Splashtop-Splashtop Business app-Remote Session

31 events across 1 channel

Event ID	Title	Channel
31000	A Splashtop remote session has started from this computer by the user to the …	Operational
31001	The Splashtop remote session (%1) has ended.	Operational
31100	A file was transferred during the Splashtop remote session (%1).	Operational
31101	A file was transferred during the Splashtop remote session (%1).	Operational
31110	A file was transferred during the Splashtop remote session (%1).	Operational
31111	A file was transferred during the Splashtop remote session (%1).	Operational
31200	The user enabled blank Screen on the remote computer during the Splashtop remote …	Operational
31201	The user disabled blank Screen on the remote computer during the Splashtop …	Operational
31300	The user has triggered Normal Reboot during the Splashtop remote session.	Operational
31301	The user has triggered Normal Reboot during the Splashtop remote session.	Operational
31310	The user has triggered Safe Mode Reboot during the Splashtop remote session.	Operational
31311	The user has triggered Safe Mode Reboot during the Splashtop remote session.	Operational
31320	The user has triggered Switch user during the Splashtop remote session.	Operational
31321	The user has triggered Switch user during the Splashtop remote session.	Operational
31330	The user has triggered Reconnect as admin during the Splashtop remote session.	Operational
31331	The user has triggered Reconnect as admin during the Splashtop remote session.	Operational
31400	The user has started a session recording during the Splashtop remote session.	Operational
31401	The user has ended the session recording during the Splashtop remote session.	Operational
31402	The user has ended the session recording during the Splashtop remote session.	Operational
31500	The user enabled Lock Keyboard and Mouse on the remote computer during the …	Operational
31501	The user disabled Lock Keyboard and Mouse on the remote computer during the …	Operational
31600	The user has changed to a different session during the Splashtop remote session.	Operational
31700	The user enabled Device Redirection on the remote computer during the Splashtop …	Operational
31701	The user disabled Device Redirection on the remote computer during the Splashtop …	Operational
31710	The user enabled Remote Microphone on the remote computer during the Splashtop …	Operational
31712	The user muted Remote Microphone on the remote computer during the Splashtop …	Operational
31713	The user unmuted Remote Microphone on the remote computer during the Splashtop …	Operational
31720	The user enabled Remote Stylus on the remote computer during the Splashtop …	Operational
31721	The user disabled Remote Stylus on the remote computer during the Splashtop …	Operational
31800	The user enabled View Only mode on the remote computer during the Splashtop …	Operational
31801	The user disabled View Only mode on the remote computer during the Splashtop …	Operational

Event ID 31000 — A Splashtop remote session has started from this computer by the user to the device.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

A Splashtop remote session (%1) has started from this computer by the user %2 to the device %3.

App version: %4

Fields

Name	Description
`Session_ID`	—
`SPID`	—
`SRS_Name`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31001 — The Splashtop remote session (%1) has ended.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The Splashtop remote session (%1) has ended. The remote session lasted %2.

App version: %3

Fields

Name	Description
`Session_ID`	—
`Duration_Time`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31100 — A file was transferred during the Splashtop remote session (%1).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: N/A

Fields

Name	Description
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`SRS_Name`	—
`SRS_Path`	—
`SRC_Name`	—
`SRC_Path`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31101 — A file was transferred during the Splashtop remote session (%1).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: N/A

Fields

Name	Description
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`SRC_Name`	—
`SRC_Path`	—
`SRS_Name`	—
`SRS_Path`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31110 — A file was transferred during the Splashtop remote session (%1).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: %8

Fields

Name	Description
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`SRS_Name`	—
`SRS_Path`	—
`SRC_Name`	—
`SRC_Path`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31111 — A file was transferred during the Splashtop remote session (%1).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: %8

Fields

Name	Description
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`SRC_Name`	—
`SRC_Path`	—
`SRS_Name`	—
`SRS_Path`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31200 — The user enabled blank Screen on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 enabled blank Screen on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31201 — The user disabled blank Screen on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 disabled blank Screen on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31300 — The user has triggered Normal Reboot during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has triggered Normal Reboot during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: N/A

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`SRS_Name`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31301 — The user has triggered Normal Reboot during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has triggered Normal Reboot during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: %5

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`SRS_Name`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31310 — The user has triggered Safe Mode Reboot during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has triggered Safe Mode Reboot during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: N/A

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`SRS_Name`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31311 — The user has triggered Safe Mode Reboot during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has triggered Safe Mode Reboot during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: %5

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`SRS_Name`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31320 — The user has triggered Switch user during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has triggered Switch user during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: N/A

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`SRS_Name`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31321 — The user has triggered Switch user during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has triggered Switch user during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: %5

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`SRS_Name`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31330 — The user has triggered Reconnect as admin during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has triggered Reconnect as admin during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: N/A

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`SRS_Name`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31331 — The user has triggered Reconnect as admin during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has triggered Reconnect as admin during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: %5

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`SRS_Name`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31400 — The user has started a session recording during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has started a session recording during the Splashtop remote session (%2).

App version: %3

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31401 — The user has ended the session recording during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has ended the session recording during the Splashtop remote session (%2).

App version: %3

Recorded file name: %4

File path: %5

Error code: N/A

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`File_Path`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31402 — The user has ended the session recording during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has ended the session recording during the Splashtop remote session (%2).

App version: %3

Recorded file name: %4

File path: %5

Error code: %6

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`File_Path`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31500 — The user enabled Lock Keyboard and Mouse on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 enabled Lock Keyboard and Mouse on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31501 — The user disabled Lock Keyboard and Mouse on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 disabled Lock Keyboard and Mouse on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31600 — The user has changed to a different session during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 has changed to a different session during the Splashtop remote session (%2).

App version: %3

Destination session: %4

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`Session_name`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31700 — The user enabled Device Redirection on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 enabled Device Redirection on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Source: %5



Device info

Product name: %6 (%7)

Manufacturer: %8 (%9)

Serial number: %10

VendorID: %11

ProductID: %12

Class type: %13 (%14)

Sub-class type: %15 (%16)

Protocol: %17 (%18)

Device version: %19

Usb version: %20

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_number`	—
`Reason`	—
`Product_Name`	—
`Mounted_Product_Name`	—
`Manufacturer`	—
`Mounted_Manufacturer`	—
`Serial_Numver`	—
`Vendor_ID`	—
`Product_ID`	—
`Class_Type`	—
`Mounted_Class_Type`	—
`SubClass_Type`	—
`Mounted_SubClass_Type`	—
`Protocol`	—
`Mounted_Protocol`	—
`Device_Version`	—
`USB_Version`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31701 — The user disabled Device Redirection on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 disabled Device Redirection on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Source: %5



Device info

Product name: %6 (%7)

Manufacturer: %8 (%9)

Serial number: %10

VendorID: %11

ProductID: %12

Class type: %13 (%14)

Sub-class type: %15 (%16)

Protocol: %17 (%18)

Device version: %19

Usb version: %20

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_number`	—
`Reason`	—
`Product_Name`	—
`Mounted_Product_Name`	—
`Manufacturer`	—
`Mounted_Manufacturer`	—
`Serial_Numver`	—
`Vendor_ID`	—
`Product_ID`	—
`Class_Type`	—
`Mounted_Class_Type`	—
`SubClass_Type`	—
`Mounted_SubClass_Type`	—
`Protocol`	—
`Mounted_Protocol`	—
`Device_Version`	—
`USB_Version`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31710 — The user enabled Remote Microphone on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 enabled Remote Microphone on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_Number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31712 — The user muted Remote Microphone on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 muted Remote Microphone on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_Number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31713 — The user unmuted Remote Microphone on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 unmuted Remote Microphone on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_Number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31720 — The user enabled Remote Stylus on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 enabled Remote Stylus on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_Number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31721 — The user disabled Remote Stylus on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 disabled Remote Stylus on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_Number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31800 — The user enabled View Only mode on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 enabled View Only mode on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_Number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31801 — The user disabled View Only mode on the remote computer during the Splashtop remote session.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Message

The user %1 disabled View Only mode on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields

Name	Description
`SPID`	—
`SRS_Name`	—
`Session_ID`	—
`Version_Number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop