File name:

SplashtopSOS (1).exe

Full analysis: https://app.any.run/tasks/9105df5c-2d2c-4f10-81e7-5c2269dad99d
Verdict: Malicious activity
Analysis date: May 28, 2025, 20:41:57
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive, 4 sections
MD5:

D29C210C6700FBF57B2CAF435A54E6E6

SHA1:

95FA5EB14154CCF1C20DE768F73AAC94A3647800

SHA256:

0B2FF9A0C573E24579AE4C65F739593312676D8E2DB5F8BBA22FC2EE377D449D

SSDEEP:

196608:DKHvYYsO/5t0926Q9Mf4nhRkdyTtSYzlVz0tOyCz/RE:Ev5s+52268Mf4HkdyhSYzlVgqE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Uses Task Scheduler to run other applications

      • cmd.exe (PID: 5772)

  • SUSPICIOUS

    • Application launched itself

      • SplashtopSOS (1).exe (PID: 2800)

    • Reads security settings of Internet Explorer

      • SplashtopSOS (1).exe (PID: 2800)
      • SplashtopSOS (1).exe (PID: 536)

    • Executable content was dropped or overwritten

      • expand.exe (PID: 920)
      • SplashtopSOS (1).exe (PID: 536)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 4180)

    • The process executes via Task Scheduler

      • Launcher.exe (PID: 3132)

    • Add new program in existing scheduled task

      • schtasks.exe (PID: 720)

    • There is functionality for taking screenshot (YARA)

      • SplashtopSOS (1).exe (PID: 536)
      • SRAppPBSOS.exe (PID: 6388)

    • Starts CMD.EXE for commands execution

      • SplashtopSOS (1).exe (PID: 536)

    • Process drops legitimate windows executable

      • expand.exe (PID: 920)

  • INFO

    • Process checks computer location settings

      • SplashtopSOS (1).exe (PID: 2800)
      • SplashtopSOS (1).exe (PID: 536)

    • Checks supported languages

      • SplashtopSOS (1).exe (PID: 2800)
      • SplashtopSOS (1).exe (PID: 536)
      • expand.exe (PID: 920)
      • Launcher.exe (PID: 3132)
      • SRServerSOS.exe (PID: 5364)
      • SRAppPBSOS.exe (PID: 6388)
      • SRManagerSOS.exe (PID: 5344)
      • SRFeatureSOS.exe (PID: 720)
      • SRUtilitySOS.exe (PID: 6744)

    • Reads the computer name

      • SplashtopSOS (1).exe (PID: 2800)
      • SplashtopSOS (1).exe (PID: 536)
      • SRManagerSOS.exe (PID: 5344)
      • SRServerSOS.exe (PID: 5364)
      • SRFeatureSOS.exe (PID: 720)
      • SRAppPBSOS.exe (PID: 6388)

    • The sample compiled with english language support

      • SplashtopSOS (1).exe (PID: 2800)
      • expand.exe (PID: 920)
      • SplashtopSOS (1).exe (PID: 536)

    • Reads the machine GUID from the registry

      • expand.exe (PID: 920)
      • SRManagerSOS.exe (PID: 5344)

    • Create files in a temporary directory

      • Launcher.exe (PID: 3132)
      • SRManagerSOS.exe (PID: 5344)
      • SplashtopSOS (1).exe (PID: 536)
      • expand.exe (PID: 920)

    • Reads Environment values

      • SRManagerSOS.exe (PID: 5344)

    • Reads the software policy settings

      • SRManagerSOS.exe (PID: 5344)

    • Creates files in the program directory

      • SRManagerSOS.exe (PID: 5344)

    • Reads product name

      • SRManagerSOS.exe (PID: 5344)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2023:12:06 08:29:55+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 206848
InitializedDataSize: 280576
UninitializedDataSize: -
EntryPoint: 0x13dca
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 3.62.1.109
ProductVersionNumber: 3.6.2.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Splashtop Inc.
FileDescription: Splashtop® SOS
FileVersion: 3.62.1.109
LegalCopyright: Copyright © Splashtop Inc. All Rights Reserved.
ProductName: Splashtop® SOS
ProductVersion: 3.6.2.1
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
155
Monitored processes
27
Malicious processes
0
Suspicious processes
3

Behavior graph

Click at the process to see the details
start splashtopsos (1).exe no specs splashtopsos (1).exe sppextcomobj.exe no specs cmd.exe no specs conhost.exe no specs slui.exe no specs expand.exe cmd.exe no specs conhost.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs launcher.exe conhost.exe no specs cmd.exe no specs conhost.exe no specs schtasks.exe no specs srmanagersos.exe srserversos.exe no specs srapppbsos.exe no specs srfeaturesos.exe no specs srutilitysos.exe no specs conhost.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
496\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
536"C:\Users\admin\AppData\Local\Temp\SplashtopSOS (1).exe" "C:\Users\admin\AppData\Local\Temp\SplashtopSOS (1).exe" C:\Users\admin\AppData\Local\Temp\SplashtopSOS (1).exe
SplashtopSOS (1).exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
HIGH
Description:
Splashtop® SOS
Version:
3.62.1.109
Modules
Images
c:\users\admin\appdata\local\temp\splashtopsos (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
720schtasks /change /tn ASOS5 /ru "system" /tr "'C:\Users\admin\AppData\Local\Temp\unpacksos\5\\Launcher.exe' SRManagerSOS.exe 5 "C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
720"C:\Users\admin\AppData\Local\Temp\unpacksos\5\SRFeatureSOS.exe"C:\Users\admin\AppData\Local\Temp\unpacksos\5\SRFeatureSOS.exeSRManagerSOS.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Splashtop® Streamer Feature
Version:
3.62.1.109
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\5\srfeaturesos.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
920C:\WINDOWS\system32\expand.exe *.cab /f:* .\C:\Windows\System32\expand.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
LZ Expansion Utility
Exit code:
0
Version:
5.00 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\expand.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
1180\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeLauncher.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1452"C:\WINDOWS\sysnative\cmd.exe" /c C:\WINDOWS\system32\expand.exe *.cab /f:* .\C:\Windows\System32\cmd.exeSplashtopSOS (1).exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1660\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2800"C:\Users\admin\AppData\Local\Temp\SplashtopSOS (1).exe" C:\Users\admin\AppData\Local\Temp\SplashtopSOS (1).exeexplorer.exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
MEDIUM
Description:
Splashtop® SOS
Exit code:
0
Version:
3.62.1.109
Modules
Images
c:\users\admin\appdata\local\temp\splashtopsos (1).exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
3132"C:\Users\admin\AppData\Local\Temp\unpacksos\5\\Launcher.exe" SRManagerSOS.exe 5C:\Users\admin\AppData\Local\Temp\unpacksos\5\Launcher.exe
svchost.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Launcher
Exit code:
0
Version:
3.62.1.109
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\5\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
5 870
Read events
5 836
Write events
24
Delete events
10

Modification events

(PID) Process:(536) SplashtopSOS (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS_5
Operation:writeName:ImagePath
Value:
C:\Users\admin\AppData\Local\Temp\SplashtopSOS (1).exe
(PID) Process:(536) SplashtopSOS (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS_5
Operation:writeName:DesktopPath
Value:
C:\Users\admin\Desktop\SOS.exe
(PID) Process:(536) SplashtopSOS (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS_5
Operation:delete valueName:NoteSession
Value:
(PID) Process:(536) SplashtopSOS (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS_5
Operation:delete valueName:IdleSessionTimeout
Value:
(PID) Process:(536) SplashtopSOS (1).exeKey:HKEY_CURRENT_USER\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS_5
Operation:writeName:IsSystemUser
Value:
1
(PID) Process:(5344) SRManagerSOS.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS_5
Operation:delete valueName:LaunchSid_DC
Value:
(PID) Process:(5344) SRManagerSOS.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS_5
Operation:writeName:ServerUUID
Value:
00000000000000000000000000000000
(PID) Process:(5364) SRServerSOS.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS
Operation:writeName:AutoMute
Value:
2
(PID) Process:(5364) SRServerSOS.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS
Operation:writeName:CloudProxyEnable
Value:
0
(PID) Process:(5364) SRServerSOS.exeKey:HKEY_USERS\S-1-5-21-1693682860-607145093-2874071422-1001\SOFTWARE\Splashtop Inc.\Splashtop Remote Server SOS
Operation:writeName:LastSOSCode
Value:
Executable files
63
Suspicious files
3
Text files
24
Unknown types
9

Dropped files

PID
Process
Filename
Type
536SplashtopSOS (1).exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\streamer1.cab
MD5:
SHA256:
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\libcelt-0.dllexecutable
MD5:211FF5E4D1EF8538709262056ED5F29D
SHA256:F835FFFCD3F84EF2EA8677314CE78192470E88A3B7D6854BE787563E79937FC5
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\stprinter.catcat
MD5:2DAC6568B843EBDC5C98598CA32918BE
SHA256:EB61A0E06BF8C69597F9BB1909E3EB4F926E49800C3F9721FDA3007993DA5EE7
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\p_mount.battext
MD5:88E59700F53DE95D2847B9687764BE30
SHA256:B085F4E0D6A7A4DC967C96D7C318CB749BC497135FD9E35D7AD0C88E6C53F577
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\libx264-116.dllexecutable
MD5:63F652C5455858B007B607AFBA62C302
SHA256:9017F1192304B38F437B442FE65C40D6C5A678295B954C1EE0A4C9B15A474946
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\SRServer.pemtext
MD5:A8B2B3D6C831F120CE624CFF48156558
SHA256:33FE8889070B91C3C2E234DB8494FCC174ECC69CFFF3D0BC4F6A59B39C500484
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\libcurl.dllexecutable
MD5:765EE5AF287CE822CFE0C19FDEF0C728
SHA256:5908AFA87113690827D96DC5BB550D065642D3C27936BD4626EF65840209951B
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\p_unmount.battext
MD5:FA3C191799254E542687F1F5D0974BC5
SHA256:347B12E6E2FC79E2A3668625341D7642D531159FFE5B01AB2BC5469E0EFC6B3F
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\SRClient.pemtext
MD5:A8B2B3D6C831F120CE624CFF48156558
SHA256:33FE8889070B91C3C2E234DB8494FCC174ECC69CFFF3D0BC4F6A59B39C500484
920expand.exeC:\Users\admin\AppData\Local\Temp\unpacksos\5\stprinterx.catcat
MD5:1D56A3F8D7F5DAB184A8CC4FEDDAA173
SHA256:84E1A32B4975E92477CF6A36D8931921DA735EF988E0C09A2B056F2904541B1E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
61
DNS requests
28
Threats
57

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5344
SRManagerSOS.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxXWRM3y5nP%2Be6mK4cD08CEAitQLJg0pxMn17Nqb2Trtk%3D
unknown
whitelisted
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2984
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
23.48.23.134:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5344
SRManagerSOS.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxLVGLp6chnfNtyA8CEA6bGI750C3n79tQ4ghAGFo%3D
unknown
whitelisted
5344
SRManagerSOS.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rhvv%2BYXsIiGX0TkICEAx%2B7MjF4dH7UpJWotMQ8HE%3D
unknown
whitelisted
2984
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.48.23.134:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
172.211.123.250:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
FR
whitelisted
5344
SRManagerSOS.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
6544
svchost.exe
20.190.159.130:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
5344
SRManagerSOS.exe
13.248.165.227:443
st-lookup-v1-sos-srs-win-3621-g3.api.splashtop.com
AMAZON-02
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.124.78.146
whitelisted
crl.microsoft.com
  • 23.48.23.134
  • 23.48.23.158
  • 23.48.23.187
  • 23.48.23.183
whitelisted
google.com
  • 142.250.181.238
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.219.150.101
whitelisted
client.wns.windows.com
  • 172.211.123.250
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
login.live.com
  • 20.190.159.130
  • 40.126.31.73
  • 20.190.159.64
  • 40.126.31.129
  • 40.126.31.0
  • 40.126.31.3
  • 40.126.31.130
  • 40.126.31.67
whitelisted
st-lookup-v1-sos-srs-win-3621-g3.api.splashtop.com
  • 13.248.165.227
  • 76.223.35.50
whitelisted
st-v3-sos-srs-win-3621-g3.api.splashtop.com
  • 52.223.14.216
  • 35.71.175.14
whitelisted
st-relay-v3-sos-srs-win-3621-g3.api.splashtop.com
  • 15.197.245.222
  • 3.33.205.16
whitelisted

Threats

PID
Process
Class
Message
2196
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
5344
SRManagerSOS.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
5344
SRManagerSOS.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
2196
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
5344
SRManagerSOS.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
5344
SRManagerSOS.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
2196
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
5344
SRManagerSOS.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
2196
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
5344
SRManagerSOS.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
Process
Message
Launcher.exe
[3132:4896]2025-05-28 20:42:11 RunProcessAsUser Exit(1) Err:0
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SplashtopSOS (1).exe