URL:

http://sos.splashtop.com/

Full analysis: https://app.any.run/tasks/5d793888-6797-4f16-812f-a56974bc5a99
Verdict: Malicious activity
Analysis date: May 09, 2024, 20:34:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

CF889D0374598B7A80880FEEDA515617

SHA1:

A4332881C2A766983C38C8D67C047C573FEA1B29

SHA256:

9CA65281B2712DDD21591944C1488316666B1FCF6F05390C7E138D24601A7E1B

SSDEEP:

3:N1KNKMWj/DKgKn:CYMWjrbKn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SplashtopSOS.exe (PID: 2280)

    • Creates a writable file in the system directory

      • SRManagerSOS.exe (PID: 1888)

  • SUSPICIOUS

    • Reads the Internet Settings

      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)

    • Reads security settings of Internet Explorer

      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)

    • Application launched itself

      • SplashtopSOS.exe (PID: 1704)

    • Starts CMD.EXE for commands execution

      • SplashtopSOS.exe (PID: 2280)
      • SRAgentSOS.exe (PID: 2708)

    • Executable content was dropped or overwritten

      • expand.exe (PID: 2124)
      • SplashtopSOS.exe (PID: 2280)

    • The process executes via Task Scheduler

      • Launcher.exe (PID: 1468)

    • Process drops legitimate windows executable

      • expand.exe (PID: 2124)

    • Checks Windows Trust Settings

      • SRManagerSOS.exe (PID: 1888)

    • Searches for installed software

      • SRAgentSOS.exe (PID: 2708)

    • Executing commands from a ".bat" file

      • SRAgentSOS.exe (PID: 2708)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3984)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3984)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 4044)
      • iexplore.exe (PID: 3984)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1652)
      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)
      • Launcher.exe (PID: 1468)
      • SRManagerSOS.exe (PID: 1888)
      • SRServerSOS.exe (PID: 2560)
      • SRAgentSOS.exe (PID: 2708)
      • SRAppPBSOS.exe (PID: 2704)
      • SRFeatureSOS.exe (PID: 2676)
      • SRUtilitySOS.exe (PID: 1240)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1652)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3984)
      • SplashtopSOS.exe (PID: 1704)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 4044)
      • iexplore.exe (PID: 3984)
      • expand.exe (PID: 2124)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1652)
      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)
      • SRManagerSOS.exe (PID: 1888)
      • SRServerSOS.exe (PID: 2560)
      • SRFeatureSOS.exe (PID: 2676)
      • SRAgentSOS.exe (PID: 2708)
      • SRAppPBSOS.exe (PID: 2704)

    • Create files in a temporary directory

      • SplashtopSOS.exe (PID: 2280)
      • expand.exe (PID: 2124)
      • SRManagerSOS.exe (PID: 1888)
      • SRAgentSOS.exe (PID: 2708)
      • Launcher.exe (PID: 1468)

    • Reads the machine GUID from the registry

      • SRManagerSOS.exe (PID: 1888)
      • SplashtopSOS.exe (PID: 2280)
      • SRAgentSOS.exe (PID: 2708)

    • Reads the software policy settings

      • SRManagerSOS.exe (PID: 1888)

    • Reads product name

      • SRManagerSOS.exe (PID: 1888)

    • Reads Environment values

      • SRManagerSOS.exe (PID: 1888)

    • Creates files in the program directory

      • SRManagerSOS.exe (PID: 1888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
23
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs splashtopsos.exe no specs splashtopsos.exe cmd.exe no specs expand.exe cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs launcher.exe srmanagersos.exe srserversos.exe sragentsos.exe no specs srapppbsos.exe no specs srfeaturesos.exe srutilitysos.exe no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1240SRUtilitySOS.exe -rC:\Users\admin\AppData\Local\Temp\unpacksos\1\SRUtilitySOS.exeSRFeatureSOS.exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
MEDIUM
Description:
Splashtop® Streamer Utility
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\srutilitysos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1468C:\Users\admin\AppData\Local\Temp\unpacksos\1\\Launcher.exe SRManagerSOS.exe 1C:\Users\admin\AppData\Local\Temp\unpacksos\1\Launcher.exe
taskeng.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Launcher
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1652"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1676schtasks /create /xml ASOS.xml /ru "system" /tn ASOS1C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
1704"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exeiexplore.exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
MEDIUM
Description:
Splashtop® SOS
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\splashtopsos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1888"SRManagerSOS.exe"C:\Users\admin\AppData\Local\Temp\unpacksos\1\SRManagerSOS.exe
Launcher.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Splashtop® Streamer SRManager
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\srmanagersos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1960"C:\Windows\System32\cmd.exe" /c schtasks /run /tn ASOS1C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2124C:\Windows\system32\expand.exe *.cab /f:* .\C:\Windows\System32\expand.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
LZ Expansion Utility
Exit code:
0
Version:
6.1.7601.24535 (win7sp1_ldr_escrow.191105-1059)
Modules
Images
c:\windows\system32\expand.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cabinet.dll
2172"C:\Windows\System32\cmd.exe" /c schtasks /create /xml ASOS.xml /ru "system" /tn ASOS1C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2268"C:\Windows\System32\cmd.exe" /c C:\Windows\system32\expand.exe *.cab /f:* .\C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
32 451
Read events
32 202
Write events
196
Delete events
53

Modification events

(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31105616
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31105616
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
58
Suspicious files
59
Text files
46
Unknown types
4

Dropped files

PID
Process
Filename
Type
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656binary
MD5:D54F5F99C0EB048DD261B52EFC9FCBE3
SHA256:6DEA265177C173483938665A6D737CFF3CD13122F5C9D837EA336510A9528EE9
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F53EB4E574DE32C870452087D92DBEBB_04D8EC309BE5C1F93B2C025ED3EF698Bbinary
MD5:F87218E0E57A96CD4147085F208FD018
SHA256:F70ED5DAC17D829D01DEB1E3AE6CE55060D63FF2AA0C1D16C943067AB3FD0468
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:33968DF731637F1710B4A2CF7EE6E146
SHA256:9C270931D46C05E3FA7FE111067046B7B9A8838DC387CB80256203DB6D0D33CA
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\plugins[1].csstext
MD5:865B913ACEA977738D01C672A6D7EDF7
SHA256:075F85E3E7BF3428F650E33B57000238B2202028D40E24F43F92BBED224D18C1
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894binary
MD5:E2EE5D1688EEECE0DEFB854726BB423B
SHA256:5345CC322856E4FF5A1920DDF060F40D070649BD67BBEDECEA3EA5B54F10F158
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_04D8EC309BE5C1F93B2C025ED3EF698Bbinary
MD5:2BD4373A413A7000EC35DDC64FA3CB61
SHA256:97F40FDCD9BF48935B1DDA2C6C43519FBE69FBFB433B1E8E7AAE9E0091050DD9
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAder
MD5:5857AFF0EA0365561D0F06769A04101C
SHA256:B50C616B5C29BD9611ED360A238B6B6C421D0FE3B85DF331E4951AEFAB526B2E
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\app.45d43b2f[1].csstext
MD5:8D9A71392796FC1AA6CBCECAF8CCA77D
SHA256:2BA91C4AA04FC4A265FAD07C428F7EC48FF594F1EAE445209106346F4A2B2E09
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\plugins[1].jstext
MD5:1D5EA1BB1B9D0C3E44CCEABF07944214
SHA256:A7E85A9DC425D7C6C5E2313E75067A02EFF52736F8AF3216F8423F9AC5B6D510
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ZYS50AU7.htmhtml
MD5:AFA83D66A2779C02C085CB31EDCD21D4
SHA256:D98076C7D207910DD739439BD7C6AF78D346B3007656FCB668774F8740CC4F5B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
52
DNS requests
33
Threats
34

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4044
iexplore.exe
GET
301
108.138.26.122:80
http://sos.splashtop.com/
unknown
unknown
4044
iexplore.exe
GET
304
95.101.54.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0eb42db1385d6a0b
unknown
unknown
4044
iexplore.exe
GET
200
18.65.41.80:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
unknown
4044
iexplore.exe
GET
200
18.239.15.186:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
4044
iexplore.exe
GET
200
18.238.246.206:80
http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEArhJQaygccTwaDK%2BEiGWn0%3D
unknown
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
4044
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
unknown
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEn9UPPGUtnUEjctHzGvXDE%3D
unknown
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEAFWoeiRoD5nEA9wbC%2FqWOc%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4044
iexplore.exe
108.138.26.122:80
sos.splashtop.com
AMAZON-02
US
unknown
4044
iexplore.exe
108.138.26.122:443
sos.splashtop.com
AMAZON-02
US
unknown
4044
iexplore.exe
95.101.54.128:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4044
iexplore.exe
18.239.15.186:80
o.ss2.us
US
unknown
4044
iexplore.exe
18.65.41.80:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
unknown
4044
iexplore.exe
18.245.39.64:80
ocsp.rootca1.amazontrust.com
US
unknown

DNS requests

Domain
IP
Reputation
sos.splashtop.com
  • 108.138.26.83
  • 108.138.26.122
  • 108.138.26.36
  • 108.138.26.67
  • 18.239.94.65
  • 18.239.94.104
  • 18.239.94.116
  • 18.239.94.52
unknown
ctldl.windowsupdate.com
  • 95.101.54.128
  • 95.101.54.113
  • 173.222.108.226
  • 173.222.108.210
whitelisted
o.ss2.us
  • 18.239.15.186
  • 18.239.15.14
  • 18.239.15.174
  • 18.239.15.192
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.65.41.80
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
ocsp.r2m02.amazontrust.com
  • 18.238.246.206
whitelisted
www.google-analytics.com
  • 142.250.185.174
whitelisted
ocsp.pki.goog
  • 216.58.206.67
whitelisted
download.splashtop.com
  • 18.239.69.71
  • 18.239.69.60
  • 18.239.69.48
  • 18.239.69.54
unknown
stats.g.doubleclick.net
  • 142.251.173.156
  • 142.251.173.155
  • 142.251.173.154
  • 142.251.173.157
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
Process
Message
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUtility::OSInfo] OS 6.1(7601) Service Pack 1 x64:0 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::UnPackFiles] FreeSpace:233004802048 FileSize:16801114 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::UnPackFiles] (1/1)UnPack file name:C:\Users\admin\AppData\Local\Temp\unpacksos\1\streamer1.cab (16801114) (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Header offset:489472 (Last=183)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Sign Size:10248 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Name:C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exe (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPack::UnPackFiles] UnPack total 1 files. (Last=183)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPack::UnPackFiles] UnPack count:1 len:16801114 File:(null) (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPackFileApp::ExecuteCommand] succ wait pid:688 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:47 [CUnPackFileApp::ExecuteCommand] pid:688 finish ecode:0 (Last=0)
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://sos.splashtop.com/