URL:

https://download.splashtop.com/win/Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe

Full analysis: https://app.any.run/tasks/acad6fb1-a700-41b9-a3a8-86844bb44a8f
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: May 27, 2025, 15:48:53
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
loader
Indicators:
MD5:

C9E89C1FCFCEF031A201871646F8EAC6

SHA1:

773FE9066100E431A66572879846262C7B364813

SHA256:

C78A0458DA6427FC9CC55914F37204DE2C9F9B2FF4208B58F0B092D4ECFCEFD1

SSDEEP:

3:N8SElyKgK/+2pslhIy6yKLWkJaL4l0C:2SKybKWJIpjEL4mC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Executing a file with an untrusted certificate

      • SRSelfSignCertUtil.exe (PID: 1760)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)

    • There is functionality for taking screenshot (YARA)

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)
      • SRServer.exe (PID: 5512)
      • SRService.exe (PID: 6824)
      • SRManager.exe (PID: 968)
      • SRAgent.exe (PID: 896)
      • SRAppPB.exe (PID: 7636)
      • SRFeature.exe (PID: 8000)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 2892)
      • cmd.exe (PID: 8068)
      • cmd.exe (PID: 7612)
      • cmd.exe (PID: 2432)
      • cmd.exe (PID: 4188)
      • cmd.exe (PID: 7268)
      • cmd.exe (PID: 5960)
      • cmd.exe (PID: 7404)
      • cmd.exe (PID: 7960)
      • cmd.exe (PID: 668)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5228)
      • SRService.exe (PID: 6824)

    • Executable content was dropped or overwritten

      • PreVerCheck.exe (PID: 736)
      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)
      • SetupUtil.exe (PID: 7248)

    • Executing commands from a ".bat" file

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)

    • Starts CMD.EXE for commands execution

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)
      • SetupUtil.exe (PID: 7248)
      • msiexec.exe (PID: 8152)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 4068)

    • Drops a system driver (possible attempt to evade defenses)

      • msiexec.exe (PID: 4068)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 6816)

    • Launch of the file from Downloads directory

      • chrome.exe (PID: 7764)

    • Manual execution by a user

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)
      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7520)
      • Taskmgr.exe (PID: 4696)
      • Taskmgr.exe (PID: 7996)

    • The sample compiled with english language support

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)
      • chrome.exe (PID: 6816)
      • PreVerCheck.exe (PID: 736)
      • msiexec.exe (PID: 4068)
      • msiexec.exe (PID: 8152)
      • msiexec.exe (PID: 1568)
      • SetupUtil.exe (PID: 7248)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 6816)
      • msiexec.exe (PID: 1568)
      • msiexec.exe (PID: 4068)
      • msiexec.exe (PID: 8152)

    • Create files in a temporary directory

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)
      • msiexec.exe (PID: 1196)
      • cmd.exe (PID: 7664)
      • PreVerCheck.exe (PID: 736)

    • Checks supported languages

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)
      • msiexec.exe (PID: 4068)
      • PreVerCheck.exe (PID: 736)

    • Reads the computer name

      • Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe (PID: 7596)
      • msiexec.exe (PID: 4068)

    • Manages system restore points

      • SrTasks.exe (PID: 1040)

    • UPX packer has been detected

      • PreVerCheck.exe (PID: 736)
      • SRServer.exe (PID: 5512)
      • SRManager.exe (PID: 968)
      • SRAgent.exe (PID: 896)
      • SRFeature.exe (PID: 8000)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
272
Monitored processes
132
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
start chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs rundll32.exe no specs splashtop_streamer_win_installer_v3.7.4.2.exe no specs splashtop_streamer_win_installer_v3.7.4.2.exe cmd.exe no specs conhost.exe no specs prevercheck.exe msiexec.exe no specs msiexec.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe _is686b.exe no specs _is686b.exe no specs _is686b.exe no specs _is686b.exe no specs _is686b.exe no specs _is686b.exe no specs _is686b.exe no specs _is686b.exe no specs _is686b.exe no specs _is686b.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs cmd.exe no specs conhost.exe no specs taskkill.exe no specs _is7378.exe no specs _is7378.exe no specs _is7378.exe no specs _is7378.exe no specs _is7378.exe no specs _is7378.exe no specs _is7378.exe no specs _is7378.exe no specs _is7378.exe no specs _is7378.exe no specs msiexec.exe _is89bf.exe no specs _is89bf.exe no specs _is89bf.exe no specs _is89bf.exe no specs _is89bf.exe no specs _is89bf.exe no specs _is89bf.exe no specs _is89bf.exe no specs _is89bf.exe no specs _is89bf.exe no specs setuputil.exe no specs setuputil.exe cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs slui.exe srselfsigncertutil.exe no specs _is9be1.exe no specs _is9be1.exe no specs _is9be1.exe no specs _is9be1.exe no specs _is9be1.exe no specs _is9be1.exe no specs _is9be1.exe no specs _is9be1.exe no specs _is9be1.exe no specs _is9be1.exe no specs srservice.exe no specs conhost.exe no specs _isa122.exe no specs _isa122.exe no specs _isa122.exe no specs _isa122.exe no specs _isa122.exe no specs _isa122.exe no specs _isa122.exe no specs _isa122.exe no specs _isa122.exe no specs _isa122.exe no specs srservice.exe no specs conhost.exe no specs srservice.exe no specs srmanager.exe srserver.exe no specs sragent.exe no specs srapppb.exe no specs srfeature.exe no specs srutility.exe no specs conhost.exe no specs bdepsdk.exe no specs osqueryi.exe no specs conhost.exe no specs conhost.exe no specs Shell Security Editor no specs taskmgr.exe no specs taskmgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
660C:\Users\admin\AppData\Local\Temp\{19D52577-B1B4-432D-85EF-2078B7A74208}\_is686B.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{F890160D-9613-49F9-A06A-C4177B8918FE}C:\Users\admin\AppData\Local\Temp\{19D52577-B1B4-432D-85EF-2078B7A74208}\_is686B.exemsiexec.exe
User:
admin
Company:
Flexera
Integrity Level:
HIGH
Description:
InstallShield (R) 64-bit Setup Engine
Exit code:
0
Version:
27.0.122
Modules
Images
c:\users\admin\appdata\local\temp\{19d52577-b1b4-432d-85ef-2078b7a74208}\_is686b.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
668C:\Windows\SysWOW64\cmd.exe /C "taskkill.exe /F /IM SRFeatMini.exe /T"C:\Windows\SysWOW64\cmd.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
128
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
716"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe" -iC:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exemsiexec.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Splashtop® Streamer Service
Exit code:
1066
Version:
3.74.2.21
Modules
Images
c:\program files (x86)\splashtop\splashtop remote\server\srservice.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
732"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3480 --field-trial-handle=1928,i,6720660305670996717,1131224189356311542,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
122.0.6261.70
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
736PreVerCheck.exeC:\Users\admin\AppData\Local\Temp\unpack\PreVerCheck.exe
cmd.exe
User:
admin
Company:
Splashtop Inc.
Integrity Level:
HIGH
Description:
Splashtop® Streamer
Exit code:
0
Version:
3.74.2.21
Modules
Images
c:\users\admin\appdata\local\temp\unpack\prevercheck.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
744osqueryi.exe --logger_min_status=2 --jsonC:\Program Files (x86)\Splashtop\Splashtop Remote\Server\osqueryi.exeSRAgent.exe
User:
SYSTEM
Company:
Osquery Foundation
Integrity Level:
SYSTEM
Description:
osquery daemon and shell
Exit code:
0
Version:
5.14.1.0
Modules
Images
c:\program files (x86)\splashtop\splashtop remote\server\osqueryi.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\ucrtbase.dll
896"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRAgent.exeSRManager.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Splashtop® Streamer Agent
Version:
3.74.2.21
Modules
Images
c:\program files (x86)\splashtop\splashtop remote\server\sragent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
928\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968taskkill.exe /F /IM SRAgent.exe /TC:\Windows\SysWOW64\taskkill.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Terminates Processes
Exit code:
128
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\taskkill.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\advapi32.dll
c:\windows\syswow64\msvcrt.dll
968"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe"C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe
SRService.exe
User:
SYSTEM
Company:
Splashtop Inc.
Integrity Level:
SYSTEM
Description:
Splashtop® Streamer SRManager
Version:
3.74.2.21
Modules
Images
c:\program files (x86)\splashtop\splashtop remote\server\srmanager.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
42 926
Read events
42 140
Write events
762
Delete events
24

Modification events

(PID) Process:(6816) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6816) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6816) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6816) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6816) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
(PID) Process:(7764) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Operation:writeName:{2781761E-28E0-4109-99FE-B9D127C57AFE} {56FFCC30-D398-11D0-B2AE-00A0C908FA49} 0xFFFF
Value:
0100000000000000CFD7E6E71ECFDB01
(PID) Process:(6816) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
1
(PID) Process:(6816) chrome.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:delete valueName:GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57
Value:
(PID) Process:(4068) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore
Operation:writeName:SrCreateRp (Enter)
Value:
4800000000000000628D4EF01ECFDB01E40F000060040000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(4068) msiexec.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SPP
Operation:writeName:SppGetSnapshots (Enter)
Value:
4800000000000000628D4EF01ECFDB01E40F000060040000D20700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Executable files
221
Suspicious files
96
Text files
149
Unknown types
48

Dropped files

PID
Process
Filename
Type
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old~RF10b344.TMP
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old~RF10b354.TMP
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old~RF10b364.TMP
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.old
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old~RF10b364.TMP
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old~RF10b364.TMP
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\chrome_cart_db\LOG.old
MD5:
SHA256:
6816chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
41
TCP/UDP connections
66
DNS requests
25
Threats
7

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
POST
200
142.251.168.84:443
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
unknown
whitelisted
GET
200
13.35.58.31:443
https://download.splashtop.com/win/Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe
unknown
executable
61.7 Mb
whitelisted
POST
200
40.126.32.72:443
https://login.live.com/RST2.srf
unknown
xml
11.1 Kb
whitelisted
POST
200
20.190.160.67:443
https://login.live.com/RST2.srf
unknown
xml
10.3 Kb
whitelisted
POST
200
40.126.32.134:443
https://login.live.com/RST2.srf
unknown
xml
11.0 Kb
whitelisted
POST
200
20.190.160.131:443
https://login.live.com/RST2.srf
unknown
whitelisted
POST
200
142.250.185.142:443
https://sb-ssl.google.com/safebrowsing/clientreport/download?key=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
unknown
binary
261 b
whitelisted
GET
304
20.109.210.53:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
200
20.109.210.53:443
https://slscr.update.microsoft.com/SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.4046/0?CH=686&L=en-US&P=&PT=0x30&WUA=10.0.19041.3996&MK=DELL&MD=DELL
unknown
GET
200
13.95.31.18:443
https://fe3cr.delivery.mp.microsoft.com/clientwebservice/ping
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5796
svchost.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
772
RUXIMICS.exe
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
4
System
192.168.100.255:138
whitelisted
6816
chrome.exe
239.255.255.250:1900
whitelisted
6652
chrome.exe
142.251.168.84:443
accounts.google.com
GOOGLE
US
whitelisted
6652
chrome.exe
13.35.58.89:443
download.splashtop.com
US
whitelisted
6544
svchost.exe
20.190.159.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6652
chrome.exe
172.217.18.4:443
www.google.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.185.78
whitelisted
download.splashtop.com
  • 13.35.58.89
  • 13.35.58.57
  • 13.35.58.107
  • 13.35.58.31
whitelisted
accounts.google.com
  • 142.251.168.84
whitelisted
login.live.com
  • 20.190.159.128
  • 20.190.159.23
  • 40.126.31.131
  • 40.126.31.2
  • 40.126.31.3
  • 20.190.159.130
  • 40.126.31.130
  • 40.126.31.0
whitelisted
www.google.com
  • 172.217.18.4
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
client.wns.windows.com
  • 172.211.123.250
  • 172.211.123.248
whitelisted
sb-ssl.google.com
  • 142.250.185.142
whitelisted
slscr.update.microsoft.com
  • 20.109.210.53
whitelisted
crl.microsoft.com
  • 23.216.77.6
  • 23.216.77.28
whitelisted

Threats

PID
Process
Class
Message
6652
chrome.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
6652
chrome.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
6652
chrome.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
Potential Corporate Privacy Violation
ET INFO PE EXE or DLL Windows file download HTTP
Potentially Bad Traffic
ET INFO Executable served from Amazon S3
2196
svchost.exe
Misc activity
ET INFO Splashtop Domain in DNS Lookup (splashtop .com)
968
SRManager.exe
Misc activity
ET INFO Splashtop Domain (splashtop .com) in TLS SNI
Process
Message
SRManager.exe
<1>May27 15:50:02.454 SM_00968[Manager] ==== SRManager start 968 (0) ==== 0
SRManager.exe
<1>May27 15:50:02.454 SM_00968[CUtility::IsV2CredentialProvider] SRCred ver:1.0.0.11
SRManager.exe
<1>May27 15:50:02.569 SM_00968[CtrlMgr] [P2P] prepare quic cert...
SRManager.exe
<1>May27 15:50:03.296 SM_00968[CtrlMgr] read SRS id from reg:5
SRManager.exe
<1>May27 15:50:03.327 SM_00968[CtrlMgr] Open SRS param: -s pid:5512 ret:1 (0)
SRManager.exe
<1>May27 15:50:03.540 SM_00968[CtrlMgr] Open SRA sid:5 pid:896 ret:1 (18)
SRManager.exe
<1>May27 15:50:03.565 SM_00968[CtrlMgr] Close all SRVRDIS count succ:0, total:0
SRManager.exe
<1>May27 15:50:03.568 SM_00968[CtrlMgr] Close all SRAppPB count succ:0, total:0
SRManager.exe
<1>May27 15:50:03.593 SM_00968[CtrlMgr] Open SRAppPB sid:5 pid:7636 suc:1 err:0
SRManager.exe
<1>May27 15:50:03.725 SM_00968[CtrlMgr] UserID is
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://download.splashtop.com/win/Splashtop_Streamer_Win_INSTALLER_v3.7.4.2.exe