Resubmissions
04/12/2020, 17:06 UTC
201204-4hs2zp9xwe 8Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
04/12/2020, 17:06 UTC
General
-
Target
SurfsharkSetup (5).exe
-
Size
25.2MB
-
MD5
20ee42699b52682eec596dfe400fbae6
-
SHA1
41353e3a82c4baa226210e9325ee6b6b0ef7bf6b
-
SHA256
35ee2cbb9e2b8c9527f93d1653f3dfc096b9b2bd7aa8170cf0e61df3e8a205a7
-
SHA512
502a9f77396554d5d2c59661e00037c72666bc4df9f318c5e397c798f8ba63325993d7f8f4beaa647101f904d431204fd45ce9a8f2ed9b46efeeb5a3c5d29f48
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 6 IoCs
-
Executes dropped EXE 58 IoCs
-
Stops running service(s) 3 TTPs
-
Loads dropped DLL 64 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 36 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Launches sc.exe
Sc.exe is a Windows utlilty to control services on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 64 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Delays execution with timeout.exe 5 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 22 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 12 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 16 IoCs
-
Suspicious use of SendNotifyMessage 6 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Views/modifies file attributes 1 TTPs 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe"C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe"1⤵
- Loads dropped DLL
- Enumerates connected drives
- Drops file in Windows directory
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\SurfsharkTunWin10.exe"C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\SurfsharkTunWin10.exe" /qn2⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark TUN Driver Windows 1.0\install\F72410F\SurfsharkTunWin10.x64.msi" /qn AI_SETUPEXEPATH=C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\SurfsharkTunWin10.exe SETUPEXEDIR=C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1606842131 /qn " AI_EUIMSI=""3⤵
- Enumerates connected drives
-
-
-
C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe"C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 2.7.5000\install\90DBD25\SurfsharkSetup.msi" "AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe" SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ "EXE_CMD_LINE=/exenoupdates /forcecleanup /wintime 1606842131 " CLIENTPROCESSID=1192 CHAINERUIPROCESSID=1192Chainer ALLUSERS=1 "AI_UNINSTALLER=C:\ProgramData\Caphyon\Advanced Installer\{E7AB76D3-32CD-4FF1-911C-C166690DBD25}\SurfsharkSetup.exe" AI_FOUND_PREREQS=".NET Framework 4.6.1 (web installer)" AI_MISSING_PREREQS="Surfshark TUN Driver Windows 10"2⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 2.7.5000\install\90DBD25\SurfsharkSetup.msi" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe" SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1606842131 " CLIENTPROCESSID=1192 CHAINERUIPROCESSID=1192Chainer ALLUSERS=1 AI_UNINSTALLER="C:\ProgramData\Caphyon\Advanced Installer\{E7AB76D3-32CD-4FF1-911C-C166690DBD25}\SurfsharkSetup.exe" AI_FOUND_PREREQS=".NET Framework 4.6.1 (web installer)" AI_MISSING_PREREQS="Surfshark TUN Driver Windows 10" AI_UNINSTALLER="C:\ProgramData\Caphyon\Advanced Installer\{E7AB76D3-32CD-4FF1-911C-C166690DBD25}\SurfsharkSetup.exe" AI_EUIMSI=""3⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding CBA886A243C0EA1632591F11CD86C5CC C2⤵
- Loads dropped DLL
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 241790FB57F5899B4125AD0D6B780A57 C2⤵
- Loads dropped DLL
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 81F0D5CF1B9F005743C43B92BDD458F82⤵
- Loads dropped DLL
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding CE08F505C6BE07C2546C4B3E7B6D69912⤵
- Loads dropped DLL
-
-
C:\Windows\System32\MsiExec.exeC:\Windows\System32\MsiExec.exe -Embedding DE2F8CF08764D838A68187EADB497444 E Global\MSI00002⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 7BF4D176DB6C4C5754086A88CC76DAE7 C2⤵
- Loads dropped DLL
-
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding F3DE0858F12E9D9D705456B0A0478C2F2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe"C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe" /groupsextract:105; /out:"C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites" /callbackid:48723⤵
-
-
-
C:\Windows\Installer\MSID075.tmp"C:\Windows\Installer\MSID075.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver3⤵
-
-
-
C:\Windows\Installer\MSID18F.tmp"C:\Windows\Installer\MSID18F.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver3⤵
-
-
-
C:\Windows\Installer\MSIE5CC.tmp"C:\Windows\Installer\MSIE5CC.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\certutil.exe" -addstore "Root" "C:\Program Files (x86)\Surfshark\Resources\surfshark_ikev2.crt"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\certutil.exe"C:\Windows\SysWOW64\certutil.exe" -addstore "Root" "C:\Program Files (x86)\Surfshark\Resources\surfshark_ikev2.crt"3⤵
-
-
-
C:\Windows\Installer\MSIE6F6.tmp"C:\Windows\Installer\MSIE6F6.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe" "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe"C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe" "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys"3⤵
- Executes dropped EXE
-
-
-
C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\aipackagechainer.exe"C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\aipackagechainer.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\TapInstaller.exe"C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\TapInstaller.exe" /qn3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\AppData\Roaming\Surfshark\Surfshark TAP Driver Windows 1.0\install\C15E6C6\TapInstaller.msi" /qn AI_SETUPEXEPATH=C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\TapInstaller.exe SETUPEXEDIR=C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1606842131 /qn "4⤵
- Enumerates connected drives
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE5D73.bat" "3⤵
-
C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Roaming\SURFSH~1\SURFSH~1\PREREQ~1\AIPACK~1.EXE"4⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\timeout.exeC:\Windows\System32\timeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE5D73.bat"4⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE5D73.bat" "4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" cls"4⤵
-
-
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" install "Surfshark Service" "C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" install "Surfshark Shadowsocks Service" "C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" AppNoConsole 12⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" AppNoConsole 12⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" Description "This service is essential for the app to function, as it allows to enable VPN connection and makes sure all the necessary configurations are up to date."2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" Description "This service is essential for the app to function, as it allows to enable Shadowsocks connection and makes sure all the necessary configurations are up to date."2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" AppThrottle 100002⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" AppThrottle 100002⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" start "Surfshark Service"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" start "Surfshark Shadowsocks Service"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Surfshark.exe"C:\Program Files (x86)\Surfshark\Surfshark.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Modifies system certificate store
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe"C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe" /passive3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe"C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 2.7.7999\install\49C7238\SurfsharkSetup.msi" /passive AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\ "EXE_CMD_LINE=/exenoupdates /forcecleanup /wintime 1606842131 /passive " CLIENTPROCESSID=2068 CHAINERUIPROCESSID=2068Chainer ALLUSERS=1 "AI_UNINSTALLER=C:\ProgramData\Caphyon\Advanced Installer\{5795EF4B-5D61-4FEC-9CAB-39A0849C7238}\SurfsharkSetup.exe" AI_FOUND_PREREQS=".NET Framework 4.6.1 (web installer)|Surfshark TUN Driver Windows 10"4⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\msiexec.exe"C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 2.7.7999\install\49C7238\SurfsharkSetup.msi" /passive AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1606842131 /passive " CLIENTPROCESSID=2068 CHAINERUIPROCESSID=2068Chainer ALLUSERS=1 AI_UNINSTALLER="C:\ProgramData\Caphyon\Advanced Installer\{5795EF4B-5D61-4FEC-9CAB-39A0849C7238}\SurfsharkSetup.exe" AI_FOUND_PREREQS=".NET Framework 4.6.1 (web installer)|Surfshark TUN Driver Windows 10"5⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
-
-
-
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /s /c "timeout 2 & taskkill /IM "Surfshark.exe" /F"3⤵
-
C:\Windows\system32\timeout.exetimeout 24⤵
- Delays execution with timeout.exe
-
-
C:\Windows\system32\taskkill.exetaskkill /IM "Surfshark.exe" /F4⤵
- Kills process with taskkill
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 280D8A5981924E6DA31F37B7EF114262 C2⤵
- Loads dropped DLL
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2B264ACC55BAF69AB899E886ECFEE6E8 E Global\MSI00002⤵
- Loads dropped DLL
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Windows\Installer\MSI552E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259347734 615 SurfsharkTapInstaller!SurfsharkTapInstaller.CustomActions.InstallTapAdapter3⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
-
C:\Program Files (x86)\Surfshark\Surfshark TAP Driver Windows\bin\x64\tapinstall.exe"C:\Program Files (x86)\Surfshark\Surfshark TAP Driver Windows\bin\x64\tapinstall.exe" hwids tapsurfshark4⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
C:\Program Files (x86)\Surfshark\Surfshark TAP Driver Windows\bin\x64\tapinstall.exe"C:\Program Files (x86)\Surfshark\Surfshark TAP Driver Windows\bin\x64\tapinstall.exe" install OemVista.inf tapsurfshark4⤵
- Executes dropped EXE
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
- Modifies system certificate store
-
-
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 322FAD710BF8E5D9D21E8D4B69904C5F C2⤵
- Loads dropped DLL
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 03EDBBC130DCAD506F6F462E14B2B9982⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\Installer\MSI393B.tmp"C:\Windows\Installer\MSI393B.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver3⤵
-
-
-
C:\Windows\Installer\MSI3A07.tmp"C:\Windows\Installer\MSI3A07.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver3⤵
-
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" stop "Surfshark Service"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" stop "Surfshark Shadowsocks Service"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" remove "Surfshark Service" confirm2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" remove "Surfshark Shadowsocks Service" confirm2⤵
- Executes dropped EXE
-
-
C:\Windows\Installer\MSI4B29.tmp"C:\Windows\Installer\MSI4B29.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver3⤵
-
-
-
C:\Windows\Installer\MSI4C05.tmp"C:\Windows\Installer\MSI4C05.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\sc.exe"C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver3⤵
-
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" stop "Surfshark Service"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" stop "Surfshark Shadowsocks Service"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" remove "Surfshark Service" confirm2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" remove "Surfshark Shadowsocks Service" confirm2⤵
- Executes dropped EXE
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D5A48B44E0FCF993812B5DD2C019DA65 E Global\MSI00002⤵
- Modifies data under HKEY_USERS
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\EXE59F3.bat"3⤵
-
C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\attrib.exe -r "C:\PROGRA~3\Caphyon\ADVANC~1\{E7AB7~1\SURFSH~1.EXE"4⤵
- Drops file in Program Files directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\timeout.exeC:\Windows\System32\timeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE59F3.bat"4⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE59F3.bat" "4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" cls"4⤵
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\EXE5A62.bat"3⤵
-
C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\attrib.exe -r "C:\PROGRA~3\Caphyon\ADVANC~1\{E7AB7~1"4⤵
- Drops file in Program Files directory
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\timeout.exeC:\Windows\System32\timeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\timeout.exeC:\Windows\System32\timeout.exe 54⤵
- Delays execution with timeout.exe
-
-
C:\Windows\SysWOW64\attrib.exeC:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE5A62.bat"4⤵
- Views/modifies file attributes
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE5A62.bat" "4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" cls"4⤵
-
-
-
-
C:\Windows\Installer\MSI718F.tmp"C:\Windows\Installer\MSI718F.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\certutil.exe" -addstore "Root" "C:\Program Files (x86)\Surfshark\Resources\surfshark_ikev2.crt"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\certutil.exe"C:\Windows\SysWOW64\certutil.exe" -addstore "Root" "C:\Program Files (x86)\Surfshark\Resources\surfshark_ikev2.crt"3⤵
-
-
-
C:\Windows\Installer\MSI72A9.tmp"C:\Windows\Installer\MSI72A9.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe" "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys"2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe"C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe" "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys"3⤵
- Executes dropped EXE
-
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" install "Surfshark Service" "C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" install "Surfshark Shadowsocks Service" "C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" AppNoConsole 12⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" AppNoConsole 12⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" Description "This service is essential for the app to function, as it allows to enable VPN connection and makes sure all the necessary configurations are up to date."2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" Description "This service is essential for the app to function, as it allows to enable Shadowsocks connection and makes sure all the necessary configurations are up to date."2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" AppThrottle 100002⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" AppThrottle 100002⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" start "Surfshark Service"2⤵
- Executes dropped EXE
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" start "Surfshark Shadowsocks Service"2⤵
- Executes dropped EXE
-
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall1⤵
- Checks SCSI registry key(s)
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "1" "C:\Program Files\Surfshark\Surfshark TUN Driver Windows\x64\wintunshark.Inf" "9" "4baa9febf" "0000000000000178" "WinSta0\Default" "000000000000017C" "208" "C:\Program Files\Surfshark\Surfshark TUN Driver Windows\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "4" "1" "c:\program files (x86)\surfshark\surfshark tap driver windows\drivers\win10\x64\oemvista.inf" "9" "4a1dcec0f" "0000000000000194" "WinSta0\Default" "000000000000016C" "208" "c:\program files (x86)\surfshark\surfshark tap driver windows\drivers\win10\x64"2⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
-
C:\Windows\system32\DrvInst.exeDrvInst.exe "2" "211" "ROOT\NET\0001" "C:\Windows\INF\oem3.inf" "oemvista.inf:3beb73aff103cc24:tapsurfshark.ndi:11.57.35.775:tapsurfshark," "4a1dcec0f" "000000000000019C"2⤵
- Drops file in Drivers directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵
- Checks SCSI registry key(s)
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Surfshark\Resources\x64\devcon.exe"C:\Program Files (x86)\Surfshark\Resources\x64\devcon.exe" remove *wintunshark*3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Modifies data under HKEY_USERS
-
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc1⤵
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\Surfshark\Resources\x64\devcon.exe"C:\Program Files (x86)\Surfshark\Resources\x64\devcon.exe" remove *wintunshark*3⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
-
-
-
C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"2⤵
- Executes dropped EXE
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -s NetSetupSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc1⤵
- Checks SCSI registry key(s)
Network
-
DNSctldl.windowsupdate.comRemote address:8.8.8.8:53Requestctldl.windowsupdate.comIN AResponsectldl.windowsupdate.comIN CNAMEau-bg-shim.trafficmanager.netau-bg-shim.trafficmanager.netIN CNAMEaudownload.windowsupdate.nsatc.netaudownload.windowsupdate.nsatc.netIN CNAMEauto.au.download.windowsupdate.com.c.footprint.netauto.au.download.windowsupdate.com.c.footprint.netIN A8.241.88.254auto.au.download.windowsupdate.com.c.footprint.netIN A8.238.21.126auto.au.download.windowsupdate.com.c.footprint.netIN A67.27.153.254auto.au.download.windowsupdate.com.c.footprint.netIN A8.253.145.105auto.au.download.windowsupdate.com.c.footprint.netIN A8.238.111.126 -
DNSgo.microsoft.comRemote address:8.8.8.8:53Requestgo.microsoft.comIN AResponsego.microsoft.comIN CNAMEgo.microsoft.com.edgekey.netgo.microsoft.com.edgekey.netIN CNAMEe11290.dspg.akamaiedge.nete11290.dspg.akamaiedge.netIN A23.38.17.26
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2058
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:07:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:07:41 GMT
Connection: close
-
DNSdmd.metaservices.microsoft.comRemote address:8.8.8.8:53Requestdmd.metaservices.microsoft.comIN AResponsedmd.metaservices.microsoft.comIN CNAMEdevicemetadataservice.trafficmanager.netdevicemetadataservice.trafficmanager.netIN CNAMEvmss-prod-eas.eastasia.cloudapp.azure.comvmss-prod-eas.eastasia.cloudapp.azure.comIN A20.189.118.208
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2058
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:07:41 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1734
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:07:41 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1728
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:07:41 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1728
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:07:42 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1728
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2060
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:08 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1736
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:08 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:09 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:09 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2060
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:09 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1736
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:09 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:10 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:10 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2060
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:20 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1736
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:21 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:21 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:21 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1730
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:07:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:07:41 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:07:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:07:41 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:07:41 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:07:41 GMT
Connection: close
-
DNSsessions.bugsnag.comRemote address:8.8.8.8:53Requestsessions.bugsnag.comIN AResponsesessions.bugsnag.comIN A35.190.88.7
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2060
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:08 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:08 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:08 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:08 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:09 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2060
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:09 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:09 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:09 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:09 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:10 GMT
Connection: close
-
DNSip.surfshark.comRemote address:8.8.8.8:53Requestip.surfshark.comIN AResponseip.surfshark.comIN A188.40.198.84
-
GEThttp://ip.surfshark.com/Remote address:188.40.198.84:80RequestGET / HTTP/1.1
Host: ip.surfshark.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Server: nginx/1.14.0
Date: Fri, 04 Dec 2020 17:08:19 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
-
DNSapi.surfshark.comRemote address:8.8.8.8:53Requestapi.surfshark.comIN AResponseapi.surfshark.comIN A104.20.106.83api.surfshark.comIN A172.67.17.41api.surfshark.comIN A104.20.107.83
-
DNSip6.surfshark.comRemote address:8.8.8.8:53Requestip6.surfshark.comIN AResponse
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2060
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:20 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:20 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:20 GMT
Connection: close
-
DNSfwd.s0r4nd0m.comRemote address:8.8.8.8:53Requestfwd.s0r4nd0m.comIN AResponsefwd.s0r4nd0m.comIN A104.28.1.242fwd.s0r4nd0m.comIN A104.28.0.242fwd.s0r4nd0m.comIN A172.67.161.102
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:21 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:23.38.17.26:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1244
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:08:21 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:08:21 GMT
Connection: close
-
DNStime.windows.comRemote address:8.8.8.8:53Requesttime.windows.comIN AResponsetime.windows.comIN CNAMEtime.microsoft.akadns.nettime.microsoft.akadns.netIN A51.105.208.173
-
DNSdownloads.surfshark.comRemote address:8.8.8.8:53Requestdownloads.surfshark.comIN AResponsedownloads.surfshark.comIN A104.20.107.83downloads.surfshark.comIN A104.20.106.83downloads.surfshark.comIN A172.67.17.41
-
DNSsecure.globalsign.comRemote address:8.8.8.8:53Requestsecure.globalsign.comIN AResponsesecure.globalsign.comIN CNAMEglobal.prd.cdn.globalsign.comglobal.prd.cdn.globalsign.comIN CNAMEcdn.globalsigncdn.com.cdn.cloudflare.netcdn.globalsigncdn.com.cdn.cloudflare.netIN A104.18.20.226cdn.globalsigncdn.com.cdn.cloudflare.netIN A104.18.21.226
-
GEThttp://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crtRemote address:104.18.20.226:80RequestGET /cacert/gsextendcodesignsha2g3ocsp.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: secure.globalsign.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:08:28 GMT
Content-Type: application/x-x509-ca-cert
Content-Length: 1195
Connection: keep-alive
Set-Cookie: __cfduid=d96ac612b21e3c9bc578060572db4222d1607101708; expires=Sun, 03-Jan-21 17:08:28 GMT; path=/; domain=.globalsign.com; HttpOnly; SameSite=Lax
Last-Modified: Thu, 16 Jun 2016 03:01:29 GMT
ETag: "57621689-4ab"
CF-Cache-Status: HIT
Age: 54114
Expires: Mon, 04 Jan 2021 17:08:28 GMT
Cache-Control: public, max-age=2678400
Accept-Ranges: bytes
cf-request-id: 06d053105b0000d8c5d4aeb000000001
Server: cloudflare
CF-RAY: 5fc7212d58d5d8c5-AMS
-
DNSsessions.bugsnag.comRemote address:8.8.8.8:53Requestsessions.bugsnag.comIN AResponsesessions.bugsnag.comIN A35.190.88.7
-
DNSgo.microsoft.comRemote address:8.8.8.8:53Requestgo.microsoft.comIN AResponsego.microsoft.comIN CNAMEgo.microsoft.com.edgekey.netgo.microsoft.com.edgekey.netIN CNAMEe11290.dspg.akamaiedge.nete11290.dspg.akamaiedge.netIN A104.69.249.43
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:104.69.249.43:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2058
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:09:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:09:46 GMT
Connection: close
-
DNSdmd.metaservices.microsoft.comRemote address:8.8.8.8:53Requestdmd.metaservices.microsoft.comIN AResponsedmd.metaservices.microsoft.comIN CNAMEdevicemetadataservice.trafficmanager.netdevicemetadataservice.trafficmanager.netIN CNAMEvmss-prod-eas.eastasia.cloudapp.azure.comvmss-prod-eas.eastasia.cloudapp.azure.comIN A20.189.118.208
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2058
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:09:47 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1734
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:09:47 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1728
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:09:47 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1728
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://dmd.metaservices.microsoft.com/metadata.svcRemote address:20.189.118.208:80RequestPOST /metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: dmd.metaservices.microsoft.com
ResponseHTTP/1.1 200 OK
Date: Fri, 04 Dec 2020 17:09:47 GMT
Content-Type: text/xml; charset=utf-16LE
Content-Length: 1728
Connection: keep-alive
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
Access-Control-Expose-Headers: Request-Context
X-Powered-By: ASP.NET
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:104.69.249.43:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:09:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:09:47 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:104.69.249.43:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:09:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:09:47 GMT
Connection: close
-
POSThttp://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409Remote address:104.69.249.43:80RequestPOST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1242
Host: go.microsoft.com
ResponseHTTP/1.1 302 Moved Temporarily
Server: AkamaiGHost
Content-Length: 0
Location: http://dmd.metaservices.microsoft.com/metadata.svc
Expires: Fri, 04 Dec 2020 17:09:47 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Fri, 04 Dec 2020 17:09:47 GMT
Connection: close
-
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
20.189.118.208:80http://dmd.metaservices.microsoft.com/metadata.svchttp
HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
35.190.88.7:443sessions.bugsnag.comtls
-
35.190.88.7:443sessions.bugsnag.comtls
-
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
188.40.198.84:80http://ip.surfshark.com/http
HTTP Request
GET http://ip.surfshark.com/HTTP Response
200 -
104.20.106.83:443api.surfshark.comtls
-
104.20.107.83:443api.surfshark.comtls
-
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
104.20.107.83:443api.surfshark.comtls
-
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
35.190.88.7:443sessions.bugsnag.comtls
-
104.28.0.242:443fwd.s0r4nd0m.comtls
-
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
104.28.1.242:443fwd.s0r4nd0m.comtls
-
23.38.17.26:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
92.249.36.197:8443
-
92.249.36.197:80http
-
92.249.36.197:443https
-
104.20.106.83:443api.surfshark.comtls
-
172.67.161.102:443fwd.s0r4nd0m.comtls
-
172.67.17.41:443api.surfshark.comtls
-
104.20.107.83:443api.surfshark.comtls
-
104.20.107.83:443downloads.surfshark.comtls
-
172.67.17.41:443downloads.surfshark.comtls
-
104.18.20.226:80http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crthttp
HTTP Request
GET http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crtHTTP Response
200 -
104.20.107.83:443api.surfshark.comtls
-
104.20.107.83:443api.surfshark.comtls
-
104.20.107.83:443api.surfshark.comtls
-
104.20.106.83:443api.surfshark.comtls
-
35.190.88.7:443sessions.bugsnag.comtls
-
35.190.88.7:443sessions.bugsnag.comtls
-
104.69.249.43:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
20.189.118.208:80http://dmd.metaservices.microsoft.com/metadata.svchttp
HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200HTTP Request
POST http://dmd.metaservices.microsoft.com/metadata.svcHTTP Response
200 -
104.69.249.43:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
104.69.249.43:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302 -
104.69.249.43:80http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409http
HTTP Request
POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409HTTP Response
302
-
8.8.8.8:53ctldl.windowsupdate.comdns
DNS Request
ctldl.windowsupdate.com
DNS Response
8.241.88.2548.238.21.12667.27.153.2548.253.145.1058.238.111.126
-
8.8.8.8:53go.microsoft.comdns
DNS Request
go.microsoft.com
DNS Response
23.38.17.26
-
8.8.8.8:53dmd.metaservices.microsoft.comdns
DNS Request
dmd.metaservices.microsoft.com
DNS Response
20.189.118.208
-
8.8.8.8:53sessions.bugsnag.comdns
DNS Request
sessions.bugsnag.com
DNS Response
35.190.88.7
-
8.8.8.8:53ip.surfshark.comdns
DNS Request
ip.surfshark.com
DNS Response
188.40.198.84
-
8.8.8.8:53api.surfshark.comdns
DNS Request
api.surfshark.com
DNS Response
104.20.106.83172.67.17.41104.20.107.83
-
8.8.8.8:53ip6.surfshark.comdns
DNS Request
ip6.surfshark.com
-
8.8.8.8:53fwd.s0r4nd0m.comdns
DNS Request
fwd.s0r4nd0m.com
DNS Response
104.28.1.242104.28.0.242172.67.161.102
-
8.8.8.8:53time.windows.comdns
DNS Request
time.windows.com
DNS Response
51.105.208.173
-
51.105.208.173:123time.windows.comntp
-
92.249.36.197:51820
-
92.249.36.197:500
-
92.249.36.197:4500
-
92.249.36.197:3433
-
8.8.8.8:53downloads.surfshark.comdns
DNS Request
downloads.surfshark.com
DNS Response
104.20.107.83104.20.106.83172.67.17.41
-
8.8.8.8:53secure.globalsign.comdns
DNS Request
secure.globalsign.com
DNS Response
104.18.20.226104.18.21.226
-
8.8.8.8:53sessions.bugsnag.comdns
DNS Request
sessions.bugsnag.com
DNS Response
35.190.88.7
-
8.8.8.8:53go.microsoft.comdns
DNS Request
go.microsoft.com
DNS Response
104.69.249.43
-
8.8.8.8:53dmd.metaservices.microsoft.comdns
DNS Request
dmd.metaservices.microsoft.com
DNS Response
20.189.118.208
MITRE ATT&CK Enterprise v6
Persistence
Hidden Files and Directories
1Modify Existing Service
1Registry Run Keys / Startup Folder
1Defense Evasion
Hidden Files and Directories
1Impair Defenses
1Install Root Certificate
1Modify Registry
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
-
Filesize
4KB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
48KB
-
Filesize
64KB
-
Filesize
32KB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
16KB
-
Filesize
4KB
-
Filesize
352KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
56KB
-
Filesize
84KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
80KB
-
Filesize
4KB
-
Filesize
56KB
-
Filesize
540KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
228KB
-
Filesize
44KB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
4KB
-
Filesize
96KB
-
Filesize
80KB
-
Filesize
96KB
-
Filesize
80KB
-
Filesize
40KB
-
Filesize
4KB
-
Filesize
84KB
-
Filesize
9.9MB
-
Filesize
4KB
-
Filesize
84KB
-
Filesize
16KB
-
Filesize
88KB
-
Filesize
80KB
-
Filesize
4KB
-
Filesize
80KB
-
Filesize
64KB
-
Filesize
24KB
-
Filesize
88KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
80KB
-
Filesize
80KB
-
Filesize
4KB
-
Filesize
16KB
-
Filesize
4KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
684KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
820KB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
72KB
-
Filesize
228KB
-
Filesize
4KB
-
Filesize
464KB
-
Filesize
216KB
-
Filesize
4.0MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
9.9MB
-
Filesize
4.0MB
-
Filesize
24KB
-
Filesize
6.9MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
24KB
-
Filesize
4KB