Splashtop-Splashtop Business app-Remote Session

31 events across 1 channel

Event ID	Title	Channel
31000	A Splashtop remote session (Session_ID) has started from this computer by the …	Operational
31001	The Splashtop remote session (Session_ID) has ended.	Operational
31100	A file was transferred during the Splashtop remote session (Session_ID).	Operational
31101	A file was transferred during the Splashtop remote session (Session_ID).	Operational
31110	A file was transferred during the Splashtop remote session (Session_ID).	Operational
31111	A file was transferred during the Splashtop remote session (Session_ID).	Operational
31200	The user SPID enabled blank Screen on the remote computer SRS_Name during the …	Operational
31201	The user SPID disabled blank Screen on the remote computer SRS_Name during the …	Operational
31300	The user SPID has triggered Normal Reboot during the Splashtop remote session …	Operational
31301	The user SPID has triggered Normal Reboot during the Splashtop remote session …	Operational
31310	The user SPID has triggered Safe Mode Reboot during the Splashtop remote session …	Operational
31311	The user SPID has triggered Safe Mode Reboot during the Splashtop remote session …	Operational
31320	The user SPID has triggered Switch user during the Splashtop remote session …	Operational
31321	The user SPID has triggered Switch user during the Splashtop remote session …	Operational
31330	The user SPID has triggered Reconnect as admin during the Splashtop remote …	Operational
31331	The user SPID has triggered Reconnect as admin during the Splashtop remote …	Operational
31400	The user SPID has started a session recording during the Splashtop remote …	Operational
31401	The user SPID has ended the session recording during the Splashtop remote …	Operational
31402	The user SPID has ended the session recording during the Splashtop remote …	Operational
31500	The user SPID enabled Lock Keyboard and Mouse on the remote computer SRS_Name …	Operational
31501	The user SPID disabled Lock Keyboard and Mouse on the remote computer SRS_Name …	Operational
31600	The user SPID has changed to a different session during the Splashtop remote …	Operational
31700	The user SPID enabled Device Redirection on the remote computer SRS_Name during …	Operational
31701	The user SPID disabled Device Redirection on the remote computer SRS_Name during …	Operational
31710	The user SPID enabled Remote Microphone on the remote computer SRS_Name during …	Operational
31712	The user SPID muted Remote Microphone on the remote computer SRS_Name during the …	Operational
31713	The user SPID unmuted Remote Microphone on the remote computer SRS_Name during …	Operational
31720	The user SPID enabled Remote Stylus on the remote computer SRS_Name during the …	Operational
31721	The user SPID disabled Remote Stylus on the remote computer SRS_Name during the …	Operational
31800	The user SPID enabled View Only mode on the remote computer SRS_Name during the …	Operational
31801	The user SPID disabled View Only mode on the remote computer SRS_Name during the …	Operational

Event ID 31000 — A Splashtop remote session (Session_ID) has started from this computer by the user SPID to the device SRS_Name.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

A Splashtop remote session (Session_ID) has started from this computer by the user SPID to the device SRS_Name.

Message #

A Splashtop remote session (%1) has started from this computer by the user %2 to the device %3.

App version: %4

Fields #

Name	Description
`Session_ID` UnicodeString	—
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Version_number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31001 — The Splashtop remote session (Session_ID) has ended.

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The Splashtop remote session (Session_ID) has ended. The remote session lasted Duration_Time.

Message #

The Splashtop remote session (%1) has ended. The remote session lasted %2.

App version: %3

Fields #

Name	Description
`Session_ID` UnicodeString	—
`Duration_Time` UnicodeString	—
`Version_number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31100 — A file was transferred during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

A file was transferred during the Splashtop remote session (Session_ID).

Message #

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: N/A

Fields #

Name	Description
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`File_Name` UnicodeString	—
`SRS_Name` UnicodeString	—
`SRS_Path` UnicodeString	—
`SRC_Name` UnicodeString	—
`SRC_Path` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31101 — A file was transferred during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

A file was transferred during the Splashtop remote session (Session_ID).

Message #

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: N/A

Fields #

Name	Description
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`File_Name` UnicodeString	—
`SRC_Name` UnicodeString	—
`SRC_Path` UnicodeString	—
`SRS_Name` UnicodeString	—
`SRS_Path` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31110 — A file was transferred during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

A file was transferred during the Splashtop remote session (Session_ID).

Message #

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: %8

Fields #

Name	Description
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`File_Name` UnicodeString	—
`SRS_Name` UnicodeString	—
`SRS_Path` UnicodeString	—
`SRC_Name` UnicodeString	—
`SRC_Path` UnicodeString	—
`Error_code` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31111 — A file was transferred during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

A file was transferred during the Splashtop remote session (Session_ID).

Message #

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: %8

Fields #

Name	Description
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`File_Name` UnicodeString	—
`SRC_Name` UnicodeString	—
`SRC_Path` UnicodeString	—
`SRS_Name` UnicodeString	—
`SRS_Path` UnicodeString	—
`Error_code` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31200 — The user SPID enabled blank Screen on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID enabled blank Screen on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 enabled blank Screen on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31201 — The user SPID disabled blank Screen on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID disabled blank Screen on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 disabled blank Screen on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31300 — The user SPID has triggered Normal Reboot during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has triggered Normal Reboot during the Splashtop remote session (Session_ID).

Message #

The user %1 has triggered Normal Reboot during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: N/A

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`SRS_Name` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31301 — The user SPID has triggered Normal Reboot during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has triggered Normal Reboot during the Splashtop remote session (Session_ID).

Message #

The user %1 has triggered Normal Reboot during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: %5

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`SRS_Name` UnicodeString	—
`Error_code` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31310 — The user SPID has triggered Safe Mode Reboot during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has triggered Safe Mode Reboot during the Splashtop remote session (Session_ID).

Message #

The user %1 has triggered Safe Mode Reboot during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: N/A

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`SRS_Name` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31311 — The user SPID has triggered Safe Mode Reboot during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has triggered Safe Mode Reboot during the Splashtop remote session (Session_ID).

Message #

The user %1 has triggered Safe Mode Reboot during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: %5

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`SRS_Name` UnicodeString	—
`Error_code` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31320 — The user SPID has triggered Switch user during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has triggered Switch user during the Splashtop remote session (Session_ID).

Message #

The user %1 has triggered Switch user during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: N/A

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`SRS_Name` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31321 — The user SPID has triggered Switch user during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has triggered Switch user during the Splashtop remote session (Session_ID).

Message #

The user %1 has triggered Switch user during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: %5

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`SRS_Name` UnicodeString	—
`Error_code` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31330 — The user SPID has triggered Reconnect as admin during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has triggered Reconnect as admin during the Splashtop remote session (Session_ID).

Message #

The user %1 has triggered Reconnect as admin during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: N/A

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`SRS_Name` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31331 — The user SPID has triggered Reconnect as admin during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has triggered Reconnect as admin during the Splashtop remote session (Session_ID).

Message #

The user %1 has triggered Reconnect as admin during the Splashtop remote session (%2).

App version: %3

Target computer: %4

Error code: %5

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`SRS_Name` UnicodeString	—
`Error_code` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31400 — The user SPID has started a session recording during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has started a session recording during the Splashtop remote session (Session_ID).

Message #

The user %1 has started a session recording during the Splashtop remote session (%2).

App version: %3

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31401 — The user SPID has ended the session recording during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has ended the session recording during the Splashtop remote session (Session_ID).

Message #

The user %1 has ended the session recording during the Splashtop remote session (%2).

App version: %3

Recorded file name: %4

File path: %5

Error code: N/A

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`File_Name` UnicodeString	—
`File_Path` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31402 — The user SPID has ended the session recording during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has ended the session recording during the Splashtop remote session (Session_ID).

Message #

The user %1 has ended the session recording during the Splashtop remote session (%2).

App version: %3

Recorded file name: %4

File path: %5

Error code: %6

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`File_Name` UnicodeString	—
`File_Path` UnicodeString	—
`Error_code` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31500 — The user SPID enabled Lock Keyboard and Mouse on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID enabled Lock Keyboard and Mouse on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 enabled Lock Keyboard and Mouse on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31501 — The user SPID disabled Lock Keyboard and Mouse on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID disabled Lock Keyboard and Mouse on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 disabled Lock Keyboard and Mouse on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31600 — The user SPID has changed to a different session during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID has changed to a different session during the Splashtop remote session (Session_ID).

Message #

The user %1 has changed to a different session during the Splashtop remote session (%2).

App version: %3

Destination session: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`Session_name` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31700 — The user SPID enabled Device Redirection on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID enabled Device Redirection on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 enabled Device Redirection on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Source: %5



Device info

Product name: %6 (%7)

Manufacturer: %8 (%9)

Serial number: %10

VendorID: %11

ProductID: %12

Class type: %13 (%14)

Sub-class type: %15 (%16)

Protocol: %17 (%18)

Device version: %19

Usb version: %20

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`Reason` UnicodeString	—
`Product_Name` UnicodeString	—
`Mounted_Product_Name` UnicodeString	—
`Manufacturer` UnicodeString	—
`Mounted_Manufacturer` UnicodeString	—
`Serial_Numver` UnicodeString	—
`Vendor_ID` UnicodeString	—
`Product_ID` UnicodeString	—
`Class_Type` UnicodeString	—
`Mounted_Class_Type` UnicodeString	—
`SubClass_Type` UnicodeString	—
`Mounted_SubClass_Type` UnicodeString	—
`Protocol` UnicodeString	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`Mounted_Protocol` UnicodeString	—
`Device_Version` UnicodeString	—
`USB_Version` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31701 — The user SPID disabled Device Redirection on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID disabled Device Redirection on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 disabled Device Redirection on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Source: %5



Device info

Product name: %6 (%7)

Manufacturer: %8 (%9)

Serial number: %10

VendorID: %11

ProductID: %12

Class type: %13 (%14)

Sub-class type: %15 (%16)

Protocol: %17 (%18)

Device version: %19

Usb version: %20

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_number` UnicodeString	—
`Reason` UnicodeString	—
`Product_Name` UnicodeString	—
`Mounted_Product_Name` UnicodeString	—
`Manufacturer` UnicodeString	—
`Mounted_Manufacturer` UnicodeString	—
`Serial_Numver` UnicodeString	—
`Vendor_ID` UnicodeString	—
`Product_ID` UnicodeString	—
`Class_Type` UnicodeString	—
`Mounted_Class_Type` UnicodeString	—
`SubClass_Type` UnicodeString	—
`Mounted_SubClass_Type` UnicodeString	—
`Protocol` UnicodeString	— Known values `0` HOPOPT `1` ICMP `2` IGMP `6` TCP `17` UDP `41` IPv6 `43` IPv6-Route `44` IPv6-Frag `47` GRE `50` ESP `51` AH `58` ICMPv6 `89` OSPF `103` PIM `132` SCTP
`Mounted_Protocol` UnicodeString	—
`Device_Version` UnicodeString	—
`USB_Version` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31710 — The user SPID enabled Remote Microphone on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID enabled Remote Microphone on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 enabled Remote Microphone on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_Number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31712 — The user SPID muted Remote Microphone on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID muted Remote Microphone on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 muted Remote Microphone on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_Number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31713 — The user SPID unmuted Remote Microphone on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID unmuted Remote Microphone on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 unmuted Remote Microphone on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_Number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31720 — The user SPID enabled Remote Stylus on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID enabled Remote Stylus on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 enabled Remote Stylus on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_Number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31721 — The user SPID disabled Remote Stylus on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID disabled Remote Stylus on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 disabled Remote Stylus on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_Number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31800 — The user SPID enabled View Only mode on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID enabled View Only mode on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 enabled View Only mode on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_Number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 31801 — The user SPID disabled View Only mode on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Provider: Splashtop-Splashtop Business app-Remote Session
Channel: Operational

Description

The user SPID disabled View Only mode on the remote computer SRS_Name during the Splashtop remote session (Session_ID).

Message #

The user %1 disabled View Only mode on the remote computer %2 during the Splashtop remote session (%3).

App version: %4

Fields #

Name	Description
`SPID` UnicodeString	—
`SRS_Name` UnicodeString	—
`Session_ID` UnicodeString	—
`Version_Number` UnicodeString	—

Community Notes #

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References #

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop