URL:

http://sos.splashtop.com/

Full analysis: https://app.any.run/tasks/5d793888-6797-4f16-812f-a56974bc5a99
Verdict: Malicious activity
Analysis date: May 09, 2024, 20:34:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

CF889D0374598B7A80880FEEDA515617

SHA1:

A4332881C2A766983C38C8D67C047C573FEA1B29

SHA256:

9CA65281B2712DDD21591944C1488316666B1FCF6F05390C7E138D24601A7E1B

SSDEEP:

3:N1KNKMWj/DKgKn:CYMWjrbKn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SplashtopSOS.exe (PID: 2280)

    • Creates a writable file in the system directory

      • SRManagerSOS.exe (PID: 1888)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)

    • Reads the Internet Settings

      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)

    • Application launched itself

      • SplashtopSOS.exe (PID: 1704)

    • The process executes via Task Scheduler

      • Launcher.exe (PID: 1468)

    • Starts CMD.EXE for commands execution

      • SplashtopSOS.exe (PID: 2280)
      • SRAgentSOS.exe (PID: 2708)

    • Process drops legitimate windows executable

      • expand.exe (PID: 2124)

    • Executable content was dropped or overwritten

      • SplashtopSOS.exe (PID: 2280)
      • expand.exe (PID: 2124)

    • Checks Windows Trust Settings

      • SRManagerSOS.exe (PID: 1888)

    • Executing commands from a ".bat" file

      • SRAgentSOS.exe (PID: 2708)

    • Searches for installed software

      • SRAgentSOS.exe (PID: 2708)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3984)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1652)
      • SplashtopSOS.exe (PID: 1704)
      • SRManagerSOS.exe (PID: 1888)
      • SplashtopSOS.exe (PID: 2280)
      • SRServerSOS.exe (PID: 2560)
      • SRAgentSOS.exe (PID: 2708)
      • SRFeatureSOS.exe (PID: 2676)
      • SRAppPBSOS.exe (PID: 2704)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3984)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1652)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1652)
      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)
      • Launcher.exe (PID: 1468)
      • SRManagerSOS.exe (PID: 1888)
      • SRServerSOS.exe (PID: 2560)
      • SRAgentSOS.exe (PID: 2708)
      • SRUtilitySOS.exe (PID: 1240)
      • SRAppPBSOS.exe (PID: 2704)
      • SRFeatureSOS.exe (PID: 2676)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 4044)
      • iexplore.exe (PID: 3984)
      • expand.exe (PID: 2124)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 4044)
      • iexplore.exe (PID: 3984)

    • The process uses the downloaded file

      • SplashtopSOS.exe (PID: 1704)
      • iexplore.exe (PID: 3984)

    • Create files in a temporary directory

      • SplashtopSOS.exe (PID: 2280)
      • expand.exe (PID: 2124)
      • SRManagerSOS.exe (PID: 1888)
      • Launcher.exe (PID: 1468)
      • SRAgentSOS.exe (PID: 2708)

    • Reads the machine GUID from the registry

      • SplashtopSOS.exe (PID: 2280)
      • SRManagerSOS.exe (PID: 1888)
      • SRAgentSOS.exe (PID: 2708)

    • Creates files in the program directory

      • SRManagerSOS.exe (PID: 1888)

    • Reads Environment values

      • SRManagerSOS.exe (PID: 1888)

    • Reads product name

      • SRManagerSOS.exe (PID: 1888)

    • Reads the software policy settings

      • SRManagerSOS.exe (PID: 1888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
23
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs splashtopsos.exe no specs splashtopsos.exe cmd.exe no specs expand.exe cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs launcher.exe srmanagersos.exe srserversos.exe sragentsos.exe no specs srapppbsos.exe no specs srfeaturesos.exe srutilitysos.exe no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1240SRUtilitySOS.exe -rC:\Users\admin\AppData\Local\Temp\unpacksos\1\SRUtilitySOS.exeSRFeatureSOS.exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
MEDIUM
Description:
Splashtop® Streamer Utility
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\srutilitysos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1468C:\Users\admin\AppData\Local\Temp\unpacksos\1\\Launcher.exe SRManagerSOS.exe 1C:\Users\admin\AppData\Local\Temp\unpacksos\1\Launcher.exe
taskeng.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Launcher
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1652"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1676schtasks /create /xml ASOS.xml /ru "system" /tn ASOS1C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
1704"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exeiexplore.exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
MEDIUM
Description:
Splashtop® SOS
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\splashtopsos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1888"SRManagerSOS.exe"C:\Users\admin\AppData\Local\Temp\unpacksos\1\SRManagerSOS.exe
Launcher.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Splashtop® Streamer SRManager
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\srmanagersos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1960"C:\Windows\System32\cmd.exe" /c schtasks /run /tn ASOS1C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2124C:\Windows\system32\expand.exe *.cab /f:* .\C:\Windows\System32\expand.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
LZ Expansion Utility
Exit code:
0
Version:
6.1.7601.24535 (win7sp1_ldr_escrow.191105-1059)
Modules
Images
c:\windows\system32\expand.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cabinet.dll
2172"C:\Windows\System32\cmd.exe" /c schtasks /create /xml ASOS.xml /ru "system" /tn ASOS1C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2268"C:\Windows\System32\cmd.exe" /c C:\Windows\system32\expand.exe *.cab /f:* .\C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
32 451
Read events
32 202
Write events
196
Delete events
53

Modification events

(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31105616
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31105616
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
58
Suspicious files
59
Text files
46
Unknown types
4

Dropped files

PID
Process
Filename
Type
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:33968DF731637F1710B4A2CF7EE6E146
SHA256:9C270931D46C05E3FA7FE111067046B7B9A8838DC387CB80256203DB6D0D33CA
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\TYX336G5.htmhtml
MD5:F5D40B7259645010F9A248858AD14178
SHA256:7F5007068D2B56EA9735E2490D60CFF2E72CAE312024AC1F6C91158EBA47D05D
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656binary
MD5:D54F5F99C0EB048DD261B52EFC9FCBE3
SHA256:6DEA265177C173483938665A6D737CFF3CD13122F5C9D837EA336510A9528EE9
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:2592A8F8CDC7AA5A03B0CBB9E7C9D11C
SHA256:9C6BD5F68D9A77C2930062B0B0E4EAF108D645ED5C4490F92E70EC2A21D226DC
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_04D8EC309BE5C1F93B2C025ED3EF698Bbinary
MD5:2BD4373A413A7000EC35DDC64FA3CB61
SHA256:97F40FDCD9BF48935B1DDA2C6C43519FBE69FBFB433B1E8E7AAE9E0091050DD9
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:5857AFF0EA0365561D0F06769A04101C
SHA256:B50C616B5C29BD9611ED360A238B6B6C421D0FE3B85DF331E4951AEFAB526B2E
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\app.55eef246[1].jstext
MD5:79AE6910AE386718EDC5A0B4EA6AC795
SHA256:BD7BB1C3DED4C9B2C72FBC7750019960486DEDA3091F8AE6DE1B782FC32039CB
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\sos-logo.1cd52fe4[1].pngimage
MD5:1CD52FE44FA5226DD457FC3CAC71E274
SHA256:F47C9185C715D04CEF7BAE0C1F3D95230D6E953D6D512FA8927F9A59582260F0
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:79706229F033250D5551097DB191BD06
SHA256:9FB446924A9FDA0EA4C5E3801709B09B31E0841E1381DC50DFA28C5DAA998713
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:E2EE5D1688EEECE0DEFB854726BB423B
SHA256:5345CC322856E4FF5A1920DDF060F40D070649BD67BBEDECEA3EA5B54F10F158
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
52
DNS requests
33
Threats
34

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4044
iexplore.exe
GET
301
108.138.26.122:80
http://sos.splashtop.com/
US
html
167 b
unknown
4044
iexplore.exe
GET
304
95.101.54.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0eb42db1385d6a0b
DE
unknown
4044
iexplore.exe
GET
200
18.239.15.186:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
US
binary
2.02 Kb
unknown
4044
iexplore.exe
GET
200
18.65.41.80:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
US
binary
1.49 Kb
unknown
4044
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
US
binary
1.37 Kb
unknown
4044
iexplore.exe
GET
200
18.238.246.206:80
http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEArhJQaygccTwaDK%2BEiGWn0%3D
US
binary
471 b
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
US
binary
1.41 Kb
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
US
binary
724 b
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEAFWoeiRoD5nEA9wbC%2FqWOc%3D
US
binary
471 b
unknown
3984
iexplore.exe
GET
304
95.101.54.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?05ddb862cf824777
DE
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4044
iexplore.exe
108.138.26.122:80
sos.splashtop.com
AMAZON-02
US
unknown
4044
iexplore.exe
108.138.26.122:443
sos.splashtop.com
AMAZON-02
US
unknown
4044
iexplore.exe
95.101.54.128:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4044
iexplore.exe
18.239.15.186:80
o.ss2.us
US
unknown
4044
iexplore.exe
18.65.41.80:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
unknown
4044
iexplore.exe
18.245.39.64:80
ocsp.rootca1.amazontrust.com
US
unknown

DNS requests

Domain
IP
Reputation
sos.splashtop.com
  • 108.138.26.83
  • 108.138.26.122
  • 108.138.26.36
  • 108.138.26.67
  • 18.239.94.65
  • 18.239.94.104
  • 18.239.94.116
  • 18.239.94.52
unknown
ctldl.windowsupdate.com
  • 95.101.54.128
  • 95.101.54.113
  • 173.222.108.226
  • 173.222.108.210
whitelisted
o.ss2.us
  • 18.239.15.186
  • 18.239.15.14
  • 18.239.15.174
  • 18.239.15.192
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.65.41.80
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
ocsp.r2m02.amazontrust.com
  • 18.238.246.206
whitelisted
www.google-analytics.com
  • 142.250.185.174
whitelisted
ocsp.pki.goog
  • 216.58.206.67
whitelisted
download.splashtop.com
  • 18.239.69.71
  • 18.239.69.60
  • 18.239.69.48
  • 18.239.69.54
unknown
stats.g.doubleclick.net
  • 142.251.173.156
  • 142.251.173.155
  • 142.251.173.154
  • 142.251.173.157
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
Process
Message
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUtility::OSInfo] OS 6.1(7601) Service Pack 1 x64:0 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::UnPackFiles] FreeSpace:233004802048 FileSize:16801114 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::UnPackFiles] (1/1)UnPack file name:C:\Users\admin\AppData\Local\Temp\unpacksos\1\streamer1.cab (16801114) (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Header offset:489472 (Last=183)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Sign Size:10248 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Name:C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exe (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPack::UnPackFiles] UnPack total 1 files. (Last=183)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPack::UnPackFiles] UnPack count:1 len:16801114 File:(null) (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPackFileApp::ExecuteCommand] succ wait pid:688 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:47 [CUnPackFileApp::ExecuteCommand] pid:688 finish ecode:0 (Last=0)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://sos.splashtop.com/