Splashtop-Splashtop Streamer-Remote Session

16 events across 1 channel

Event ID	Title	Channel
1000	A Splashtop remote session has started to this computer by from the device.	Operational
1001	The Splashtop remote session (%1) has ended.	Operational
1100	A file was transferred during the Splashtop remote session (%1).	Operational
1101	A file was transferred during the Splashtop remote session (%1).	Operational
1110	A file was transferred during the Splashtop remote session (%1).	Operational
1111	A file was transferred during the Splashtop remote session (%1).	Operational
1200	The user enabled blank Screen during the Splashtop remote session.	Operational
1201	The user disabled blank Screen during the Splashtop remote session.	Operational
1300	The user triggered Normal Reboot during the Splashtop remote session.	Operational
1310	The user triggered Safe Mode Reboot during the Splashtop remote session.	Operational
1500	The user enabled Lock Keyboard and Mouse during the Splashtop remote session.	Operational
1501	The user disabled Lock Keyboard and Mouse during the Splashtop remote session.	Operational
1600	The user has changed to a different session during the Splashtop remote session.	Operational
1700	The user enabled Device Redirection during the Splashtop remote session.	Operational
1701	The user disabled Device Redirection during the Splashtop remote session.	Operational
1710	The user enabled Remote Microphone during the Splashtop remote session.	Operational

Event ID 1000 — A Splashtop remote session has started to this computer by from the device.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

A Splashtop remote session (%1) has started to this computer by %2 from the device %3.

App version: %4

Fields

Name	Description
`Session_ID`	—
`SPID`	—
`SRC_Name`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1001 — The Splashtop remote session (%1) has ended.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The Splashtop remote session (%1) has ended. The remote session lasted %2.

App version: %3

Fields

Name	Description
`Session_ID`	—
`Duration_Time`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1100 — A file was transferred during the Splashtop remote session (%1).

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: N/A

Fields

Name	Description
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`SRS_Name`	—
`SRS_Path`	—
`SRC_Name`	—
`SRC_Path`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1101 — A file was transferred during the Splashtop remote session (%1).

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error cod: N/A

Fields

Name	Description
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`SRC_Name`	—
`SRC_Path`	—
`SRS_Name`	—
`SRS_Path`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1110 — A file was transferred during the Splashtop remote session (%1).

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: %8

Fields

Name	Description
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`SRS_Name`	—
`SRS_Path`	—
`SRC_Name`	—
`SRC_Path`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1111 — A file was transferred during the Splashtop remote session (%1).

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

A file was transferred during the Splashtop remote session (%1).

App version: %2

File name: %3

From: %4 (%5)

To: %6 (%7)

Error code: %8

Fields

Name	Description
`Session_ID`	—
`Version_number`	—
`File_Name`	—
`SRC_Name`	—
`SRC_Path`	—
`SRS_Name`	—
`SRS_Path`	—
`Error_code`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1200 — The user enabled blank Screen during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 enabled blank Screen during the Splashtop remote session (%2).

App version: %3

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1201 — The user disabled blank Screen during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 disabled blank Screen during the Splashtop remote session (%2).

App version: %3

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1300 — The user triggered Normal Reboot during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 triggered Normal Reboot during the Splashtop remote session (%2).

App version: %3

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1310 — The user triggered Safe Mode Reboot during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 triggered Safe Mode Reboot during the Splashtop remote session (%2).

App version: %3

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1500 — The user enabled Lock Keyboard and Mouse during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 enabled Lock Keyboard and Mouse during the Splashtop remote session (%2).

App version: %3

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1501 — The user disabled Lock Keyboard and Mouse during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 disabled Lock Keyboard and Mouse during the Splashtop remote session (%2).

App version: %3

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1600 — The user has changed to a different session during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 has changed to a different session during the Splashtop remote session (%2).

App version: %3

To: %4

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`Terminal_Session_ID`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1700 — The user enabled Device Redirection during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 enabled Device Redirection during the Splashtop remote session (%2).

App version: %3

Source: %4



Device info

Product name: %5 (%6)

Manufacturer: %7 (%8)

Serial number: %9

VendorID: %10

ProductID: %11

Class type: %12 (%13)

Sub-class type: %14 (%15)

Protocol: %16 (%17)

Device version: %18

Usb version: %19

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`Reason`	—
`Product_Name`	—
`Mounted_Product_Name`	—
`Manufacturer`	—
`Mounted_Manufacturer`	—
`Serial_Numver`	—
`Vendor_ID`	—
`Product_ID`	—
`Class_Type`	—
`Mounted_Class_Type`	—
`SubClass_Type`	—
`Mounted_SubClass_Type`	—
`Protocol`	—
`Mounted_Protocol`	—
`Device_Version`	—
`USB_Version`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1701 — The user disabled Device Redirection during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 disabled Device Redirection during the Splashtop remote session (%2).

App version: %3

Source: %4



Device info

Product name: %5 (%6)

Manufacturer: %7 (%8)

Serial number: %9

VendorID: %10

ProductID: %11

Class type: %12 (%13)

Sub-class type: %14 (%15)

Protocol: %16 (%17)

Device version: %18

Usb version: %19

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—
`Reason`	—
`Product_Name`	—
`Mounted_Product_Name`	—
`Manufacturer`	—
`Mounted_Manufacturer`	—
`Serial_Numver`	—
`Vendor_ID`	—
`Product_ID`	—
`Class_Type`	—
`Mounted_Class_Type`	—
`SubClass_Type`	—
`Mounted_SubClass_Type`	—
`Protocol`	—
`Mounted_Protocol`	—
`Device_Version`	—
`USB_Version`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop

Event ID 1710 — The user enabled Remote Microphone during the Splashtop remote session.

Provider: Splashtop-Splashtop Streamer-Remote Session
Channel: Operational

Message

The user %1 enabled Remote Microphone during the Splashtop remote session (%2).

App version: %3

Fields

Name	Description
`SPID`	—
`Session_ID`	—
`Version_number`	—

Community Notes

Legitimate RATs: a comprehensive forensic analysis of the usual suspects

References

RULER Project https://ruler-project.github.io/ruler-project/RULER/remote/Splashtop