Loading ...

Play interactive tourEdit tour

Analysis Report https://download2272.mediafire.com/dee0x8gd9lhg/kfsfaocy6dzql61/Cheque+Copy.7z

Overview

General Information

Sample URL:https://download2272.mediafire.com/dee0x8gd9lhg/kfsfaocy6dzql61/Cheque+Copy.7z

Most interesting Screenshot:

Detection

AgentTesla
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Yara detected AgentTesla
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found iframes
May sleep (evasive loops) to hinder dynamic analysis
No HTML title found
Potential browser exploit detected (process start blacklist hit)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Suspicious Process Creation
Suspicious form URL found
Uses SMTP (mail sending)

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 4796 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4404 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4796 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
    • unarchiver.exe (PID: 5840 cmdline: 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W2BICE6W\Cheque Copy.7z' MD5: 8B435F8731563566F3F49203BA277865)
      • 7za.exe (PID: 5864 cmdline: 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\gxpeohi3.2wb' 'C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W2BICE6W\Cheque Copy.7z' MD5: 77E556CDFDC5C592F5C46DB4127C6F4C)
        • conhost.exe (PID: 5880 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 5924 cmdline: 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\gxpeohi3.2wb\Cheque Copy.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 5940 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • Cheque Copy.exe (PID: 5984 cmdline: C:\Users\user\AppData\Local\Temp\gxpeohi3.2wb\Cheque Copy.exe MD5: DAB2E1D0B59419E4FC6FB5E964B0FC20)
          • AddInProcess32.exe (PID: 5720 cmdline: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe MD5: F2A47587431C466535F3C3D3427724BE)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: Cheque Copy.exe PID: 5984JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Sigma Overview


    System Summary:

    barindex
    Sigma detected: Suspicious Process CreationShow sources
    Source: Process startedAuthor: Florian Roth, Daniil Yugoslavskiy, oscd.community (update): Data: Command: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe, CommandLine: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\gxpeohi3.2wb\Cheque Copy.exe, ParentImage: C:\Users\user\AppData\Local\Temp\gxpeohi3.2wb\Cheque Copy.exe, ParentProcessId: 5984, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\AddInProcess32.exe, ProcessId: 5720

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Multi AV Scanner detection for dropped fileShow sources
    Source: C:\Users\user\AppData\Local\Temp\gxpeohi3.2wb\Cheque Copy.exeVirustotal: Detection: 26%Perma Link

    Source: https://www.mediafire.com/login/HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeGuMUSAAAAACGl-wDE9NNLuUZygPg7iNvMGtXD&co=aHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&size=normal&cb=np1mbgy6wgu0
    Source: https://www.mediafire.com/login/HTTP Parser: Iframe src: /blank.html
    Source: https://www.mediafire.com/login/HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LeGuMUSAAAAACGl-wDE9NNLuUZygPg7iNvMGtXD&cb=sn3d5cve1hny
    Source: https://www.mediafire.com/login/HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeGuMUSAAAAACGl-wDE9NNLuUZygPg7iNvMGtXD&co=aHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbTo0NDM.&hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&size=normal&cb=np1mbgy6wgu0
    Source: https://www.mediafire.com/login/HTTP Parser: Iframe src: /blank.html
    Source: https://www.mediafire.com/login/HTTP Parser: Iframe src: https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LeGuMUSAAAAACGl-wDE9NNLuUZygPg7iNvMGtXD&cb=sn3d5cve1hny
    Source: https://www.mediafire.com/login/HTTP Parser: HTML title missing
    Source: https://www.mediafire.com/login/HTTP Parser: HTML title missing
    Source: https://www.mediafire.com/login/HTTP Parser: Form action: /dynamic/client_login/mediafire.php
    Source: https://www.mediafire.com/login/HTTP Parser: Form action: /dynamic/register_gopro.php
    Source: https://www.mediafire.com/login/HTTP Parser: Form action: /dynamic/client_login/facebook.php
    Source: https://www.mediafire.com/login/HTTP Parser: Form action: /dynamic/client_login/twitter.php
    Source: https://www.mediafire.com/login/HTTP Parser: Form action: /dynamic/client_login/mediafire.php
    Source: https://www.mediafire.com/login/HTTP Parser: Form action: /dynamic/register_gopro.php
    Source: https://www.mediafire.com/login/HTTP Parser: Form action: /dynamic/client_login/facebook.php
    Source: https://www.mediafire.com/login/HTTP Parser: Form action: /dynamic/client_login/twitter.php
    Source: https://www.mediafire.com/login/HTTP Parser: No <meta name="author".. found
    Source: https://www.mediafire.com/login/HTTP Parser: No <meta name="author".. found
    Source: https://www.mediafire.com/login/HTTP Parser: No <meta name="copyright".. found
    Source: https://www.mediafire.com/login/HTTP Parser: No <meta name="copyright".. found

    Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Windows\SysWOW64\unarchiver.exeJump to behavior

    Source: global trafficTCP traffic: 192.168.2.7:49807 -> 77.88.21.158:587
    Source: global trafficHTTP traffic detected: GET /download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: www.mediafire.com
    Source: global trafficHTTP traffic detected: GET /css/mfv4_121571.php?ver=nonssl&date=2020-06-30 HTTP/1.1Accept: text/css, */*Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /css/mfv3_121571.php?ver=nonssl HTTP/1.1Accept: text/css, */*Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/icons/myfiles/default.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/backgrounds/header/mf_logo_u1_full_color.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/backgrounds/header/mf_logo_u1_full_color_reversed.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /js/master_121571.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /blank.html HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /blank.html HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: connect.facebook.netConnection: Keep-Alive
    Source: global trafficHTTP traffic detected: GET /blank.html HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /blank.html HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/backgrounds/download/download_status/download_new_key.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/icons/dropdown-arrow-left-white.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/icons/svg_light/twitter.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/icons/svg_dark/loading_indeterminate.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/icons/mysteryman.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/icons/svg_light/facebook.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/icons/ico30/ico30-v9.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /images/backgrounds/footer/social/footerIcons.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /file/kfsfaocy6dzql61/Cheque+Copy.7z HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /w6ih7jyouncg/kfsfaocy6dzql61/Cheque+Copy.7z HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: download2272.mediafire.comCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /images/icons/svg_dark/close.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /images/icons/dropdown-arrow-up-dark.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /images/icons/dropdown-arrow.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /images/backgrounds/newMyfiles/smArrow.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /images/icons/logotab.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /images/icons/svg_light/social_icons_sprite.svg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&ref=3Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: static.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /help/submit_a_ticket.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198
    Source: global trafficHTTP traffic detected: GET /help/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1
    Source: global trafficHTTP traffic detected: GET /myaccount HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349
    Source: global trafficHTTP traffic detected: GET /myaccount/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349
    Source: global trafficHTTP traffic detected: GET /upgrade/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349
    Source: global trafficHTTP traffic detected: GET /earnspace/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349; mf_ugpc=pricingtry; _gat_UA-86547571-1=1; _gat_UA-102514676-1=1
    Source: global trafficHTTP traffic detected: GET /software/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349; mf_ugpc=pricingtry; _gat_UA-86547571-1=1; _gat_UA-102514676-1=1
    Source: global trafficHTTP traffic detected: GET /login/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349; mf_ugpc=pricingtry; _gat_UA-86547571-1=1; _gat_UA-102514676-1=1
    Source: global trafficHTTP traffic detected: GET /upgrade HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349; mf_ugpc=pricingtry; _gat_UA-86547571-1=1; _gat_UA-102514676-1=1
    Source: global trafficHTTP traffic detected: GET /file/kfsfaocy6dzql61/Cheque+Copy.7z HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349; mf_ugpc=pricingtry; _gat_UA-86547571-1=1; _gat_UA-102514676-1=1
    Source: global trafficHTTP traffic detected: GET /w6ih7jyouncg/kfsfaocy6dzql61/Cheque+Copy.7z HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: download2272.mediafire.comCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349; mf_ugpc=pricingtry; _gat_UA-86547571-1=1; _gat_UA-102514676-1=1
    Source: global trafficHTTP traffic detected: GET /about/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.mediafire.comConnection: Keep-AliveCookie: __cfduid=d535106b87e960bf1af58ee18564b26521593533795; ukey=0rxs93n74q1yazi8lj3tepa814u1lk2u; dr_kfsfaocy6dzql61=1; _fbp=fb.1.1593566197380.2076355866; _ga=GA1.2.2050974244.1593566198; _gid=GA1.2.1455167615.1593566198; _gat_gtag_UA_829541_1=1; _gat_UA-86547571-4=1; _hjid=c69b6028-63d3-4147-ab57-cdc1a71a3c87; __mmapiwsid=dbfc3f6d-b752-443b-96df-76cee2f5d29d:1b9da22df29c63ab9e84f1150d7b5a1eb0fcf349; mf_ugpc=pricingtry; _gat_UA-86547571-1=1; _gat_UA-102514676-1=1
    Source: about[2].htm.3.drString found in binary or memory: <a href="https://www.facebook.com/MediaFire" target="blank" class="gbtnTertiary" id="aboutUs_FacebookBtn"></a> equals www.facebook.com (Facebook)
    Source: submit_a_ticket[2].htm.3.drString found in binary or memory: <a href="http://www.facebook.com/mediafire" class="shareFacebook"></a> equals www.facebook.com (Facebook)
    Source: submit_a_ticket[2].htm.3.drString found in binary or memory: <li class="footerIcn" style="margin-left: 0;"><a href="http://www.facebook.com/mediafire" class="footerIcnFb" target="_blank" rel="noreferrer"><span class="footerIcnFb"></span></a></li> equals www.facebook.com (Facebook)
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: <li><a href="https://www.facebook.com/share.php?title=How+do+I+upload+a+file+to+MediaFire%3F&u=https%3A%2F%2Fmediafire.zendesk.com%2Fhc%2Fen-us%2Farticles%2F206397938-How-do-I-upload-a-file-to-MediaFire-" class="share-facebook">Facebook</a></li> equals www.facebook.com (Facebook)
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: <li><a href="https://www.linkedin.com/shareArticle?mini=true&source=MediaFire&title=How+do+I+upload+a+file+to+MediaFire%3F&url=https%3A%2F%2Fmediafire.zendesk.com%2Fhc%2Fen-us%2Farticles%2F206397938-How-do-I-upload-a-file-to-MediaFire-" class="share-linkedin">LinkedIn</a></li> equals www.linkedin.com (Linkedin)
    Source: sdk[1].js0.3.drString found in binary or memory: } }).call(global);})(window.inDapIF ? parent.window : window, window);} catch (e) {new Image().src="https:\/\/www.facebook.com\/" + 'common/scribe_endpoint.php?c=jssdk_error&m='+encodeURIComponent('{"error":"LOAD", "extra": {"name":"'+e.name+'","line":"'+(e.lineNumber||e.line)+'","script":"'+(e.fileName||e.sourceURL||e.script)+'","stack":"'+(e.stackTrace||e.stack)+'","revision":"1002311818","namespace":"FB","message":"'+e.message+'"}}');} equals www.facebook.com (Facebook)
    Source: sdk[1].js0.3.drString found in binary or memory: * License: https://www.facebook.com/legal/license/MDzNl_j9yvg/ equals www.facebook.com (Facebook)
    Source: CM4GVFUI.htm.3.drString found in binary or memory: <!DOCTYPE html> <html lang="en-US" xmlns:fb="http://www.facebook.com/2008/fbml" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> equals www.facebook.com (Facebook)
    Source: CM4GVFUI.htm.3.drString found in binary or memory: </script> <noscript><img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=542578585845936&ev=PageView&noscript=1"/></noscript> equals www.facebook.com (Facebook)
    Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x56cf6dbf,0x01d64f45</date><accdate>0x56cf6dbf,0x01d64f45</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
    Source: msapplication.xml1.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x56cf6dbf,0x01d64f45</date><accdate>0x56cf6dbf,0x01d64f45</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
    Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x56d6ce0f,0x01d64f45</date><accdate>0x56d6ce0f,0x01d64f45</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
    Source: msapplication.xml6.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x56d6ce0f,0x01d64f45</date><accdate>0x56d93011,0x01d64f45</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
    Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x56db9268,0x01d64f45</date><accdate>0x56db9268,0x01d64f45</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
    Source: msapplication.xml8.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x56db9268,0x01d64f45</date><accdate>0x56db9268,0x01d64f45</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
    Source: sdk[1].js0.3.drString found in binary or memory: __d("FBPixelEndpoint",["invariant","FBEventsParamList","FBEventsUtils"],(function(a,b,c,d,e,f,g){"use strict";var h="https://www.facebook.com/tr/",i=location.href,j=window.top!==window,k=document.referrer;function l(a,c,d,e){e=e||{};var f=new(b("FBEventsParamList"))();f.append("id",a);f.append("ev",c);f.append("dl",i);f.append("rl",k);f.append("if",j);f.append("ts",new Date().valueOf());f.append("cd",d);f.append("sw",window.screen.width);f.append("sh",window.screen.height);for(var g in e)f.append(g,e[g]);return f}function a(a,b,c,d){a=l(a,b,c,d);b=a.toQueryString();2048>(h+"?"+b).length?m(h,b):n(h,a)}function m(a,b){var c=new Image();c.src=a+"?"+b}function n(a,c){var d="fb"+Math.random().toString().replace(".",""),e=document.createElement("form");e.method="post";e.action=a;e.target=d;e.acceptCharset="utf-8";e.style.display="none";a=!!(window.attachEvent&&!window.addEventListener);a=a?'<iframe name="'+d+'">':"iframe";var f=document.createElement(a);f instanceof HTMLIFrameElement||g(0,20659);f.src="javascript:false";f.id=d;f.name=d;e.appendChild(f);b("FBEventsUtils").listenOnce(f,"load",function(){c.each(function(a,b){var c=document.createElement("input");c.name=a;c.value=b;e.appendChild(c)}),b("FBEventsUtils").listenOnce(f,"load",function(){var a;(a=e.parentNode)==null?void 0:a.removeChild(e)}),e.submit()});(a=document.body)==null?void 0:a.appendChild(e)}c={sendEvent:a};e.exports=c}),null); equals www.facebook.com (Facebook)
    Source: unknownDNS traffic detected: queries for: download2272.mediafire.com
    Source: AddInProcess32.exeString found in binary or memory: http://VZD6DtcAL8x7e0S1H.org
    Source: download_repair[1].htm.3.drString found in binary or memory: http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
    Source: submit_a_ticket[2].htm.3.dr, software[1].htm0.3.drString found in binary or memory: http://blog.mediafire.com/
    Source: AddInProcess32.exeString found in binary or memory: http://crl.certum.pl/ca.crl0h
    Source: AddInProcess32.exeString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
    Source: AddInProcess32.exeString found in binary or memory: http://crls.yandex.net/certum/ycasha2.crl0-
    Source: application-ebbf4a70487f9466c9be47bf4b6055f6[1].css.3.drString found in binary or memory: http://dbushell.com/
    Source: answerBot[1].js.3.drString found in binary or memory: http://facebook.github.io/react/docs/error-decoder.html?invariant=
    Source: device[1].js.3.drString found in binary or memory: http://github.com/garycourt/murmurhash-js
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.3.drString found in binary or memory: http://insights-staging.hotjar.com
    Source: submit_a_ticket[2].htm.3.drString found in binary or memory: http://itunes.apple.com/us/app/mediafire/id555646196?mt=8
    Source: answerBot[1].js.3.drString found in binary or memory: http://jedwatson.github.io/classnames
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: http://knowledgebase.mediafire.com/article.php?id=68#sthash.PV0p4v2D.dpuf
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.3.drString found in binary or memory: http://local.hotjar.com
    Source: submit_a_ticket[2].htm.3.drString found in binary or memory: http://mediafire.zendesk.com/
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: http://mediafire.zendesk.com/hc/en-us/articles/206397938
    Source: device[1].js.3.drString found in binary or memory: http://opensource.org/licenses/MIT
    Source: AddInProcess32.exeString found in binary or memory: http://pdd.yandex.r
    Source: AddInProcess32.exeString found in binary or memory: http://repository.certum.pl/ca.cer09
    Source: AddInProcess32.exeString found in binary or memory: http://repository.certum.pl/ctnca.cer09
    Source: AddInProcess32.exeString found in binary or memory: http://repository.certum.pl/ycasha2.cer0
    Source: device[1].js.3.drString found in binary or memory: http://sites.google.com/site/murmurhash/
    Source: AddInProcess32.exeString found in binary or memory: http://smtp.yandex.com
    Source: AddInProcess32.exeString found in binary or memory: http://subca.ocsp-certum.com0.
    Source: AddInProcess32.exeString found in binary or memory: http://subca.ocsp-certum.com01
    Source: submit_a_ticket[2].htm.3.drString found in binary or memory: http://twitter.com/mediafire
    Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
    Source: KFOmCnqEu92Fr1Mu4mxP[1].ttf.3.dr, device[1].js.3.dr, KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf.3.dr, KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf.3.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
    Source: element_main[1].js.3.drString found in binary or memory: http://www.broofa.com
    Source: AddInProcess32.exeString found in binary or memory: http://www.certum.pl/CPS0
    Source: msapplication.xml2.1.drString found in binary or memory: http://www.google.com/
    Source: device[1].js.3.drString found in binary or memory: http://www.lalit.org/lab/javascript-css-font-detect/
    Source: msapplication.xml3.1.drString found in binary or memory: http://www.live.com/
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: http://www.mediafire.c
    Source: download_repair[1].htm.3.drString found in binary or memory: http://www.mediafire.com
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: http://www.mediafire.com/blank.html
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: http://www.mediafire.com/download_repair.php?flag=3&dkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.5
    Source: imagestore.dat.3.drString found in binary or memory: http://www.mediafire.com/favicon.ico
    Source: imagestore.dat.3.drString found in binary or memory: http://www.mediafire.com/favicon.ico~
    Source: download_repair[1].htm.3.drString found in binary or memory: http://www.mediafire.com/images/logos/mf_logo250x250.png
    Source: msapplication.xml4.1.drString found in binary or memory: http://www.nytimes.com/
    Source: msapplication.xml5.1.drString found in binary or memory: http://www.reddit.com/
    Source: msapplication.xml6.1.drString found in binary or memory: http://www.twitter.com/
    Source: msapplication.xml7.1.drString found in binary or memory: http://www.wikipedia.com/
    Source: msapplication.xml8.1.drString found in binary or memory: http://www.youtube.com/
    Source: AddInProcess32.exeString found in binary or memory: http://yandex.crl.certum.pl/ycasha2.crl0
    Source: AddInProcess32.exeString found in binary or memory: http://yandex.crl.certum.pl/ycasha2.crl0q
    Source: AddInProcess32.exeString found in binary or memory: http://yandex.ocsp-responder.com03
    Source: js[1].js.3.drString found in binary or memory: https://ade.googlesyndication.com/ddm/activity
    Source: js[3].js.3.dr, gtm[1].js.3.drString found in binary or memory: https://adservice.google.com/ddm/regclk
    Source: CM4GVFUI.htm.3.dr, upgrade[2].htm.3.drString found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js
    Source: analytics[1].js.3.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
    Source: en-us[1].htm1.3.drString found in binary or memory: https://assets.zendesk.com/hc/assets/default_avatar.png
    Source: hotjar-1232118[1].js.3.drString found in binary or memory: https://checkout.mediafire.com/upgrade/checkout.php
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
    Source: CM4GVFUI.htm.3.dr, upgrade[2].htm.3.drString found in binary or memory: https://device.maxmind.com/js/device.js
    Source: CM4GVFUI.htm.3.dr, download_repair[1].htm.3.drString found in binary or memory: https://fonts.googleapis.com/css?family=Open
    Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
    Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN8rsOUuhv.woff)
    Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhv.woff)
    Source: css[1].css0.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
    Source: css[1].css0.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem6YaGs126MiZpBA-UFUK0Zdcs.woff)
    Source: css[1].css.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0d.woff)
    Source: css[1].css0.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/memnYaGs126MiZpBA-UFUKW-U9hrIqU.woff)
    Source: css[1].css0.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/memnYaGs126MiZpBA-UFUKWiUNhrIqU.woff)
    Source: css[1].css0.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/memnYaGs126MiZpBA-UFUKWyV9hrIqU.woff)
    Source: css[1].css0.3.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/memnYaGs126MiZpBA-UFUKXGUdhrIqU.woff)
    Source: js[3].js.3.drString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.3.drString found in binary or memory: https://insights-staging.hotjar.com
    Source: sdk[1].js0.3.drString found in binary or memory: https://itunes.apple.com/us/app/messenger/id454638411
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.3.drString found in binary or memory: https://local.hotjar.com
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://mediafire.zend
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://mediafire.zendesk.com/Root
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/admin/billing/subscription
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/agent/admin/answer_bot
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/auth/v2/host.js
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/hc/admin/arrange_contents?locale=en-us
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/hc/admin/general_settings?locale=en-us
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/hc/admin/language_settings?locale=en-us
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/hc/admin/plan?locale=en-us
    Source: submit_a_ticket[2].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-us
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-us/articles/206397938-How-do-I-upload-a-file-to-MediaFire-
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.dr, ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-us/articles/206397938-How-do-I-upload-a-file-to-MediaFire-?mobil
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-us/articles/2Root
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-us4Welcome
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-us805/a2aa66adf9b3e266ef73d7544d328f2a99e0ef7e.png
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-usn
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-usrticles/206397938-How-do-I-upload-a-file-to-MediaFire-?mobile_
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://mediafire.zendesk.com/hc/en-usticket.phpdkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80
    Source: en-us[1].htm1.3.drString found in binary or memory: https://mediafire.zendesk.com/hc/es
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/hc/tracking/events?locale=en-us
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/knowledge/arrange?brand_id=362757
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/knowledge/community_badges?brand_id=362757
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/knowledge/community_settings?brand_id=362757
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/knowledge/import_articles?brand_id=362757
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/knowledge/search_settings?brand_id=362757
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/knowledge/user_segments?brand_id=362757
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/knowledge/verification?brand_id=362757
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://mediafire.zendesk.com/system/photos/0001/9819/3078/10606547_10203695341201362_34208382224667
    Source: js[3].js.3.dr, gtm[1].js.3.drString found in binary or memory: https://pagead2.googlesyndication.com
    Source: js[1].js.3.drString found in binary or memory: https://pagead2.googlesyndication.com/
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
    Source: sdk[1].js0.3.drString found in binary or memory: https://play.google.com/store/apps/details?id=com.facebook.orca
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://rollbar-us.zendesk.com/api/1/item/
    Source: hotjar-1232118[1].js.3.drString found in binary or memory: https://script.hotjar.com/
    Source: gtm[1].js.3.drString found in binary or memory: https://static.hotjar.com/c/hotjar-
    Source: en-us[1].htm1.3.dr, 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://static.zdassets.com/ekr/snippet.js
    Source: analytics[1].js.3.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
    Source: analytics[1].js.3.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://support.google.com/recaptcha
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://support.google.com/recaptcha#6262736
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://support.google.com/recaptcha/#6175971
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
    Source: imagestore.dat.3.drString found in binary or memory: https://theme.zdassets.com/theme_assets/760805/a2aa66adf9b3e266ef73d7544d328f2a99e0ef7e.pngw
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://theme.zdassets.com/theme_assets/760805/de0fc861233c474781bca6e6e4febed561612790.png
    Source: element_main[1].js.3.drString found in binary or memory: https://translate.google.com
    Source: about[2].htm.3.drString found in binary or memory: https://twitter.com/MediaFire
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://twitter.com/share?lang=en&text=How
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://vars.h
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://vars.hb
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
    Source: AddInProcess32.exeString found in binary or memory: https://www.certum.pl/CPS0
    Source: js[1].js.3.drString found in binary or memory: https://www.google-analytics.com/analytics.js
    Source: analytics[1].js.3.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
    Source: analytics[1].js.3.drString found in binary or memory: https://www.google.%/ads/ga-audiences
    Source: js[3].js.3.dr, gtm[1].js.3.drString found in binary or memory: https://www.google.com
    Source: element_main[1].js.3.drString found in binary or memory: https://www.google.com/images/cleardot.gif
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://www.google.com/log?format=json&hasfast=true
    Source: js[1].js.3.drString found in binary or memory: https://www.google.com/pagead/conversion_async.js
    Source: recaptcha__en[1].js.3.drString found in binary or memory: https://www.google.com/recaptcha/
    Source: CM4GVFUI.htm.3.dr, upgrade[2].htm.3.dr, download_repair[1].htm.3.drString found in binary or memory: https://www.google.com/recaptcha/api.js
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeGuMUSAAAAACGl-wDE9NNLuUZygPg7iNvMGtXD&co=aHR0
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeWC3MUAAAAACO6R6WOryA0gVoBNN-B7849fmpm&co=aHR0
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LeGuMUSAAAAACGl-wDE
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.google.com/recaptcha/api2/bframe?hl=en&v=NMoy4HgGiLr5NAQaEQa2ho8X&k=6LeWC3MUAAAAACO6R6WO
    Source: element_main[1].js.3.drString found in binary or memory: https://www.google.com/support/translate
    Source: js[1].js.3.drString found in binary or memory: https://www.google.com/travel/flights/click/conversion/
    Source: bframe[1].htm.3.dr, anchor[1].htm0.3.drString found in binary or memory: https://www.google.com:443/recaptcha/
    Source: CM4GVFUI.htm.3.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-829541-1
    Source: CM4GVFUI.htm.3.drString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
    Source: CM4GVFUI.htm.3.drString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-53LP4T
    Source: js[1].js.3.drString found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
    Source: js[1].js.3.drString found in binary or memory: https://www.googletraveladservices.com/travel/vacations/clk/pagead/conversion/
    Source: element_main[1].js.3.drString found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_42x16dp.png
    Source: element_main[1].js.3.drString found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/1x/googlelogo_color_68x28dp.png
    Source: element_main[1].js.3.drString found in binary or memory: https://www.gstatic.com/images/branding/product/1x/translate_24dp.png
    Source: bframe[1].htm.3.dr, anchor[1].htm0.3.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/recaptcha__en.js
    Source: anchor[1].htm2.3.drString found in binary or memory: https://www.gstatic.com/recaptcha/releases/NMoy4HgGiLr5NAQaEQa2ho8X/styles__ltr.css
    Source: box-469cf41adb11dc78be68c1ae7f9457a4[1].htm.3.drString found in binary or memory: https://www.hotjar.com
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/de.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/el.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/es.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/fi.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/fr.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/it.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/nl.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/pl.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/pt.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/pt_br.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/ru.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/sq.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/sv.html
    Source: modules.875e8181449a9cd033c6[1].js.3.drString found in binary or memory: https://www.hotjarconsent.com/zh.html
    Source: 206397938-How-do-I-upload-a-file-to-MediaFire-[1].htm.3.drString found in binary or memory: https://www.linkedin.com/shareArticle?mini=true&source=MediaFire&title=How
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.cRoot
    Source: CM4GVFUI.htm.3.dr, {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/HFile
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.dr, ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/about/
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/about/HFile
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/about/s://www.mediafire.com/about/
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/blank.html
    Source: imagestore.dat.3.drString found in binary or memory: https://www.mediafire.com/favicon.ico
    Source: imagestore.dat.3.drString found in binary or memory: https://www.mediafire.com/favicon.ico~
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/help/submit_a_ticket.php
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/help/submit_a_ticket.phpHFile
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/help/submit_a_ticket.phpdkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/images/logos/mf_logo250x250.png
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/index.php
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/index.phpHFile
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/index.phpromo=1&
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/index.phpromo=1&afire.com/upgrade/?promo=1&
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/index.phpromo=1&www.mediafire.com/favicon.ico
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/login/
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/login//romo=1&
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/login//romo=1&www.mediafire.com/favicon.ico
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/m/hc/en-usticket.phpdkey=dee0x8gd9lh&qkey=kfsfaocy6dzql61&ip=84.17.52.80&r
    Source: hotjar-1232118[1].js.3.drString found in binary or memory: https://www.mediafire.com/policies/privacy_policy.php
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/software/
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/software/HFile
    Source: ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/software/romo=1&h
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.dr, ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/upgrade/
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.dr, ~DF7353F25FAC8448CA.TMP.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HF
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HFRoot
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HFcom/about/Root
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HFcom/index.phpromo=1&Root
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HFcom/login//romo=1&Root
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HFcom/software/romo=1&Root
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HFcom/upgrade/Root
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HFesk.com/hc/en-us/articles/206397
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.drString found in binary or memory: https://www.mediafire.com/upgrade/?promo=1&HFesk.com/hc/en-usRoot
    Source: {7ECE428F-BB38-11EA-AAE6-44C1B3FB757B}.dat.1.dr