URL:

http://sos.splashtop.com/

Full analysis: https://app.any.run/tasks/5d793888-6797-4f16-812f-a56974bc5a99
Verdict: Malicious activity
Analysis date: May 09, 2024, 20:34:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MD5:

CF889D0374598B7A80880FEEDA515617

SHA1:

A4332881C2A766983C38C8D67C047C573FEA1B29

SHA256:

9CA65281B2712DDD21591944C1488316666B1FCF6F05390C7E138D24601A7E1B

SSDEEP:

3:N1KNKMWj/DKgKn:CYMWjrbKn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • SplashtopSOS.exe (PID: 2280)

    • Creates a writable file in the system directory

      • SRManagerSOS.exe (PID: 1888)

  • SUSPICIOUS

    • Reads the Internet Settings

      • SplashtopSOS.exe (PID: 2280)
      • SplashtopSOS.exe (PID: 1704)

    • Reads security settings of Internet Explorer

      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)

    • Application launched itself

      • SplashtopSOS.exe (PID: 1704)

    • Starts CMD.EXE for commands execution

      • SplashtopSOS.exe (PID: 2280)
      • SRAgentSOS.exe (PID: 2708)

    • Executable content was dropped or overwritten

      • expand.exe (PID: 2124)
      • SplashtopSOS.exe (PID: 2280)

    • Process drops legitimate windows executable

      • expand.exe (PID: 2124)

    • The process executes via Task Scheduler

      • Launcher.exe (PID: 1468)

    • Checks Windows Trust Settings

      • SRManagerSOS.exe (PID: 1888)

    • Searches for installed software

      • SRAgentSOS.exe (PID: 2708)

    • Executing commands from a ".bat" file

      • SRAgentSOS.exe (PID: 2708)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 3984)

    • Modifies the phishing filter of IE

      • iexplore.exe (PID: 3984)

    • Drops the executable file immediately after the start

      • iexplore.exe (PID: 4044)
      • iexplore.exe (PID: 3984)
      • expand.exe (PID: 2124)

    • Executable content was dropped or overwritten

      • iexplore.exe (PID: 4044)
      • iexplore.exe (PID: 3984)

    • The process uses the downloaded file

      • iexplore.exe (PID: 3984)
      • SplashtopSOS.exe (PID: 1704)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1652)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1652)
      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)
      • SRManagerSOS.exe (PID: 1888)
      • SRServerSOS.exe (PID: 2560)
      • SRAgentSOS.exe (PID: 2708)
      • SRFeatureSOS.exe (PID: 2676)
      • SRAppPBSOS.exe (PID: 2704)

    • Checks supported languages

      • wmpnscfg.exe (PID: 1652)
      • SplashtopSOS.exe (PID: 1704)
      • SplashtopSOS.exe (PID: 2280)
      • SRServerSOS.exe (PID: 2560)
      • SRAgentSOS.exe (PID: 2708)
      • SRAppPBSOS.exe (PID: 2704)
      • Launcher.exe (PID: 1468)
      • SRManagerSOS.exe (PID: 1888)
      • SRUtilitySOS.exe (PID: 1240)
      • SRFeatureSOS.exe (PID: 2676)

    • Create files in a temporary directory

      • SplashtopSOS.exe (PID: 2280)
      • expand.exe (PID: 2124)
      • SRAgentSOS.exe (PID: 2708)
      • Launcher.exe (PID: 1468)
      • SRManagerSOS.exe (PID: 1888)

    • Reads the machine GUID from the registry

      • SplashtopSOS.exe (PID: 2280)
      • SRManagerSOS.exe (PID: 1888)
      • SRAgentSOS.exe (PID: 2708)

    • Creates files in the program directory

      • SRManagerSOS.exe (PID: 1888)

    • Reads the software policy settings

      • SRManagerSOS.exe (PID: 1888)

    • Reads Environment values

      • SRManagerSOS.exe (PID: 1888)

    • Reads product name

      • SRManagerSOS.exe (PID: 1888)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
69
Monitored processes
23
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs splashtopsos.exe no specs splashtopsos.exe cmd.exe no specs expand.exe cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs cmd.exe no specs schtasks.exe no specs launcher.exe srmanagersos.exe srserversos.exe sragentsos.exe no specs srapppbsos.exe no specs srfeaturesos.exe srutilitysos.exe no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1240SRUtilitySOS.exe -rC:\Users\admin\AppData\Local\Temp\unpacksos\1\SRUtilitySOS.exeSRFeatureSOS.exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
MEDIUM
Description:
Splashtop® Streamer Utility
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\srutilitysos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1468C:\Users\admin\AppData\Local\Temp\unpacksos\1\\Launcher.exe SRManagerSOS.exe 1C:\Users\admin\AppData\Local\Temp\unpacksos\1\Launcher.exe
taskeng.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Launcher
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1652"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1676schtasks /create /xml ASOS.xml /ru "system" /tn ASOS1C:\Windows\System32\schtasks.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Manages scheduled tasks
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\ole32.dll
1704"C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exe" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exeiexplore.exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
MEDIUM
Description:
Splashtop® SOS
Exit code:
0
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\6z2bcoul\splashtopsos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1888"SRManagerSOS.exe"C:\Users\admin\AppData\Local\Temp\unpacksos\1\SRManagerSOS.exe
Launcher.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Splashtop® Streamer SRManager
Version:
3.70.0.133
Modules
Images
c:\users\admin\appdata\local\temp\unpacksos\1\srmanagersos.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
1960"C:\Windows\System32\cmd.exe" /c schtasks /run /tn ASOS1C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2124C:\Windows\system32\expand.exe *.cab /f:* .\C:\Windows\System32\expand.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
LZ Expansion Utility
Exit code:
0
Version:
6.1.7601.24535 (win7sp1_ldr_escrow.191105-1059)
Modules
Images
c:\windows\system32\expand.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cabinet.dll
2172"C:\Windows\System32\cmd.exe" /c schtasks /create /xml ASOS.xml /ru "system" /tn ASOS1C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2268"C:\Windows\System32\cmd.exe" /c C:\Windows\system32\expand.exe *.cab /f:* .\C:\Windows\System32\cmd.exeSplashtopSOS.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
32 451
Read events
32 202
Write events
196
Delete events
53

Modification events

(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
1
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchLowDateTime
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
31105616
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateLowDateTime
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
31105616
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(3984) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
58
Suspicious files
59
Text files
46
Unknown types
4

Dropped files

PID
Process
Filename
Type
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:2592A8F8CDC7AA5A03B0CBB9E7C9D11C
SHA256:9C6BD5F68D9A77C2930062B0B0E4EAF108D645ED5C4490F92E70EC2A21D226DC
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_04D8EC309BE5C1F93B2C025ED3EF698Bbinary
MD5:2BD4373A413A7000EC35DDC64FA3CB61
SHA256:97F40FDCD9BF48935B1DDA2C6C43519FBE69FBFB433B1E8E7AAE9E0091050DD9
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5IWPIAR9\app.45d43b2f[1].csstext
MD5:8D9A71392796FC1AA6CBCECAF8CCA77D
SHA256:2BA91C4AA04FC4A265FAD07C428F7EC48FF594F1EAE445209106346F4A2B2E09
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\ZYS50AU7.htmhtml
MD5:AFA83D66A2779C02C085CB31EDCD21D4
SHA256:D98076C7D207910DD739439BD7C6AF78D346B3007656FCB668774F8740CC4F5B
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656binary
MD5:D54F5F99C0EB048DD261B52EFC9FCBE3
SHA256:6DEA265177C173483938665A6D737CFF3CD13122F5C9D837EA336510A9528EE9
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F53EB4E574DE32C870452087D92DBEBB_04D8EC309BE5C1F93B2C025ED3EF698Bbinary
MD5:F87218E0E57A96CD4147085F208FD018
SHA256:F70ED5DAC17D829D01DEB1E3AE6CE55060D63FF2AA0C1D16C943067AB3FD0468
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\plugins[1].csstext
MD5:865B913ACEA977738D01C672A6D7EDF7
SHA256:075F85E3E7BF3428F650E33B57000238B2202028D40E24F43F92BBED224D18C1
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656binary
MD5:095282C243D88FAE077B7AAD86C39E4B
SHA256:1AD53DD2C135902F3D89F093C4442F3FA75E0D900AA994ED689B756CC9E2269C
4044iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62binary
MD5:33F6609037D194995DED6F1D72BBB86F
SHA256:F812282B0DAB36F6628BCE1F262272458E8DAB21155802C16BD6C624E1030BD0
4044iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\TYX336G5.htmhtml
MD5:F5D40B7259645010F9A248858AD14178
SHA256:7F5007068D2B56EA9735E2490D60CFF2E72CAE312024AC1F6C91158EBA47D05D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
26
TCP/UDP connections
52
DNS requests
33
Threats
34

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4044
iexplore.exe
GET
301
108.138.26.122:80
http://sos.splashtop.com/
unknown
unknown
4044
iexplore.exe
GET
200
18.245.39.64:80
http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwdzEkpLy9ROx7U76vGUhC06D6E%3D
unknown
unknown
4044
iexplore.exe
GET
304
95.101.54.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0eb42db1385d6a0b
unknown
unknown
4044
iexplore.exe
GET
200
18.65.41.80:80
http://ocsp.rootg2.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBSIfaREXmfqfJR3TkMYnD7O5MhzEgQUnF8A36oB1zArOIiiuG1KnPIRkYMCEwZ%2FlEoqJ83z%2BsKuKwH5CO65xMY%3D
unknown
unknown
4044
iexplore.exe
GET
200
18.239.15.186:80
http://o.ss2.us//MEowSDBGMEQwQjAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1%2B30c7dH4b0W1Ws3NcQwg6piOcCCQCnDkpMNIK3fw%3D%3D
unknown
unknown
4044
iexplore.exe
GET
200
18.238.246.206:80
http://ocsp.r2m02.amazontrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRmbQtwnInkvkvr7BNFR%2BS2lTYPjAQUwDFSzVpQw4J8dHHOy%2Bmc%2BXrrguICEArhJQaygccTwaDK%2BEiGWn0%3D
unknown
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
3984
iexplore.exe
GET
304
95.101.54.128:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?05ddb862cf824777
unknown
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D
unknown
unknown
4044
iexplore.exe
GET
200
216.58.206.67:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEAFWoeiRoD5nEA9wbC%2FqWOc%3D
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
4044
iexplore.exe
108.138.26.122:80
sos.splashtop.com
AMAZON-02
US
unknown
4044
iexplore.exe
108.138.26.122:443
sos.splashtop.com
AMAZON-02
US
unknown
4044
iexplore.exe
95.101.54.128:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
4044
iexplore.exe
18.239.15.186:80
o.ss2.us
US
unknown
4044
iexplore.exe
18.65.41.80:80
ocsp.rootg2.amazontrust.com
AMAZON-02
US
unknown
4044
iexplore.exe
18.245.39.64:80
ocsp.rootca1.amazontrust.com
US
unknown

DNS requests

Domain
IP
Reputation
sos.splashtop.com
  • 108.138.26.83
  • 108.138.26.122
  • 108.138.26.36
  • 108.138.26.67
  • 18.239.94.65
  • 18.239.94.104
  • 18.239.94.116
  • 18.239.94.52
unknown
ctldl.windowsupdate.com
  • 95.101.54.128
  • 95.101.54.113
  • 173.222.108.226
  • 173.222.108.210
whitelisted
o.ss2.us
  • 18.239.15.186
  • 18.239.15.14
  • 18.239.15.174
  • 18.239.15.192
whitelisted
ocsp.rootg2.amazontrust.com
  • 18.65.41.80
whitelisted
ocsp.rootca1.amazontrust.com
  • 18.245.39.64
shared
ocsp.r2m02.amazontrust.com
  • 18.238.246.206
whitelisted
www.google-analytics.com
  • 142.250.185.174
whitelisted
ocsp.pki.goog
  • 216.58.206.67
whitelisted
download.splashtop.com
  • 18.239.69.71
  • 18.239.69.60
  • 18.239.69.48
  • 18.239.69.54
unknown
stats.g.doubleclick.net
  • 142.251.173.156
  • 142.251.173.155
  • 142.251.173.154
  • 142.251.173.157
whitelisted

Threats

PID
Process
Class
Message
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
1088
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
4044
iexplore.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
Process
Message
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUtility::OSInfo] OS 6.1(7601) Service Pack 1 x64:0 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::UnPackFiles] FreeSpace:233004802048 FileSize:16801114 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::UnPackFiles] (1/1)UnPack file name:C:\Users\admin\AppData\Local\Temp\unpacksos\1\streamer1.cab (16801114) (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Header offset:489472 (Last=183)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Sign Size:10248 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:44 [CUnPack::FindHeader] Name:C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\SplashtopSOS.exe (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPack::UnPackFiles] UnPack total 1 files. (Last=183)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPack::UnPackFiles] UnPack count:1 len:16801114 File:(null) (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:45 [CUnPackFileApp::ExecuteCommand] succ wait pid:688 (Last=0)
SplashtopSOS.exe
[2280]2024-05-09 21:34:47 [CUnPackFileApp::ExecuteCommand] pid:688 finish ecode:0 (Last=0)
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
http://sos.splashtop.com/