Analysis Date2018-04-26 04:41:24
MD589040e29f260341faa10baf3256e1dc4
SHA141b70bd41fed917eecdc998834501b4fec77a36c

Static Details:

AVArcabit (arcavir)Error Scanning File
AVAuthentiumNo Virus
AVGrisoft (avg)No Virus
AVAvira (antivir)No Virus
AVAlwil (avast)HTML:Iframe-inf
AVAlwil (avast)Iframe-inf
AVAd-AwareNo Virus
AVBitDefenderError Scanning File
AVBullGuardNo Virus
AVClamAVNo Virus
AVDr. WebNo Virus
AVEmsisoftNo Virus
AVMicroWorld (escan)No Virus
AVCA (E-Trust Ino)No Virus
AVFortinetError Scanning File
AVFrisk (f-prot)Error Scanning File
AVF-SecureNo Virus
AVIkarusNo Virus
AVK7Error Scanning File
AVKasperskyNo Virus
AVMalwareBytesError Scanning File
AVMcafeeNo Virus
AVMicrosoft Security EssentialsNo Virus
AVNANONo Virus
AVEset (nod32)No Virus
AVPadvishNo Virus
AVCAT (quickheal)Error Scanning File
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecNo Virus
AVTrend MicroNo Virus
AVTwisterNo Virus
AVVirusBlokAda (vba32)No Virus
AVWindows DefenderNo Virus
AVZillya!No Virus

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates File\??\Nsi
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\Low
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\Favorites\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\Roaming\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\IETldCache\Low
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\Low\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\Temp\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\Local\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\AppData\
Creates FileC:\Users\Phil\
Creates FileC:\Users\Phil\
Creates FileC:\Users\
Creates FileC:\Users\
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\AppData\Local\Temp\Low
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates FileC:\Windows\System32\url.dll
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D9573882-490B-11E8-8AAC-52540091C135}.dat
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFB99AFBA40D17F267.TMP
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9573883-490B-11E8-8AAC-52540091C135}.dat
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF645CED60B865179C.TMP
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\desktop.ini
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Windows\System32\ieframe.dll
Creates FileC:\Windows\System32\stdole2.tlb
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Internet Explorer\frameiconcache.dat
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
Creates FileC:\Users\Phil\Favorites
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\Favorites\Links\Suggested Sites.url
Creates FileC:\Users\Phil\Favorites\Links\Web Slice Gallery.url
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF4676BE483B3B1339.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFBC06893452EEE808.TMP
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF544255E045D1F254.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFAEB07729C4123BE3.TMP
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
Creates FileC:\Users\Phil\Favorites\Links
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
Creates FileC:\Users\Phil\AppData\Local\Temp\~DF8E5FCA045AEA4ACC.TMP
Creates FileC:\Users\Phil\AppData\Local\Temp\~DFAB9C894AE2A994EB.TMP
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\DEVICE\NETBT_TCPIP_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
Creates File\Device\RasAcd
Creates File\DEVICE\NETBT_TCPIP_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\DEVICE\NETBT_TCPIP_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
Creates File\DEVICE\NETBT_TCPIP_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\Device\NetBT_Tcpip_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\Device\NetBT_Tcpip6_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\Device\NetBT_Tcpip6_{7035D925-FEB8-4F15-A864-01A2CAB79F18}

Process
↳ C:\Program Files\Internet Explorer\iexplore.exe

Creates FileC:\Windows\Globalization\Sorting\sortdefault.nls
Creates FileC:\Windows\System32\oleaccrc.dll
Creates File\??\MountPointManager
Creates FileC:\
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches
Creates FileC:\Windows\System32\rsaenh.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates File\??\MountPointManager
Creates FileC:\Users\desktop.ini
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\Favorites\desktop.ini
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Roaming
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
Creates FileC:\Users\Phil\Desktop\desktop.ini
Creates FileC:\Users\Phil\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
Creates FileC:\Windows\Fonts\staticcache.dat
Creates FileC:\Windows\AppPatch\AppPatch64\sysmain.sdb
Creates FileC:\Program Files\Java\jre6\bin\jp2ssv.dll
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Feeds Cache\index.dat
Creates FileC:\Windows\System32\en-US\urlmon.dll.mui
Creates FileC:\Users\Phil\AppData\Local\Temp\41b70bd41fed917eecdc998834501b4fec77a36c.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41b70bd41fed917eecdc998834501b4fec77a36c.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41b70bd41fed917eecdc998834501b4fec77a36c.html
Creates FileC:\Windows\Media\Windows Information Bar.wav
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Windows\System32\en-US\wdmaud.drv.mui
Creates FileC:\Windows\System32\en-US\MMDevAPI.DLL.mui
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates FileC:\Users\Phil\Desktop\wdmaud.drv
Creates FileC:\Windows\System32\wdmaud.drv
Creates File\Device\Afd\Endpoint
Creates File\??\Nsi
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\
Creates FileC:\Users
Creates FileC:\Users\Phil
Creates FileC:\Users\Phil\AppData
Creates FileC:\Users\Phil\AppData\Local
Creates FileC:\Users\Phil\AppData\Local\Temp
Creates File\Device\RasAcd
Creates FileC:\Users\Phil\AppData\Local\Temp\41b70bd41fed917eecdc998834501b4fec77a36c.html
Creates FileC:\Users\Phil\AppData\Local\Temp\41b70bd41fed917eecdc998834501b4fec77a36c.html
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\DEVICE\NETBT_TCPIP_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
Creates File\DEVICE\NETBT_TCPIP_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\DEVICE\NETBT_TCPIP_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\DEVICE\NETBT_TCPIP_{846EE342-7039-11DE-9D20-806E6F6E6963}
Creates File\DEVICE\NETBT_TCPIP_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\Device\RasAcd
Creates File\Device\NetBT_Tcpip_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\Device\NetBT_Tcpip6_{A0D04DC6-852C-4BAF-AC46-66898A1F54B8}
Creates File\Device\NetBT_Tcpip6_{7035D925-FEB8-4F15-A864-01A2CAB79F18}
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\RasAcd
Creates File\Device\RasAcd
Creates File\Device\RasAcd
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\main[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\main[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\main[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STN7NUQY\addthis_widget[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STN7NUQY\addthis_widget[1].htm
Creates FileC:\Users\Phil\AppData\Local\Temp\41b70bd41fed917eecdc998834501b4fec77a36c.html
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRPAQY7Q\jquery.min[1].htm
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRPAQY7Q\jquery.min[1].htm
Creates FileC:\Users\Phil\AppData\Local\Temp\41b70bd41fed917eecdc998834501b4fec77a36c.html
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRPAQY7Q\jquery.min[1].htm
Creates FileC:\Windows\System32\en-US\jscript.dll.mui
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6Z7NI6K\am_h-1x1[1].gif
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6Z7NI6K\am_h-1x4[1].gif
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6Z7NI6K\am_h-1x2[1].gif
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV6J2I17\am_h-1x6[1].gif
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STN7NUQY\bookmark_h[1].gif
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\STN7NUQY\addthis_widget[1].htm
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRPAQY7Q\am_h-1x3[1].gif
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRPAQY7Q\am_h-1x7[1].gif
Creates FileC:\Users\Phil\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRPAQY7Q\am_h-1x5[1].gif
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\Endpoint

Network Details:


Raw Pcap
0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f637373 2f6d6169 6e2e6373   GET /css/main.cs
0x00000010 (00016)   73204854 54502f31 2e310d0a 41636365   s HTTP/1.1..Acce
0x00000020 (00032)   70743a20 2a2f2a0d 0a416363 6570742d   pt: */*..Accept-
0x00000030 (00048)   4c616e67 75616765 3a20656e 2d55530d   Language: en-US.
0x00000040 (00064)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000050 (00080)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000060 (00096)   69626c65 3b204d53 49452038 2e303b20   ible; MSIE 8.0; 
0x00000070 (00112)   57696e64 6f777320 4e542036 2e313b20   Windows NT 6.1; 
0x00000080 (00128)   57696e36 343b2078 36343b20 54726964   Win64; x64; Trid
0x00000090 (00144)   656e742f 342e303b 202e4e45 5420434c   ent/4.0; .NET CL
0x000000a0 (00160)   5220322e 302e3530 3732373b 20534c43   R 2.0.50727; SLC
0x000000b0 (00176)   43323b20 2e4e4554 20434c52 20332e35   C2; .NET CLR 3.5
0x000000c0 (00192)   2e333037 32393b20 2e4e4554 20434c52   .30729; .NET CLR
0x000000d0 (00208)   20332e30 2e333037 32393b20 4d656469    3.0.30729; Medi
0x000000e0 (00224)   61204365 6e746572 20504320 362e3029   a Center PC 6.0)
0x000000f0 (00240)   0d0a5541 2d435055 3a20414d 4436340d   ..UA-CPU: AMD64.
0x00000100 (00256)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000110 (00272)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000120 (00288)   0a486f73 743a2061 6c66616d 696c662e   .Host: alfamilf.
0x00000130 (00304)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000140 (00320)   204b6565 702d416c 6976650d 0a0d0a      Keep-Alive....

0x00000000 (00000)   47455420 2f6a732f 3235302f 61646474   GET /js/250/addt
0x00000010 (00016)   6869735f 77696467 65742e6a 73204854   his_widget.js HT
0x00000020 (00032)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000030 (00048)   2a2f2a0d 0a416363 6570742d 4c616e67   */*..Accept-Lang
0x00000040 (00064)   75616765 3a20656e 2d55530d 0a557365   uage: en-US..Use
0x00000050 (00080)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x00000060 (00096)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x00000070 (00112)   3b204d53 49452038 2e303b20 57696e64   ; MSIE 8.0; Wind
0x00000080 (00128)   6f777320 4e542036 2e313b20 57696e36   ows NT 6.1; Win6
0x00000090 (00144)   343b2078 36343b20 54726964 656e742f   4; x64; Trident/
0x000000a0 (00160)   342e303b 202e4e45 5420434c 5220322e   4.0; .NET CLR 2.
0x000000b0 (00176)   302e3530 3732373b 20534c43 43323b20   0.50727; SLCC2; 
0x000000c0 (00192)   2e4e4554 20434c52 20332e35 2e333037   .NET CLR 3.5.307
0x000000d0 (00208)   32393b20 2e4e4554 20434c52 20332e30   29; .NET CLR 3.0
0x000000e0 (00224)   2e333037 32393b20 4d656469 61204365   .30729; Media Ce
0x000000f0 (00240)   6e746572 20504320 362e3029 0d0a5541   nter PC 6.0)..UA
0x00000100 (00256)   2d435055 3a20414d 4436340d 0a416363   -CPU: AMD64..Acc
0x00000110 (00272)   6570742d 456e636f 64696e67 3a20677a   ept-Encoding: gz
0x00000120 (00288)   69702c20 6465666c 6174650d 0a486f73   ip, deflate..Hos
0x00000130 (00304)   743a2073 372e6164 64746869 732e636f   t: s7.addthis.co
0x00000140 (00320)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x00000150 (00336)   6565702d 416c6976 650d0a0d 0a         eep-Alive....

0x00000000 (00000)   47455420 2f616a61 782f6c69 62732f6a   GET /ajax/libs/j
0x00000010 (00016)   71756572 792f312e 372e322f 6a717565   query/1.7.2/jque
0x00000020 (00032)   72792e6d 696e2e6a 73204854 54502f31   ry.min.js HTTP/1
0x00000030 (00048)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000040 (00064)   0a416363 6570742d 4c616e67 75616765   .Accept-Language
0x00000050 (00080)   3a20656e 2d55530d 0a557365 722d4167   : en-US..User-Ag
0x00000060 (00096)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000070 (00112)   2028636f 6d706174 69626c65 3b204d53    (compatible; MS
0x00000080 (00128)   49452038 2e303b20 57696e64 6f777320   IE 8.0; Windows 
0x00000090 (00144)   4e542036 2e313b20 57696e36 343b2078   NT 6.1; Win64; x
0x000000a0 (00160)   36343b20 54726964 656e742f 342e303b   64; Trident/4.0;
0x000000b0 (00176)   202e4e45 5420434c 5220322e 302e3530    .NET CLR 2.0.50
0x000000c0 (00192)   3732373b 20534c43 43323b20 2e4e4554   727; SLCC2; .NET
0x000000d0 (00208)   20434c52 20332e35 2e333037 32393b20    CLR 3.5.30729; 
0x000000e0 (00224)   2e4e4554 20434c52 20332e30 2e333037   .NET CLR 3.0.307
0x000000f0 (00240)   32393b20 4d656469 61204365 6e746572   29; Media Center
0x00000100 (00256)   20504320 362e3029 0d0a5541 2d435055    PC 6.0)..UA-CPU
0x00000110 (00272)   3a20414d 4436340d 0a416363 6570742d   : AMD64..Accept-
0x00000120 (00288)   456e636f 64696e67 3a20677a 69702c20   Encoding: gzip, 
0x00000130 (00304)   6465666c 6174650d 0a486f73 743a2061   deflate..Host: a
0x00000140 (00320)   6a61782e 676f6f67 6c656170 69732e63   jax.googleapis.c
0x00000150 (00336)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000160 (00352)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d337831 2e676966 20485454 502f312e   -3x1.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d327832 2e676966 20485454 502f312e   -2x2.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f637373 2f756272 2e637373   GET /css/ubr.css
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 41636365 70742d4c   t: */*..Accept-L
0x00000030 (00048)   616e6775 6167653a 20656e2d 55530d0a   anguage: en-US..
0x00000040 (00064)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000050 (00080)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000060 (00096)   626c653b 204d5349 4520382e 303b2057   ble; MSIE 8.0; W
0x00000070 (00112)   696e646f 7773204e 5420362e 313b2057   indows NT 6.1; W
0x00000080 (00128)   696e3634 3b207836 343b2054 72696465   in64; x64; Tride
0x00000090 (00144)   6e742f34 2e303b20 2e4e4554 20434c52   nt/4.0; .NET CLR
0x000000a0 (00160)   20322e30 2e353037 32373b20 534c4343    2.0.50727; SLCC
0x000000b0 (00176)   323b202e 4e455420 434c5220 332e352e   2; .NET CLR 3.5.
0x000000c0 (00192)   33303732 393b202e 4e455420 434c5220   30729; .NET CLR 
0x000000d0 (00208)   332e302e 33303732 393b204d 65646961   3.0.30729; Media
0x000000e0 (00224)   2043656e 74657220 50432036 2e30290d    Center PC 6.0).
0x000000f0 (00240)   0a55412d 4350553a 20414d44 36340d0a   .UA-CPU: AMD64..
0x00000100 (00256)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000110 (00272)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000120 (00288)   486f7374 3a20616c 66616d69 6c662e63   Host: alfamilf.c
0x00000130 (00304)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x00000140 (00320)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f616477 2e736874 6d6c2048   GET /adw.shtml H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   20617070 6c696361 74696f6e 2f782d6d    application/x-m
0x00000030 (00048)   732d6170 706c6963 6174696f 6e2c2069   s-application, i
0x00000040 (00064)   6d616765 2f6a7065 672c2061 70706c69   mage/jpeg, appli
0x00000050 (00080)   63617469 6f6e2f78 616d6c2b 786d6c2c   cation/xaml+xml,
0x00000060 (00096)   20696d61 67652f67 69662c20 696d6167    image/gif, imag
0x00000070 (00112)   652f706a 7065672c 20617070 6c696361   e/pjpeg, applica
0x00000080 (00128)   74696f6e 2f782d6d 732d7862 61702c20   tion/x-ms-xbap, 
0x00000090 (00144)   2a2f2a0d 0a416363 6570742d 4c616e67   */*..Accept-Lang
0x000000a0 (00160)   75616765 3a20656e 2d55530d 0a557365   uage: en-US..Use
0x000000b0 (00176)   722d4167 656e743a 204d6f7a 696c6c61   r-Agent: Mozilla
0x000000c0 (00192)   2f342e30 2028636f 6d706174 69626c65   /4.0 (compatible
0x000000d0 (00208)   3b204d53 49452038 2e303b20 57696e64   ; MSIE 8.0; Wind
0x000000e0 (00224)   6f777320 4e542036 2e313b20 57696e36   ows NT 6.1; Win6
0x000000f0 (00240)   343b2078 36343b20 54726964 656e742f   4; x64; Trident/
0x00000100 (00256)   342e303b 202e4e45 5420434c 5220322e   4.0; .NET CLR 2.
0x00000110 (00272)   302e3530 3732373b 20534c43 43323b20   0.50727; SLCC2; 
0x00000120 (00288)   2e4e4554 20434c52 20332e35 2e333037   .NET CLR 3.5.307
0x00000130 (00304)   32393b20 2e4e4554 20434c52 20332e30   29; .NET CLR 3.0
0x00000140 (00320)   2e333037 32393b20 4d656469 61204365   .30729; Media Ce
0x00000150 (00336)   6e746572 20504320 362e3029 0d0a5541   nter PC 6.0)..UA
0x00000160 (00352)   2d435055 3a20414d 4436340d 0a416363   -CPU: AMD64..Acc
0x00000170 (00368)   6570742d 456e636f 64696e67 3a20677a   ept-Encoding: gz
0x00000180 (00384)   69702c20 6465666c 6174650d 0a486f73   ip, deflate..Hos
0x00000190 (00400)   743a2061 6c66616d 696c662e 636f6d0d   t: alfamilf.com.
0x000001a0 (00416)   0a436f6e 6e656374 696f6e3a 204b6565   .Connection: Kee
0x000001b0 (00432)   702d416c 6976650d 0a0d0a              p-Alive....

0x00000000 (00000)   47455420 2f616477 312e7368 746d6c20   GET /adw1.shtml 
0x00000010 (00016)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000020 (00032)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000030 (00048)   6d732d61 70706c69 63617469 6f6e2c20   ms-application, 
0x00000040 (00064)   696d6167 652f6a70 65672c20 6170706c   image/jpeg, appl
0x00000050 (00080)   69636174 696f6e2f 78616d6c 2b786d6c   ication/xaml+xml
0x00000060 (00096)   2c20696d 6167652f 6769662c 20696d61   , image/gif, ima
0x00000070 (00112)   67652f70 6a706567 2c206170 706c6963   ge/pjpeg, applic
0x00000080 (00128)   6174696f 6e2f782d 6d732d78 6261702c   ation/x-ms-xbap,
0x00000090 (00144)   202a2f2a 0d0a4163 63657074 2d4c616e    */*..Accept-Lan
0x000000a0 (00160)   67756167 653a2065 6e2d5553 0d0a5573   guage: en-US..Us
0x000000b0 (00176)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x000000c0 (00192)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x000000d0 (00208)   653b204d 53494520 382e303b 2057696e   e; MSIE 8.0; Win
0x000000e0 (00224)   646f7773 204e5420 362e313b 2057696e   dows NT 6.1; Win
0x000000f0 (00240)   36343b20 7836343b 20547269 64656e74   64; x64; Trident
0x00000100 (00256)   2f342e30 3b202e4e 45542043 4c522032   /4.0; .NET CLR 2
0x00000110 (00272)   2e302e35 30373237 3b20534c 4343323b   .0.50727; SLCC2;
0x00000120 (00288)   202e4e45 5420434c 5220332e 352e3330    .NET CLR 3.5.30
0x00000130 (00304)   3732393b 202e4e45 5420434c 5220332e   729; .NET CLR 3.
0x00000140 (00320)   302e3330 3732393b 204d6564 69612043   0.30729; Media C
0x00000150 (00336)   656e7465 72205043 20362e30 290d0a55   enter PC 6.0)..U
0x00000160 (00352)   412d4350 553a2041 4d443634 0d0a4163   A-CPU: AMD64..Ac
0x00000170 (00368)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000180 (00384)   7a69702c 20646566 6c617465 0d0a486f   zip, deflate..Ho
0x00000190 (00400)   73743a20 616c6661 6d696c66 2e636f6d   st: alfamilf.com
0x000001a0 (00416)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000001b0 (00432)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f637373 2f756272 2e6a7320   GET /css/ubr.js 
0x00000010 (00016)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000020 (00032)   3a202a2f 2a0d0a41 63636570 742d4c61   : */*..Accept-La
0x00000030 (00048)   6e677561 67653a20 656e2d55 530d0a55   nguage: en-US..U
0x00000040 (00064)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000050 (00080)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000060 (00096)   6c653b20 4d534945 20382e30 3b205769   le; MSIE 8.0; Wi
0x00000070 (00112)   6e646f77 73204e54 20362e31 3b205769   ndows NT 6.1; Wi
0x00000080 (00128)   6e36343b 20783634 3b205472 6964656e   n64; x64; Triden
0x00000090 (00144)   742f342e 303b202e 4e455420 434c5220   t/4.0; .NET CLR 
0x000000a0 (00160)   322e302e 35303732 373b2053 4c434332   2.0.50727; SLCC2
0x000000b0 (00176)   3b202e4e 45542043 4c522033 2e352e33   ; .NET CLR 3.5.3
0x000000c0 (00192)   30373239 3b202e4e 45542043 4c522033   0729; .NET CLR 3
0x000000d0 (00208)   2e302e33 30373239 3b204d65 64696120   .0.30729; Media 
0x000000e0 (00224)   43656e74 65722050 4320362e 30290d0a   Center PC 6.0)..
0x000000f0 (00240)   55412d43 50553a20 414d4436 340d0a41   UA-CPU: AMD64..A
0x00000100 (00256)   63636570 742d456e 636f6469 6e673a20   ccept-Encoding: 
0x00000110 (00272)   677a6970 2c206465 666c6174 650d0a48   gzip, deflate..H
0x00000120 (00288)   6f73743a 20616c66 616d696c 662e636f   ost: alfamilf.co
0x00000130 (00304)   6d0d0a43 6f6e6e65 6374696f 6e3a204b   m..Connection: K
0x00000140 (00320)   6565702d 416c6976 650d0a0d 0a         eep-Alive....

0x00000000 (00000)   47455420 2f616477 322e7368 746d6c20   GET /adw2.shtml 
0x00000010 (00016)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000020 (00032)   3a206170 706c6963 6174696f 6e2f782d   : application/x-
0x00000030 (00048)   6d732d61 70706c69 63617469 6f6e2c20   ms-application, 
0x00000040 (00064)   696d6167 652f6a70 65672c20 6170706c   image/jpeg, appl
0x00000050 (00080)   69636174 696f6e2f 78616d6c 2b786d6c   ication/xaml+xml
0x00000060 (00096)   2c20696d 6167652f 6769662c 20696d61   , image/gif, ima
0x00000070 (00112)   67652f70 6a706567 2c206170 706c6963   ge/pjpeg, applic
0x00000080 (00128)   6174696f 6e2f782d 6d732d78 6261702c   ation/x-ms-xbap,
0x00000090 (00144)   202a2f2a 0d0a4163 63657074 2d4c616e    */*..Accept-Lan
0x000000a0 (00160)   67756167 653a2065 6e2d5553 0d0a5573   guage: en-US..Us
0x000000b0 (00176)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x000000c0 (00192)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x000000d0 (00208)   653b204d 53494520 382e303b 2057696e   e; MSIE 8.0; Win
0x000000e0 (00224)   646f7773 204e5420 362e313b 2057696e   dows NT 6.1; Win
0x000000f0 (00240)   36343b20 7836343b 20547269 64656e74   64; x64; Trident
0x00000100 (00256)   2f342e30 3b202e4e 45542043 4c522032   /4.0; .NET CLR 2
0x00000110 (00272)   2e302e35 30373237 3b20534c 4343323b   .0.50727; SLCC2;
0x00000120 (00288)   202e4e45 5420434c 5220332e 352e3330    .NET CLR 3.5.30
0x00000130 (00304)   3732393b 202e4e45 5420434c 5220332e   729; .NET CLR 3.
0x00000140 (00320)   302e3330 3732393b 204d6564 69612043   0.30729; Media C
0x00000150 (00336)   656e7465 72205043 20362e30 290d0a55   enter PC 6.0)..U
0x00000160 (00352)   412d4350 553a2041 4d443634 0d0a4163   A-CPU: AMD64..Ac
0x00000170 (00368)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000180 (00384)   7a69702c 20646566 6c617465 0d0a486f   zip, deflate..Ho
0x00000190 (00400)   73743a20 616c6661 6d696c66 2e636f6d   st: alfamilf.com
0x000001a0 (00416)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000001b0 (00432)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f6e6373 692e7478 74204854   GET /ncsi.txt HT
0x00000010 (00016)   54502f31 2e310d0a 436f6e6e 65637469   TP/1.1..Connecti
0x00000020 (00032)   6f6e3a20 436c6f73 650d0a55 7365722d   on: Close..User-
0x00000030 (00048)   4167656e 743a204d 6963726f 736f6674   Agent: Microsoft
0x00000040 (00064)   204e4353 490d0a48 6f73743a 20777777    NCSI..Host: www
0x00000050 (00080)   2e6d7366 746e6373 692e636f 6d0d0a0d   .msftncsi.com...
0x00000060 (00096)   0a                                    .

0x00000000 (00000)   47455420 2f696d61 6765732f 626f6f6b   GET /images/book
0x00000010 (00016)   6d61726b 5f682e67 69662048 5454502f   mark_h.gif HTTP/
0x00000020 (00032)   312e310d 0a416363 6570743a 202a2f2a   1.1..Accept: */*
0x00000030 (00048)   0d0a4163 63657074 2d4c616e 67756167   ..Accept-Languag
0x00000040 (00064)   653a2065 6e2d5553 0d0a5573 65722d41   e: en-US..User-A
0x00000050 (00080)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000060 (00096)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000070 (00112)   53494520 382e303b 2057696e 646f7773   SIE 8.0; Windows
0x00000080 (00128)   204e5420 362e313b 2057696e 36343b20    NT 6.1; Win64; 
0x00000090 (00144)   7836343b 20547269 64656e74 2f342e30   x64; Trident/4.0
0x000000a0 (00160)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000b0 (00176)   30373237 3b20534c 4343323b 202e4e45   0727; SLCC2; .NE
0x000000c0 (00192)   5420434c 5220332e 352e3330 3732393b   T CLR 3.5.30729;
0x000000d0 (00208)   202e4e45 5420434c 5220332e 302e3330    .NET CLR 3.0.30
0x000000e0 (00224)   3732393b 204d6564 69612043 656e7465   729; Media Cente
0x000000f0 (00240)   72205043 20362e30 290d0a55 412d4350   r PC 6.0)..UA-CP
0x00000100 (00256)   553a2041 4d443634 0d0a4163 63657074   U: AMD64..Accept
0x00000110 (00272)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000120 (00288)   20646566 6c617465 0d0a486f 73743a20    deflate..Host: 
0x00000130 (00304)   616c6661 6d696c66 2e636f6d 0d0a436f   alfamilf.com..Co
0x00000140 (00320)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x00000150 (00336)   6c697665 0d0a0d0a                     live....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d317833 2e676966 20485454 502f312e   -1x3.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d317835 2e676966 20485454 502f312e   -1x5.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d317837 2e676966 20485454 502f312e   -1x7.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   504f5354 202f3365 31363236 34372d63   POST /3e162647-c
0x00000010 (00016)   3364382d 34346333 2d393937 622d3061   3d8-44c3-997b-0a
0x00000020 (00032)   63396135 66363838 33322f20 48545450   c9a5f68832/ HTTP
0x00000030 (00048)   2f312e31 0d0a4361 6368652d 436f6e74   /1.1..Cache-Cont
0x00000040 (00064)   726f6c3a 206e6f2d 63616368 650d0a43   rol: no-cache..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2043 6c6f7365   onnection: Close
0x00000060 (00096)   0d0a5072 61676d61 3a206e6f 2d636163   ..Pragma: no-cac
0x00000070 (00112)   68650d0a 436f6e74 656e742d 54797065   he..Content-Type
0x00000080 (00128)   3a206170 706c6963 6174696f 6e2f736f   : application/so
0x00000090 (00144)   61702b78 6d6c0d0a 55736572 2d416765   ap+xml..User-Age
0x000000a0 (00160)   6e743a20 57534441 50490d0a 436f6e74   nt: WSDAPI..Cont
0x000000b0 (00176)   656e742d 4c656e67 74683a20 3733330d   ent-Length: 733.
0x000000c0 (00192)   0a486f73 743a2031 39322e31 36382e31   .Host: 192.168.1
0x000000d0 (00208)   30302e31 34373a35 3335370d 0a0d0a3c   00.147:5357....<
0x000000e0 (00224)   3f786d6c 20766572 73696f6e 3d22312e   ?xml version="1.
0x000000f0 (00240)   30222065 6e636f64 696e673d 22757466   0" encoding="utf
0x00000100 (00256)   2d38223f 3e3c736f 61703a45 6e76656c   -8"?><soap:Envel
0x00000110 (00272)   6f706520 786d6c6e 733a736f 61703d22   ope xmlns:soap="
0x00000120 (00288)   68747470 3a2f2f77 77772e77 332e6f72   http://www.w3.or
0x00000130 (00304)   672f3230 30332f30 352f736f 61702d65   g/2003/05/soap-e
0x00000140 (00320)   6e76656c 6f706522 20786d6c 6e733a77   nvelope" xmlns:w
0x00000150 (00336)   73613d22 68747470 3a2f2f73 6368656d   sa="http://schem
0x00000160 (00352)   61732e78 6d6c736f 61702e6f 72672f77   as.xmlsoap.org/w
0x00000170 (00368)   732f3230 30342f30 382f6164 64726573   s/2004/08/addres
0x00000180 (00384)   73696e67 2220786d 6c6e733a 6c6d733d   sing" xmlns:lms=
0x00000190 (00400)   22687474 703a2f2f 73636865 6d61732e   "http://schemas.
0x000001a0 (00416)   6d696372 6f736f66 742e636f 6d2f7769   microsoft.com/wi
0x000001b0 (00432)   6e646f77 732f6c6d 732f3230 30372f30   ndows/lms/2007/0
0x000001c0 (00448)   38223e3c 736f6170 3a486561 6465723e   8"><soap:Header>
0x000001d0 (00464)   3c777361 3a546f3e 75726e3a 75756964   <wsa:To>urn:uuid
0x000001e0 (00480)   3a336531 36323634 372d6333 64382d34   :3e162647-c3d8-4
0x000001f0 (00496)   3463332d 39393762 2d306163 39613566   4c3-997b-0ac9a5f
0x00000200 (00512)   36383833 323c2f77 73613a54 6f3e3c77   68832</wsa:To><w
0x00000210 (00528)   73613a41 6374696f 6e3e6874 74703a2f   sa:Action>http:/
0x00000220 (00544)   2f736368 656d6173 2e786d6c 736f6170   /schemas.xmlsoap
0x00000230 (00560)   2e6f7267 2f77732f 32303034 2f30392f   .org/ws/2004/09/
0x00000240 (00576)   7472616e 73666572 2f476574 3c2f7773   transfer/Get</ws
0x00000250 (00592)   613a4163 74696f6e 3e3c7773 613a4d65   a:Action><wsa:Me
0x00000260 (00608)   73736167 6549443e 75726e3a 75756964   ssageID>urn:uuid
0x00000270 (00624)   3a626163 61383264 612d6233 30392d34   :baca82da-b309-4
0x00000280 (00640)   3636342d 62336564 2d346433 30623933   664-b3ed-4d30b93
0x00000290 (00656)   32303865 323c2f77 73613a4d 65737361   208e2</wsa:Messa
0x000002a0 (00672)   67654944 3e3c7773 613a5265 706c7954   geID><wsa:ReplyT
0x000002b0 (00688)   6f3e3c77 73613a41 64647265 73733e68   o><wsa:Address>h
0x000002c0 (00704)   7474703a 2f2f7363 68656d61 732e786d   ttp://schemas.xm
0x000002d0 (00720)   6c736f61 702e6f72 672f7773 2f323030   lsoap.org/ws/200
0x000002e0 (00736)   342f3038 2f616464 72657373 696e672f   4/08/addressing/
0x000002f0 (00752)   726f6c65 2f616e6f 6e796d6f 75733c2f   role/anonymous</
0x00000300 (00768)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000310 (00784)   613a5265 706c7954 6f3e3c77 73613a46   a:ReplyTo><wsa:F
0x00000320 (00800)   726f6d3e 3c777361 3a416464 72657373   rom><wsa:Address
0x00000330 (00816)   3e75726e 3a757569 643a3837 37656436   >urn:uuid:877ed6
0x00000340 (00832)   34342d66 3362362d 34633832 2d616131   44-f3b6-4c82-aa1
0x00000350 (00848)   622d3336 36376439 64373135 39323c2f   b-3667d9d71592</
0x00000360 (00864)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000370 (00880)   613a4672 6f6d3e3c 6c6d733a 4c617267   a:From><lms:Larg
0x00000380 (00896)   654d6574 61646174 61537570 706f7274   eMetadataSupport
0x00000390 (00912)   2f3e3c2f 736f6170 3a486561 6465723e   /></soap:Header>
0x000003a0 (00928)   3c736f61 703a426f 64792f3e 3c2f736f   <soap:Body/></so
0x000003b0 (00944)   61703a45 6e76656c 6f70653e            ap:Envelope>

0x00000000 (00000)   504f5354 202f3365 31363236 34372d63   POST /3e162647-c
0x00000010 (00016)   3364382d 34346333 2d393937 622d3061   3d8-44c3-997b-0a
0x00000020 (00032)   63396135 66363838 33322f20 48545450   c9a5f68832/ HTTP
0x00000030 (00048)   2f312e31 0d0a4361 6368652d 436f6e74   /1.1..Cache-Cont
0x00000040 (00064)   726f6c3a 206e6f2d 63616368 650d0a43   rol: no-cache..C
0x00000050 (00080)   6f6e6e65 6374696f 6e3a2043 6c6f7365   onnection: Close
0x00000060 (00096)   0d0a5072 61676d61 3a206e6f 2d636163   ..Pragma: no-cac
0x00000070 (00112)   68650d0a 436f6e74 656e742d 54797065   he..Content-Type
0x00000080 (00128)   3a206170 706c6963 6174696f 6e2f736f   : application/so
0x00000090 (00144)   61702b78 6d6c0d0a 55736572 2d416765   ap+xml..User-Age
0x000000a0 (00160)   6e743a20 57534441 50490d0a 436f6e74   nt: WSDAPI..Cont
0x000000b0 (00176)   656e742d 4c656e67 74683a20 3733330d   ent-Length: 733.
0x000000c0 (00192)   0a486f73 743a2031 39322e31 36382e31   .Host: 192.168.1
0x000000d0 (00208)   30302e31 37333a35 3335370d 0a0d0a3c   00.173:5357....<
0x000000e0 (00224)   3f786d6c 20766572 73696f6e 3d22312e   ?xml version="1.
0x000000f0 (00240)   30222065 6e636f64 696e673d 22757466   0" encoding="utf
0x00000100 (00256)   2d38223f 3e3c736f 61703a45 6e76656c   -8"?><soap:Envel
0x00000110 (00272)   6f706520 786d6c6e 733a736f 61703d22   ope xmlns:soap="
0x00000120 (00288)   68747470 3a2f2f77 77772e77 332e6f72   http://www.w3.or
0x00000130 (00304)   672f3230 30332f30 352f736f 61702d65   g/2003/05/soap-e
0x00000140 (00320)   6e76656c 6f706522 20786d6c 6e733a77   nvelope" xmlns:w
0x00000150 (00336)   73613d22 68747470 3a2f2f73 6368656d   sa="http://schem
0x00000160 (00352)   61732e78 6d6c736f 61702e6f 72672f77   as.xmlsoap.org/w
0x00000170 (00368)   732f3230 30342f30 382f6164 64726573   s/2004/08/addres
0x00000180 (00384)   73696e67 2220786d 6c6e733a 6c6d733d   sing" xmlns:lms=
0x00000190 (00400)   22687474 703a2f2f 73636865 6d61732e   "http://schemas.
0x000001a0 (00416)   6d696372 6f736f66 742e636f 6d2f7769   microsoft.com/wi
0x000001b0 (00432)   6e646f77 732f6c6d 732f3230 30372f30   ndows/lms/2007/0
0x000001c0 (00448)   38223e3c 736f6170 3a486561 6465723e   8"><soap:Header>
0x000001d0 (00464)   3c777361 3a546f3e 75726e3a 75756964   <wsa:To>urn:uuid
0x000001e0 (00480)   3a336531 36323634 372d6333 64382d34   :3e162647-c3d8-4
0x000001f0 (00496)   3463332d 39393762 2d306163 39613566   4c3-997b-0ac9a5f
0x00000200 (00512)   36383833 323c2f77 73613a54 6f3e3c77   68832</wsa:To><w
0x00000210 (00528)   73613a41 6374696f 6e3e6874 74703a2f   sa:Action>http:/
0x00000220 (00544)   2f736368 656d6173 2e786d6c 736f6170   /schemas.xmlsoap
0x00000230 (00560)   2e6f7267 2f77732f 32303034 2f30392f   .org/ws/2004/09/
0x00000240 (00576)   7472616e 73666572 2f476574 3c2f7773   transfer/Get</ws
0x00000250 (00592)   613a4163 74696f6e 3e3c7773 613a4d65   a:Action><wsa:Me
0x00000260 (00608)   73736167 6549443e 75726e3a 75756964   ssageID>urn:uuid
0x00000270 (00624)   3a343766 37306562 342d3861 66312d34   :47f70eb4-8af1-4
0x00000280 (00640)   6565632d 62663735 2d623535 65653133   eec-bf75-b55ee13
0x00000290 (00656)   31636466 623c2f77 73613a4d 65737361   1cdfb</wsa:Messa
0x000002a0 (00672)   67654944 3e3c7773 613a5265 706c7954   geID><wsa:ReplyT
0x000002b0 (00688)   6f3e3c77 73613a41 64647265 73733e68   o><wsa:Address>h
0x000002c0 (00704)   7474703a 2f2f7363 68656d61 732e786d   ttp://schemas.xm
0x000002d0 (00720)   6c736f61 702e6f72 672f7773 2f323030   lsoap.org/ws/200
0x000002e0 (00736)   342f3038 2f616464 72657373 696e672f   4/08/addressing/
0x000002f0 (00752)   726f6c65 2f616e6f 6e796d6f 75733c2f   role/anonymous</
0x00000300 (00768)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000310 (00784)   613a5265 706c7954 6f3e3c77 73613a46   a:ReplyTo><wsa:F
0x00000320 (00800)   726f6d3e 3c777361 3a416464 72657373   rom><wsa:Address
0x00000330 (00816)   3e75726e 3a757569 643a6537 62353065   >urn:uuid:e7b50e
0x00000340 (00832)   34362d61 3365352d 34323932 2d396561   46-a3e5-4292-9ea
0x00000350 (00848)   302d3935 36386234 62303431 65643c2f   0-9568b4b041ed</
0x00000360 (00864)   7773613a 41646472 6573733e 3c2f7773   wsa:Address></ws
0x00000370 (00880)   613a4672 6f6d3e3c 6c6d733a 4c617267   a:From><lms:Larg
0x00000380 (00896)   654d6574 61646174 61537570 706f7274   eMetadataSupport
0x00000390 (00912)   2f3e3c2f 736f6170 3a486561 6465723e   /></soap:Header>
0x000003a0 (00928)   3c736f61 703a426f 64792f3e 3c2f736f   <soap:Body/></so
0x000003b0 (00944)   61703a45 6e76656c 6f70653e            ap:Envelope>

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d317831 2e676966 20485454 502f312e   -1x1.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a6e6e 65637469 6f6e3a20   ve....nnection: 
0x00000160 (00352)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d317832 2e676966 20485454 502f312e   -1x2.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d317834 2e676966 20485454 502f312e   -1x4.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f68   GET /images/am_h
0x00000010 (00016)   2d317836 2e676966 20485454 502f312e   -1x6.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 646f776e   GET /images/down
0x00000010 (00016)   5f666f6e 2e6a7067 20485454 502f312e   _fon.jpg HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a5043 20362e30 290d0a55   ve....PC 6.0)..U
0x00000160 (00352)   412d4350 553a2041 4d443634 0d0a4163   A-CPU: AMD64..Ac
0x00000170 (00368)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000180 (00384)   7a69702c 20646566 6c617465 0d0a486f   zip, deflate..Ho
0x00000190 (00400)   73743a20 616c6661 6d696c66 2e636f6d   st: alfamilf.com
0x000001a0 (00416)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000001b0 (00432)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f66   GET /images/am_f
0x00000010 (00016)   2d317833 2e676966 20485454 502f312e   -1x3.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f66   GET /images/am_f
0x00000010 (00016)   2d317834 2e676966 20485454 502f312e   -1x4.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f66   GET /images/am_f
0x00000010 (00016)   2d317835 2e6a7067 20485454 502f312e   -1x5.jpg HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a5043 20362e30 290d0a55   ve....PC 6.0)..U
0x00000160 (00352)   412d4350 553a2041 4d443634 0d0a4163   A-CPU: AMD64..Ac
0x00000170 (00368)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000180 (00384)   7a69702c 20646566 6c617465 0d0a486f   zip, deflate..Ho
0x00000190 (00400)   73743a20 616c6661 6d696c66 2e636f6d   st: alfamilf.com
0x000001a0 (00416)   0d0a436f 6e6e6563 74696f6e 3a204b65   ..Connection: Ke
0x000001b0 (00432)   65702d41 6c697665 0d0a0d0a            ep-Alive....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f66   GET /images/am_f
0x00000010 (00016)   2d317831 2e676966 20485454 502f312e   -1x1.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....

0x00000000 (00000)   47455420 2f696d61 6765732f 616d5f66   GET /images/am_f
0x00000010 (00016)   2d317832 2e676966 20485454 502f312e   -1x2.gif HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d4c 616e6775 6167653a   Accept-Language:
0x00000040 (00064)   20656e2d 55530d0a 55736572 2d416765    en-US..User-Age
0x00000050 (00080)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000060 (00096)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000070 (00112)   4520382e 303b2057 696e646f 7773204e   E 8.0; Windows N
0x00000080 (00128)   5420362e 313b2057 696e3634 3b207836   T 6.1; Win64; x6
0x00000090 (00144)   343b2054 72696465 6e742f34 2e303b20   4; Trident/4.0; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   32373b20 534c4343 323b202e 4e455420   27; SLCC2; .NET 
0x000000c0 (00192)   434c5220 332e352e 33303732 393b202e   CLR 3.5.30729; .
0x000000d0 (00208)   4e455420 434c5220 332e302e 33303732   NET CLR 3.0.3072
0x000000e0 (00224)   393b204d 65646961 2043656e 74657220   9; Media Center 
0x000000f0 (00240)   50432036 2e30290d 0a55412d 4350553a   PC 6.0)..UA-CPU:
0x00000100 (00256)   20414d44 36340d0a 41636365 70742d45    AMD64..Accept-E
0x00000110 (00272)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000120 (00288)   65666c61 74650d0a 486f7374 3a20616c   eflate..Host: al
0x00000130 (00304)   66616d69 6c662e63 6f6d0d0a 436f6e6e   familf.com..Conn
0x00000140 (00320)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x00000150 (00336)   76650d0a 0d0a                         ve....


Strings