7.0
高危
该样本未表现出任何异常!
重新分析
更多

927a93b6d65a28d9546b9176b302174b6c1f61e92eaf77c23bd4dd25e4003245

b5a6e7d3c9596e0d7841e45e9c393464.exe

分析耗时

103s

最近分析

文件大小

591.9KB
静态报毒 动态报毒
鹰眼引擎
未检测 暂无鹰眼引擎检测结果
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
行为判定
动态指标
One or more potentially interesting buffers were extracted, these generally contain injected code, configuration data, etc.
Performs some HTTP requests (23 个事件)
request GET http://installer.manycams.com/0.html
request GET http://installer.manycams.com/1.html
request GET http://installer.manycams.com/style.css
request GET http://installer.manycams.com/jquery.js
request GET http://installer.manycams.com/utils.js
request GET http://installer.manycams.com/l10n.js
request GET http://installer.manycams.com/analytics.js
request GET http://installer.manycams.com/image-UI.png
request GET http://installer.manycams.com/top-shadow-divider.png
request GET http://installer.manycams.com/main-bottom-gradient.png
request GET http://installer.manycams.com/logo-installer.png
request GET http://installer.manycams.com/1-on.png
request GET http://installer.manycams.com/2.png
request GET http://installer.manycams.com/3.png
request GET http://installer.manycams.com/close.png
request GET http://installer.manycams.com/next-arrow.png
request GET http://www.google-analytics.com/analytics.js
request GET http://installstat.manycam.com/installStarted.php
request GET http://geoip.vmn.net/index.php?v=2&format=json&callback=jQuery1710416560175919954_1621009781163&_=1621009784913
request GET http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8DYx
request GET http://ocsp2.globalsign.com/gsalphasha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBSE1Wv4CYvTB7dm2OHrrWWWqmtnYQQU9c3VPAhQ%2BWpPOreX2laD5mnSaPcCDH%2F%2FaO0Qkjtsv8Sj5g%3D%3D
request GET https://analytics.vmn.net/piwik.js
request GET https://analytics.vmn.net/piwik.php?action_name=Welcome&idsite=5&rec=1&r=811095&h=0&m=29&s=55&url=http%3A%2F%2Fmanycam.com%2Finstaller%2FWelcome&_id=b41f3bbd1ae1f296&_idts=1621009796&_idvc=1&_idn=0&_refts=0&_viewts=1621009796&cs=gb2312&send_image=1&res=800x600&pv_id=OevoW9
Allocates read-write-execute memory (usually to unpack itself) (1 个事件)
Time & API Arguments Status Return Repeated
1621020638.430001
NtAllocateVirtualMemory
process_identifier: 1424
region_size: 65536
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
protection: 64 (PAGE_EXECUTE_READWRITE)
process_handle: 0xffffffffffffffff
allocation_type: 4096 (MEM_COMMIT)
base_address: 0x00000000041a0000
success 0 0
Checks whether any human activity is being performed by constantly checking whether the foreground window changed
Creates executable files on the filesystem (6 个事件)
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JSSP0KXB\l10n[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZOR341Z\jquery[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\piwik[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6VHVO8H\analytics[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DQSDCVAE\analytics[1].js
file C:\Users\Administrator.Oskar-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZOR341Z\utils[1].js
Checks adapter addresses which can be used to detect virtual network interfaces (1 个事件)
Time & API Arguments Status Return Repeated
1620985523.348074
GetAdaptersAddresses
flags: 0
family: 0
failed 111 0
网络通信
Communicates with host for which no DNS query was performed (2 个事件)
host 13.227.250.15
host 172.217.24.14
Disables proxy possibly for traffic interception (1 个事件)
Time & API Arguments Status Return Repeated
1620985522.832074
RegSetValueExA
key_handle: 0x0000030c
value: 0
regkey_r: ProxyEnable
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
success 0 0
Creates a windows hook that monitors keyboard input (keylogger) (1 个事件)
Time & API Arguments Status Return Repeated
1621020643.320001
SetWindowsHookExW
thread_identifier: 0
callback_function: 0x00000000ff35ae10
module_address: 0x00000000ff2b0000
hook_identifier: 13 (WH_KEYBOARD_LL)
success 1638795 0
Sets or modifies WPAD proxy autoconfiguration file for traffic interception (15 个事件)
Time & API Arguments Status Return Repeated
1620985525.941074
RegSetValueExA
key_handle: 0x0000042c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985525.941074
RegSetValueExA
key_handle: 0x0000042c
value: ðU<PÞH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985525.941074
RegSetValueExA
key_handle: 0x0000042c
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985525.941074
RegSetValueExW
key_handle: 0x0000042c
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985525.941074
RegSetValueExA
key_handle: 0x00000440
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985525.941074
RegSetValueExA
key_handle: 0x00000440
value: ðU<PÞH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985525.941074
RegSetValueExA
key_handle: 0x00000440
value: 3
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
1620985525.957074
RegSetValueExW
key_handle: 0x00000428
value: {40112ABE-63B3-43C3-BE93-1440EE3AF106}
regkey_r: WpadLastNetwork
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
success 0 0
1620985526.441074
RegSetValueExA
key_handle: 0x00000458
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionReason
success 0 0
1620985526.457074
RegSetValueExA
key_handle: 0x00000458
value: 0‹PÞH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecisionTime
success 0 0
1620985526.457074
RegSetValueExA
key_handle: 0x00000458
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadDecision
success 0 0
1620985526.457074
RegSetValueExW
key_handle: 0x00000458
value: 网络 2
regkey_r: WpadNetworkName
reg_type: 1 (REG_SZ)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{40112ABE-63B3-43C3-BE93-1440EE3AF106}\WpadNetworkName
success 0 0
1620985526.457074
RegSetValueExA
key_handle: 0x0000045c
value: 1
regkey_r: WpadDecisionReason
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
success 0 0
1620985526.457074
RegSetValueExA
key_handle: 0x0000045c
value: 0‹PÞH×
regkey_r: WpadDecisionTime
reg_type: 3 (REG_BINARY)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
success 0 0
1620985526.457074
RegSetValueExA
key_handle: 0x0000045c
value: 0
regkey_r: WpadDecision
reg_type: 4 (REG_DWORD)
regkey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
success 0 0
Generates some ICMP traffic
Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) (1 个事件)
dead_host 172.217.160.110:443
可视化分析
二进制图像
暂无二进制图像 该样本未生成二进制可视化图像
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2016-03-01 03:22:27

Imports

Library GDI32.dll:
0x42103c GetDeviceCaps
Library KERNEL32.dll:
0x421048 lstrcmpiW
0x421050 CreateProcessW
0x421054 HeapAlloc
0x421058 GetCurrentProcess
0x42105c HeapFree
0x421060 WaitForSingleObject
0x421064 GetProcessHeap
0x421068 OpenProcess
0x42106c LoadLibraryA
0x421070 CloseHandle
0x421074 GetCurrentProcessId
0x421078 LocalFree
0x421080 UnmapViewOfFile
0x421084 GetCommandLineW
0x42108c FindResourceExW
0x421090 WriteFile
0x421094 GetExitCodeProcess
0x421098 CreateFileW
0x42109c GetBinaryTypeW
0x4210a0 LockResource
0x4210a4 GetFileSize
0x4210a8 FindFirstFileW
0x4210ac EndUpdateResourceW
0x4210b0 CopyFileW
0x4210b4 ReadFile
0x4210bc FindClose
0x4210c0 RemoveDirectoryW
0x4210c4 UpdateResourceW
0x4210c8 FindNextFileW
0x4210cc SetFileAttributesW
0x4210d0 SetFilePointer
0x4210d8 SetFileTime
0x4210dc GetFileAttributesW
0x4210e8 GetTickCount
0x4210f0 GetLocalTime
0x4210f8 HeapDestroy
0x4210fc HeapReAlloc
0x421100 HeapSize
0x421104 WriteConsoleW
0x421108 SetFilePointerEx
0x42110c SetStdHandle
0x421110 GetConsoleMode
0x421114 GetConsoleCP
0x421118 FlushFileBuffers
0x42111c LCMapStringW
0x421120 GetStringTypeW
0x421124 OutputDebugStringW
0x421128 Sleep
0x42112c GetCPInfo
0x421130 GetOEMCP
0x421134 GetACP
0x421138 IsValidCodePage
0x42113c TlsFree
0x421140 TlsSetValue
0x421144 TlsGetValue
0x421148 TlsAlloc
0x42114c TerminateProcess
0x421168 GetStartupInfoW
0x42116c GetFileType
0x421170 GetProcAddress
0x421174 GetLastError
0x421178 RaiseException
0x421180 SizeofResource
0x421188 LoadLibraryW
0x42118c WideCharToMultiByte
0x421198 LoadLibraryExW
0x42119c LoadResource
0x4211a0 FreeLibrary
0x4211a4 FindResourceW
0x4211a8 CreateThread
0x4211ac DeleteFileW
0x4211b0 GetTempPathW
0x4211b4 MultiByteToWideChar
0x4211b8 GetModuleFileNameW
0x4211bc GetModuleHandleW
0x4211c4 CreateDirectoryW
0x4211c8 GetTempFileNameW
0x4211cc GetStdHandle
0x4211d0 GetCurrentThreadId
0x4211d4 SetLastError
0x4211d8 RtlUnwind
0x4211e0 IsDebuggerPresent
0x4211e4 GetModuleHandleExW
0x4211e8 ExitProcess
0x4211ec DecodePointer
0x4211f0 EncodePointer
Library USER32.dll:
0x42125c ReleaseDC
0x421260 GetWindowLongW
0x421264 TranslateMessage
0x421268 SetWindowPos
0x42126c ShowWindow
0x421270 GetDC
0x421274 SetCapture
0x421278 GetMessageW
0x42127c GetWindowRect
0x421280 CreateDialogParamW
0x421284 AdjustWindowRectEx
0x421288 SetWindowLongW
0x42128c DispatchMessageW
0x421290 GetWindow
0x421294 CallWindowProcW
0x421298 UpdateWindow
0x42129c SendMessageW
0x4212a0 GetSystemMetrics
0x4212a4 ReleaseCapture
0x4212a8 GetDesktopWindow
0x4212ac wsprintfW
0x4212b0 LoadImageW
0x4212b4 SetClassLongW
0x4212b8 GetSystemMenu
0x4212bc PostMessageW
0x4212c0 EnableMenuItem
0x4212c4 DestroyWindow
0x4212c8 SetWindowTextW
0x4212cc GetClientRect
0x4212d0 FindWindowW
0x4212d8 CharNextW
0x4212dc ClientToScreen
0x4212e0 MessageBoxW
Library ADVAPI32.dll:
0x421000 RegOpenKeyExW
0x421004 RegQueryInfoKeyW
0x421008 DuplicateTokenEx
0x42100c RegQueryValueExW
0x421010 GetTokenInformation
0x421018 GetSidSubAuthority
0x42101c OpenProcessToken
0x421020 RegSetValueExW
0x421024 RegCloseKey
0x421028 RegEnumKeyExW
0x42102c RegDeleteKeyW
0x421030 RegDeleteValueW
0x421034 RegCreateKeyExW
Library ole32.dll:
0x42131c CoCreateInstance
0x421320 CoTaskMemRealloc
0x421324 CoTaskMemAlloc
0x421328 CoDisconnectObject
0x42132c OleInitialize
0x421330 OleUninitialize
0x421334 CoTaskMemFree
Library SHELL32.dll:
0x421228 ShellExecuteExW
0x42122c ShellExecuteW
0x421230 SHBrowseForFolderW
0x42123c CommandLineToArgvW
Library OLEAUT32.dll:
0x4211f8 SysAllocString
0x4211fc VariantClear
0x421200 VariantInit
0x421204 SysAllocStringLen
0x421208 VarI4FromStr
0x42120c SysFreeString
0x421210 SysStringLen
0x421214 VariantCopy
0x42121c VarUI4FromStr
0x421220 SysStringByteLen
Library SHLWAPI.dll:
0x421244 PathFileExistsW
0x42124c PathAddBackslashW
0x421250 PathRemoveFileSpecW
0x421254 PathIsURLW
Library WININET.dll:
0x4212e8 InternetOpenW
0x4212f0 InternetCrackUrlW
0x4212f8 InternetCloseHandle
0x4212fc FindCloseUrlCache
0x421304 HttpOpenRequestW
0x421308 HttpQueryInfoW
0x42130c HttpSendRequestW
0x421310 InternetConnectW
0x421314 InternetReadFile
Library urlmon.dll:

Hosts

No hosts contacted.

TCP

Source Source Port Destination Destination Port
192.168.56.101 49191 104.18.20.226 ocsp2.globalsign.com 80
192.168.56.101 49190 104.18.21.226 ocsp2.globalsign.com 80
192.168.56.101 49176 172.67.23.114 installer.manycams.com 80
192.168.56.101 49179 172.67.23.114 installer.manycams.com 80
192.168.56.101 49183 203.208.41.65 www.google-analytics.com 80
192.168.56.101 49189 35.153.239.63 geoip.vmn.net 80
192.168.56.101 49184 54.81.50.186 installstat.manycam.com 80
192.168.56.101 49188 69.50.129.55 analytics.vmn.net 443

UDP

Source Source Port Destination Destination Port
192.168.56.101 49235 114.114.114.114 53
192.168.56.101 50534 114.114.114.114 53
192.168.56.101 51378 114.114.114.114 53
192.168.56.101 53237 114.114.114.114 53
192.168.56.101 53657 114.114.114.114 53
192.168.56.101 56539 114.114.114.114 53
192.168.56.101 57756 114.114.114.114 53
192.168.56.101 57874 114.114.114.114 53
192.168.56.101 62318 114.114.114.114 53
192.168.56.101 65004 114.114.114.114 53
192.168.56.101 137 192.168.56.255 137
192.168.56.101 138 192.168.56.255 138
192.168.56.101 51808 224.0.0.252 5355
192.168.56.101 55368 224.0.0.252 5355
192.168.56.101 56804 224.0.0.252 5355
192.168.56.101 60123 224.0.0.252 5355
192.168.56.101 60384 224.0.0.252 5355
192.168.56.101 62191 224.0.0.252 5355
192.168.56.101 1900 239.255.255.250 1900
192.168.56.101 50535 239.255.255.250 3702

HTTP & HTTPS Requests

URI Data
http://geoip.vmn.net/index.php?v=2&format=json&callback=jQuery1710416560175919954_1621009781163&_=1621009784913 
GET /index.php?v=2&format=json&callback=jQuery1710416560175919954_1621009781163&_=1621009784913 HTTP/1.1
Accept: */*
Referer: http://installer.manycams.com/1.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: geoip.vmn.net
Connection: Keep-Alive
http://installer.manycams.com/2.png 
GET /2.png HTTP/1.1
Accept: */*
Referer: http://installer.manycams.com/1.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installer.manycams.com
Connection: Keep-Alive
http://installer.manycams.com/close.png 
GET /close.png HTTP/1.1
Accept: */*
Referer: http://installer.manycams.com/1.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installer.manycams.com
Connection: Keep-Alive
http://installstat.manycam.com/installStarted.php 
GET /installStarted.php HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installstat.manycam.com
Connection: Keep-Alive
http://installer.manycams.com/0.html 
GET /0.html HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installer.manycams.com
Connection: Keep-Alive
http://installer.manycams.com/3.png 
GET /3.png HTTP/1.1
Accept: */*
Referer: http://installer.manycams.com/1.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installer.manycams.com
Connection: Keep-Alive
http://installer.manycams.com/1.html 
GET /1.html HTTP/1.1
Accept: */*
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installer.manycams.com
Connection: Keep-Alive
http://installer.manycams.com/main-bottom-gradient.png 
GET /main-bottom-gradient.png HTTP/1.1
Accept: */*
Referer: http://installer.manycams.com/1.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installer.manycams.com
Connection: Keep-Alive
http://installer.manycams.com/next-arrow.png 
GET /next-arrow.png HTTP/1.1
Accept: */*
Referer: http://installer.manycams.com/1.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installer.manycams.com
Connection: Keep-Alive
http://installer.manycams.com/analytics.js 
GET /analytics.js HTTP/1.1
Accept: */*
Referer: http://installer.manycams.com/1.html
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: installer.manycams.com
Connection: Keep-Alive

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.