| URL: | http://www.influenceprint.com |
| Full analysis: | https://app.any.run/tasks/22e2c082-5747-4df6-adc0-882667567cc2 |
| Verdict: | Malicious activity |
| Threats: | A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection. |
| Analysis date: | March 12, 2026, 16:14:37 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Tags: | |
| Indicators: | |
| MD5: | 41B780F0B1DD1BE56BA24A8F4446D0E8 |
| SHA1: | E7669F34A8F6F3CB8FC90EBBCF09A0235305860B |
| SHA256: | 4834CD938D586A8DE90577A39A6896E5875CEFB01D6372944897B6B6CBA631F5 |
| SSDEEP: | 3:N1KJS4YeApMlZI:Cc4YeAMZI |
MALICIOUS
Executing a file with an untrusted certificate
- SRSelfSignCertUtil.exe (PID: 9052)
Changes powershell execution policy (Unrestricted)
- Syncro.App.Runner.exe (PID: 3176)
- Syncro.Service.Runner.exe (PID: 1424)
Disables Windows Smartscreen
- powershell.exe (PID: 4704)
UAC/LUA settings modification
- powershell.exe (PID: 4704)
SUSPICIOUS
Executes as Windows Service
- VSSVC.exe (PID: 2352)
- Syncro.Service.Runner.exe (PID: 1424)
- WmiApSrv.exe (PID: 6200)
- SRService.exe (PID: 224)
- SRService.exe (PID: 6512)
- Syncro.Overmind.Service.exe (PID: 6212)
Reads the date of Windows installation
- Installer.exe (PID: 3920)
- SynapseM.exe (PID: 2244)
Uses RUNDLL32.EXE to run a file without a DLL extension
- rundll32.exe (PID: 1884)
- rundll32.exe (PID: 8144)
Executable content was dropped or overwritten
- rundll32.exe (PID: 1884)
- Installer.exe (PID: 3920)
- Syncro.Installer.exe (PID: 7048)
- Syncro.Service.Runner.exe (PID: 1424)
- splashtop-setup.exe (PID: 7024)
- PreVerCheck.exe (PID: 7288)
- SetupUtil.exe (PID: 9136)
- rundll32.exe (PID: 8144)
- powershell.exe (PID: 7820)
- 3.exe (PID: 8068)
- M-C.exe (PID: 7564)
- M-C.exe (PID: 6408)
Restarts service on failure
- sc.exe (PID: 2708)
Searches for installed software
- Syncro.Installer.exe (PID: 7048)
- Syncro.Service.Runner.exe (PID: 1424)
The process creates files with name similar to system file names
- Syncro.Installer.exe (PID: 7048)
Starts CMD.EXE for commands execution
- Syncro.Installer.exe (PID: 7048)
- msiexec.exe (PID: 8940)
- SetupUtil.exe (PID: 9136)
- Syncro.Service.Runner.exe (PID: 1424)
Executing commands from a ".bat" file
- Syncro.Installer.exe (PID: 7048)
Starts SC.EXE for service management
- cmd.exe (PID: 8836)
Drops 7-zip archiver for unpacking
- Syncro.Installer.exe (PID: 7048)
Windows service management via SC.EXE
- sc.exe (PID: 416)
Uses TASKKILL.EXE to kill process
- cmd.exe (PID: 6512)
- cmd.exe (PID: 3636)
- cmd.exe (PID: 7904)
- cmd.exe (PID: 148)
- cmd.exe (PID: 4340)
- cmd.exe (PID: 7832)
- cmd.exe (PID: 8080)
- cmd.exe (PID: 6484)
- cmd.exe (PID: 2252)
- cmd.exe (PID: 1916)
Drops a system driver (possible attempt to evade defenses)
- msiexec.exe (PID: 4760)
Creates/Modifies COM task schedule object
- msiexec.exe (PID: 8940)
- SRService.exe (PID: 6000)
Uses WEVTUTIL.EXE to remove publishers and event logs from the manifest
- cmd.exe (PID: 5992)
Uses WEVTUTIL.EXE to install publishers and event logs from the manifest
- cmd.exe (PID: 7928)
Starts POWERSHELL.EXE for commands execution
- Syncro.App.Runner.exe (PID: 3176)
- Syncro.Service.Runner.exe (PID: 1424)
The process executes Powershell scripts
- powershell.exe (PID: 4704)
- powershell.exe (PID: 7820)
- powershell.exe (PID: 5444)
- powershell.exe (PID: 9580)
Uses NETSH.EXE to change the status of the firewall
- powershell.exe (PID: 4704)
Gets or sets the security protocol (POWERSHELL)
- powershell.exe (PID: 7820)
- powershell.exe (PID: 5444)
Starts itself from another location
- M-C.exe (PID: 7564)
Creates or modifies Windows services
- Syncro.Overmind.Service.exe (PID: 6944)
The process drops C-runtime libraries
- msiexec.exe (PID: 4760)
Creates file in the systems drive root
- Activator.exe (PID: 9520)
INFO
Application launched itself
- msedge.exe (PID: 4136)
Reads the computer name
- identity_helper.exe (PID: 9076)
- msiexec.exe (PID: 4760)
- msiexec.exe (PID: 4284)
- Installer.exe (PID: 3920)
- Syncro.Installer.exe (PID: 7048)
- InstallUtil.exe (PID: 4604)
- Syncro.Service.Runner.exe (PID: 1424)
- Syncro.App.Runner.exe (PID: 3176)
- splashtop-setup.exe (PID: 7024)
- msiexec.exe (PID: 8940)
- _isD4AE.exe (PID: 2372)
- _isD4AE.exe (PID: 4312)
- _isD4AE.exe (PID: 6976)
- _isD4AE.exe (PID: 9136)
- _isD4AE.exe (PID: 7484)
- _isD4AE.exe (PID: 6320)
- _isD4AE.exe (PID: 4616)
- _isD4AE.exe (PID: 6952)
- _isD4AE.exe (PID: 9200)
- _isD4AE.exe (PID: 6000)
- _isDEE0.exe (PID: 5992)
- _isDEE0.exe (PID: 8152)
- _isDEE0.exe (PID: 6440)
- _isDEE0.exe (PID: 4876)
- _isDEE0.exe (PID: 8228)
- _isDEE0.exe (PID: 4584)
- _isDEE0.exe (PID: 8140)
- _isDEE0.exe (PID: 2484)
- _isDEE0.exe (PID: 6904)
- _isF7A9.exe (PID: 5680)
- _isF7A9.exe (PID: 3188)
- _isF7A9.exe (PID: 2372)
- _isDEE0.exe (PID: 8492)
- _isF7A9.exe (PID: 7036)
- _isF7A9.exe (PID: 8744)
- _isF7A9.exe (PID: 8820)
- _isF7A9.exe (PID: 3644)
- _isF7A9.exe (PID: 6000)
- _isF7A9.exe (PID: 2752)
- _isF7A9.exe (PID: 1908)
- SetupUtil.exe (PID: 9136)
- SRSelfSignCertUtil.exe (PID: 9052)
- _is8A3.exe (PID: 8096)
- _is8A3.exe (PID: 7416)
- _is8A3.exe (PID: 3188)
- _is8A3.exe (PID: 1560)
- _is8A3.exe (PID: 2752)
- _is8A3.exe (PID: 5680)
- _is8A3.exe (PID: 7552)
- _is8A3.exe (PID: 8744)
- _is8A3.exe (PID: 1908)
- SRService.exe (PID: 6000)
- _isB92.exe (PID: 5992)
- _isB92.exe (PID: 4776)
- _isB92.exe (PID: 8284)
- _is8A3.exe (PID: 3644)
- _isB92.exe (PID: 3344)
- _isB92.exe (PID: 5012)
- _isB92.exe (PID: 5868)
- _isB92.exe (PID: 8004)
- _isB92.exe (PID: 6364)
- _isB92.exe (PID: 2220)
- SRService.exe (PID: 3576)
- _isB92.exe (PID: 2036)
- SRManager.exe (PID: 7720)
- SRAgent.exe (PID: 9168)
- SRService.exe (PID: 224)
- SRServer.exe (PID: 2708)
- msiexec.exe (PID: 7192)
- SRAppPB.exe (PID: 2752)
- SRFeature.exe (PID: 5828)
- SRService.exe (PID: 6512)
- SRManager.exe (PID: 8760)
- SRServer.exe (PID: 8068)
- SRServer.exe (PID: 4020)
- SRAppPB.exe (PID: 6788)
- SRAgent.exe (PID: 2036)
- SRFeature.exe (PID: 8096)
- 3.exe (PID: 8068)
- M-C.exe (PID: 7564)
- M-C.exe (PID: 6408)
- Syncro.Overmind.Service.exe (PID: 6944)
- Syncro.Overmind.Service.exe (PID: 6212)
- SynapseM.exe (PID: 2244)
- SRVirtualDisplay.exe (PID: 9232)
- osqueryi.exe (PID: 9324)
- msiexec.exe (PID: 9476)
- Activator.exe (PID: 9520)
Reads security settings of Internet Explorer
- msiexec.exe (PID: 9168)
- Installer.exe (PID: 3920)
- InstallUtil.exe (PID: 4604)
- Syncro.Service.Runner.exe (PID: 1424)
- Syncro.App.Runner.exe (PID: 3176)
- splashtop-setup.exe (PID: 7024)
- SetupUtil.exe (PID: 9136)
- Taskmgr.exe (PID: 2788)
- 3.exe (PID: 8068)
- msiexec.exe (PID: 9476)
Reads Environment values
- identity_helper.exe (PID: 9076)
- Syncro.Installer.exe (PID: 7048)
- Syncro.Service.Runner.exe (PID: 1424)
- SRManager.exe (PID: 7720)
- SRManager.exe (PID: 8760)
- Syncro.Overmind.Service.exe (PID: 6944)
- Syncro.Overmind.Service.exe (PID: 6212)
Checks supported languages
- identity_helper.exe (PID: 9076)
- msiexec.exe (PID: 4284)
- msiexec.exe (PID: 4760)
- Syncro.Installer.exe (PID: 7048)
- Installer.exe (PID: 3920)
- InstallUtil.exe (PID: 4604)
- Syncro.App.Runner.exe (PID: 3176)
- Syncro.Service.Runner.exe (PID: 1424)
- splashtop-setup.exe (PID: 7024)
- PreVerCheck.exe (PID: 7288)
- msiexec.exe (PID: 8940)
- _isD4AE.exe (PID: 2372)
- _isD4AE.exe (PID: 6976)
- _isD4AE.exe (PID: 4312)
- _isD4AE.exe (PID: 7484)
- _isD4AE.exe (PID: 4616)
- _isD4AE.exe (PID: 6952)
- _isD4AE.exe (PID: 9136)
- _isD4AE.exe (PID: 6320)
- _isD4AE.exe (PID: 9200)
- _isD4AE.exe (PID: 6000)
- _isDEE0.exe (PID: 5992)
- _isDEE0.exe (PID: 8152)
- _isDEE0.exe (PID: 6440)
- _isDEE0.exe (PID: 4876)
- _isDEE0.exe (PID: 8228)
- _isDEE0.exe (PID: 8492)
- _isDEE0.exe (PID: 4584)
- _isDEE0.exe (PID: 6904)
- _isDEE0.exe (PID: 2484)
- _isF7A9.exe (PID: 5680)
- _isF7A9.exe (PID: 3188)
- _isF7A9.exe (PID: 7036)
- _isF7A9.exe (PID: 2372)
- _isDEE0.exe (PID: 8140)
- _isF7A9.exe (PID: 8820)
- _isF7A9.exe (PID: 3644)
- _isF7A9.exe (PID: 8744)
- _isF7A9.exe (PID: 6000)
- _isF7A9.exe (PID: 1908)
- SetupUtil.exe (PID: 3024)
- _isF7A9.exe (PID: 2752)
- SetupUtil.exe (PID: 9136)
- SetupUtil.exe (PID: 7292)
- SRSelfSignCertUtil.exe (PID: 9052)
- _is8A3.exe (PID: 8096)
- _is8A3.exe (PID: 7416)
- _is8A3.exe (PID: 5680)
- _is8A3.exe (PID: 3188)
- _is8A3.exe (PID: 1560)
- _is8A3.exe (PID: 7552)
- _is8A3.exe (PID: 2752)
- _is8A3.exe (PID: 3644)
- _is8A3.exe (PID: 8744)
- _is8A3.exe (PID: 1908)
- SRService.exe (PID: 6000)
- _isB92.exe (PID: 8284)
- _isB92.exe (PID: 4776)
- _isB92.exe (PID: 5992)
- _isB92.exe (PID: 2036)
- _isB92.exe (PID: 5012)
- _isB92.exe (PID: 8004)
- _isB92.exe (PID: 6364)
- _isB92.exe (PID: 2220)
- SRService.exe (PID: 3576)
- _isB92.exe (PID: 3344)
- _isB92.exe (PID: 5868)
- SRService.exe (PID: 224)
- SRManager.exe (PID: 7720)
- SRServer.exe (PID: 2708)
- SRAgent.exe (PID: 9168)
- SRAppPB.exe (PID: 2752)
- msiexec.exe (PID: 7192)
- SRFeature.exe (PID: 5828)
- SRUtility.exe (PID: 6580)
- SRUtility.exe (PID: 8176)
- BdEpSDK.exe (PID: 7544)
- SRUtility.exe (PID: 5012)
- SRUtility.exe (PID: 3096)
- SRUtility.exe (PID: 7608)
- SRManager.exe (PID: 416)
- SRManager.exe (PID: 8760)
- SRService.exe (PID: 6512)
- SRServer.exe (PID: 8068)
- SRServer.exe (PID: 4020)
- SRAppPB.exe (PID: 6788)
- SRAgent.exe (PID: 2036)
- SRFeature.exe (PID: 8096)
- SRUtility.exe (PID: 3628)
- 3.exe (PID: 8068)
- BdEpSDK.exe (PID: 5996)
- M-C.exe (PID: 7564)
- M-C.exe (PID: 6408)
- Syncro.Overmind.Service.exe (PID: 6212)
- Syncro.Overmind.Service.exe (PID: 6944)
- osqueryi.exe (PID: 9324)
- SRVirtualDisplay.exe (PID: 9232)
- msiexec.exe (PID: 9476)
- SynapseM.exe (PID: 2244)
- Activator.exe (PID: 9520)
Manages system restore points
- SrTasks.exe (PID: 8564)
Process checks computer location settings
- Installer.exe (PID: 3920)
- 3.exe (PID: 8068)
- msiexec.exe (PID: 9476)
Reads the machine GUID from the registry
- Syncro.Installer.exe (PID: 7048)
- InstallUtil.exe (PID: 4604)
- Syncro.Service.Runner.exe (PID: 1424)
- Syncro.App.Runner.exe (PID: 3176)
- msiexec.exe (PID: 8940)
- SRSelfSignCertUtil.exe (PID: 9052)
- SRManager.exe (PID: 7720)
- SRServer.exe (PID: 2708)
- SRAgent.exe (PID: 9168)
- SRUtility.exe (PID: 8176)
- SRUtility.exe (PID: 3096)
- SRUtility.exe (PID: 7608)
- SRUtility.exe (PID: 5012)
- SRServer.exe (PID: 4020)
- SRManager.exe (PID: 8760)
- SRAgent.exe (PID: 2036)
- Syncro.Overmind.Service.exe (PID: 6944)
- Syncro.Overmind.Service.exe (PID: 6212)
- SynapseM.exe (PID: 2244)
- Activator.exe (PID: 9520)
Create files in a temporary directory
- rundll32.exe (PID: 1884)
- Installer.exe (PID: 3920)
- Syncro.Installer.exe (PID: 7048)
- rundll32.exe (PID: 8144)
- 3.exe (PID: 8068)
- M-C.exe (PID: 6408)
Executable content was dropped or overwritten
- msiexec.exe (PID: 4760)
- msiexec.exe (PID: 8940)
Creates files in the program directory
- Installer.exe (PID: 3920)
- InstallUtil.exe (PID: 4604)
- Syncro.Installer.exe (PID: 7048)
- Syncro.Service.Runner.exe (PID: 1424)
- Syncro.App.Runner.exe (PID: 3176)
- SetupUtil.exe (PID: 9136)
- SRSelfSignCertUtil.exe (PID: 9052)
- SRService.exe (PID: 6000)
- SRManager.exe (PID: 7720)
- SRAgent.exe (PID: 9168)
- SRAgent.exe (PID: 2036)
- powershell.exe (PID: 7820)
- M-C.exe (PID: 7564)
- powershell.exe (PID: 5444)
- Syncro.Overmind.Service.exe (PID: 6944)
- SRVirtualDisplay.exe (PID: 9232)
- Syncro.Overmind.Service.exe (PID: 6212)
The sample compiled with english language support
- Syncro.Installer.exe (PID: 7048)
- PreVerCheck.exe (PID: 7288)
- splashtop-setup.exe (PID: 7024)
- msiexec.exe (PID: 4760)
- msiexec.exe (PID: 8940)
- SetupUtil.exe (PID: 9136)
- M-C.exe (PID: 7564)
- 3.exe (PID: 8068)
- M-C.exe (PID: 6408)
SYNCRO has been detected
- cmd.exe (PID: 8836)
- InstallUtil.exe (PID: 4604)
- Syncro.Installer.exe (PID: 7048)
- Syncro.Service.Runner.exe (PID: 1424)
- Syncro.App.Runner.exe (PID: 3176)
- Taskmgr.exe (PID: 2788)
Disables trace logs
- Syncro.Installer.exe (PID: 7048)
- Syncro.Service.Runner.exe (PID: 1424)
- powershell.exe (PID: 7820)
- powershell.exe (PID: 5444)
Creates a software uninstall entry
- Syncro.Service.Runner.exe (PID: 1424)
Reads CPU info
- Syncro.Service.Runner.exe (PID: 1424)
Process checks Powershell version
- Syncro.Service.Runner.exe (PID: 1424)
Reads the time zone
- Syncro.Service.Runner.exe (PID: 1424)
Checks if a key exists in the options dictionary (POWERSHELL)
- Syncro.Service.Runner.exe (PID: 1424)
- powershell.exe (PID: 4704)
The sample compiled with chinese language support
- msiexec.exe (PID: 4760)
- 3.exe (PID: 8068)
- M-C.exe (PID: 7564)
SPLASHTOP has been detected
- msiexec.exe (PID: 8940)
- SetupUtil.exe (PID: 3024)
- msiexec.exe (PID: 8940)
- SetupUtil.exe (PID: 3024)
- cmd.exe (PID: 5992)
- conhost.exe (PID: 2996)
- wevtutil.exe (PID: 4776)
- conhost.exe (PID: 7224)
- wevtutil.exe (PID: 8228)
- cmd.exe (PID: 7928)
- SetupUtil.exe (PID: 7292)
- SetupUtil.exe (PID: 7292)
- SetupUtil.exe (PID: 9136)
- SRSelfSignCertUtil.exe (PID: 9052)
- conhost.exe (PID: 6416)
- SRService.exe (PID: 6000)
- conhost.exe (PID: 2016)
- SRService.exe (PID: 224)
- SRManager.exe (PID: 7720)
- SRManager.exe (PID: 7720)
- SRServer.exe (PID: 2708)
- SRService.exe (PID: 3576)
- PreVerCheck.exe (PID: 7288)
- SRService.exe (PID: 224)
- SRAppPB.exe (PID: 2752)
- SRAppPB.exe (PID: 2752)
- SRAgent.exe (PID: 9168)
- SRFeature.exe (PID: 5828)
- SRFeature.exe (PID: 5828)
- conhost.exe (PID: 8580)
- SRUtility.exe (PID: 6580)
- SRAgent.exe (PID: 9168)
- SRUtility.exe (PID: 6580)
- SRServer.exe (PID: 2708)
- cmd.exe (PID: 8284)
- SRUtility.exe (PID: 8176)
- SRUtility.exe (PID: 8176)
- conhost.exe (PID: 7680)
- BdEpSDK.exe (PID: 7544)
- SRUtility.exe (PID: 5012)
- conhost.exe (PID: 1320)
- cmd.exe (PID: 4616)
- Syncro.Service.Runner.exe (PID: 1424)
- conhost.exe (PID: 3344)
- conhost.exe (PID: 5604)
- SRUtility.exe (PID: 7608)
- SRUtility.exe (PID: 3096)
- conhost.exe (PID: 8568)
- cmd.exe (PID: 4968)
- SRUtility.exe (PID: 7608)
- SRManager.exe (PID: 416)
- SRUtility.exe (PID: 5012)
- cmd.exe (PID: 7724)
- SRUtility.exe (PID: 3096)
- Taskmgr.exe (PID: 2788)
- SRService.exe (PID: 6512)
- SRManager.exe (PID: 8760)
- SRManager.exe (PID: 8760)
- SRService.exe (PID: 6512)
- SRServer.exe (PID: 8068)
- SRServer.exe (PID: 4020)
- SRServer.exe (PID: 4020)
- SRAppPB.exe (PID: 6788)
- SRAgent.exe (PID: 2036)
- SRFeature.exe (PID: 8096)
- SRUtility.exe (PID: 3628)
- conhost.exe (PID: 5012)
- BdEpSDK.exe (PID: 5996)
- SRAgent.exe (PID: 2036)
- SRAppPB.exe (PID: 6788)
- SRFeature.exe (PID: 8096)
- conhost.exe (PID: 1136)
- SRUtility.exe (PID: 3628)
- SRVirtualDisplay.exe (PID: 9232)
- SRVirtualDisplay.exe (PID: 9232)
- conhost.exe (PID: 9336)
- osqueryi.exe (PID: 9324)
Manual execution by a user
- msiexec.exe (PID: 1492)
- Taskmgr.exe (PID: 2788)
- Taskmgr.exe (PID: 8888)
Reads product name
- SRManager.exe (PID: 7720)
- SRManager.exe (PID: 8760)
Creates files or folders in the user directory
- M-C.exe (PID: 6408)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
Total processes
373
Monitored processes
216
Malicious processes
5
Suspicious processes
4
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 148 | C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRManager.exe /T" | C:\Windows\SysWOW64\cmd.exe | — | msiexec.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows Command Processor Exit code: 128 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 224 | "C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" | C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe | — | services.exe | |||||||||||
User: SYSTEM Company: Splashtop Inc. Integrity Level: SYSTEM Description: Splashtop® Streamer Service Exit code: 0 Version: 3.80.4.45 Modules
| |||||||||||||||
| 412 | C:\WINDOWS\System32\slui.exe -Embedding | C:\Windows\System32\slui.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Activation Client Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 416 | sc start Syncro | C:\Windows\System32\sc.exe | — | cmd.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Service Control Manager Configuration Tool Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 416 | -x | C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe | — | SRService.exe | |||||||||||
User: SYSTEM Company: Splashtop Inc. Integrity Level: SYSTEM Description: Splashtop® Streamer SRManager Exit code: 1 Version: 3.80.4.45 Modules
| |||||||||||||||
| 876 | "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=6716,i,12844525430604521670,1742004297658358183,262144 --disable-features=HttpsFirstBalancedMode,HttpsFirstModeV2,HttpsOnlyMode,HttpsUpgrades --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:8 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | — | msedge.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Edge Exit code: 0 Version: 133.0.3065.92 Modules
| |||||||||||||||
| 1128 | C:\Windows\System32\SystemSettingsBroker.exe -Embedding | C:\Windows\System32\SystemSettingsBroker.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: System Settings Broker Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1136 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | SRUtility.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1320 | \??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1 | C:\Windows\System32\conhost.exe | — | SRUtility.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Console Window Host Exit code: 0 Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1424 | "C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe" | C:\Program Files\RepairTech\Syncro\Syncro.Service.Runner.exe | services.exe | ||||||||||||
User: SYSTEM Company: Servably, Inc. Integrity Level: SYSTEM Description: Syncro.Service.Runner Version: 1.0.191.18060 Modules
| |||||||||||||||
Total events
119 688
Read events
118 975
Write events
676
Delete events
37
Modification events
| (PID) Process: | (4760) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore |
| Operation: | write | Name: | SrCreateRp (Enter) |
Value: 480000000000000097EC966B3BB2DC0198120000F8210000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
| (PID) Process: | (4760) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
| Operation: | write | Name: | SppGetSnapshots (Enter) |
Value: 480000000000000097EC966B3BB2DC0198120000F8210000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
| (PID) Process: | (4760) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
| Operation: | write | Name: | SppEnumGroups (Leave) |
Value: 4800000000000000CC66F36B3BB2DC0198120000F8210000D10700000100000000000000010000000000000000000000000000000000000000000000000000000000000000000000 | |||
| (PID) Process: | (4760) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
| Operation: | write | Name: | SppCreate (Enter) |
Value: 48000000000000008F8FF56B3BB2DC0198120000F8210000D00700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
| (PID) Process: | (4760) msiexec.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP |
| Operation: | write | Name: | SppGatherWriterMetadata (Enter) |
Value: 48000000000000005D6F096C3BB2DC0198120000F8210000D30700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
| (PID) Process: | (2352) VSSVC.exe | Key: | HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001 |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (2352) VSSVC.exe | Key: | HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\COM+ REGDB Writer |
| Operation: | write | Name: | IDENTIFY (Leave) |
Value: 48000000000000000CA8236C3BB2DC013009000010220000E80300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000 | |||
| (PID) Process: | (2352) VSSVC.exe | Key: | HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\11000001 |
| Operation: | write | Name: | Element |
Value: 0000000000000000000000000000000006000000000000004800000000000000715E5C2FA985EB1190A89A9B763584210000000000000000745E5C2FA985EB1190A89A9B7635842100000000000000000000000000000000 | |||
| (PID) Process: | (2352) VSSVC.exe | Key: | HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002 |
| Operation: | delete key | Name: | (default) |
Value: | |||
| (PID) Process: | (2352) VSSVC.exe | Key: | HKEY_LOCAL_MACHINE\BCD00000000\Objects\{9dea862c-5cdd-4e70-acc1-f32b344d4795}\Elements\12000002 |
| Operation: | write | Name: | Element |
Value: \EFI\Microsoft\Boot\bootmgfw.efi | |||
Executable files
532
Suspicious files
237
Text files
500
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF1e52b2.TMP | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF1e52c1.TMP | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF1e52c1.TMP | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF1e52c1.TMP | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF1e52d1.TMP | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old | — | |
MD5:— | SHA256:— | |||
| 4136 | msedge.exe | C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
239
TCP/UDP connections
123
DNS requests
101
Threats
57
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
8624 | msedge.exe | GET | 302 | 104.21.0.134:443 | https://alkizo.com/cdn-cgi/challenge-platform/scripts/jsd/main.js | US | — | — | unknown |
8624 | msedge.exe | GET | 200 | 150.171.27.11:80 | http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:JqM8nvyZaI8eBuIEJBEldyFCtoswo2Nv3OPnbVnxNek&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 | US | text | 96 b | whitelisted |
8624 | msedge.exe | GET | 200 | 150.171.22.17:443 | https://config.edge.skype.com/config/v1/Edge/133.0.3065.92?clientId=4489578223053569932&agents=Edge%2CEdgeConfig%2CEdgeServices%2CEdgeFirstRun%2CEdgeFirstRunConfig&osname=win&client=edge&channel=stable&scpfre=0&osarch=x86_64&osver=10.0.19045&wu=1&devicefamily=desktop&uma=0&sessionid=66&mngd=0&installdate=1661339457&edu=0&soobedate=1504771245&bphint=2&fg=1&lbfgdate=1766135237&lafgdate=0 | US | text | 4.38 Kb | whitelisted |
8624 | msedge.exe | GET | 200 | 13.107.246.45:443 | https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US | US | — | 82 b | whitelisted |
8624 | msedge.exe | GET | 200 | 188.114.97.3:80 | http://www.influenceprint.com/ | US | html | 235 b | unknown |
8624 | msedge.exe | GET | 200 | 150.171.27.11:443 | https://edge.microsoft.com/serviceexperimentation/v3/?osname=win&channel=stable&osver=10.0.19045&devicefamily=desktop&installdate=1661339457&clientversion=133.0.3065.92&experimentationmode=2&scpguard=0&scpfull=0&scpver=0 | US | — | 295 b | whitelisted |
8624 | msedge.exe | GET | 304 | 104.21.0.134:443 | https://alkizo.com/Update%20Chrome_files/chrome-logo-2023.png | US | — | — | unknown |
8624 | msedge.exe | GET | 304 | 104.21.0.134:443 | https://alkizo.com/Update%20Chrome_files/google-footer-logo.jpg | US | — | — | unknown |
8624 | msedge.exe | GET | 304 | 104.21.0.134:443 | https://alkizo.com/Update%20Chrome_files/automaticUpdates.webp | US | — | — | unknown |
8624 | msedge.exe | GET | 304 | 104.21.0.134:443 | https://alkizo.com/Update%20Chrome_files/chrome-logo.svg | US | — | — | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
6332 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
4 | System | 192.168.100.255:137 | — | Not routed | — | whitelisted |
4924 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
6768 | MoUsoCoreWorker.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
— | — | 184.86.251.19:443 | www.bing.com | AKAMAI-ASN1 | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | Not routed | — | whitelisted |
8624 | msedge.exe | 150.171.27.11:80 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
8624 | msedge.exe | 150.171.22.17:443 | config.edge.skype.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
8624 | msedge.exe | 150.171.27.11:443 | edge.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | whitelisted |
8624 | msedge.exe | 188.114.97.3:80 | www.influenceprint.com | CLOUDFLARENET | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
edge.microsoft.com |
| whitelisted |
config.edge.skype.com |
| whitelisted |
www.influenceprint.com |
| unknown |
api.edgeoffer.microsoft.com |
| whitelisted |
copilot.microsoft.com |
| whitelisted |
alkizo.com |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
6332 | svchost.exe | Unknown Traffic | ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW) |
8624 | msedge.exe | Potentially Bad Traffic | ET REMOTE_ACCESS Observed Remote Management Software Domain in DNS Lookup (syncromsp .com) |
8624 | msedge.exe | Potentially Bad Traffic | ET REMOTE_ACCESS Observed Remote Management Software Domain in DNS Lookup (syncromsp .com) |
8624 | msedge.exe | Potentially Bad Traffic | ET REMOTE_ACCESS Observed Remote Management Software Domain (syncromsp .com in TLS SNI) |
2292 | svchost.exe | Potentially Bad Traffic | ET REMOTE_ACCESS Observed Remote Management Software Domain in DNS Lookup (syncromsp .com) |
7048 | Syncro.Installer.exe | Potentially Bad Traffic | ET REMOTE_ACCESS Observed Remote Management Software Domain (syncromsp .com in TLS SNI) |
2292 | svchost.exe | Misc activity | ET REMOTE_ACCESS Observed SyncroMSP Remote Management Software Domain in DNS Lookup (kabutoservices .com) |
7048 | Syncro.Installer.exe | Misc activity | ET INFO SyncroMSP Remote Remote Management Software Install Registration |
7048 | Syncro.Installer.exe | Potentially Bad Traffic | ET REMOTE_ACCESS Observed SyncroMSP Remote Management Software Domain (kabutoservices .com in TLS SNI) |
7048 | Syncro.Installer.exe | Potentially Bad Traffic | ET REMOTE_ACCESS Observed Remote Management Software Domain (syncromsp .com in TLS SNI) |
Process | Message |
|---|---|
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::FindHeader] Header offset:434688 (Last=183) |
splashtop-setup.exe | [7024]2026-03-12 12:16:20 [CUtility::OSInfo] OS 10.0(19045) x64:1 (Last=0) |
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::FindHeader] Name:C:\WINDOWS\TEMP\syncro\downloads\splashtop-setup.exe (Last=0) |
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::UnPackFiles] FreeSpace:230871863296 FileSize:68373504 (Last=0) |
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::FindHeader] Sign Size:10440 (Last=0) |
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::UnPackFiles] (1/5)UnPack file name:C:\WINDOWS\TEMP\unpack\setup.msi (68373504) (Last=0) |
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::UnPackFiles] (3/5)UnPack file name:C:\WINDOWS\TEMP\unpack\setup.ini (1528) (Last=122) |
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::UnPackFiles] UnPack count:1 len:68373504 File:(null) (Last=0) |
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::UnPackFiles] (2/5)UnPack file name:C:\WINDOWS\TEMP\unpack\run.bat (15) (Last=122) |
splashtop-setup.exe | [7024]2026-03-12 12:16:21 [CUnPack::UnPackFiles] UnPack count:2 len:15 File:(null) (Last=0) |