Latin 1 (Western European)
Title: Installation Database
Subject: AteraAgent
Author: Atera networks
Keywords: Installer
Comments: This installer database contains the logic and data required to install AteraAgent.
Template: Intel;1033
RevisionNumber: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}
CreateDate: 2024:02:28 10:52:02
ModifyDate: 2024:02:28 10:52:02
Pages: 200
Words: 6
Software: Windows Installer XML Toolset (3.11.2.4516)
Security: Read-only recommended
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
70
Monitored processes
12
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start msiexec.exe no specs vssvc.exe no specs ateraagent.exe sc.exe no specs agentpackageupgradeagent.exe no specs agentpackagestremote.exe agentpackageupgradeagent.exe no specs agentpackageheartbeat.exe agentpackageosupdates.exe no specs agentpackageadremote.exe no specs agentpackageticketing.exe no specs agentpackagemarketplace.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116C:\Windows\system32\vssvc.exeC:\Windows\System32\VSSVC.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft® Volume Shadow Copy Service
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\vssvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1036"C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe"C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe
services.exe
User:
SYSTEM
Company:
ATERA Networks Ltd.
Integrity Level:
SYSTEM
Description:
AteraAgent
Version:
1.8.7.2
Modules
Images
c:\program files\atera networks\ateraagent\ateraagent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1196"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe" ebd3f175-5ad0-4a5d-81a6-448f3935da6a "cf06787b-1bdb-4ecc-909c-7d84af667fb5" agent-api.atera.com/Production 443 or8ixLi90Mf "maintain" 001Q3000009snPyIAIC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exeAteraAgent.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
AgentPackageTicketing
Version:
26.8.0.0
1288"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe" ebd3f175-5ad0-4a5d-81a6-448f3935da6a "a7b370f2-4171-4b6d-8e27-ba56d07b8bd7" agent-api.atera.com/Production 443 or8ixLi90Mf "heartbeat" 001Q3000009snPyIAIC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe
AteraAgent.exe
User:
SYSTEM
Company:
Atera Networks
Integrity Level:
SYSTEM
Description:
AgentPackageHeartbeat
Exit code:
0
Version:
17.14.0.0
Modules
Images
c:\program files\atera networks\ateraagent\packages\agentpackageheartbeat\agentpackageheartbeat.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2532"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe" ebd3f175-5ad0-4a5d-81a6-448f3935da6a "25397443-98bd-405c-9de9-5dd67f90bb5a" agent-api.atera.com/Production 443 or8ixLi90Mf "agentprovision" 001Q3000009snPyIAIC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exeAteraAgent.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
AgentPackageMarketplace
Version:
1.4.0.0
2648"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\digitalform.msi"C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3016"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" ebd3f175-5ad0-4a5d-81a6-448f3935da6a "b78353e1-6250-473a-be0f-01f84805f5f7" agent-api.atera.com/Production 443 or8ixLi90Mf "downloadifneeded" 001Q3000009snPyIAIC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe
AteraAgent.exe
User:
SYSTEM
Company:
Atera Networks
Integrity Level:
SYSTEM
Description:
AgentPackageSTRemote
Version:
21.3.0.0
Modules
Images
c:\program files\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3132"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000C:\Windows\System32\sc.exeAteraAgent.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
A tool to aid in developing services for WindowsNT
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\sc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3136"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" ebd3f175-5ad0-4a5d-81a6-448f3935da6a "4f309402-b3cd-4c6d-af45-ece73e23a295" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q3000009snPyIAIC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeAteraAgent.exe
User:
SYSTEM
Company:
Atera Networks LTD
Integrity Level:
SYSTEM
Description:
AgentPackageUpgradeAgent
Exit code:
0
Version:
26.8.0.0
Modules
Images
c:\program files\atera networks\ateraagent\packages\agentpackageupgradeagent\agentpackageupgradeagent.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3228"C:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exe" ebd3f175-5ad0-4a5d-81a6-448f3935da6a "58fbfa19-4f46-4dc4-a77a-32b60bbe0cb5" agent-api.atera.com/Production 443 or8ixLi90Mf "eyJBZENvbW1hbmRUeXBlIjo1LCJJbnN0YWxsYXRpb25GaWxlVXJsIjoiaHR0cHM6Ly9nZXQuYW55ZGVzay5jb20vOENRc3U5a3YvQW55RGVza19DdXN0b21fQ2xpZW50Lm1zaSIsIkZvcmNlSW5zdGFsbCI6ZmFsc2UsIlRhcmdldFZlcnNpb24iOiI3LjAuMTUifQ==" 001Q3000009snPyIAIC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageADRemote\AgentPackageADRemote.exeAteraAgent.exe
User:
SYSTEM
Integrity Level:
SYSTEM
Description:
AgentPackageADRemote
Exit code:
0
Version:
6.0.0.0
Total events
18 169
Read events
17 843
Write events
317
Delete events
9

Modification events

(PID) Process:(2648) msiexec.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4000000000000000DA4D8963B586DA01740000009C0F0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Enter)
Value:
4000000000000000DA4D8963B586DA0174000000CC0F0000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Enter)
Value:
400000000000000034B08B63B586DA0174000000D8050000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Enter)
Value:
400000000000000034B08B63B586DA0174000000B8020000E8030000010000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Registry Writer
Operation:writeName:IDENTIFY (Leave)
Value:
400000000000000034B08B63B586DA01740000009C0F0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\COM+ REGDB Writer
Operation:writeName:IDENTIFY (Leave)
Value:
4000000000000000E8749063B586DA0174000000D8050000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\Shadow Copy Optimization Writer
Operation:writeName:IDENTIFY (Leave)
Value:
4000000000000000E8749063B586DA0174000000CC0F0000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\ASR Writer
Operation:writeName:IDENTIFY (Leave)
Value:
40000000000000009C399563B586DA0174000000B8020000E8030000000000000100000000000000000000000000000000000000000000000000000000000000
(PID) Process:(116) VSSVC.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5}
Operation:writeName:PROVIDER_BEGINPREPARE (Enter)
Value:
40000000000000004C177D66B586DA0174000000B8020000010400000100000000000000000000004905D810A637564A9C0964CE0F0150710000000000000000
Executable files
289
Suspicious files
11
Text files
29
Unknown types
5

Dropped files

PID
Process
Filename
Type
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent.zipcompressed
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exeexecutable
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe.configxml
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.initext
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dllexecutable
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dllexecutable
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dllexecutable
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dllexecutable
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dllexecutable
MD5:
SHA256:
1036AteraAgent.exeC:\Program Files\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote.zipcompressed
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
16
DNS requests
12
Threats
12

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3520
AteraAgent.exe
GET
304
93.184.221.240:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?19838b2ae250760d
unknown
unknown
3520
AteraAgent.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
unknown
3520
AteraAgent.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAooSZl45YmN9AojjrilUug%3D
unknown
unknown
3520
AteraAgent.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
unknown
1036
AteraAgent.exe
GET
200
192.229.221.95:80
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
4
System
192.168.100.255:138
unknown
2240
rundll32.exe
40.119.152.241:443
agent-api.atera.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3520
AteraAgent.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3520
AteraAgent.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1036
AteraAgent.exe
40.119.152.241:443
agent-api.atera.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
3256
rundll32.exe
40.119.152.241:443
agent-api.atera.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
1036
AteraAgent.exe
35.157.63.229:443
ps.pndsn.com
AMAZON-02
DE
unknown
1036
AteraAgent.exe
13.35.58.7:443
ps.atera.com
US
unknown
1036
AteraAgent.exe
13.35.58.124:443
ps.atera.com
US
unknown

DNS requests

Domain
IP
Reputation
agent-api.atera.com
  • 40.119.152.241
unknown
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
ps.pndsn.com
  • 35.157.63.229
  • 35.157.63.227
unknown
ps.atera.com
  • 13.35.58.124
  • 13.35.58.104
  • 13.35.58.7
  • 13.35.58.59
unknown
cacerts.digicert.com
  • 192.229.221.95
whitelisted
atera-agent-heartbeat-cus.servicebus.windows.net
  • 172.202.80.17
unknown
my.splashtop.com
  • 35.71.184.3
  • 52.223.39.232
unknown
download.splashtop.com
  • 13.35.58.57
  • 13.35.58.31
  • 13.35.58.107
  • 13.35.58.89
unknown

Threats

PID
Process
Class
Message
1080
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
3016
AgentPackageSTRemote.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
8 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
digitalform.msi