Resubmissions

04/12/2020, 17:06 UTC

201204-4hs2zp9xwe 8

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    04/12/2020, 17:06 UTC

General

  • Target

    SurfsharkSetup (5).exe

  • Size

    25.2MB

  • MD5

    20ee42699b52682eec596dfe400fbae6

  • SHA1

    41353e3a82c4baa226210e9325ee6b6b0ef7bf6b

  • SHA256

    35ee2cbb9e2b8c9527f93d1653f3dfc096b9b2bd7aa8170cf0e61df3e8a205a7

  • SHA512

    502a9f77396554d5d2c59661e00037c72666bc4df9f318c5e397c798f8ba63325993d7f8f4beaa647101f904d431204fd45ce9a8f2ed9b46efeeb5a3c5d29f48

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 6 IoCs
  • Executes dropped EXE 58 IoCs
  • Stops running service(s) 3 TTPs
  • Loads dropped DLL 64 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 36 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Launches sc.exe

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 5 IoCs
  • Kills process with taskkill 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 22 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 16 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe
    "C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1192
    • C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\SurfsharkTunWin10.exe
      "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\SurfsharkTunWin10.exe" /qn
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2152
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark TUN Driver Windows 1.0\install\F72410F\SurfsharkTunWin10.x64.msi" /qn AI_SETUPEXEPATH=C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\SurfsharkTunWin10.exe SETUPEXEDIR=C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1606842131 /qn " AI_EUIMSI=""
        3⤵
        • Enumerates connected drives
        PID:952
    • C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe
      "C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 2.7.5000\install\90DBD25\SurfsharkSetup.msi" "AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe" SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ "EXE_CMD_LINE=/exenoupdates /forcecleanup /wintime 1606842131 " CLIENTPROCESSID=1192 CHAINERUIPROCESSID=1192Chainer ALLUSERS=1 "AI_UNINSTALLER=C:\ProgramData\Caphyon\Advanced Installer\{E7AB76D3-32CD-4FF1-911C-C166690DBD25}\SurfsharkSetup.exe" AI_FOUND_PREREQS=".NET Framework 4.6.1 (web installer)" AI_MISSING_PREREQS="Surfshark TUN Driver Windows 10"
      2⤵
      • Enumerates connected drives
      • Suspicious use of WriteProcessMemory
      PID:4352
      • C:\Windows\SysWOW64\msiexec.exe
        "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 2.7.5000\install\90DBD25\SurfsharkSetup.msi" AI_SETUPEXEPATH="C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe" SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1606842131 " CLIENTPROCESSID=1192 CHAINERUIPROCESSID=1192Chainer ALLUSERS=1 AI_UNINSTALLER="C:\ProgramData\Caphyon\Advanced Installer\{E7AB76D3-32CD-4FF1-911C-C166690DBD25}\SurfsharkSetup.exe" AI_FOUND_PREREQS=".NET Framework 4.6.1 (web installer)" AI_MISSING_PREREQS="Surfshark TUN Driver Windows 10" AI_UNINSTALLER="C:\ProgramData\Caphyon\Advanced Installer\{E7AB76D3-32CD-4FF1-911C-C166690DBD25}\SurfsharkSetup.exe" AI_EUIMSI=""
        3⤵
        • Enumerates connected drives
        • Suspicious use of FindShellTrayWindow
        PID:4420
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:188
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding CBA886A243C0EA1632591F11CD86C5CC C
      2⤵
      • Loads dropped DLL
      PID:3672
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 241790FB57F5899B4125AD0D6B780A57 C
      2⤵
      • Loads dropped DLL
      PID:624
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 81F0D5CF1B9F005743C43B92BDD458F8
      2⤵
      • Loads dropped DLL
      PID:2208
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding CE08F505C6BE07C2546C4B3E7B6D6991
      2⤵
      • Loads dropped DLL
      PID:2168
    • C:\Windows\System32\MsiExec.exe
      C:\Windows\System32\MsiExec.exe -Embedding DE2F8CF08764D838A68187EADB497444 E Global\MSI0000
      2⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      PID:3860
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 7BF4D176DB6C4C5754086A88CC76DAE7 C
      2⤵
      • Loads dropped DLL
      PID:4304
    • C:\Windows\system32\srtasks.exe
      C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
      2⤵
        PID:4804
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding F3DE0858F12E9D9D705456B0A0478C2F
        2⤵
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4872
        • C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe
          "C:\Users\Admin\AppData\Local\Temp\SurfsharkSetup (5).exe" /groupsextract:105; /out:"C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites" /callbackid:4872
          3⤵
            PID:4656
        • C:\Windows\Installer\MSID075.tmp
          "C:\Windows\Installer\MSID075.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver
          2⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:5012
          • C:\Windows\SysWOW64\sc.exe
            "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver
            3⤵
              PID:5056
          • C:\Windows\Installer\MSID18F.tmp
            "C:\Windows\Installer\MSID18F.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver
            2⤵
            • Executes dropped EXE
            • Suspicious use of WriteProcessMemory
            PID:5108
            • C:\Windows\SysWOW64\sc.exe
              "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver
              3⤵
                PID:4020
            • C:\Windows\Installer\MSIE5CC.tmp
              "C:\Windows\Installer\MSIE5CC.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\certutil.exe" -addstore "Root" "C:\Program Files (x86)\Surfshark\Resources\surfshark_ikev2.crt"
              2⤵
              • Executes dropped EXE
              • Suspicious use of WriteProcessMemory
              PID:3868
              • C:\Windows\SysWOW64\certutil.exe
                "C:\Windows\SysWOW64\certutil.exe" -addstore "Root" "C:\Program Files (x86)\Surfshark\Resources\surfshark_ikev2.crt"
                3⤵
                  PID:2656
              • C:\Windows\Installer\MSIE6F6.tmp
                "C:\Windows\Installer\MSIE6F6.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe" "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys"
                2⤵
                • Executes dropped EXE
                • Suspicious use of WriteProcessMemory
                PID:4340
                • C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe
                  "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe" "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys"
                  3⤵
                  • Executes dropped EXE
                  PID:4516
              • C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\aipackagechainer.exe
                "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\aipackagechainer.exe"
                2⤵
                • Executes dropped EXE
                • Drops file in Windows directory
                • Modifies data under HKEY_USERS
                • Suspicious use of FindShellTrayWindow
                PID:4572
                • C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\TapInstaller.exe
                  "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\TapInstaller.exe" /qn
                  3⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Enumerates connected drives
                  • Suspicious use of FindShellTrayWindow
                  PID:4636
                  • C:\Windows\SysWOW64\msiexec.exe
                    "C:\Windows\system32\msiexec.exe" /i "C:\AppData\Roaming\Surfshark\Surfshark TAP Driver Windows 1.0\install\C15E6C6\TapInstaller.msi" /qn AI_SETUPEXEPATH=C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\TapInstaller.exe SETUPEXEDIR=C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark\prerequisites\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1606842131 /qn "
                    4⤵
                    • Enumerates connected drives
                    PID:5104
                • C:\Windows\SysWOW64\cmd.exe
                  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EXE5D73.bat" "
                  3⤵
                    PID:2300
                    • C:\Windows\SysWOW64\attrib.exe
                      C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Roaming\SURFSH~1\SURFSH~1\PREREQ~1\AIPACK~1.EXE"
                      4⤵
                      • Views/modifies file attributes
                      PID:2120
                    • C:\Windows\SysWOW64\timeout.exe
                      C:\Windows\System32\timeout.exe 5
                      4⤵
                      • Delays execution with timeout.exe
                      PID:2292
                    • C:\Windows\SysWOW64\attrib.exe
                      C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE5D73.bat"
                      4⤵
                      • Views/modifies file attributes
                      PID:1624
                    • C:\Windows\SysWOW64\cmd.exe
                      C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE5D73.bat" "
                      4⤵
                        PID:192
                      • C:\Windows\SysWOW64\cmd.exe
                        C:\Windows\system32\cmd.exe /S /D /c" cls"
                        4⤵
                          PID:980
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" install "Surfshark Service" "C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"
                      2⤵
                      • Executes dropped EXE
                      PID:4772
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" install "Surfshark Shadowsocks Service" "C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"
                      2⤵
                      • Executes dropped EXE
                      PID:4788
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" AppNoConsole 1
                      2⤵
                      • Executes dropped EXE
                      PID:5096
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" AppNoConsole 1
                      2⤵
                      • Executes dropped EXE
                      PID:4116
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" Description "This service is essential for the app to function, as it allows to enable VPN connection and makes sure all the necessary configurations are up to date."
                      2⤵
                      • Executes dropped EXE
                      PID:4120
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" Description "This service is essential for the app to function, as it allows to enable Shadowsocks connection and makes sure all the necessary configurations are up to date."
                      2⤵
                      • Executes dropped EXE
                      PID:3720
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" AppThrottle 10000
                      2⤵
                      • Executes dropped EXE
                      PID:776
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" AppThrottle 10000
                      2⤵
                      • Executes dropped EXE
                      PID:2168
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" start "Surfshark Service"
                      2⤵
                      • Executes dropped EXE
                      PID:2060
                    • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                      "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" start "Surfshark Shadowsocks Service"
                      2⤵
                      • Executes dropped EXE
                      PID:2120
                    • C:\Program Files (x86)\Surfshark\Surfshark.exe
                      "C:\Program Files (x86)\Surfshark\Surfshark.exe"
                      2⤵
                      • Executes dropped EXE
                      • Adds Run key to start application
                      • Modifies system certificate store
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:1544
                      • C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe
                        "C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe" /passive
                        3⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        • Enumerates connected drives
                        • Suspicious use of FindShellTrayWindow
                        PID:2068
                        • C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe
                          "C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 2.7.7999\install\49C7238\SurfsharkSetup.msi" /passive AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\ "EXE_CMD_LINE=/exenoupdates /forcecleanup /wintime 1606842131 /passive " CLIENTPROCESSID=2068 CHAINERUIPROCESSID=2068Chainer ALLUSERS=1 "AI_UNINSTALLER=C:\ProgramData\Caphyon\Advanced Installer\{5795EF4B-5D61-4FEC-9CAB-39A0849C7238}\SurfsharkSetup.exe" AI_FOUND_PREREQS=".NET Framework 4.6.1 (web installer)|Surfshark TUN Driver Windows 10"
                          4⤵
                          • Executes dropped EXE
                          PID:4136
                          • C:\Windows\SysWOW64\msiexec.exe
                            "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Surfshark\Surfshark 2.7.7999\install\49C7238\SurfsharkSetup.msi" /passive AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\hqn0ieg3.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Surfshark\Updates\default\2.7.5.0\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1606842131 /passive " CLIENTPROCESSID=2068 CHAINERUIPROCESSID=2068Chainer ALLUSERS=1 AI_UNINSTALLER="C:\ProgramData\Caphyon\Advanced Installer\{5795EF4B-5D61-4FEC-9CAB-39A0849C7238}\SurfsharkSetup.exe" AI_FOUND_PREREQS=".NET Framework 4.6.1 (web installer)|Surfshark TUN Driver Windows 10"
                            5⤵
                            • Enumerates connected drives
                            • Suspicious use of FindShellTrayWindow
                            PID:3172
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /s /c "timeout 2 & taskkill /IM "Surfshark.exe" /F"
                        3⤵
                          PID:1160
                          • C:\Windows\system32\timeout.exe
                            timeout 2
                            4⤵
                            • Delays execution with timeout.exe
                            PID:3900
                          • C:\Windows\system32\taskkill.exe
                            taskkill /IM "Surfshark.exe" /F
                            4⤵
                            • Kills process with taskkill
                            PID:2060
                      • C:\Windows\syswow64\MsiExec.exe
                        C:\Windows\syswow64\MsiExec.exe -Embedding 280D8A5981924E6DA31F37B7EF114262 C
                        2⤵
                        • Loads dropped DLL
                        PID:4196
                      • C:\Windows\syswow64\MsiExec.exe
                        C:\Windows\syswow64\MsiExec.exe -Embedding 2B264ACC55BAF69AB899E886ECFEE6E8 E Global\MSI0000
                        2⤵
                        • Loads dropped DLL
                        PID:4756
                        • C:\Windows\SysWOW64\rundll32.exe
                          rundll32.exe "C:\Windows\Installer\MSI552E.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_259347734 615 SurfsharkTapInstaller!SurfsharkTapInstaller.CustomActions.InstallTapAdapter
                          3⤵
                          • Loads dropped DLL
                          • Drops file in System32 directory
                          • Drops file in Windows directory
                          PID:4460
                          • C:\Program Files (x86)\Surfshark\Surfshark TAP Driver Windows\bin\x64\tapinstall.exe
                            "C:\Program Files (x86)\Surfshark\Surfshark TAP Driver Windows\bin\x64\tapinstall.exe" hwids tapsurfshark
                            4⤵
                            • Executes dropped EXE
                            • Checks SCSI registry key(s)
                            PID:4364
                          • C:\Program Files (x86)\Surfshark\Surfshark TAP Driver Windows\bin\x64\tapinstall.exe
                            "C:\Program Files (x86)\Surfshark\Surfshark TAP Driver Windows\bin\x64\tapinstall.exe" install OemVista.inf tapsurfshark
                            4⤵
                            • Executes dropped EXE
                            • Drops file in System32 directory
                            • Checks SCSI registry key(s)
                            • Modifies data under HKEY_USERS
                            • Modifies system certificate store
                            PID:3228
                      • C:\Windows\syswow64\MsiExec.exe
                        C:\Windows\syswow64\MsiExec.exe -Embedding 322FAD710BF8E5D9D21E8D4B69904C5F C
                        2⤵
                        • Loads dropped DLL
                        PID:2664
                      • C:\Windows\syswow64\MsiExec.exe
                        C:\Windows\syswow64\MsiExec.exe -Embedding 03EDBBC130DCAD506F6F462E14B2B998
                        2⤵
                        • Loads dropped DLL
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2084
                      • C:\Windows\Installer\MSI393B.tmp
                        "C:\Windows\Installer\MSI393B.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver
                        2⤵
                        • Executes dropped EXE
                        PID:4992
                        • C:\Windows\SysWOW64\sc.exe
                          "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver
                          3⤵
                            PID:1524
                        • C:\Windows\Installer\MSI3A07.tmp
                          "C:\Windows\Installer\MSI3A07.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver
                          2⤵
                          • Executes dropped EXE
                          PID:4524
                          • C:\Windows\SysWOW64\sc.exe
                            "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver
                            3⤵
                              PID:4680
                          • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                            "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" stop "Surfshark Service"
                            2⤵
                            • Executes dropped EXE
                            PID:4140
                          • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                            "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" stop "Surfshark Shadowsocks Service"
                            2⤵
                            • Executes dropped EXE
                            PID:4876
                          • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                            "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" remove "Surfshark Service" confirm
                            2⤵
                            • Executes dropped EXE
                            PID:4188
                          • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                            "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" remove "Surfshark Shadowsocks Service" confirm
                            2⤵
                            • Executes dropped EXE
                            PID:5044
                          • C:\Windows\Installer\MSI4B29.tmp
                            "C:\Windows\Installer\MSI4B29.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver
                            2⤵
                            • Executes dropped EXE
                            PID:4312
                            • C:\Windows\SysWOW64\sc.exe
                              "C:\Windows\SysWOW64\sc.exe" stop SurfsharkSplitTunnelDriver
                              3⤵
                                PID:4696
                            • C:\Windows\Installer\MSI4C05.tmp
                              "C:\Windows\Installer\MSI4C05.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver
                              2⤵
                              • Executes dropped EXE
                              PID:3016
                              • C:\Windows\SysWOW64\sc.exe
                                "C:\Windows\SysWOW64\sc.exe" delete SurfsharkSplitTunnelDriver
                                3⤵
                                  PID:4244
                              • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" stop "Surfshark Service"
                                2⤵
                                • Executes dropped EXE
                                PID:5064
                              • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" stop "Surfshark Shadowsocks Service"
                                2⤵
                                • Executes dropped EXE
                                PID:4892
                              • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" remove "Surfshark Service" confirm
                                2⤵
                                • Executes dropped EXE
                                PID:4344
                              • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" remove "Surfshark Shadowsocks Service" confirm
                                2⤵
                                • Executes dropped EXE
                                PID:1552
                              • C:\Windows\syswow64\MsiExec.exe
                                C:\Windows\syswow64\MsiExec.exe -Embedding D5A48B44E0FCF993812B5DD2C019DA65 E Global\MSI0000
                                2⤵
                                • Modifies data under HKEY_USERS
                                PID:3872
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\EXE59F3.bat"
                                  3⤵
                                    PID:4576
                                    • C:\Windows\SysWOW64\attrib.exe
                                      C:\Windows\System32\attrib.exe -r "C:\PROGRA~3\Caphyon\ADVANC~1\{E7AB7~1\SURFSH~1.EXE"
                                      4⤵
                                      • Drops file in Program Files directory
                                      • Views/modifies file attributes
                                      PID:3116
                                    • C:\Windows\SysWOW64\timeout.exe
                                      C:\Windows\System32\timeout.exe 5
                                      4⤵
                                      • Delays execution with timeout.exe
                                      PID:4676
                                    • C:\Windows\SysWOW64\attrib.exe
                                      C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE59F3.bat"
                                      4⤵
                                      • Views/modifies file attributes
                                      PID:2840
                                    • C:\Windows\SysWOW64\cmd.exe
                                      C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE59F3.bat" "
                                      4⤵
                                        PID:3652
                                      • C:\Windows\SysWOW64\cmd.exe
                                        C:\Windows\system32\cmd.exe /S /D /c" cls"
                                        4⤵
                                          PID:4384
                                      • C:\Windows\SysWOW64\cmd.exe
                                        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\EXE5A62.bat"
                                        3⤵
                                          PID:4948
                                          • C:\Windows\SysWOW64\attrib.exe
                                            C:\Windows\System32\attrib.exe -r "C:\PROGRA~3\Caphyon\ADVANC~1\{E7AB7~1"
                                            4⤵
                                            • Drops file in Program Files directory
                                            • Views/modifies file attributes
                                            PID:4768
                                          • C:\Windows\SysWOW64\timeout.exe
                                            C:\Windows\System32\timeout.exe 5
                                            4⤵
                                            • Delays execution with timeout.exe
                                            PID:2060
                                          • C:\Windows\SysWOW64\timeout.exe
                                            C:\Windows\System32\timeout.exe 5
                                            4⤵
                                            • Delays execution with timeout.exe
                                            PID:4568
                                          • C:\Windows\SysWOW64\attrib.exe
                                            C:\Windows\System32\attrib.exe -r "C:\Users\Admin\AppData\Local\Temp\EXE5A62.bat"
                                            4⤵
                                            • Views/modifies file attributes
                                            PID:4848
                                          • C:\Windows\SysWOW64\cmd.exe
                                            C:\Windows\system32\cmd.exe /S /D /c" del "C:\Users\Admin\AppData\Local\Temp\EXE5A62.bat" "
                                            4⤵
                                              PID:4732
                                            • C:\Windows\SysWOW64\cmd.exe
                                              C:\Windows\system32\cmd.exe /S /D /c" cls"
                                              4⤵
                                                PID:2548
                                          • C:\Windows\Installer\MSI718F.tmp
                                            "C:\Windows\Installer\MSI718F.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Windows\SysWOW64\certutil.exe" -addstore "Root" "C:\Program Files (x86)\Surfshark\Resources\surfshark_ikev2.crt"
                                            2⤵
                                            • Executes dropped EXE
                                            PID:3644
                                            • C:\Windows\SysWOW64\certutil.exe
                                              "C:\Windows\SysWOW64\certutil.exe" -addstore "Root" "C:\Program Files (x86)\Surfshark\Resources\surfshark_ikev2.crt"
                                              3⤵
                                                PID:2176
                                            • C:\Windows\Installer\MSI72A9.tmp
                                              "C:\Windows\Installer\MSI72A9.tmp" /EnforcedRunAsAdmin /RunAsAdmin /HideWindow "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe" "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys"
                                              2⤵
                                              • Executes dropped EXE
                                              PID:4764
                                              • C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe
                                                "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelingService.exe" "C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys"
                                                3⤵
                                                • Executes dropped EXE
                                                PID:3508
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" install "Surfshark Service" "C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              PID:4400
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" install "Surfshark Shadowsocks Service" "C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              PID:3844
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" AppNoConsole 1
                                              2⤵
                                              • Executes dropped EXE
                                              PID:4404
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" AppNoConsole 1
                                              2⤵
                                              • Executes dropped EXE
                                              PID:1836
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" Description "This service is essential for the app to function, as it allows to enable VPN connection and makes sure all the necessary configurations are up to date."
                                              2⤵
                                              • Executes dropped EXE
                                              PID:2428
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" Description "This service is essential for the app to function, as it allows to enable Shadowsocks connection and makes sure all the necessary configurations are up to date."
                                              2⤵
                                              • Executes dropped EXE
                                              PID:5044
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Service" AppThrottle 10000
                                              2⤵
                                              • Executes dropped EXE
                                              PID:196
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" set "Surfshark Shadowsocks Service" AppThrottle 10000
                                              2⤵
                                              • Executes dropped EXE
                                              PID:4424
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" start "Surfshark Service"
                                              2⤵
                                              • Executes dropped EXE
                                              PID:4800
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe" start "Surfshark Shadowsocks Service"
                                              2⤵
                                              • Executes dropped EXE
                                              PID:4140
                                          • \??\c:\windows\system32\svchost.exe
                                            c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
                                            1⤵
                                            • Checks SCSI registry key(s)
                                            • Suspicious use of WriteProcessMemory
                                            PID:516
                                            • C:\Windows\system32\DrvInst.exe
                                              DrvInst.exe "4" "1" "C:\Program Files\Surfshark\Surfshark TUN Driver Windows\x64\wintunshark.Inf" "9" "4baa9febf" "0000000000000178" "WinSta0\Default" "000000000000017C" "208" "C:\Program Files\Surfshark\Surfshark TUN Driver Windows\x64"
                                              2⤵
                                              • Drops file in System32 directory
                                              • Drops file in Windows directory
                                              • Modifies data under HKEY_USERS
                                              PID:4132
                                            • C:\Windows\system32\DrvInst.exe
                                              DrvInst.exe "4" "1" "c:\program files (x86)\surfshark\surfshark tap driver windows\drivers\win10\x64\oemvista.inf" "9" "4a1dcec0f" "0000000000000194" "WinSta0\Default" "000000000000016C" "208" "c:\program files (x86)\surfshark\surfshark tap driver windows\drivers\win10\x64"
                                              2⤵
                                              • Drops file in System32 directory
                                              • Drops file in Windows directory
                                              • Checks SCSI registry key(s)
                                              • Modifies data under HKEY_USERS
                                              PID:4948
                                            • C:\Windows\system32\DrvInst.exe
                                              DrvInst.exe "2" "211" "ROOT\NET\0001" "C:\Windows\INF\oem3.inf" "oemvista.inf:3beb73aff103cc24:tapsurfshark.ndi:11.57.35.775:tapsurfshark," "4a1dcec0f" "000000000000019C"
                                              2⤵
                                              • Drops file in Drivers directory
                                              • Drops file in Windows directory
                                              • Checks SCSI registry key(s)
                                              PID:3508
                                          • C:\Windows\system32\vssvc.exe
                                            C:\Windows\system32\vssvc.exe
                                            1⤵
                                              PID:4480
                                            • \??\c:\windows\system32\svchost.exe
                                              c:\windows\system32\svchost.exe -k netsvcs -s DsmSvc
                                              1⤵
                                              • Checks SCSI registry key(s)
                                              PID:4688
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4284
                                              • C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
                                                "C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"
                                                2⤵
                                                • Drops file in Drivers directory
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Drops file in System32 directory
                                                • Drops file in Windows directory
                                                • Checks SCSI registry key(s)
                                                • Modifies data under HKEY_USERS
                                                PID:3392
                                                • C:\Program Files (x86)\Surfshark\Resources\x64\devcon.exe
                                                  "C:\Program Files (x86)\Surfshark\Resources\x64\devcon.exe" remove *wintunshark*
                                                  3⤵
                                                  • Executes dropped EXE
                                                  • Checks SCSI registry key(s)
                                                  PID:4908
                                            • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                              "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"
                                              1⤵
                                              • Executes dropped EXE
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:2556
                                              • C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
                                                "C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Drops file in System32 directory
                                                • Modifies data under HKEY_USERS
                                                PID:3012
                                            • \??\c:\windows\system32\svchost.exe
                                              c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
                                              1⤵
                                                PID:4244
                                              • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                                "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"
                                                1⤵
                                                • Executes dropped EXE
                                                PID:912
                                                • C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
                                                  "C:\Program Files (x86)\Surfshark\Surfshark.Service.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  • Drops file in Windows directory
                                                  • Modifies data under HKEY_USERS
                                                  PID:4308
                                                  • C:\Program Files (x86)\Surfshark\Resources\x64\devcon.exe
                                                    "C:\Program Files (x86)\Surfshark\Resources\x64\devcon.exe" remove *wintunshark*
                                                    3⤵
                                                    • Executes dropped EXE
                                                    • Checks SCSI registry key(s)
                                                    PID:1696
                                              • C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe
                                                "C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe"
                                                1⤵
                                                • Executes dropped EXE
                                                PID:2124
                                                • C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
                                                  "C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe"
                                                  2⤵
                                                  • Executes dropped EXE
                                                  PID:908
                                              • C:\Windows\System32\svchost.exe
                                                C:\Windows\System32\svchost.exe -k netsvcs -s NetSetupSvc
                                                1⤵
                                                  PID:4260
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
                                                  1⤵
                                                  • Checks SCSI registry key(s)
                                                  PID:4356

                                                Network

                                                • flag-unknown
                                                  DNS
                                                  ctldl.windowsupdate.com
                                                  SurfsharkSetup (5).exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  ctldl.windowsupdate.com
                                                  IN A
                                                  Response
                                                  ctldl.windowsupdate.com
                                                  IN CNAME
                                                  au-bg-shim.trafficmanager.net
                                                  au-bg-shim.trafficmanager.net
                                                  IN CNAME
                                                  audownload.windowsupdate.nsatc.net
                                                  audownload.windowsupdate.nsatc.net
                                                  IN CNAME
                                                  auto.au.download.windowsupdate.com.c.footprint.net
                                                  auto.au.download.windowsupdate.com.c.footprint.net
                                                  IN A
                                                  8.241.88.254
                                                  auto.au.download.windowsupdate.com.c.footprint.net
                                                  IN A
                                                  8.238.21.126
                                                  auto.au.download.windowsupdate.com.c.footprint.net
                                                  IN A
                                                  67.27.153.254
                                                  auto.au.download.windowsupdate.com.c.footprint.net
                                                  IN A
                                                  8.253.145.105
                                                  auto.au.download.windowsupdate.com.c.footprint.net
                                                  IN A
                                                  8.238.111.126
                                                • flag-unknown
                                                  DNS
                                                  go.microsoft.com
                                                  DsmSvc
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  go.microsoft.com
                                                  IN A
                                                  Response
                                                  go.microsoft.com
                                                  IN CNAME
                                                  go.microsoft.com.edgekey.net
                                                  go.microsoft.com.edgekey.net
                                                  IN CNAME
                                                  e11290.dspg.akamaiedge.net
                                                  e11290.dspg.akamaiedge.net
                                                  IN A
                                                  23.38.17.26
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2058
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  DNS
                                                  dmd.metaservices.microsoft.com
                                                  DsmSvc
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  dmd.metaservices.microsoft.com
                                                  IN A
                                                  Response
                                                  dmd.metaservices.microsoft.com
                                                  IN CNAME
                                                  devicemetadataservice.trafficmanager.net
                                                  devicemetadataservice.trafficmanager.net
                                                  IN CNAME
                                                  vmss-prod-eas.eastasia.cloudapp.azure.com
                                                  vmss-prod-eas.eastasia.cloudapp.azure.com
                                                  IN A
                                                  20.189.118.208
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2058
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1734
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1728
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1728
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:07:42 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1728
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2060
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:08 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1736
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:08 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2060
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1736
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:10 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:10 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2060
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:20 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1736
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:21 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:21 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:21 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1730
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:07:41 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  DNS
                                                  sessions.bugsnag.com
                                                  Surfshark.ShadowsocksService.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  sessions.bugsnag.com
                                                  IN A
                                                  Response
                                                  sessions.bugsnag.com
                                                  IN A
                                                  35.190.88.7
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2060
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:08 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:08 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:08 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:08 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:08 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:08 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2060
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:09 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:10 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:10 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  DNS
                                                  ip.surfshark.com
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  ip.surfshark.com
                                                  IN A
                                                  Response
                                                  ip.surfshark.com
                                                  IN A
                                                  188.40.198.84
                                                • flag-unknown
                                                  GET
                                                  http://ip.surfshark.com/
                                                  Surfshark.exe
                                                  Remote address:
                                                  188.40.198.84:80
                                                  Request
                                                  GET / HTTP/1.1
                                                  Host: ip.surfshark.com
                                                  Connection: Keep-Alive
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Server: nginx/1.14.0
                                                  Date: Fri, 04 Dec 2020 17:08:19 GMT
                                                  Content-Type: text/html; charset=UTF-8
                                                  Transfer-Encoding: chunked
                                                  Connection: keep-alive
                                                  Vary: Accept-Encoding
                                                • flag-unknown
                                                  DNS
                                                  api.surfshark.com
                                                  Surfshark.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  api.surfshark.com
                                                  IN A
                                                  Response
                                                  api.surfshark.com
                                                  IN A
                                                  104.20.106.83
                                                  api.surfshark.com
                                                  IN A
                                                  172.67.17.41
                                                  api.surfshark.com
                                                  IN A
                                                  104.20.107.83
                                                • flag-unknown
                                                  DNS
                                                  ip6.surfshark.com
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  ip6.surfshark.com
                                                  IN A
                                                  Response
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2060
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:20 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:20 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:20 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:20 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  DNS
                                                  fwd.s0r4nd0m.com
                                                  Surfshark.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  fwd.s0r4nd0m.com
                                                  IN A
                                                  Response
                                                  fwd.s0r4nd0m.com
                                                  IN A
                                                  104.28.1.242
                                                  fwd.s0r4nd0m.com
                                                  IN A
                                                  104.28.0.242
                                                  fwd.s0r4nd0m.com
                                                  IN A
                                                  172.67.161.102
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:21 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:21 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  23.38.17.26:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1244
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:08:21 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:08:21 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  DNS
                                                  time.windows.com
                                                  Surfshark.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  time.windows.com
                                                  IN A
                                                  Response
                                                  time.windows.com
                                                  IN CNAME
                                                  time.microsoft.akadns.net
                                                  time.microsoft.akadns.net
                                                  IN A
                                                  51.105.208.173
                                                • flag-unknown
                                                  DNS
                                                  downloads.surfshark.com
                                                  Surfshark.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  downloads.surfshark.com
                                                  IN A
                                                  Response
                                                  downloads.surfshark.com
                                                  IN A
                                                  104.20.107.83
                                                  downloads.surfshark.com
                                                  IN A
                                                  104.20.106.83
                                                  downloads.surfshark.com
                                                  IN A
                                                  172.67.17.41
                                                • flag-unknown
                                                  DNS
                                                  secure.globalsign.com
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  secure.globalsign.com
                                                  IN A
                                                  Response
                                                  secure.globalsign.com
                                                  IN CNAME
                                                  global.prd.cdn.globalsign.com
                                                  global.prd.cdn.globalsign.com
                                                  IN CNAME
                                                  cdn.globalsigncdn.com.cdn.cloudflare.net
                                                  cdn.globalsigncdn.com.cdn.cloudflare.net
                                                  IN A
                                                  104.18.20.226
                                                  cdn.globalsigncdn.com.cdn.cloudflare.net
                                                  IN A
                                                  104.18.21.226
                                                • flag-unknown
                                                  GET
                                                  http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt
                                                  Surfshark.exe
                                                  Remote address:
                                                  104.18.20.226:80
                                                  Request
                                                  GET /cacert/gsextendcodesignsha2g3ocsp.crt HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Accept: */*
                                                  User-Agent: Microsoft-CryptoAPI/10.0
                                                  Host: secure.globalsign.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:08:28 GMT
                                                  Content-Type: application/x-x509-ca-cert
                                                  Content-Length: 1195
                                                  Connection: keep-alive
                                                  Set-Cookie: __cfduid=d96ac612b21e3c9bc578060572db4222d1607101708; expires=Sun, 03-Jan-21 17:08:28 GMT; path=/; domain=.globalsign.com; HttpOnly; SameSite=Lax
                                                  Last-Modified: Thu, 16 Jun 2016 03:01:29 GMT
                                                  ETag: "57621689-4ab"
                                                  CF-Cache-Status: HIT
                                                  Age: 54114
                                                  Expires: Mon, 04 Jan 2021 17:08:28 GMT
                                                  Cache-Control: public, max-age=2678400
                                                  Accept-Ranges: bytes
                                                  cf-request-id: 06d053105b0000d8c5d4aeb000000001
                                                  Server: cloudflare
                                                  CF-RAY: 5fc7212d58d5d8c5-AMS
                                                • flag-unknown
                                                  DNS
                                                  sessions.bugsnag.com
                                                  Surfshark.ShadowsocksService.exe
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  sessions.bugsnag.com
                                                  IN A
                                                  Response
                                                  sessions.bugsnag.com
                                                  IN A
                                                  35.190.88.7
                                                • flag-unknown
                                                  DNS
                                                  go.microsoft.com
                                                  DsmSvc
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  go.microsoft.com
                                                  IN A
                                                  Response
                                                  go.microsoft.com
                                                  IN CNAME
                                                  go.microsoft.com.edgekey.net
                                                  go.microsoft.com.edgekey.net
                                                  IN CNAME
                                                  e11290.dspg.akamaiedge.net
                                                  e11290.dspg.akamaiedge.net
                                                  IN A
                                                  104.69.249.43
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  104.69.249.43:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2058
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:09:46 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:09:46 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  DNS
                                                  dmd.metaservices.microsoft.com
                                                  DsmSvc
                                                  Remote address:
                                                  8.8.8.8:53
                                                  Request
                                                  dmd.metaservices.microsoft.com
                                                  IN A
                                                  Response
                                                  dmd.metaservices.microsoft.com
                                                  IN CNAME
                                                  devicemetadataservice.trafficmanager.net
                                                  devicemetadataservice.trafficmanager.net
                                                  IN CNAME
                                                  vmss-prod-eas.eastasia.cloudapp.azure.com
                                                  vmss-prod-eas.eastasia.cloudapp.azure.com
                                                  IN A
                                                  20.189.118.208
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 2058
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1734
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1728
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1728
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  DsmSvc
                                                  Remote address:
                                                  20.189.118.208:80
                                                  Request
                                                  POST /metadata.svc HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: dmd.metaservices.microsoft.com
                                                  Response
                                                  HTTP/1.1 200 OK
                                                  Date: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Content-Type: text/xml; charset=utf-16LE
                                                  Content-Length: 1728
                                                  Connection: keep-alive
                                                  Cache-Control: private
                                                  Server: Microsoft-IIS/10.0
                                                  X-AspNet-Version: 4.0.30319
                                                  Request-Context: appId=cid-v1:c490f1e8-2a51-43a5-b06d-d2230108e17f
                                                  Access-Control-Expose-Headers: Request-Context
                                                  X-Powered-By: ASP.NET
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  104.69.249.43:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  104.69.249.43:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Connection: close
                                                • flag-unknown
                                                  POST
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  DsmSvc
                                                  Remote address:
                                                  104.69.249.43:80
                                                  Request
                                                  POST /fwlink/?LinkID=252669&clcid=0x409 HTTP/1.1
                                                  Connection: Keep-Alive
                                                  Content-Type: text/xml; charset="UTF-16LE"
                                                  User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
                                                  SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
                                                  Content-Length: 1242
                                                  Host: go.microsoft.com
                                                  Response
                                                  HTTP/1.1 302 Moved Temporarily
                                                  Server: AkamaiGHost
                                                  Content-Length: 0
                                                  Location: http://dmd.metaservices.microsoft.com/metadata.svc
                                                  Expires: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Cache-Control: max-age=0, no-cache, no-store
                                                  Pragma: no-cache
                                                  Date: Fri, 04 Dec 2020 17:09:47 GMT
                                                  Connection: close
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  2.7kB
                                                  588 B
                                                  7
                                                  7

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 20.189.118.208:80
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  http
                                                  DsmSvc
                                                  30.9kB
                                                  35.5kB
                                                  55
                                                  50

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 35.190.88.7:443
                                                  sessions.bugsnag.com
                                                  tls
                                                  Surfshark.Service.exe
                                                  1.5kB
                                                  6.0kB
                                                  10
                                                  13
                                                • 35.190.88.7:443
                                                  sessions.bugsnag.com
                                                  tls
                                                  Surfshark.ShadowsocksService.exe
                                                  1.5kB
                                                  6.0kB
                                                  10
                                                  13
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  2.7kB
                                                  588 B
                                                  7
                                                  7

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  2.7kB
                                                  548 B
                                                  7
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 188.40.198.84:80
                                                  http://ip.surfshark.com/
                                                  http
                                                  Surfshark.exe
                                                  302 B
                                                  604 B
                                                  5
                                                  4

                                                  HTTP Request

                                                  GET http://ip.surfshark.com/

                                                  HTTP Response

                                                  200
                                                • 104.20.106.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  809 B
                                                  4.3kB
                                                  9
                                                  11
                                                • 104.20.107.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  989 B
                                                  1.3kB
                                                  7
                                                  8
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  2.7kB
                                                  588 B
                                                  7
                                                  7

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 104.20.107.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  989 B
                                                  1.3kB
                                                  7
                                                  8
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 35.190.88.7:443
                                                  sessions.bugsnag.com
                                                  tls
                                                  Surfshark.exe
                                                  1.5kB
                                                  6.0kB
                                                  10
                                                  13
                                                • 104.28.0.242:443
                                                  fwd.s0r4nd0m.com
                                                  tls
                                                  Surfshark.exe
                                                  6.0kB
                                                  8.2kB
                                                  23
                                                  30
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 104.28.1.242:443
                                                  fwd.s0r4nd0m.com
                                                  tls
                                                  Surfshark.exe
                                                  4.3kB
                                                  3.7kB
                                                  16
                                                  19
                                                • 23.38.17.26:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 92.249.36.197:8443
                                                  Surfshark.exe
                                                  190 B
                                                  181 B
                                                  4
                                                  4
                                                • 92.249.36.197:80
                                                  http
                                                  Surfshark.exe
                                                  190 B
                                                  179 B
                                                  4
                                                  4
                                                • 92.249.36.197:443
                                                  https
                                                  Surfshark.exe
                                                  190 B
                                                  180 B
                                                  4
                                                  4
                                                • 104.20.106.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  819 B
                                                  1.5kB
                                                  6
                                                  6
                                                • 172.67.161.102:443
                                                  fwd.s0r4nd0m.com
                                                  tls
                                                  Surfshark.exe
                                                  4.5kB
                                                  6.3kB
                                                  17
                                                  22
                                                • 172.67.17.41:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  943 B
                                                  1.2kB
                                                  6
                                                  7
                                                • 104.20.107.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  1.0kB
                                                  1.5kB
                                                  7
                                                  8
                                                • 104.20.107.83:443
                                                  downloads.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  1.0kB
                                                  5.4kB
                                                  11
                                                  11
                                                • 172.67.17.41:443
                                                  downloads.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  449.9kB
                                                  27.2MB
                                                  9765
                                                  18673
                                                • 104.18.20.226:80
                                                  http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt
                                                  http
                                                  Surfshark.exe
                                                  389 B
                                                  2.0kB
                                                  5
                                                  4

                                                  HTTP Request

                                                  GET http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt

                                                  HTTP Response

                                                  200
                                                • 104.20.107.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  2.0kB
                                                  60.9kB
                                                  27
                                                  48
                                                • 104.20.107.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  1.2kB
                                                  13.1kB
                                                  11
                                                  16
                                                • 104.20.107.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  1.2kB
                                                  17.3kB
                                                  11
                                                  17
                                                • 104.20.106.83:443
                                                  api.surfshark.com
                                                  tls
                                                  Surfshark.exe
                                                  1.1kB
                                                  4.6kB
                                                  8
                                                  10
                                                • 35.190.88.7:443
                                                  sessions.bugsnag.com
                                                  tls
                                                  Surfshark.Service.exe
                                                  1.5kB
                                                  6.0kB
                                                  10
                                                  13
                                                • 35.190.88.7:443
                                                  sessions.bugsnag.com
                                                  tls
                                                  Surfshark.ShadowsocksService.exe
                                                  1.5kB
                                                  6.0kB
                                                  10
                                                  13
                                                • 104.69.249.43:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  2.7kB
                                                  588 B
                                                  7
                                                  7

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 20.189.118.208:80
                                                  http://dmd.metaservices.microsoft.com/metadata.svc
                                                  http
                                                  DsmSvc
                                                  7.8kB
                                                  8.9kB
                                                  15
                                                  14

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200

                                                  HTTP Request

                                                  POST http://dmd.metaservices.microsoft.com/metadata.svc

                                                  HTTP Response

                                                  200
                                                • 104.69.249.43:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 104.69.249.43:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 104.69.249.43:80
                                                  http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409
                                                  http
                                                  DsmSvc
                                                  1.9kB
                                                  548 B
                                                  6
                                                  6

                                                  HTTP Request

                                                  POST http://go.microsoft.com/fwlink/?LinkID=252669&clcid=0x409

                                                  HTTP Response

                                                  302
                                                • 8.8.8.8:53
                                                  ctldl.windowsupdate.com
                                                  dns
                                                  SurfsharkSetup (5).exe
                                                  69 B
                                                  298 B
                                                  1
                                                  1

                                                  DNS Request

                                                  ctldl.windowsupdate.com

                                                  DNS Response

                                                  8.241.88.254
                                                  8.238.21.126
                                                  67.27.153.254
                                                  8.253.145.105
                                                  8.238.111.126

                                                • 8.8.8.8:53
                                                  go.microsoft.com
                                                  dns
                                                  DsmSvc
                                                  62 B
                                                  157 B
                                                  1
                                                  1

                                                  DNS Request

                                                  go.microsoft.com

                                                  DNS Response

                                                  23.38.17.26

                                                • 8.8.8.8:53
                                                  dmd.metaservices.microsoft.com
                                                  dns
                                                  DsmSvc
                                                  76 B
                                                  198 B
                                                  1
                                                  1

                                                  DNS Request

                                                  dmd.metaservices.microsoft.com

                                                  DNS Response

                                                  20.189.118.208

                                                • 8.8.8.8:53
                                                  sessions.bugsnag.com
                                                  dns
                                                  Surfshark.ShadowsocksService.exe
                                                  66 B
                                                  82 B
                                                  1
                                                  1

                                                  DNS Request

                                                  sessions.bugsnag.com

                                                  DNS Response

                                                  35.190.88.7

                                                • 8.8.8.8:53
                                                  ip.surfshark.com
                                                  dns
                                                  62 B
                                                  78 B
                                                  1
                                                  1

                                                  DNS Request

                                                  ip.surfshark.com

                                                  DNS Response

                                                  188.40.198.84

                                                • 8.8.8.8:53
                                                  api.surfshark.com
                                                  dns
                                                  Surfshark.exe
                                                  63 B
                                                  111 B
                                                  1
                                                  1

                                                  DNS Request

                                                  api.surfshark.com

                                                  DNS Response

                                                  104.20.106.83
                                                  172.67.17.41
                                                  104.20.107.83

                                                • 8.8.8.8:53
                                                  ip6.surfshark.com
                                                  dns
                                                  63 B
                                                  122 B
                                                  1
                                                  1

                                                  DNS Request

                                                  ip6.surfshark.com

                                                • 8.8.8.8:53
                                                  fwd.s0r4nd0m.com
                                                  dns
                                                  Surfshark.exe
                                                  62 B
                                                  110 B
                                                  1
                                                  1

                                                  DNS Request

                                                  fwd.s0r4nd0m.com

                                                  DNS Response

                                                  104.28.1.242
                                                  104.28.0.242
                                                  172.67.161.102

                                                • 8.8.8.8:53
                                                  time.windows.com
                                                  dns
                                                  Surfshark.exe
                                                  62 B
                                                  117 B
                                                  1
                                                  1

                                                  DNS Request

                                                  time.windows.com

                                                  DNS Response

                                                  51.105.208.173

                                                • 51.105.208.173:123
                                                  time.windows.com
                                                  ntp
                                                  Surfshark.exe
                                                  76 B
                                                  76 B
                                                  1
                                                  1
                                                • 92.249.36.197:51820
                                                  Surfshark.exe
                                                  46 B
                                                  38 B
                                                  1
                                                  1
                                                • 92.249.36.197:500
                                                  Surfshark.exe
                                                  46 B
                                                  36 B
                                                  1
                                                  1
                                                • 92.249.36.197:4500
                                                  Surfshark.exe
                                                  46 B
                                                  37 B
                                                  1
                                                  1
                                                • 92.249.36.197:3433
                                                  Surfshark.exe
                                                  46 B
                                                  37 B
                                                  1
                                                  1
                                                • 8.8.8.8:53
                                                  downloads.surfshark.com
                                                  dns
                                                  Surfshark.exe
                                                  69 B
                                                  117 B
                                                  1
                                                  1

                                                  DNS Request

                                                  downloads.surfshark.com

                                                  DNS Response

                                                  104.20.107.83
                                                  104.20.106.83
                                                  172.67.17.41

                                                • 8.8.8.8:53
                                                  secure.globalsign.com
                                                  dns
                                                  67 B
                                                  182 B
                                                  1
                                                  1

                                                  DNS Request

                                                  secure.globalsign.com

                                                  DNS Response

                                                  104.18.20.226
                                                  104.18.21.226

                                                • 8.8.8.8:53
                                                  sessions.bugsnag.com
                                                  dns
                                                  Surfshark.ShadowsocksService.exe
                                                  66 B
                                                  82 B
                                                  1
                                                  1

                                                  DNS Request

                                                  sessions.bugsnag.com

                                                  DNS Response

                                                  35.190.88.7

                                                • 8.8.8.8:53
                                                  go.microsoft.com
                                                  dns
                                                  DsmSvc
                                                  62 B
                                                  157 B
                                                  1
                                                  1

                                                  DNS Request

                                                  go.microsoft.com

                                                  DNS Response

                                                  104.69.249.43

                                                • 8.8.8.8:53
                                                  dmd.metaservices.microsoft.com
                                                  dns
                                                  DsmSvc
                                                  76 B
                                                  198 B
                                                  1
                                                  1

                                                  DNS Request

                                                  dmd.metaservices.microsoft.com

                                                  DNS Response

                                                  20.189.118.208

                                                MITRE ATT&CK Enterprise v6

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • memory/188-457-0x000001A534F40000-0x000001A534F44000-memory.dmp

                                                  Filesize

                                                  16KB

                                                • memory/188-473-0x000001A5333C0000-0x000001A5333C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/188-63-0x000001A533D70000-0x000001A533D78000-memory.dmp

                                                  Filesize

                                                  32KB

                                                • memory/188-562-0x000001A534150000-0x000001A534151000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/188-166-0x000001A5341D0000-0x000001A5341DC000-memory.dmp

                                                  Filesize

                                                  48KB

                                                • memory/188-632-0x000001A534250000-0x000001A534260000-memory.dmp

                                                  Filesize

                                                  64KB

                                                • memory/188-329-0x000001A533ED0000-0x000001A533ED8000-memory.dmp

                                                  Filesize

                                                  32KB

                                                • memory/188-52-0x000001A533D70000-0x000001A533D78000-memory.dmp

                                                  Filesize

                                                  32KB

                                                • memory/188-568-0x000001A534150000-0x000001A534151000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/908-689-0x0000000070FA0000-0x000000007168E000-memory.dmp

                                                  Filesize

                                                  6.9MB

                                                • memory/908-690-0x0000000000B00000-0x0000000000B01000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/908-695-0x0000000004B80000-0x0000000004B81000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/908-700-0x0000000006750000-0x0000000006751000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1192-4-0x00000000054B0000-0x00000000054B4000-memory.dmp

                                                  Filesize

                                                  16KB

                                                • memory/1544-386-0x000001ACCAD70000-0x000001ACCAD71000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-288-0x000001ACC6260000-0x000001ACC62B8000-memory.dmp

                                                  Filesize

                                                  352KB

                                                • memory/1544-327-0x000001ACC6940000-0x000001ACC6941000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-328-0x000001ACC6980000-0x000001ACC6981000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-279-0x000001ACAC290000-0x000001ACAC291000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-294-0x000001ACC62C0000-0x000001ACC62CE000-memory.dmp

                                                  Filesize

                                                  56KB

                                                • memory/1544-264-0x000001ACAC1E0000-0x000001ACAC1F5000-memory.dmp

                                                  Filesize

                                                  84KB

                                                • memory/1544-373-0x000001ACC6CD0000-0x000001ACC6CD1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-277-0x000001ACAC280000-0x000001ACAC281000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-252-0x000001ACAC1A0000-0x000001ACAC1B4000-memory.dmp

                                                  Filesize

                                                  80KB

                                                • memory/1544-295-0x000001ACC6390000-0x000001ACC6391000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-367-0x000001ACC6910000-0x000001ACC691E000-memory.dmp

                                                  Filesize

                                                  56KB

                                                • memory/1544-300-0x000001ACC63A0000-0x000001ACC6427000-memory.dmp

                                                  Filesize

                                                  540KB

                                                • memory/1544-365-0x000001ACC6B90000-0x000001ACC6B91000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-326-0x000001ACC6930000-0x000001ACC6931000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-391-0x000001ACCB3C0000-0x000001ACCB3C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-282-0x000001ACAC2A0000-0x000001ACAC2D9000-memory.dmp

                                                  Filesize

                                                  228KB

                                                • memory/1544-283-0x000001ACAC250000-0x000001ACAC25B000-memory.dmp

                                                  Filesize

                                                  44KB

                                                • memory/1544-360-0x000001ACC6B70000-0x000001ACC6B83000-memory.dmp

                                                  Filesize

                                                  76KB

                                                • memory/1544-359-0x000001ACC6B50000-0x000001ACC6B63000-memory.dmp

                                                  Filesize

                                                  76KB

                                                • memory/1544-274-0x000001ACAC270000-0x000001ACAC271000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-357-0x000001ACC6B30000-0x000001ACC6B48000-memory.dmp

                                                  Filesize

                                                  96KB

                                                • memory/1544-355-0x000001ACC6B10000-0x000001ACC6B24000-memory.dmp

                                                  Filesize

                                                  80KB

                                                • memory/1544-354-0x000001ACC6AF0000-0x000001ACC6B08000-memory.dmp

                                                  Filesize

                                                  96KB

                                                • memory/1544-353-0x000001ACC6AD0000-0x000001ACC6AE4000-memory.dmp

                                                  Filesize

                                                  80KB

                                                • memory/1544-324-0x000001ACC6900000-0x000001ACC690A000-memory.dmp

                                                  Filesize

                                                  40KB

                                                • memory/1544-273-0x000001ACAC260000-0x000001ACAC261000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-289-0x000001ACAC2E0000-0x000001ACAC2F5000-memory.dmp

                                                  Filesize

                                                  84KB

                                                • memory/1544-242-0x00007FFC67260000-0x00007FFC67C4C000-memory.dmp

                                                  Filesize

                                                  9.9MB

                                                • memory/1544-377-0x000001ACC6CE0000-0x000001ACC6CE1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-351-0x000001ACC6AB0000-0x000001ACC6AC5000-memory.dmp

                                                  Filesize

                                                  84KB

                                                • memory/1544-272-0x000001ACAC210000-0x000001ACAC214000-memory.dmp

                                                  Filesize

                                                  16KB

                                                • memory/1544-349-0x000001ACC6A90000-0x000001ACC6AA6000-memory.dmp

                                                  Filesize

                                                  88KB

                                                • memory/1544-348-0x000001ACC6A70000-0x000001ACC6A84000-memory.dmp

                                                  Filesize

                                                  80KB

                                                • memory/1544-243-0x000001ACAA100000-0x000001ACAA101000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-343-0x000001ACC6A50000-0x000001ACC6A64000-memory.dmp

                                                  Filesize

                                                  80KB

                                                • memory/1544-266-0x000001ACAC200000-0x000001ACAC210000-memory.dmp

                                                  Filesize

                                                  64KB

                                                • memory/1544-250-0x000001ACAC100000-0x000001ACAC106000-memory.dmp

                                                  Filesize

                                                  24KB

                                                • memory/1544-337-0x000001ACC6950000-0x000001ACC6966000-memory.dmp

                                                  Filesize

                                                  88KB

                                                • memory/1544-270-0x000001ACAC230000-0x000001ACAC231000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-268-0x000001ACAC220000-0x000001ACAC221000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/1544-338-0x000001ACC69D0000-0x000001ACC69E4000-memory.dmp

                                                  Filesize

                                                  80KB

                                                • memory/1544-342-0x000001ACC69F0000-0x000001ACC6A04000-memory.dmp

                                                  Filesize

                                                  80KB

                                                • memory/1544-325-0x000001ACC6920000-0x000001ACC6921000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/2152-23-0x00000000056A0000-0x00000000056A4000-memory.dmp

                                                  Filesize

                                                  16KB

                                                • memory/3012-235-0x0000000006400000-0x0000000006401000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3012-224-0x0000000070FA0000-0x000000007168E000-memory.dmp

                                                  Filesize

                                                  6.9MB

                                                • memory/3012-231-0x00000000056E0000-0x00000000056E1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3012-225-0x00000000007A0000-0x00000000007A1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3012-232-0x0000000005FF0000-0x000000000609B000-memory.dmp

                                                  Filesize

                                                  684KB

                                                • memory/3012-233-0x0000000006360000-0x0000000006361000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3012-234-0x00000000063C0000-0x00000000063C1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3012-230-0x0000000004D40000-0x0000000004D41000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3012-236-0x00000000065F0000-0x00000000065F1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3392-207-0x000001BCDD070000-0x000001BCDD071000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3392-201-0x000001BCDCC00000-0x000001BCDCCCD000-memory.dmp

                                                  Filesize

                                                  820KB

                                                • memory/3392-197-0x000001BCC2280000-0x000001BCC2281000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3392-196-0x00007FFC67260000-0x00007FFC67C4C000-memory.dmp

                                                  Filesize

                                                  9.9MB

                                                • memory/3392-199-0x000001BCDB3C0000-0x000001BCDB3D2000-memory.dmp

                                                  Filesize

                                                  72KB

                                                • memory/3392-200-0x000001BCDB3E0000-0x000001BCDB419000-memory.dmp

                                                  Filesize

                                                  228KB

                                                • memory/3392-203-0x000001BCDCE70000-0x000001BCDCE71000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3392-206-0x000001BCDCEF0000-0x000001BCDCF64000-memory.dmp

                                                  Filesize

                                                  464KB

                                                • memory/3392-208-0x000001BCDD090000-0x000001BCDD0C6000-memory.dmp

                                                  Filesize

                                                  216KB

                                                • memory/3392-211-0x000000006D740000-0x000000006DB3F000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                • memory/3392-213-0x000001BCDDD20000-0x000001BCDDD21000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3392-215-0x000001BCDDE70000-0x000001BCDDE71000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/3392-214-0x000001BCDDD00000-0x000001BCDDD01000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/4308-659-0x0000018A0DD40000-0x0000018A0DD41000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/4308-658-0x00007FFC67260000-0x00007FFC67C4C000-memory.dmp

                                                  Filesize

                                                  9.9MB

                                                • memory/4308-676-0x000000006D740000-0x000000006DB3F000-memory.dmp

                                                  Filesize

                                                  4.0MB

                                                • memory/4352-83-0x0000000002CF0000-0x0000000002CF6000-memory.dmp

                                                  Filesize

                                                  24KB

                                                • memory/4460-336-0x0000000070FA0000-0x000000007168E000-memory.dmp

                                                  Filesize

                                                  6.9MB

                                                • memory/4460-346-0x00000000004E0000-0x00000000004E1000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/4460-341-0x0000000004180000-0x0000000004181000-memory.dmp

                                                  Filesize

                                                  4KB

                                                • memory/4636-275-0x00000000053D0000-0x00000000053D6000-memory.dmp

                                                  Filesize

                                                  24KB

                                                • memory/4636-307-0x0000000005120000-0x0000000005121000-memory.dmp

                                                  Filesize

                                                  4KB

                                                We care about your privacy.

                                                This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.