Edit tour

Windows Analysis Report
https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jM

Overview

General Information

Sample URL:	https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd
Analysis ID:	1400847

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jMDuFk0C94AyEexQYcKaeybnAX4njmZPGbsuvmnncIDKee64yQ_YmKUPU_InZcDHlyXP_UMj7bHtpkkrbxWytpGKU3vKgH2nsj4PMzpuKiaHm8wpCHtE--4i9smMLrmp8SREQ7yk94ummBl_%26u%3DaHR0cHMlM2ElMmYlMmZoZWx0YWJhLmNvbSUyZmRlc2Jsb3F1ZWFyLW8tZnV0dXJvLWRhcy1kZXNwZXNhcy1pbnRlbGlnZW50ZXMtY29tLW8tc29mdHdhcmUtZGEtaGVsdGFiYSUyZiUzZm1zY2xraWQlM2Q1Y2IwMjI1OTVmNDcxMmFiZjYxYTQ3YjkwMDJiYzY4OSUyNmFkSWQlM2Q4MjM5NTAyNjU2NjQ2MCUyNmJpZHR5cGUlM2RiZSUyNmNhbXBhaWduaWQlM2Q1MjAyNDYyNDYlMjZ0YXJnZXRpZCUzZCUzYWxvYy0xNTIlMjZxdWVyeXN0cmluZyUzZCUyNmtleXdvcmQlM2QlMjZhZGdyb3VwJTNkMTMxODMxNjc4Nzg3NDAwNSUyNnNlYXJjaCUzZA%26rlid%3D5cb022595f4712abf61a47b9002bc689&rtype=targetURL&tagId=webcompar-inarticle-1&trafficGroup=zfa_vagy_rzrn&trafficSubGroup=ego MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 5472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1940,i,17579645052984150217,11411958456602694495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• Phishing
• Compliance
• Software Vulnerabilities
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=	HTTP Parser: No favicon
Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=	HTTP Parser: No favicon

Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=	HTTP Parser: No <meta name="author".. found
Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=	HTTP Parser: No <meta name="author".. found

Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=	HTTP Parser: No <meta name="copyright".. found
Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.83:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49807 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 16MB later: 36MB

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: unknown

DNS traffic detected: queries for: heltaba.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49680 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.24.83:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49807 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@15/67@6/119

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jMDuFk0C94AyEexQYcKaeybnAX4njmZPGbsuvmnncIDKee64yQ_YmKUPU_InZcDHlyXP_UMj7bHtpkkrbxWytpGKU3vKgH2nsj4PMzpuKiaHm8wpCHtE--4i9smMLrmp8SREQ7yk94ummBl_%26u%3DaHR0cHMlM2ElMmYlMmZoZWx0YWJhLmNvbSUyZmRlc2Jsb3F1ZWFyLW8tZnV0dXJvLWRhcy1kZXNwZXNhcy1pbnRlbGlnZW50ZXMtY29tLW8tc29mdHdhcmUtZGEtaGVsdGFiYSUyZiUzZm1zY2xraWQlM2Q1Y2IwMjI1OTVmNDcxMmFiZjYxYTQ3YjkwMDJiYzY4OSUyNmFkSWQlM2Q4MjM5NTAyNjU2NjQ2MCUyNmJpZHR5cGUlM2RiZSUyNmNhbXBhaWduaWQlM2Q1MjAyNDYyNDYlMjZ0YXJnZXRpZCUzZCUzYWxvYy0xNTIlMjZxdWVyeXN0cmluZyUzZCUyNmtleXdvcmQlM2QlMjZhZGdyb3VwJTNkMTMxODMxNjc4Nzg3NDAwNSUyNnNlYXJjaCUzZA%26rlid%3D5cb022595f4712abf61a47b9002bc689&rtype=targetURL&tagId=webcompar-inarticle-1&trafficGroup=zfa_vagy_rzrn&trafficSubGroup=ego
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1940,i,17579645052984150217,11411958456602694495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1940,i,17579645052984150217,11411958456602694495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Extra Window Memory Injection	1 Extra Window Memory Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jMDuFk0C94AyEexQYcKaeybnAX4njmZPGbsuvmnncIDKee64yQ_YmKUPU_InZcDHlyXP_UMj7bHtpkkrbxWytpGKU3vKgH2nsj4PMzpuKiaHm8wpCHtE--4i9smMLrmp8SREQ7yk94ummBl_%26u%3DaHR0cHMlM2ElMmYlMmZoZWx0YWJhLmNvbSUyZmRlc2Jsb3F1ZWFyLW8tZnV0dXJvLWRhcy1kZXNwZXNhcy1pbnRlbGlnZW50ZXMtY29tLW8tc29mdHdhcmUtZGEtaGVsdGFiYSUyZiUzZm1zY2xraWQlM2Q1Y2IwMjI1OTVmNDcxMmFiZjYxYTQ3YjkwMDJiYzY4OSUyNmFkSWQlM2Q4MjM5NTAyNjU2NjQ2MCUyNmJpZHR5cGUlM2RiZSUyNmNhbXBhaWduaWQlM2Q1MjAyNDYyNDYlMjZ0YXJnZXRpZCUzZCUzYWxvYy0xNTIlMjZxdWVyeXN0cmluZyUzZCUyNmtleXdvcmQlM2QlMjZhZGdyb3VwJTNkMTMxODMxNjc4Nzg3NDAwNSUyNnNlYXJjaCUzZA%26rlid%3D5cb022595f4712abf61a47b9002bc689&rtype=targetURL&tagId=webcompar-inarticle-1&trafficGroup=zfa_vagy_rzrn&trafficSubGroup=ego	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
heltaba.com	1%	Virustotal		Browse

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
heltaba.com	104.21.32.67	true	false	1%, Virustotal, Browse	unknown
www.google.com	142.251.41.4	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=	false		unknown
https://heltaba.com/about/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
204.79.197.200	unknown	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
142.251.40.206	unknown	United States	15169	GOOGLEUS	false
142.250.64.106	unknown	United States	15169	GOOGLEUS	false
142.250.80.42	unknown	United States	15169	GOOGLEUS	false
142.250.80.67	unknown	United States	15169	GOOGLEUS	false
104.21.32.67	heltaba.com	United States	13335	CLOUDFLARENETUS	false
142.251.40.131	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.32.110	unknown	United States	15169	GOOGLEUS	false
142.251.41.4	www.google.com	United States	15169	GOOGLEUS	false
142.251.163.84	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1400847
Start date and time:	2024-02-29 12:10:15 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jMDuFk0C94AyEexQYcKaeybnAX4njmZPGbsuvmnncIDKee64yQ_YmKUPU_InZcDHlyXP_UMj7bHtpkkrbxWytpGKU3vKgH2nsj4PMzpuKiaHm8wpCHtE--4i9smMLrmp8SREQ7yk94ummBl_%26u%3DaHR0cHMlM2ElMmYlMmZoZWx0YWJhLmNvbSUyZmRlc2Jsb3F1ZWFyLW8tZnV0dXJvLWRhcy1kZXNwZXNhcy1pbnRlbGlnZW50ZXMtY29tLW8tc29mdHdhcmUtZGEtaGVsdGFiYSUyZiUzZm1zY2xraWQlM2Q1Y2IwMjI1OTVmNDcxMmFiZjYxYTQ3YjkwMDJiYzY4OSUyNmFkSWQlM2Q4MjM5NTAyNjU2NjQ2MCUyNmJpZHR5cGUlM2RiZSUyNmNhbXBhaWduaWQlM2Q1MjAyNDYyNDYlMjZ0YXJnZXRpZCUzZCUzYWxvYy0xNTIlMjZxdWVyeXN0cmluZyUzZCUyNmtleXdvcmQlM2QlMjZhZGdyb3VwJTNkMTMxODMxNjc4Nzg3NDAwNSUyNnNlYXJjaCUzZA%26rlid%3D5cb022595f4712abf61a47b9002bc689&rtype=targetURL&tagId=webcompar-inarticle-1&trafficGroup=zfa_vagy_rzrn&trafficSubGroup=ego
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@15/67@6/119

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.40.131, 204.79.197.200, 13.107.21.200, 142.251.40.206, 142.251.163.84, 34.104.35.123, 142.250.80.42, 142.250.80.67, 142.250.64.106, 142.251.35.170, 142.250.65.234, 142.251.40.234, 142.250.176.202, 142.251.40.202, 142.250.80.74, 142.251.40.170, 142.250.81.234, 142.250.65.170, 142.251.32.106, 142.250.80.106, 142.251.41.10, 142.251.40.138, 142.251.40.106, 142.250.65.202
Excluded domains from analysis (whitelisted): www.bing.com, fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, dual-a-0001.a-msedge.net, fonts.gstatic.com, www-bing-com.dual-a-0001.a-msedge.net, clientservices.googleapis.com, clients.l.google.com, www-www.bing.com.trafficmanager.net
Not all processes where analyzed, report is missing behavior information

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9920679989405494
Encrypted:	false
SSDEEP:
MD5:	EAFF14CDBC6A6235EFD61ADC3B415BBC
SHA1:	D2D9E99EDBE6721467A1BBFF7257DCB0BCB08CC7
SHA-256:	5E8B45CA6DDA734ABF83BB07DC8534CF9DD03003D95F8F72FC92F607F3AE59D5
SHA-512:	ECFE4E6F4EBADFB37042FE5EFA7D8D427DD7ED86F4AAD5BC3F674C77930846A0F21C75B41A9014BC36602ED75AED61FACC5266F37F87C8D193EA85FAB243AD25
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....q1...j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.007915001838628
Encrypted:	false
SSDEEP:
MD5:	2AA75241457FC5B9E30CB1942DC23CBC
SHA1:	16055E21A83F15AA6F06B67095095522FB9218DA
SHA-256:	26AAE26A998FCB08B41A78ABF1454E4EE2ED33C29F26639FC97038BD265EEFA4
SHA-512:	5E3D54B4DE1B981D61AD9428F8B31F0647CA2DEC30B48476D64A1C0D87865B026E6E0BDD23FDF063ED5E51DB092BA0B4179DE434D2BD7ABA08CA0BB45BAA4F88
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....N...j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.019137844757941
Encrypted:	false
SSDEEP:
MD5:	79456186B517C34605C228CE5172EC2A
SHA1:	8BBDD88A84D301B4F2031BB8C83BBF013D937C18
SHA-256:	825151C8394A4148ABC5904AE11D137768EC9C3FDDF69175DC87396079E5D347
SHA-512:	5A022984B93BC082449577E4C6F1591ACDD56C95ACE34B554301CDA4796D59F6C66562FACD6FB52B3D6E579513FDB6128EDB9AFEC9E098E1BDAF9F81A9CC9DD5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	4.008552756175401
Encrypted:	false
SSDEEP:
MD5:	D63945B7E6AEC8F1B08F2E9C2C0FA67D
SHA1:	924CAF778FB25301ACD0A5719A86E064201A0522
SHA-256:	06CF9EAD55C5732EA3C28C04F113EA45C775D6CA869E50AA46CEA2B484B9F3EE
SHA-512:	49C549A65EE1842B6EE04FC5492127334BC4B8DB9DD89F48AF6985DF34F806278A08CD271DE2E356652DF21AD5E8FE4849FB586C6637EEE9FE26D33AF1A0BE46
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....."...j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9961915283046405
Encrypted:	false
SSDEEP:
MD5:	EDB3441C0EF574B85A06585DD945FD57
SHA1:	DCED4242340774192E83C400F49709AFABBEA929
SHA-256:	C09A912231A51A7980197253AF9800A50BAA3AB855F491FAF23E25CD5F283DCC
SHA-512:	711C540D35DF9DD475DABE63FB7914339BC535AE56DB3579D6E5A5CDE8CAAF7BC244A6F5EB9CC7B9DB0DC48F246798DF8B8C6E08147F039C120471AF9343D73A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....,...j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	4.008518887518633
Encrypted:	false
SSDEEP:
MD5:	AD2420C17D01D5131B391BD59759ACC5
SHA1:	860986E59BD457A26231C2C8E20044A6077C991F
SHA-256:	FB3F267DEB86574372E13E4A4DE27DFE16DADBB69E59FD9C0C7900B0B26FAE11
SHA-512:	6AA799AEE0973100BDB8D6C7DF6A1DFE8AB896AE77176D4D28EA4569CEDB7D8560C3C9A94DFA912CC77556AFA4E85D5FF58EC10A5ED729300173848F4E1582DA
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....'....j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9881)
Category:	downloaded
Size (bytes):	9921
Entropy (8bit):	4.316351642023709
Encrypted:	false
SSDEEP:
MD5:	73E3F87CE33A9C36F2C8FB8B74D3A905
SHA1:	D9F85374F2F88EB9DC1DFCB2BD4483D294F210BF
SHA-256:	4328D8D919C1337A543FEAB510A2C1192938F15A88D5AB9C8AFFE824A9FC87E9
SHA-512:	57BB977B372D74AA20A6CD03FA010C4EE5BC4AB5C28A1A2573010562662691403C358F733E56EEBB31E308101B8315C50BFD2564ABA66D39856C4BEE58F5C06B
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css
Preview:	/! elementor - v3.19.0 - 29-01-2024 /..elementor-widget.elementor-icon-list--layout-inline .elementor-widget-container{overflow:hidden}.elementor-widget .elementor-icon-list-items.elementor-inline-items{margin-right:-8px;margin-left:-8px}.elementor-widget .elementor-icon-list-items.elementor-inline-items .elementor-icon-list-item{margin-right:8px;margin-left:8px}.elementor-widget .elementor-icon-list-items.elementor-inline-items .elementor-icon-list-item:after{width:auto;left:auto;right:auto;position:relative;height:100%;border-top:0;border-bottom:0;border-right:0;border-left-width:1px;border-style:solid;right:-8px}.elementor-widget .elementor-icon-list-items{list-style-type:none;margin:0;padding:0}.elementor-widget .elementor-icon-list-item{margin:0;padding:0;position:relative}.elementor-widget .elementor-icon-list-item:after{position:absolute;bottom:0;width:100%}.elementor-widget .elementor-icon-list-item,.elementor-widget .elementor-icon-list-item a{display:flex;font-size:inherit;

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4592)
Category:	downloaded
Size (bytes):	4627
Entropy (8bit):	5.095794162824313
Encrypted:	false
SSDEEP:
MD5:	7BD48EB3BD568033E96CAF0FB62E6690
SHA1:	B38066999294B99D92D95DB5F38BC15707EB1F22
SHA-256:	7868467C94A5AA0B3F11EF542F45287967F9627B3B5ACDC86E47F8F77A126596
SHA-512:	7FEC30CC4223C39D9EE3CCBBA8CC66C90467A9987279334BE43AAE4C251F6C618F6B3CCF223147C79CE6C463C89F0CEB0D0E4E471AD9AB6574AB32AF728A535F
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/dist/hooks.min.js?ver=c6aec9a8d4e5a5d543a1
Preview:	/! This file is auto-generated /.!function(){"use strict";var n={d:function(t,r){for(var e in r)n.o(r,e)&&!n.o(t,e)&&Object.defineProperty(t,e,{enumerable:!0,get:r[e]})},o:function(n,t){return Object.prototype.hasOwnProperty.call(n,t)},r:function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"__esModule",{value:!0})}},t={};n.r(t),n.d(t,{actions:function(){return S},addAction:function(){return m},addFilter:function(){return p},applyFilters:function(){return k},createHooks:function(){return f},currentAction:function(){return w},currentFilter:function(){return I},defaultHooks:function(){return h},didAction:function(){return O},didFilter:function(){return j},doAction:function(){return b},doingAction:function(){return x},doingFilter:function(){return T},filters:function(){return z},hasAction:function(){return _},hasFilter:function(){return y},removeAction:function(){return A},removeAllActions:functio

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 37000, version 1.0
Category:	downloaded
Size (bytes):	37000
Entropy (8bit):	7.994304587862501
Encrypted:	true
SSDEEP:
MD5:	C15D94AA24B88AF859F1724B62B08D84
SHA1:	13C9CEECE82E23EADB9F4E6DBABDD6A617F5E285
SHA-256:	F2113DE896C7FFCC1D75FE539E9BA823BB93ADA5CBF6FA83873D35A042B2CA46
SHA-512:	68C5C4FBAF73538B3F59799947927767678C58629BE61ADB3EB9B299E5157C34C92B244B8C3A1CDC4D068E63E63A0BF24D059AD93269A8CE44436822B7BACB3C
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/dmsans/v14/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K4.woff2
Preview:	wOF2...............X..............................>...4..J?HVAR.X.`?STAT.\'2.../l.....,.A....0..0.6.$..8. .....8..[u.q.[.}.....~.d....@w\.-.Q~........ ........--E..8.C....!x.g....h....\|..y.8....S..X...U.q{.4.Qq.H.....}..U.vl"...;"..'...w9%...0b..DU......\sk.FG.....v...k...o...A.......4K.........Q..K..._...Oh.W.2O.&d...p^.e.{.FbK.Ey:........ .c..K..;.y..K..r..v.9..~;.o...=..hD..XcUSFa.:..fQ...,.,".?..5... ...f7..A.H H.[..:T.;.......].z....=......W.e;.......d...,V.%..?.(%g......!..~..1..a..pYvK%.:A....u...$... -6.n.z2....P....r.@*.....>o`.D..).p......H...rK........'!.$$!.$....j...9.O..>E.....v.+...'.U..Xd.q...3`....S.c..h..w..$[Pu.n.3.R...U..`.].kyn..~knp5.I.}~3#.L..........k......I6Y......ECSz.s.....#.......I..V......+..._........'N..J.3;.. ..ppS...R....M@..1.,....~.;'..~..l\......)...i.x.;.O.S. 9.]..T.T..X.R.P...D~.?....n`.'.........B.R.&.....dx..6..Sq.`+v3h......n.{.t..rX..v..@...4...4u....p.t..M%....T....~k(q...^.).L..~m...[...S.5.?..c.\...=

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
Category:	downloaded
Size (bytes):	115127
Entropy (8bit):	5.23489166377138
Encrypted:	false
SSDEEP:
MD5:	9A98016751E498C06D434CC022CA1A44
SHA1:	6AA9AF5FE436EAB9C313DE9F0BEA072C04637624
SHA-256:	DA9ED5720B674F0D297FE621AC2D8D518C4E622BEF1E9B0D4AE489DEE9AA43F8
SHA-512:	DE3BF5E595ED42258FCDE6D93AD40C0D9DC8E523F8E01FCC93CA6588588FAD07A26D7115C6583486BE286A6CD7FA35720091876AFB0AAA2DE4DE58C370151E3D
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Preview:	!function(t){"use strict";var r,e,n;e={},(n=function(t){if(e[t])return e[t].exports;var o=e[t]={i:t,l:!1,exports:{}};return r[t].call(o.exports,o,o.exports,n),o.l=!0,o.exports}).m=r=[function(t,r,e){e(1),e(71),e(78),e(81),e(82),e(84),e(87),e(91),e(92),e(100),e(101),e(104),e(109),e(125),e(129),e(130),e(132),e(134),e(137),e(138),e(139),e(140),e(141),e(145),e(148),e(155),e(156),e(159),e(160),e(166),e(167),e(170),e(171),e(172),e(173),e(175),e(176),e(178),e(179),e(180),e(181),e(182),e(183),e(184),e(189),e(212),e(213),e(214),e(216),e(217),e(218),e(219),e(220),e(221),e(226),e(227),e(228),e(229),e(230),e(231),e(233),e(234),e(235),e(236),e(237),e(238),e(239),e(240),e(241),e(242),e(243),e(246),e(248),e(250),e(252),e(253),e(254),e(255),e(256),e(257),e(260),e(261),e(263),e(264),e(265),e(266),e(267),e(268),e(271),e(272),e(273),e(274),e(276),e(277),e(278),e(279),e(280),e(284),e(285),e(286),e(287),e(288),e(289),e(290),e(292),e(293),e(294),e(298),e(299),e(301),e(302),e(303),e(304),e(310),e(312),e(313)

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5756), with no line terminators
Category:	downloaded
Size (bytes):	5756
Entropy (8bit):	5.087231260328181
Encrypted:	false
SSDEEP:
MD5:	5BE56BC9E617084E1CBB84C994912FC3
SHA1:	A3ADCA593D4EC4AFB41E32D073405610AE37EEF7
SHA-256:	3C3C0EBE37E4FD4187131A0A8D039064A9014215C4B83199D909E7E0B2D7F450
SHA-512:	091A8004A7773D77FAEBD736D6626E5BC68609A366DC8377163B5BB96A87A8EA7B5C25A8EFF9CABB17664A1E313769393429B9E6CB7AD3E0E58A810B94B2EF7F
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/themes/hello-elementor/style.min.css?ver=3.0.0
Preview:	html{line-height:1.15;-webkit-text-size-adjust:100%}*,:after,:before{box-sizing:border-box}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-size:1rem;font-weight:400;line-height:1.5;color:#333;background-color:#fff;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}h1,h2,h3,h4,h5,h6{margin-block-start:.5rem;margin-block-end:1rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}h1{font-size:2.5rem}h2{font-size:2rem}h3{font-size:1.75rem}h4{font-size:1.5rem}h5{font-size:1.25rem}h6{font-size:1rem}p{margin-block-start:0;margin-block-end:.9rem}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em;white-space:pre-wrap}a{background-color:transparent;text-decoration:none;color:#c36}a:active,a:hover{color:#336}a:not([href]):not([tabindex]),a:not([href]):not([tabindex]):focus,a:

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (13479)
Category:	downloaded
Size (bytes):	13577
Entropy (8bit):	5.272065782731947
Encrypted:	false
SSDEEP:
MD5:	9FFEB32E2D9EFBF8F70CAABDED242267
SHA1:	3AD0C10E501AC2A9BFA18F9CD7E700219B378738
SHA-256:	5274F11E6FB32AE0CF2DFB9F8043272865C397A7C4223B4CFA7D50EA52FBDE89
SHA-512:	8D6BE545508A1C38278B8AD780C3758AE48A25E4E12EEE443375AA56031D9B356F8C90F22D4F251140FA3F65603AF40523165E33CAE2E2D62FC78EC106E3D731
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Preview:	/! jQuery Migrate v3.4.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)\|\|[],o=r.exec(t)\|\|[],a=1;a<=3;a++){if(+o[a]<+n[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.4.1";var t=Object.create(null);s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")&&!e("5.0.0")\|\|n.console.log("JQMIGRATE: jQuery 3.x-4.x REQUIRED"),s.migrateWarnings

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	445765
Entropy (8bit):	5.044828150647657
Encrypted:	false
SSDEEP:
MD5:	6EBE41C763A5E85F95427CCFC8A5D6AF
SHA1:	93DFB2CBF2611A3B60F7DB6413C98B8857587B76
SHA-256:	83929A28D24C5571F82C02BAA51EEBB64FC862719E370622EE03FB6311DEC34D
SHA-512:	BB60A6BD8B5BF6599ED5F64F5736EF2589650B5F99108B98550F7AEEE95EBB5D59EAB24E06A7B7CED7D03A9B416B773E409909DA0F4155D69392BC2EB50A24BB
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=3.0.4
Preview:	.ekit-wid-con .row{display:-ms-flexbox;display:-webkit-box;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-15px;margin-left:-15px}.ekit-wid-con .col,.ekit-wid-con .col-1,.ekit-wid-con .col-10,.ekit-wid-con .col-11,.ekit-wid-con .col-12,.ekit-wid-con .col-2,.ekit-wid-con .col-3,.ekit-wid-con .col-4,.ekit-wid-con .col-5,.ekit-wid-con .col-6,.ekit-wid-con .col-7,.ekit-wid-con .col-8,.ekit-wid-con .col-9,.ekit-wid-con .col-auto,.ekit-wid-con .col-lg,.ekit-wid-con .col-lg-1,.ekit-wid-con .col-lg-10,.ekit-wid-con .col-lg-11,.ekit-wid-con .col-lg-12,.ekit-wid-con .col-lg-2,.ekit-wid-con .col-lg-3,.ekit-wid-con .col-lg-4,.ekit-wid-con .col-lg-5,.ekit-wid-con .col-lg-6,.ekit-wid-con .col-lg-7,.ekit-wid-con .col-lg-8,.ekit-wid-con .col-lg-9,.ekit-wid-con .col-lg-auto,.ekit-wid-con .col-md,.ekit-wid-con .col-md-1,.ekit-wid-con .col-md-10,.ekit-wid-con .col-md-11,.ekit-wid-con .col-md-12,.ekit-wid-con .col-md-2,.ekit-wid-con .col-md-3,.ekit-wid-con .col-md-4,.ekit-wid-con .col-md-5,.e

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (40266)
Category:	downloaded
Size (bytes):	40306
Entropy (8bit):	5.274973361941598
Encrypted:	false
SSDEEP:
MD5:	9BED355558398A2DDBDCB244E3F698E9
SHA1:	7AB56418B4DA1CE328CB3F0F9FB88A583A735B79
SHA-256:	A6096481CA8E8441840771673A349CA49FC40B7E392A8A0583FE36E5CA52D7D3
SHA-512:	7C3B3CCF3FF2CE5B49D52CDB77E7A31E7AC76B16CA6FCE66413DADB16F43A6F7CA67587DBBED50E8F67F2FE4CE25F566CE2E65BC244BE99DC998151192876A50
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.18.3
Preview:	/! elementor - v3.19.0 - 29-01-2024 /."use strict";(self.webpackChunkelementor=self.webpackChunkelementor\|\|[]).push([[819],{9220:(e,t,n)=>{var o=n(3203);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var i=o(n(8135));class _default extends elementorModules.ViewModule{constructor(){super(...arguments),this.documents={},this.initDocumentClasses(),this.attachDocumentsClasses()}getDefaultSettings(){return{selectors:{document:".elementor"}}}getDefaultElements(){const e=this.getSettings("selectors");return{$documents:jQuery(e.document)}}initDocumentClasses(){this.documentClasses={base:i.default},elementorFrontend.hooks.doAction("elementor/frontend/documents-manager/init-classes",this)}addDocumentClass(e,t){this.documentClasses[e]=t}attachDocumentsClasses(){this.elements.$documents.each(((e,t)=>this.attachDocumentClass(jQuery(t))))}attachDocumentClass(e){const t=e.data(),n=t.elementorId,o=t.elementorType,i=this.documentClasses[o]\|\|this.documentClasses.base;this.documents[

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (681), with no line terminators
Category:	downloaded
Size (bytes):	681
Entropy (8bit):	5.202494651221147
Encrypted:	false
SSDEEP:
MD5:	F5945DB2F3337FD9F1CBEF5B07B2A493
SHA1:	8A11439D56AF9FB27836BB5F2A30AEB35B93BB5A
SHA-256:	A8642BCD147BA3528345F5BD17F788CD524931E093255B2C1C8344677A1AB505
SHA-512:	DDFAE8040510DCA2E41C5F745B2EC8E349053A02409C41CBC3CBF8DF1561B7C586F93090974EE6821FC27E19ABA68CC6C95FABE9D9321934FB185D20A8DA7A12
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.min.js?ver=3.0.4
Preview:	function animateCircle({percentage:e=100,onScroll:t=!1,speed:i=1,element:n,size:o=50,backgroundClr:r="white",color:l="blue",strokeWidth:a=5}){let c=Math.ceil(document.body.scrollHeight-window.innerHeight);if(!n)return void console.error("Invalid element:",n);let d=n,h=d.getContext("2d"),s=2o+a,g=s,m=s/2,u=g/2;d.width=s,d.height=g;let k=()=>{let n=t?Math.floor(window.pageYOffset/c100):e>100?100:e+i;h.clearRect(0,0,s,g),h.beginPath(),h.lineWidth=a,h.arc(m,u,o,0,2Math.PI),h.strokeStyle=r,h.stroke(),(e=>{h.beginPath(),h.lineWidth=a,h.strokeStyle=l,h.arc(m,u,o,0,2Math.PI*e/100),h.stroke()})(n),(!t\|\|n<e)&&requestAnimationFrame(k)};t?document.addEventListener("scroll",k):k()}

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (715)
Category:	downloaded
Size (bytes):	758
Entropy (8bit):	5.1206753054199865
Encrypted:	false
SSDEEP:
MD5:	E09B9D7EBB213B8392C3153134F1B86E
SHA1:	4E14D9EAE96F0CCE753C41EC75A7D394BEAE0DB3
SHA-256:	101BB31F66E24B15253746CAFCADBE71B60E2EA93611AACF4C3133D0101EC994
SHA-512:	16A031C6885FAEBC5726F3D93390E187E59D42DE4A33029C6126F3CDD67EB713FF6F1469E7A68F1F6F0A66A0AD7F329C20910958B4DEC45723E35C3077B9722A
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/popup.483b906ddaa1af17ff14.bundle.min.js
Preview:	/! elementor-pro - v3.7.7 - 20-09-2022 /."use strict";(self.webpackChunkelementor_pro=self.webpackChunkelementor_pro\|\|[]).push([[50],{8872:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var o=elementorModules.frontend.handlers.Base.extend({getDefaultSettings:()=>({selectors:{form:".elementor-form"}}),getDefaultElements(){var e=this.getSettings("selectors"),t={};return t.$form=this.$element.find(e.form),t},bindEvents(){this.elements.$form.on("submit_success",this.handleFormAction)},handleFormAction(e,t){if(void 0===t.data.popup)return;const o=t.data.popup;if("open"===o.action)return elementorProFrontend.modules.popup.showPopup(o);setTimeout((()=>elementorProFrontend.modules.popup.closePopup(o,e)),1e3)}});t.default=o}}]);

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3133), with no line terminators
Category:	downloaded
Size (bytes):	3133
Entropy (8bit):	4.650341485167323
Encrypted:	false
SSDEEP:
MD5:	8A9EAA67AE1F36C4AD0761B7D2E8241E
SHA1:	DC8F72D1F248D740444E35B0265EB371E6B11930
SHA-256:	45EA19AFC21CB3859E23ECE1C24028C66516D37002B0B6767E1D3C695FCA4073
SHA-512:	0BDF528746E0215FF21C1457959A9F0C4D9867872B8855EBB005FA2B4D594560C474879A2AA24ED10D780A1E69969F115BAF649B7930BF55CE9DEB8CA246BD9A
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/uploads/elementor/css/post-164.css?ver=1705064648
Preview:	.elementor-164 .elementor-element.elementor-element-f049a21{text-align:center;}.elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-field-group{padding-right:calc( 10px/2 );padding-left:calc( 10px/2 );margin-bottom:10px;}.elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-form-fields-wrapper{margin-left:calc( -10px/2 );margin-right:calc( -10px/2 );margin-bottom:-10px;}.elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-field-group.recaptcha_v3-bottomleft, .elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-field-group.recaptcha_v3-bottomright{margin-bottom:0;}body.rtl .elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-labels-inline .elementor-field-group > label{padding-left:0px;}body:not(.rtl) .elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-labels-inline .elementor-field-group > label{padding-right:0px;}body .elementor-164 .elementor-element.elementor-element-7c18cd0 .

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1536x933, components 3
Category:	dropped
Size (bytes):	116714
Entropy (8bit):	7.94454395391067
Encrypted:	false
SSDEEP:
MD5:	CD2D9F484DBA671F1A0737C3B74DC579
SHA1:	CB397C18E4FD8E3ECBCEFB0CB497B9826DCDA0ED
SHA-256:	DECFC7F10458243834DA7AA08E225520F8B9E36F6BD11E909F6D9FF8FAEC3EEE
SHA-512:	D54B814A8ED5F4149C8B9ACFCD7711068C22D4353BA2B9FCFFFE47D5E7CA37C8D2F15DDCDD46ABD802D13387B6E439BB6D18E228E445FA9A5B7228ADA954D938
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..........U...T...4....f..KE.\v..@....R.R...Z1K.....Q...,-5.......CJn2D.4..Jb.)qE0.(....1E.....%...jx...J.j..*.'.Lq...F..g]&A...c[W..k&u.T....1KEI`i)sE..R.I@...P.IJ(......1E...QE...QE..R.(...E..J)qI...(...(.4...SI@.E/JJ.))h=(.))M%...N4....4...b.CKMb.d......V&....DB.Wq...^]......tz\&F.).~...4P.2:....

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (62936), with no line terminators
Category:	downloaded
Size (bytes):	62936
Entropy (8bit):	5.125248664889248
Encrypted:	false
SSDEEP:
MD5:	C0BDC68E75B5C2F3DD1BFF3088E2E66C
SHA1:	84FDD08B80F95B02989BDEEEADDC8E2749B57134
SHA-256:	3990F397C4B65E707EAA128F9C07EF2B00CB7582FBA53BE88A6FCDEE75D67659
SHA-512:	A60B1CCCE3D1F8BC9A9F1E2F9D06251E8C5E677460AF59EA066A60F5C9D13ACB21A95D5BE943D2826EC1FD5D88FF7EE761E322717D9B5D6C5A38BC4AFA6A894D
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/assets/js/main.min.js?ver=6.4.3
Preview:	!function(d){"use strict";window.qodefAddonsCore={},qodefAddonsCore.shortcodes={},qodefAddonsCore.body=d("body"),qodefAddonsCore.html=d("html"),qodefAddonsCore.windowWidth=d(window).width(),qodefAddonsCore.windowHeight=d(window).height(),qodefAddonsCore.scroll=0,d(document).ready(function(){qodefAddonsCore.scroll=d(window).scrollTop(),i.init(),x.init(),e.init()}),d(window).resize(function(){qodefAddonsCore.windowWidth=d(window).width(),qodefAddonsCore.windowHeight=d(window).height()}),d(window).scroll(function(){qodefAddonsCore.scroll=d(window).scrollTop()}),d(window).on("load",function(){o.init()});var x={init:function(e){this.holder=d(".qodef-qi-swiper-container"),d.extend(this.holder,e),this.holder.length&&this.holder.each(function(){x.initSlider(d(this))})},initSlider:function(e){var o,t=x.getOptions(e),n=x.getEvents(e,t);elementorFrontend.config.experimentalFeatures.e_optimized_assets_loading?o=setInterval(function(){"undefined"!==elementorFrontend.utils.swiper&&(new elementorFron

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6625), with no line terminators
Category:	downloaded
Size (bytes):	6625
Entropy (8bit):	5.021395915232743
Encrypted:	false
SSDEEP:
MD5:	FD7EF2E4737ACD74FD0DCDC3B515E304
SHA1:	0D792B33F12A48EE8AAAF2560A63A5682470645B
SHA-256:	1D52E1AC7D3BC25A8B0FFC257153F9DD50249F96FE9A4DF5E0D771241A69062C
SHA-512:	3C4358F9605F1CCE097F36689099B8364C43CC360C3D4F5CA77BE5CEE43BB818C6562496F26AD57CE44C34C474FE4CCB6DEED01A14ED259D498F5BC17F9532C7
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0
Preview:	var runtime=function(t){"use strict";var e,r=Object.prototype,n=r.hasOwnProperty,o=Object.defineProperty\|\|function(t,e,r){t[e]=r.value},i=(w="function"==typeof Symbol?Symbol:{}).iterator\|\|"@@iterator",a=w.asyncIterator\|\|"@@asyncIterator",c=w.toStringTag\|\|"@@toStringTag";function u(t,e,r){return Object.defineProperty(t,e,{value:r,enumerable:!0,configurable:!0,writable:!0}),t[e]}try{u({},"")}catch(r){u=function(t,e,r){return t[e]=r}}function h(t,r,n,i){var a,c,u,h;r=r&&r.prototype instanceof v?r:v,r=Object.create(r.prototype),i=new O(i\|\|[]);return o(r,"_invoke",{value:(a=t,c=n,u=i,h=f,function(t,r){if(h===p)throw new Error("Generator is already running");if(h===y){if("throw"===t)throw r;return{value:e,done:!0}}for(u.method=t,u.arg=r;;){var n=u.delegate;if(n&&(n=function t(r,n){var o=n.method,i=r.iterator[o];return i===e?(n.delegate=null,"throw"===o&&r.iterator.return&&(n.method="return",n.arg=e,t(r,n),"throw"===n.method)\|\|"return"!==o&&(n.method="throw",n.arg=new TypeError("The iterator

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C++ source, ASCII text
Category:	downloaded
Size (bytes):	2937
Entropy (8bit):	4.908473755258273
Encrypted:	false
SSDEEP:
MD5:	37A18CD57014E833A5C4A7BFA6EEA9B3
SHA1:	BDAA4DC40B15D010D66959BFE7A40B10292D1763
SHA-256:	FAD3123058CCE0346EE9998342EF09CFA766DC1393EE3B5C2B450A18936C7D1B
SHA-512:	3D721D447BD732F96BF1B2FEAE5EF6B6064EC6B2396022F06A0D96F8CA1478F77C8910733BC277EBE414A5E85C77CA80B9D2F9A5F9AE77C7E99884C82F15A9A3
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/themes/hello-elementor/assets/js/hello-frontend.min.js?ver=3.0.0
Preview:	/****/ (() => { // webpackBootstrap./****/ ."use strict";.var __webpack_exports__ = {};...class elementorHelloThemeHandler {. constructor() {. this.initSettings();. this.initElements();. this.bindEvents();. }. initSettings() {. this.settings = {. selectors: {. menuToggle: '.site-header .site-navigation-toggle',. menuToggleHolder: '.site-header .site-navigation-toggle-holder',. dropdownMenu: '.site-header .site-navigation-dropdown'. }. };. }. initElements() {. this.elements = {. window,. menuToggle: document.querySelector(this.settings.selectors.menuToggle),. menuToggleHolder: document.querySelector(this.settings.selectors.menuToggleHolder),. dropdownMenu: document.querySelector(this.settings.selectors.dropdownMenu). };. }. bindEvents() {. var _this$elements$menuTo;. if (!this.elements.menuToggleHolder \|\| (_this$elements$menuTo = this.elements.menuToggleHolder) !== null && _this$elements$menuTo !==

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12198), with no line terminators
Category:	downloaded
Size (bytes):	12198
Entropy (8bit):	5.031745242580206
Encrypted:	false
SSDEEP:
MD5:	3819C3569DA71DAEC283A75483735F7E
SHA1:	ECD40A5CC6F0B76200C454CA880210DC301CFAB8
SHA-256:	214674CC77ABA35AB3567B88E2739FD08E8E96C61D279559AD61874069683EA0
SHA-512:	2710655DFF46653DAEB3A6E3F6D36F885E51D5B375738EE353ACA40C6F66AE1A7DECE57039D58747012ED9EA2822191143C06F270123B8CC580F6A41B8E8AEF4
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Preview:	!function(){"use strict";function Waypoint(options){if(!options)throw new Error("No options passed to Waypoint constructor");if(!options.element)throw new Error("No element option passed to Waypoint constructor");if(!options.handler)throw new Error("No handler option passed to Waypoint constructor");this.key="waypoint-"+keyCounter,this.options=Waypoint.Adapter.extend({},Waypoint.defaults,options),this.element=this.options.element,this.adapter=new Waypoint.Adapter(this.element),this.callback=options.handler,this.axis=this.options.horizontal?"horizontal":"vertical",this.enabled=this.options.enabled,this.triggerPoint=null,this.group=Waypoint.Group.findOrCreate({name:this.options.group,axis:this.axis}),this.context=Waypoint.Context.findOrCreateByElement(this.options.context),Waypoint.offsetAliases[this.options.offset]&&(this.options.offset=Waypoint.offsetAliases[this.options.offset]),this.group.add(this),this.context.add(this),allWaypoints[this.key]=this,keyCounter+=1}var keyCounter=0,allW

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (44809), with no line terminators
Category:	downloaded
Size (bytes):	44809
Entropy (8bit):	4.852427896405663
Encrypted:	false
SSDEEP:
MD5:	FFE1A7F04CED6B595FB66127118187FE
SHA1:	9B5A41CAD8E41074BB03FD5C299D27B69C6909E0
SHA-256:	86E3A02E65E8D41D632CBF626F0D824B20165BDF2A354013276105FD94607ECF
SHA-512:	2D6B889822FB95CF43034355DCAAF3710D646935FBB4295108257153E3B403A1AFEC733317510D853166F9B34FA7331E58781F360FAE51AC3AC05FE85471F9FA
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/assets/css/grid.min.css?ver=6.4.2
Preview:	.qodef-qi-grid>.qodef-grid-inner{position:relative;display:grid;gap:30px}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--1{order:1}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--2{order:2}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--3{order:3}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--4{order:4}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--5{order:5}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--6{order:6}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--7{order:7}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--8{order:8}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--9{order:9}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--10{order:10}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--11{order:11}.qodef-qi-grid>.qodef-grid-inner.qodef-qi-clear:after,.qodef-qi-grid>.qodef-grid-inner.qodef-qi-clear:before{display:non

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 39844, version 1.0
Category:	downloaded
Size (bytes):	39844
Entropy (8bit):	7.995663894005643
Encrypted:	true
SSDEEP:
MD5:	7BBEEE428F14BAA641734CB620969742
SHA1:	3950E359AD6B8D09FB99EF1E1DC54FA187B80A7B
SHA-256:	7F9064A6FCEBF724AD3F38CCB77C31ED14F7C57882314C49936627DEF4406F9D
SHA-512:	0259631B9C3025C4EA13AB3294CD432367933358200678344549CCA2D8762EE58516AA0739CD8325277C86AE258AEA9D66D5144208CF87C3BA1755DCC62D2EBB
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/dmsans/v14/rP2Wp2ywxg089UriCZaSExd86J3t9jz86MvyyKy58Q.woff2
Preview:	wOF2..............0..../..........................:......J?HVAR.l.`?STAT.X'2.../l.....\|.;....0..H.6.$.... ..,..D..[..q..w...m. ...^>k......6..yk..u......p.z...g&..3-.....A..A...X"..%.%...T.!..".t....d[.]+.C.5M....'H....BG...m....^.0.......-....I_MFt%.;.....K.!..1"l...E....,..~.....B3..6..X......x.Q.}.._.V.y...Dq.M.'.....A...^.wK\|..r.....2..p.....9.....c.Fi#b.. ..."......,....V3......C.E@...E.RB1@....J5.j...............[D..al....s.H{..0<M.&.hR.$..I....g.zSMK.(b.".Cu.....0.T......w/.1.X&`............}..m..;L:-Q.M.Xjdb$.....n....I.(.H./...\...v.}b.j2.;-e(.U.N#.d..y..G.K_`..d.e......s.{.!..W.......k.....'..}&.GM....B>.R....s.F.f...I].a..m.v$..G....G.O2I..H9..q.M.....[.NR..9~..FI.....3g.A:p..h.X[..$..4.jv...7.Q.1c.[...,.$....\|'.:I.)...g.DC..u..Z............x"j....GB&.*%P...9}.,+..&......v...N..t..O.)...H...j.gd..$..{./.._...>\\|.J...G.n>. .6...E......;.. ..._S..w..(UH.U..5%.g\.........\|.24sW.......x..-'2P.].....?..4..1....(Q,....C./b.U..ZB\|..>L.

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1320)
Category:	downloaded
Size (bytes):	1360
Entropy (8bit):	5.131451368325105
Encrypted:	false
SSDEEP:
MD5:	8889EE34FC45512F1AD5DEC55A03A515
SHA1:	CCE4017BD9D62F6ACCC52A8F8B646E5F3D44811E
SHA-256:	3669E1E2EB5F930785056AE940C44618AF66F5DC194B944CD1E765E06EB3FD07
SHA-512:	2C96FAA74D91941F624AB12C2EF418A3A073ACE96EADC7F681A9FF5EA4D1547E24627613BFA2C149F47C65C0BF85EABB29E4E46A8538E552576710F424ED6553
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
Preview:	/! elementor - v3.19.0 - 29-01-2024 /."use strict";(self.webpackChunkelementor=self.webpackChunkelementor\|\|[]).push([[357],{1327:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class TextEditor extends elementorModules.frontend.handlers.Base{getDefaultSettings(){return{selectors:{paragraph:"p:first"},classes:{dropCap:"elementor-drop-cap",dropCapLetter:"elementor-drop-cap-letter"}}}getDefaultElements(){const e=this.getSettings("selectors"),t=this.getSettings("classes"),r=jQuery("<span>",{class:t.dropCap}),p=jQuery("<span>",{class:t.dropCapLetter});return r.append(p),{$paragraph:this.$element.find(e.paragraph),$dropCap:r,$dropCapLetter:p}}wrapDropCap(){if(!this.getElementSettings("drop_cap"))return void(this.dropCapLetter&&(this.elements.$dropCap.remove(),this.elements.$paragraph.prepend(this.dropCapLetter),this.dropCapLetter=""));const e=this.elements.$paragraph;if(!e.length)return;const t=e.html().replace(/ /g," "),r=t.match(/^ *([^ ] ?)/);if(!r)return;

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	613
Entropy (8bit):	7.493288017654313
Encrypted:	false
SSDEEP:
MD5:	7E3A3D931FCA8BA0DB7933ACF5B2D824
SHA1:	D8DA72D07E959FFA3E94911783E64E8C8166B2A5
SHA-256:	5561BE17162D8CD9FC2DF4F5A7778217037F97DD5B8A08ADB7A89818D15A648E
SHA-512:	726828D77D8392C1678B65CC792C385C0F5E836AFF8395757458FE3E4EFBCCEB2AFE0D18004E85EB56CE0B33C244A91D4457635381A841A749184009A9F42D34
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX...1hSQ.....J."A..)"...C..."E.1...t. "."..n"N....AD.ED.H.Q.....RQ$.........I^....?..].=...=..C.X..L..t.'Q..w...y.X....D.....~.<..B.8..>.:".....t.....>...{...\|..\.B.....DX._..8 d.6.....f.P.!o.....:......x. .w4....}B..{bU..E}86...~.?..8..S..0..t..q.f......^a..B.e.Q.s.p..q...9M...:M.....<....JK..LV.Y.. y$..TZ.2n..f=.y..!.1.$..C~Z.].m.m......mEB.......DX.%/...Y....\.D..k.Bm...A.+.2j.7..MY.G.q..fz..8d.F@5.bBU.[......q...y&O.6...-..!..Me...a...!..O..X7x...u.m.).%.ca&a......b..J......p....M..E.6.7.pU.G....,.d..z......IEND.B`.

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65496)
Category:	downloaded
Size (bytes):	118650
Entropy (8bit):	4.713885874931415
Encrypted:	false
SSDEEP:
MD5:	CAB4F87C423B8F468A5465D6947353AD
SHA1:	F74FDE11973E5863BF39E81F7CFFFCDEDC14D963
SHA-256:	A9641A0A832C182F004429274EAAF7EFE35BFAD3EDF1B3F1C0C1D5E361FEDD4A
SHA-512:	E09E375CB4B7B08DE91FA2B8C9ACC06AD901602DC746C3DE869AA19E0AC9A23CCA01D19B4B30D3FB46D5777C0785F70024E0333046F6BE46275D465906A9823C
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.18.3
Preview:	/! elementor - v3.19.0 - 29-01-2024 /..dialog-widget-content{background-color:var(--e-a-bg-default);position:absolute;border-radius:3px;box-shadow:2px 8px 23px 3px rgba(0,0,0,.2);overflow:hidden}.dialog-message{line-height:1.5;box-sizing:border-box}.dialog-close-button{cursor:pointer;position:absolute;margin-block-start:15px;right:15px;color:var(--e-a-color-txt);font-size:15px;line-height:1;transition:var(--e-a-transition-hover)}.dialog-close-button:hover{color:var(--e-a-color-txt-hover)}.dialog-prevent-scroll{overflow:hidden;max-height:100vh}.dialog-type-lightbox{position:fixed;height:100%;width:100%;bottom:0;left:0;background-color:rgba(0,0,0,.8);z-index:9999;-webkit-user-select:none;-moz-user-select:none;user-select:none}.elementor-editor-active .elementor-popup-modal{background-color:initial}.dialog-type-alert .dialog-widget-content,.dialog-type-confirm .dialog-widget-content{margin:auto;width:400px;padding:20px}.dialog-type-alert .dialog-header,.dialog-type-confirm .dialog-heade

Chrome Cache Entry: 168

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 34636, version 1.0
Category:	downloaded
Size (bytes):	34636
Entropy (8bit):	7.993507713883684
Encrypted:	true
SSDEEP:
MD5:	6024D3E0BEB60477220BD8321F72A815
SHA1:	73567F11300F973AE39B2017744CA78EC030353D
SHA-256:	9229AB12D7AA296F54276F883C0447E7C77205A25E250D6DBA499C49B759E829
SHA-512:	E3877255B4698293539885405BBD391B91441AE629968B29B7E8C6C3F2485D9F6A8330FC94C3D9BFC30EC69452CB0F085A8BA05929D154DED51BD7D40E4A8B42
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/syne/v22/8vIH7w4qzmVxm2BL9A.woff2
Preview:	wOF2.......L............................................2?HVAR.'.`?STATf'".../V.....\.@..X.0..&.6.$..,. ........[..Q#....m..^..4.N.s.yP.!..f#.foVAg..9I..5...4..:..h".....]{`..p.......B.a....8.\.....z.U..(oJ...=.WFX.t..>......{.0.!..,ICngJt. .SV.a...].;~]i..SV.-...8.e..,B...h~.B.?..!.UO..D.KB.>.E.......?.....^f=.....t...HSE..Bq...2"...w./..x.6?....}.xK..5.G(.D....1..Fb......`.b..F#V...........}.G..\5........qD^..-.L.960.QL{.+k.[...E..BQ......F:.........}.d>y8.#..I.:h........6.B"$..-]..G.p..g....-..A,..x."...\|.....fs.......y.]Q...V...i.....\.....]...J...]#k1Hg6..0.&<.Y..$.IF8......k.....G..k...}...&.4.........i...a.![.cD..F.....h...)...V2.........8...Y..M\|D.2.X.-_,3.JK........T.rfUK....L.h..HV.u..7...&.......=\|m..._....{8E.5C."8.=...M.....?...a..,........{...N..wV.i..).l.[I.v_...j.an'.;n]..[.../....."....1y{m..9.w..?....q.pL[.~s...Zq5M..9..y...../..J..N.......:.....7.WR#N.d.J.F.....u...."....q@..5..N.^E..w.f.iC.....M...\u.).H...!....m..YA

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24339)
Category:	downloaded
Size (bytes):	24382
Entropy (8bit):	5.189701451762292
Encrypted:	false
SSDEEP:
MD5:	86DE1334F0884CAB20195DBA73F64196
SHA1:	328ABB226F8F6ADB486DA41F34FDEDD065DD97A8
SHA-256:	CF318AFFE78386FD3458C28D3148EB84D7443F8CCF8AD74088F5F051C50B9BA4
SHA-512:	6CC3AA118A31464AB29DA6661184E7751076193D0610C250BD8404F5A223A43AD96AB21585E2372C56BC6792F6A8157A69770253D9382AEAE8D0D7B99898290C
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.7.7
Preview:	/! elementor-pro - v3.7.7 - 20-09-2022 /."use strict";(self.webpackChunkelementor_pro=self.webpackChunkelementor_pro\|\|[]).push([[437],{7996:(e,t,n)=>{var o=n(3203),s=o(n(4042)),r=o(n(8528)),l=o(n(7857)),a=o(n(3184)),d=o(n(7043)),i=o(n(4223)),u=o(n(4231)),c=o(n(2741)),m=o(n(3513)),h=o(n(3002)),f=o(n(8650)),g=o(n(6701)),_=o(n(102)),p=o(n(1748)),v=o(n(5438)),b=o(n(2439)),M=o(n(5032));const extendDefaultHandlers=e=>({...e,...{animatedText:s.default,carousel:r.default,countdown:l.default,hotspot:a.default,form:d.default,gallery:i.default,lottie:u.default,nav_menu:c.default,popup:m.default,posts:h.default,share_buttons:f.default,slides:g.default,social:_.default,themeBuilder:v.default,themeElements:b.default,woocommerce:M.default,tableOfContents:p.default}});elementorProFrontend.on("elementor-pro/modules/init:before",(()=>{elementorFrontend.hooks.addFilter("elementor-pro/frontend/handlers",extendDefaultHandlers)}))},8115:(e,t,n)=>{var o=n(3203);Object.defineProperty(t,"__esModule",{value:!

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1536 x 349, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	32448
Entropy (8bit):	7.89387181718408
Encrypted:	false
SSDEEP:
MD5:	956771BCE9A00469A42679099D01C1DF
SHA1:	707CED55D51C09B30B8CDC34333E4544B6125085
SHA-256:	B421FDCC85BDA47426D968B9C4CE592E8FF198CA6D023A71A2A87513F111C939
SHA-512:	6C99F890396D9E113F76CE52EC9C3B4FE2015EB9C6AC285BB1B057D80F539E3F33729FBC122C35F8B3485300B4D861CF57298E7728A04C108948F328F8490739
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/uploads/2024/01/heltaba-high-resolution-logo-black-transparent-1536x349.png
Preview:	.PNG........IHDR.......]......Y......pHYs..........+.... .IDATx...{.\.}.......3........(...]YQdE..Qt.!.!...1!...........(./..C.B......`l...1&..D&..eY.X..,.a4.?~.3...<z.......%.C...{.^k.~....$I.$I.$.W.0.....&0...v.{..b....P...$I.$I.$.B.X....F...~`...x.....x.L3%I.$I.$I.T..o...<.<w...7......$I.$I.$.............?.....o.$I.$I.$I:.~.j.........~ w.%I.$I.$I....3..>.j..$I.$I.$I..5......u\|.X....$I.$I.$.`s..y.C..x....&..$I.$I.$..6.'.9.A.%.?%I.$I.$IR...whO....K...v\. I.$I.$I....X......^.c...$I.$I.$.r.pZ...K......$I.$I.$.......D....I......$I.$I.$).&p.pB...6.l.v'xmI.$I.$I.t.......V..3s..I.$I.$I.....n..9.[..\o..R,..$I.$I..R...`.0.(......'j..k..D....c..$.5.9$I.$I.$I.4..e_.............:..QD.@.-..A......\oH.$I.$I...z.F..^\|r..Q{.Jb2Z.......t..?#...I.$I.$IR&...#&..3Q...5`...@..~L.....5..\oH.$I.$I..~M.d...n....I......K..?..+s.!I.$I.$IR.........^Oi4.7.O.n..).u..C.$I.$I.:..L..../.........i......zC.$I.$I.]..b...)...Q..6X.UR.XG..o...3..X?.......n..'..C.$I.$I.5........^....6.}

Chrome Cache Entry: 172

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87553
Entropy (8bit):	5.262620498676155
Encrypted:	false
SSDEEP:
MD5:	826EB77E86B02AB7724FE3D0141FF87C
SHA1:	79CD3587D565AFE290076A8D36C31C305A573D18
SHA-256:	CB6F2D32C49D1C2B25E9FFC9AAAFA3F83075346C01BCD4AE6EB187392A4292CF
SHA-512:	FC79FDB76763025DC39FAC045A215FF155EF2F492A0E9640079D6F089FA6218AF2B3AB7C6EAF636827DEE9294E6939A95AB24554E870C976679C25567AD6374C
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 175

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5129
Entropy (8bit):	4.700664166204722
Encrypted:	false
SSDEEP:
MD5:	DAF9EAE9179F002388FB321ED4288679
SHA1:	9907A6EAD885DE61203B254A34033B4EEF8DAA0E
SHA-256:	D02058E489DEB6CA066D9D7836125819C2D6D5D0149472C6165F039175303456
SHA-512:	67732B473787562A32AE244FAA3B75C67B665002C9744BF190256E44D799443F63D72D97DC03B42FF9A6944ACE9C8F6377C77B4E6B5C7368D843590738BB6574
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/inc/plugins/elementor/assets/js/elementor.js?ver=6.4.3
Preview:	(function ( $ ) {..'use strict';...$( window ).on(...'elementor/frontend/init',...function () {....qodefAddonsElementor.init();....qodefAddonsElementorPromoWidgets.init();....}..);...var qodefAddonsElementor = {...init: function () {....var isEditMode = Boolean( elementorFrontend.isEditMode() );.....if ( isEditMode ) {.....for ( var key in qodefAddonsCore.shortcodes ) {......for ( var keyChild in qodefAddonsCore.shortcodes[key] ) {.......qodefAddonsElementor.reInitShortcode(........key,........keyChild.......);......}.....}....}...},...reInitShortcode: function ( key, keyChild ) {....elementorFrontend.hooks.addAction(.....'frontend/element_ready/' + key + '.default',.....function ( e ) {......// Check if object doesn't exist and print the module where is the error......if ( typeof qodefAddonsCore.shortcodes[key][keyChild] === 'undefined' ) {.......console.log( keyChild );......} else if ( typeof qodefAddonsCore.shortcodes[key][keyChild].initSlider === 'function' && e.find( '.qodef-qi-s

Chrome Cache Entry: 176

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8189)
Category:	downloaded
Size (bytes):	21438
Entropy (8bit):	5.300921910116817
Encrypted:	false
SSDEEP:
MD5:	C4E68A0F3463C0BD3C39EAB38815E881
SHA1:	0CE58644E9F3C5063A11453FF287C5EC096465A7
SHA-256:	CA7DCE2391845E8AEC7DA135F33FABD10F74EED28A532AC66FD01F761FCFB42F
SHA-512:	E871F258F625A5C8E8EC3848242352FD75DCB0F0B580333FCE07625A6A2F53E83F22E4DD7492F2D12A880709D540DE0BCDD9B335D853FE9CCCFC0EFCCF718BCE
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Preview:	/! jQuery UI - v1.13.2 - 2022-07-14. http://jqueryui.com.* Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-patch.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/sorta

Chrome Cache Entry: 178

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	28
Entropy (8bit):	4.039148671903071
Encrypted:	false
SSDEEP:
MD5:	12FB20D62460EBE9EDD4B750C00F8DB1
SHA1:	ECEEFCB2DBFA7429965ECA5915E561425D657DB4
SHA-256:	5CD32C4949CDA7FD7CC07A6B18785DCEC0D4CE811DC5A29BEA4A95DFBFDE4599
SHA-512:	31F6EDB994F6B292D124E24D996D5C3E9FD89F8601A56ADEAD00844149DD41AFCDAA1648F37F15A8F49A39539F2397D1E09B2EC04CDD70DA57BA3884E1346097
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwk6D1lPi5yWuxIFDfZbc9ISBQ3TkGWE?alt=proto
Preview:	ChIKBw32W3PSGgAKBw3TkGWEGgA=

Chrome Cache Entry: 179

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (8171), with no line terminators
Category:	downloaded
Size (bytes):	8171
Entropy (8bit):	5.072859919696532
Encrypted:	false
SSDEEP:
MD5:	DDA652DB133FDDB9B80A05C6D1B5C540
SHA1:	60C8514C57A5DB2980C4B046B0DD479BD427357B
SHA-256:	C1A9A3E223BAD631DFF12D33B5499EB145CB08D8621C20D9D73870E78D97AFE4
SHA-512:	05CB3673448A79AA81887C60A82ABA51F9A843DC13AB4FC39B3E6D8AE7D632732D9AFEFAF72FC3D197C2795A3364FDFD4F83C9B628644D98F1C9017BFD435E62
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
Preview:	!function(e){"object"==typeof exports&&"undefined"!=typeof module\|\|"function"!=typeof define\|\|!define.amd?e():define("inert",e)}((function(){"use strict";var e,t,n,i,o,r,s=function(e,t,n){return t&&a(e.prototype,t),n&&a(e,n),e};function a(e,t){for(var n=0;n<t.length;n++){var i=t[n];i.enumerable=i.enumerable\|\|!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,i.key,i)}}function d(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function u(e,t){d(this,u),this._inertManager=t,this._rootElement=e,this._managedNodes=new Set,this._rootElement.hasAttribute("aria-hidden")?this._savedAriaHidden=this._rootElement.getAttribute("aria-hidden"):this._savedAriaHidden=null,this._rootElement.setAttribute("aria-hidden","true"),this._makeSubtreeUnfocusable(this._rootElement),this._observer=new MutationObserver(this._onMutation.bind(this)),this._observer.observe(this._rootElement,{attributes:!0,childList:!0,subtree:!0})}function h(e,t){d(this,h),thi

Chrome Cache Entry: 181

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	18865
Entropy (8bit):	5.428490540008547
Encrypted:	false
SSDEEP:
MD5:	F5C90460EA0E2A4DF3FCB5B81BB41A94
SHA1:	318CD988207C26C1DFB9A7F5B322A001AFBDD8CD
SHA-256:	8D055DC2BC41F8E8BDAD012BDB150F79FF147540CFF31D8903A7B9BB743C3715
SHA-512:	EE5DE9378C0EB22AFA73F2C02D16EED41685973D71F26AA140F5294C90EA293D3EE5AEF9F9594F41D568B7A1EB68924A944E9975F239A0F0991D83CBF4F0BFDD
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Syne%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CDM+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.4.3
Preview:	/* latin-ext /.@font-face {. font-family: 'DM Sans';. font-style: italic;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/dmsans/v14/rP2Wp2ywxg089UriCZaSExd86J3t9jz86MvyyKK58VXh.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./ latin /.@font-face {. font-family: 'DM Sans';. font-style: italic;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/dmsans/v14/rP2Wp2ywxg089UriCZaSExd86J3t9jz86MvyyKy58Q.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./ latin-ext */.@font-face {. font-family: 'DM Sans';. font-style: italic;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/dmsans/v14/rP2Wp2ywxg089UriCZaSExd86J3t9jz86MvyyKK58VXh.woff2) format('woff2');. unicode

Chrome Cache Entry: 182

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18562), with no line terminators
Category:	downloaded
Size (bytes):	18562
Entropy (8bit):	4.684986973406293
Encrypted:	false
SSDEEP:
MD5:	37A23D586B2C476D3AB6E9BB2B3E08D6
SHA1:	8BCE43CF3926507D44A11651975F9535A90F7D0C
SHA-256:	5AEFE68B6A58F89F105E26BFBDE7F93D5443FEA8AAD4DCBD237F39380C048338
SHA-512:	FEE2020994BC858DF38058D02CEBECBBDABA1577CA79988A4C6079A026B78F2857A9BB36A995D1F2D7DFA2AAF86484D4546873AB55000457F332A8719EC63B2D
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/uploads/elementor/css/post-108.css?ver=1705063357
Preview:	.elementor-108 .elementor-element.elementor-element-6513bbcb:not(.elementor-motion-effects-element-type-background), .elementor-108 .elementor-element.elementor-element-6513bbcb > .elementor-motion-effects-container > .elementor-motion-effects-layer{background-color:var( --e-global-color-e777cd9 );}.elementor-108 .elementor-element.elementor-element-6513bbcb{transition:background 0.3s, border 0.3s, border-radius 0.3s, box-shadow 0.3s;z-index:10;}.elementor-108 .elementor-element.elementor-element-6513bbcb > .elementor-background-overlay{transition:background 0.3s, border-radius 0.3s, opacity 0.3s;}.elementor-bc-flex-widget .elementor-108 .elementor-element.elementor-element-74b90464.elementor-column .elementor-widget-wrap{align-items:center;}.elementor-108 .elementor-element.elementor-element-74b90464.elementor-column.elementor-element[data-element_type="column"] > .elementor-widget-wrap.elementor-element-populated{align-content:center;align-items:center;}.elementor-108 .elementor-elem

Chrome Cache Entry: 183

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (9462)
Category:	downloaded
Size (bytes):	49752
Entropy (8bit):	5.256435722391161
Encrypted:	false
SSDEEP:
MD5:	8DE0EBA25C45F37C7F90F030D8B78EC3
SHA1:	F99A5FAC87A98583365F1037CF426C4D36ECE0E1
SHA-256:	E567DA14E40EAC32D2F7139907936343CBBBECCF410907C6DFE95FE5BA23871D
SHA-512:	D83798335DDFA4D1317A91E02B7F7926CF3334DC89A83E0DCEFDE306A89584DAD40DA644528F546FB1A1BE32E14658E5CAF2EA8F7DF5B7406D4B67294ED9BB51
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/about/
Preview:	<!doctype html>.<html lang="en-US">.<head>..<meta charset="UTF-8">..<meta name="viewport" content="width=device-width, initial-scale=1">..<link rel="profile" href="https://gmpg.org/xfn/11">..<title>About – Heltaba</title>.<meta name='robots' content='max-image-preview:large' />.<link rel="alternate" type="application/rss+xml" title="Heltaba » Feed" href="https://heltaba.com/feed/" />.<link rel="alternate" type="application/rss+xml" title="Heltaba » Comments Feed" href="https://heltaba.com/comments/feed/" />.<script>.window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/heltaba.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.4.3"}};./! This file is auto-generated /.!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.string

Chrome Cache Entry: 184

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (45047)
Category:	downloaded
Size (bytes):	137549
Entropy (8bit):	5.214399783307629
Encrypted:	false
SSDEEP:
MD5:	6C087AABA5BCB76BC96366600B854E20
SHA1:	6DE8049F8F4E6C83300BE31FFA9E54D652F10F1A
SHA-256:	03CA8C38633872B885F1E54E729C4597DA2F1C52D06F9A5289DDDA7CA3A9930C
SHA-512:	C8226FE12963B09E5A70E4987D38B20D54AEF88FC871F221275F883B68DAC1DE51799C3EDD479778BDA958167F30EEB1F8B73E3AE12C13B5D12E407B5369301F
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=3.0.4
Preview:	!function(){var t={793:function(){var t=function(t,e){if(window.google){var i=e("#"+t.find(".ekit-google-map").attr("id")),n=i.data("id"),o=i.data("api_key"),s=i.data("map_type"),r=i.data("map_address_type"),a=i.data("map_lat")\|\|23.7808875,h=i.data("map_lng")\|\|90.2792373,l=i.data("map_addr"),c=i.data("map_basic_marker_title"),u=i.data("map_basic_marker_content"),d=i.data("map_basic_marker_icon_enable"),f=i.data("map_basic_marker_icon"),p=i.data("map_basic_marker_icon_width"),m=i.data("map_basic_marker_icon_height"),g=i.data("map_zoom")\|\|14,v=i.data("map_markers"),y=i.data("map_static_width"),_=i.data("map_static_height"),w=i.data("map_polylines"),b=i.data("map_stroke_color"),x=i.data("map_stroke_opacity"),E=i.data("map_stroke_weight"),C=i.data("map_stroke_fill_color"),S=i.data("map_stroke_fill_opacity"),I=i.data("map_overlay_content"),T=i.data("map_routes_origin_lat"),k=i.data("map_routes_origin_lng"),z=i.data("map_routes_dest_lat"),L=i.data("map_routes_dest_lng"),O=i.data("map_routes_

Chrome Cache Entry: 185

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (30299), with no line terminators
Category:	downloaded
Size (bytes):	30299
Entropy (8bit):	4.712196414781506
Encrypted:	false
SSDEEP:
MD5:	317FBC87772718EB181EC7FEBA35E148
SHA1:	E08708D82FBA6BDB5D2A6826CC5099662F7DAAB1
SHA-256:	12C3F7BC60C99D1B6B634D6CD16FBB0E26AE75DDDA15D7A6E5106CD5DAD83F14
SHA-512:	12F3E8E96F53D74B1A93F80D1B3F5174879B29588F74C1EAE3E67C6BFC76AFC0613D4392B3B46B488B5557BF1DCD1752B4FE27E26ACFBAC2B2F88BF8AED1796A
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=3.0.4
Preview:	@media (max-width:480px){.ekit-wid-con .hotspot-following-line-style .ekit-hotspot-horizontal-line{width:50px}.ekit-wid-con .ekit-location_inner{left:0;right:auto}}@media (max-width:767px){.ekit-wid-con .elementskit-image-accordion-wraper{-ms-flex-wrap:wrap;flex-wrap:wrap}}@media screen and (min-width:1025px){.ekit-image-accordion-vertical .ekit-image-accordion{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ekit-image-accordion-vertical .ekit-image-accordion-item{min-height:0!important}}@media screen and (min-width:768px) and (max-width:1024px){.ekit-image-accordion-tablet-vertical .ekit-image-accordion,.ekit-image-accordion-vertical:not(.ekit-image-accordion-tablet-horizontal) .ekit-image-accordion{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ekit-image-accordion-tablet-vertical .ekit-image-accordion-item,.ekit-image-accordion-vertical:not(.ekit-image-accordion-table

Chrome Cache Entry: 186

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1280, components 3
Category:	dropped
Size (bytes):	264791
Entropy (8bit):	7.977483258883484
Encrypted:	false
SSDEEP:
MD5:	2090032BC90D7A2AD81FB671E8388F98
SHA1:	CEFBB51E8D472199D9C2B6F462680033ABE6F587
SHA-256:	BDD002CBCA0039F3C47E5032C78E59764DBFA040064FC4677D44CAC7939D0348
SHA-512:	D17545493B85E69D817F4740A05D34043672A9E90A65A5097D0A3568E471A0DB5F7124C8EFD883ED6D8EADC6CC8959620CCDFF64A8380344E1C301B8BD99956D
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.............(ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................].......................!.1..A.."Qaq.....2B..#R...3b...$Cr.4S...%D....cs....&5d....T.6FUetu.................................3.......................!1..AQ.."2aq.BR.#.3..$.b..............?.....S...j..h.6.."d.l*..@...6. '...6...S.4.

Chrome Cache Entry: 187

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (60132)
Category:	downloaded
Size (bytes):	60173
Entropy (8bit):	5.2155020500734866
Encrypted:	false
SSDEEP:
MD5:	C83BCA241B2C0FF5914A86BA02B1150F
SHA1:	1D5EAD82CB86A3CAD088E5930BCD2BBADBE19F86
SHA-256:	2F7F7CC8FB87B8AE16FFD03663FB1DE67B5493973CECF154C55EC2C5E7E0C0FC
SHA-512:	1EC07B4ED80BF32E00E1925509FDCD1344A4585228BBEC324BDC385D8DEB323CE0FD0EC12A797469F6402DD42776AA720BE9E39877E55D1CFE3A3D7B1321753C
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.19.0
Preview:	/! elementor - v3.19.0 - 29-01-2024 /.(self.webpackChunkelementor=self.webpackChunkelementor\|\|[]).push([[354],{381:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;t.default=(e,t)=>{t=Array.isArray(t)?t:[t];for(const n of t)if(e.constructor.name===n.prototype[Symbol.toStringTag])return!0;return!1}},8135:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class _default extends elementorModules.ViewModule{getDefaultSettings(){return{selectors:{elements:".elementor-element",nestedDocumentElements:".elementor .elementor-element"},classes:{editMode:"elementor-edit-mode"}}}getDefaultElements(){const e=this.getSettings("selectors");return{$elements:this.$element.find(e.elements).not(this.$element.find(e.nestedDocumentElements))}}getDocumentSettings(e){let t;if(this.isEdit){t={};const e=elementor.settings.page.model;jQuery.each(e.getActiveControls(),(n=>{t[n]=e.attributes[n]}))}else t=this.$element.data("elementor-sett

Chrome Cache Entry: 190

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2456), with no line terminators
Category:	downloaded
Size (bytes):	2456
Entropy (8bit):	4.642190104401375
Encrypted:	false
SSDEEP:
MD5:	8F82A23C3B765C4FA7E856B8D23D36C3
SHA1:	763C5A4F7584008113D42577351DA40C72CC0206
SHA-256:	EE9BACA7CC683D399A2AFC399BF57307767AD66597FB44623CEDC140022B16AF
SHA-512:	D47B2A947C209930EEE9068171BD32C4E7EB5C64A513D0B9177D73751FA0AC25B3940F827AC9B6C6A7031A958C1E514851B74DEC3D4F15E05602649DD3A424A2
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/uploads/elementor/css/post-102.css?ver=1706603437
Preview:	.elementor-102 .elementor-element.elementor-element-1615105d:not(.elementor-motion-effects-element-type-background), .elementor-102 .elementor-element.elementor-element-1615105d > .elementor-motion-effects-container > .elementor-motion-effects-layer{background-color:var( --e-global-color-cff305b );}.elementor-102 .elementor-element.elementor-element-1615105d{transition:background 0.3s, border 0.3s, border-radius 0.3s, box-shadow 0.3s;padding:60px 0px 100px 0px;}.elementor-102 .elementor-element.elementor-element-1615105d > .elementor-background-overlay{transition:background 0.3s, border-radius 0.3s, opacity 0.3s;}.elementor-102 .elementor-element.elementor-element-4753668f > .elementor-element-populated{padding:0px 0px 0px 0px;}.elementor-102 .elementor-element.elementor-element-152dc350 .elementor-icon-list-icon i{color:var( --e-global-color-text );transition:color 0.3s;}.elementor-102 .elementor-element.elementor-element-152dc350 .elementor-icon-list-icon svg{fill:var( --e-global-col

Chrome Cache Entry: 191

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1536x1024, components 3
Category:	downloaded
Size (bytes):	116547
Entropy (8bit):	7.933032210233883
Encrypted:	false
SSDEEP:
MD5:	2ADCDD1726284BEBB50507D4228B6C01
SHA1:	DD19CF0FE913BA91FAD4BC7B1CDED8E26E8D8958
SHA-256:	B8BB5FA614A1D8F3037B041A783DDFB03D9E33934F98C70F2E39B4864BCF3E67
SHA-512:	D0B96D629E9C954CFBE29F3AE3860C2E57EF30B83ABA3F3B97F152AD2C59C7A45C4DCEF7C2A4E97AE9CC224B5CC7051D9E1A442DA3C79F8903827A01EF2086E5
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/uploads/2024/01/aida-4-1536x1024.jpg
Preview:	......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..x2..........P..........R...N.....]e...G.yf.~....}G .....p)G&..0p.[^k#D5.5VE..I...4.c9...SJ.t.9.R..+.R....Njt.R,..d..g.\..I..+R).V.T..)R-B....IH.;T..*j@i\.?4..f...(.i...".....@.N...S.4R.P.i..`.R..p...\R(.(..R.!..).8...:....-(.....KI@4.;....QR....."..h.,...i.EW#.Vp..A.iqK.\V...K.R..M.c.I@.(..@.(

Chrome Cache Entry: 192

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12876), with no line terminators
Category:	downloaded
Size (bytes):	12876
Entropy (8bit):	5.1179527069320745
Encrypted:	false
SSDEEP:
MD5:	BCAD7781B3E74DB2565B8424C45232CD
SHA1:	41B0D94434EF667897C06E1184B703064FFCEDA1
SHA-256:	D622534D53D3AC1095AF275F0B30274FCD835785577DF2DDE6D9398E6F7A2C8F
SHA-512:	8BF688AD357079C992136D62AD437795165F22EA1F23919611FCB756D1975D34FE2272819CFCB6B16AA79980997149F253C20334F8AB7BF133E3C91B3F9E98B7
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6
Preview:	.swiper-container{margin-left:auto;margin-right:auto;position:relative;overflow:hidden;z-index:1}.swiper-container .swiper-slide figure{line-height:0}.swiper-container .elementor-lightbox-content-source{display:none}.swiper-container-no-flexbox .swiper-slide{float:left}.swiper-container-vertical>.swiper-wrapper{flex-direction:column}.swiper-wrapper{position:relative;width:100%;height:100%;z-index:1;display:flex;transition-property:transform;box-sizing:content-box}.swiper-container-android .swiper-slide,.swiper-wrapper{transform:translateZ(0)}.swiper-container-multirow>.swiper-wrapper{flex-wrap:wrap}.swiper-container-free-mode>.swiper-wrapper{transition-timing-function:ease-out;margin:0 auto}.swiper-slide{flex-shrink:0;width:100%;height:100%;position:relative}.swiper-container-autoheight,.swiper-container-autoheight .swiper-slide{height:auto}.swiper-container-autoheight .swiper-wrapper{align-items:flex-start;transition-property:transform,height}.swiper-container .swiper-notification{pos

Chrome Cache Entry: 193

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	124837
Entropy (8bit):	4.4798601298691025
Encrypted:	false
SSDEEP:
MD5:	9323FD320E12C4D0D865A254138147D4
SHA1:	93218FBF674488BE2FECCEBF36055C6FC1D8A1EE
SHA-256:	49EBAF0BFAD5AAF0C66DE0BB84A2C7D1E32F33ADD8D6CB75897AE56CB07BCDA9
SHA-512:	CB338E09174455CEA49D9967CC4D7CE230AE0D9D6D9F5484D630C3FA5C315D8F8E1104A8CFC9A1181A5974CFE6C01E2A7A0EC1DADA425C480200841F77F6E241
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=3.0.4
Preview:	@font-face{font-family:elementskit;src:url(../fonts/elementskit.woff?y24e1e) format("woff");font-weight:400;font-style:normal;font-display:swap}.ekit-wid-con .fasicon,.ekit-wid-con .icon,.ekit-wid-con .icon::before,.fasicon,.icon,.icon::before{font-family:elementskit!important;speak:none;font-style:normal;font-weight:400;font-variant:normal;text-transform:none;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.ekit-wid-con .fasicon.icon-home::before,.ekit-wid-con .icon.icon-home::before,.icon.icon-home::before{content:"\e800"}.ekit-wid-con .fasicon.icon-advanced-slider::before,.ekit-wid-con .icon.icon-advanced-slider::before,.icon.icon-advanced-slider::before{content:"\e9c8"}.ekit-wid-con .fasicon.icon-image-box::before,.ekit-wid-con .icon.icon-image-box::before,.icon.icon-image-box::before{content:"\ebd1"}.ekit-wid-con .fasicon.icon-image-swap::before,.ekit-wid-con .icon.icon-image-swap::before,.icon.icon-image-swap::before{content:"\eba4"}.ekit-wid-co

Chrome Cache Entry: 194

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19201)
Category:	downloaded
Size (bytes):	19244
Entropy (8bit):	5.030248364631859
Encrypted:	false
SSDEEP:
MD5:	8E94A15C4CBCD2E1A07D1C7AE27BD0A3
SHA1:	A75F92A3069353B930FC663EEA2EE71C6B9FAA20
SHA-256:	E5117A3E07D7C12E247EAAA7973E6499584000C5ECFA1B2A66FBF830ED064650
SHA-512:	C1FBC9E3D8DF6B0447B9CE6005ECF132B8210C42BF7C5581D3C37C11F6EBCD09396F9785CEA9416F1B4F4763AD6B4DAC66ED66A7D63551473EF7CA3CAF8A12C5
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/form.72b77b99d67b130634d2.bundle.min.js
Preview:	/! elementor-pro - v3.7.7 - 20-09-2022 /."use strict";(self.webpackChunkelementor_pro=self.webpackChunkelementor_pro\|\|[]).push([[680],{2679:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class DataTimeFieldBase extends elementorModules.frontend.handlers.Base{getDefaultSettings(){return{selectors:{fields:this.getFieldsSelector()},classes:{useNative:"elementor-use-native"}}}getDefaultElements(){const{selectors:e}=this.getDefaultSettings();return{$fields:this.$element.find(e.fields)}}addPicker(e){const{classes:t}=this.getDefaultSettings();jQuery(e).hasClass(t.useNative)\|\|e.flatpickr(this.getPickerOptions(e))}onInit(){super.onInit(...arguments),this.elements.$fields.each(((e,t)=>this.addPicker(t)))}}t.default=DataTimeFieldBase},784:(e,t,s)=>{var r=s(3203);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var i=r(s(2679));class DateField extends i.default{getFieldsSelector(){return".elementor-date-field"}getPickerOptions(e){const t=jQuery(e);retu

Chrome Cache Entry: 195

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (30394), with no line terminators
Category:	downloaded
Size (bytes):	30394
Entropy (8bit):	4.669957100122824
Encrypted:	false
SSDEEP:
MD5:	BA5D969D5AF53CEFFEE54F203C905B87
SHA1:	8B5E650A9A322A6F19594D914E35015ACF379062
SHA-256:	6EFE352E9CBE2E9A8D4D6E4F1370A5AD66D26B493D85ED32D37E978A4D511941
SHA-512:	7ED40F0EC3DC01C2DF417E93295267491E165360900DF24AF5C2818539305AEB8F559AADD9044CCE4C497B6B1B4F9F21597CC302AEFEA32756786B9386E31257
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/assets/css/helper-parts.min.css?ver=6.4.2
Preview:	@keyframes qi-addons-for-elementor-fade-in{0%{opacity:0;visibility:hidden;z-index:102}100%{opacity:1;visibility:visible;z-index:102}}@keyframes qi-addons-for-elementor-fade-out{0%{opacity:1;visibility:visible;z-index:102}100%{opacity:0;visibility:hidden;z-index:0}}@keyframes qodef-animate-underline-from-left{0%{transform:scaleX(1);transform-origin:right}37%{transform:scaleX(0);transform-origin:right}38%{transform:scaleX(0);transform-origin:left}100%{transform:scaleX(1);transform-origin:left}}@keyframes qodef-animate-underline-from-right{0%{transform:scaleX(1);transform-origin:left}37%{transform:scaleX(0);transform-origin:left}38%{transform:scaleX(0);transform-origin:right}100%{transform:scaleX(1);transform-origin:right}}@keyframes qodef-animate-underline-multiline{0%{background-size:100% 87%;background-position-x:right}38%{background-size:0 87%;background-position-x:right}39%{background-size:0 87%;background-position-x:left}100%{background-size:100% 87%;background-position-x:left}}@key

Chrome Cache Entry: 196

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	40
Entropy (8bit):	4.184183719779189
Encrypted:	false
SSDEEP:
MD5:	94D041D462DB321CDB888066586F2068
SHA1:	717D2F9DA7FB9F9E2BF2058A8177A0344F8A8647
SHA-256:	B8166C5475DF6A64AB2456E95F64564164ED697D258E8BFED8CEBCA40EFD6FA5
SHA-512:	9A320FBC1DBEDA1700F54140F814A285D1CDADF947F927DB7E1D70A686D15FC74D69530BD13AB7CF9C3A2009791F2AC8F358CD9F748B1C2995EB9712B68DC574
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=3.0.4
Preview:	jQuery(document).ready((function(e){}));

Chrome Cache Entry: 197

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2701), with no line terminators
Category:	downloaded
Size (bytes):	2701
Entropy (8bit):	4.688141301851713
Encrypted:	false
SSDEEP:
MD5:	4050C0609245D6CAE046D3EC997DFDCB
SHA1:	2259A15C6B298A09691231BBA15C7EB930E6F373
SHA-256:	001935E396D66FAF9490154709867CDF0675B13760014FF3EE055AAF0DB78340
SHA-512:	F9A6C5C0138B82FED2DF4AC3E3BC601550A959E91155CAFF2631DEAEF6A36BE4799ED36C8B2DA7565CB256FCF15ED8B24A4D841EC57BB0B910D99DBE12EB2445
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/uploads/elementor/css/post-87.css?ver=1705306165
Preview:	.elementor-87 .elementor-element.elementor-element-5a20edc0:not(.elementor-motion-effects-element-type-background), .elementor-87 .elementor-element.elementor-element-5a20edc0 > .elementor-motion-effects-container > .elementor-motion-effects-layer{background-position:center center;background-repeat:no-repeat;background-size:auto;}.elementor-87 .elementor-element.elementor-element-5a20edc0 > .elementor-background-overlay{background-color:var( --e-global-color-7e293d1 );opacity:0.75;transition:background 0.3s, border-radius 0.3s, opacity 0.3s;}.elementor-87 .elementor-element.elementor-element-5a20edc0{transition:background 0.3s, border 0.3s, border-radius 0.3s, box-shadow 0.3s;margin-top:0px;margin-bottom:0px;padding:100px 0px 100px 0px;z-index:5;}.elementor-87 .elementor-element.elementor-element-755b749a.elementor-column > .elementor-widget-wrap{justify-content:center;}.elementor-87 .elementor-element.elementor-element-755b749a > .elementor-element-populated{padding:0% 12% 0% 12%;}.el

Chrome Cache Entry: 198

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (14777), with no line terminators
Category:	downloaded
Size (bytes):	14777
Entropy (8bit):	4.8965109001118
Encrypted:	false
SSDEEP:
MD5:	2FCC896F4277EE71CBE72BF861F773BB
SHA1:	CFFD00BAD826531B93968BBD550C374B88D6CBF9
SHA-256:	6F5352CE60BB69C27848400A2A9FBB440D4308C0C5ACAF1E56A72A3194712F92
SHA-512:	F47F64B1D5FCBF12776AFA0B442B38CC3D6244E0331CA47F4F276112731CCF686E16247332864547BE7F0D7CC0A2A983C5A5196F606802D0A91B93EA3893D8B7
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/uploads/elementor/css/post-35.css?ver=1705063357
Preview:	.elementor-kit-35{--e-global-color-primary:#7868E6;--e-global-color-secondary:#B8B5FF;--e-global-color-text:#222831;--e-global-color-accent:#E4FBFF;--e-global-color-e777cd9:#FFFFFF;--e-global-color-e632858:#FFFFFF00;--e-global-color-cff305b:#EDEEF7;--e-global-color-d59e8a8:#DDDDDD;--e-global-color-9947692:#FFFFFFD1;--e-global-color-7e293d1:#22283170;--e-global-color-8fd35ab:#41384F;--e-global-color-58a7729:#DE7954;--e-global-typography-primary-font-family:"Syne";--e-global-typography-primary-font-size:80px;--e-global-typography-primary-font-weight:700;--e-global-typography-primary-line-height:90px;--e-global-typography-primary-letter-spacing:-1.5px;--e-global-typography-secondary-font-family:"DM Sans";--e-global-typography-secondary-font-size:24px;--e-global-typography-secondary-font-weight:400;--e-global-typography-secondary-line-height:36px;--e-global-typography-secondary-letter-spacing:0px;--e-global-typography-text-font-family:"DM Sans";--e-global-typography-text-font-size:17px;--e

Chrome Cache Entry: 199

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	280175
Entropy (8bit):	4.73593920647419
Encrypted:	false
SSDEEP:
MD5:	E637406702A3447F5E724960F075C31F
SHA1:	9F8E3D2A6653B7078482BDCFF5FA968B0C631231
SHA-256:	6F12F6F2D0598E2C1A69D71E5BB3ADE38B4E192279593F2BA80806DC4006BBB2
SHA-512:	F5F34E80D3427220BC77E137F571120E1841D327FAEA4A072F0E5F4E4B1D61ECD0D01561222CB436E9FB40BCFABE47087C19FA35DBA1C5D0F387C4CD73BE41D2
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/assets/css/main.min.css?ver=6.4.3
Preview:	.qodef-addons-blog-list{position:relative;display:inline-block;width:100%;vertical-align:top}.qodef-addons-blog-list .qodef-blog-item{position:relative;display:inline-block;width:100%;vertical-align:top}.qodef-addons-blog-list .qodef-blog-item .qodef-e-content,.qodef-addons-blog-list .qodef-blog-item .qodef-e-inner,.qodef-addons-blog-list .qodef-blog-item .qodef-e-media{position:relative;display:inline-block;width:100%;vertical-align:top}.qodef-addons-blog-list .qodef-blog-item .qodef-e-media-image{position:relative;display:inline-block;vertical-align:top;max-width:100%;overflow:hidden;z-index:1}.qodef-addons-blog-list .qodef-blog-item .qodef-e-media{display:block}.qodef-addons-blog-list .qodef-blog-item .qodef-e-media iframe{display:block;height:100%}.qodef-addons-blog-list .qodef-blog-item .qodef-e-title{margin:0 0 .5em}.qodef-addons-blog-list .qodef-blog-item .qodef-e-excerpt{margin:0}.qodef-addons-blog-list .qodef-blog-item .qodef-e-info{position:relative;display:flex;flex-wrap:wra

Chrome Cache Entry: 200

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5141)
Category:	downloaded
Size (bytes):	5184
Entropy (8bit):	5.469433986279472
Encrypted:	false
SSDEEP:
MD5:	D34A31C190BE8BDF335FA0C44EF52699
SHA1:	483E1B4BA88B6E7CA8153871811E32CAB021D6E4
SHA-256:	F032F0B942EA9F4BD771DDB2262C518E948328A305A5268DACC74F3EEE364514
SHA-512:	867865608F99F5C9FECF0A583E3434DF06BAE7BEB5C5A6F2C24655F6030EC93E1C238AB934EC269601741ED122A483931FF719C84A1E8EDED8C943C75FCF7A58
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.7
Preview:	/! elementor-pro - v3.7.7 - 20-09-2022 /.(()=>{"use strict";var e,r,_,a={},n={};function __webpack_require__(e){var r=n[e];if(void 0!==r)return r.exports;var _=n[e]={exports:{}};return a[e](_,_.exports,__webpack_require__),_.exports}__webpack_require__.m=a,e=[],__webpack_require__.O=(r,_,a,n)=>{if(!_){var c=1/0;for(o=0;o<e.length;o++){for(var[_,a,n]=e[o],i=!0,t=0;t<_.length;t++)(!1&n\|\|c>=n)&&Object.keys(__webpack_require__.O).every((e=>__webpack_require__.O[e](_[t])))?_.splice(t--,1):(i=!1,n<c&&(c=n));if(i){e.splice(o--,1);var b=a();void 0!==b&&(r=b)}}return r}n=n\|\|0;for(var o=e.length;o>0&&e[o-1][2]>n;o--)e[o]=e[o-1];e[o]=[_,a,n]},__webpack_require__.f={},__webpack_require__.e=e=>Promise.all(Object.keys(__webpack_require__.f).reduce(((r,_)=>(__webpack_require__.f[_](e,r),r)),[])),__webpack_require__.u=e=>714===e?"code-highlight.28a979661569ddbbf60d.bundle.min.js":721===e?"video-playlist.0c9d14b28f7b8990e895.bundle.min.js":256===e?"paypal-button.3d0d5af7df85963df32c.bundle.min.js":15

Chrome Cache Entry: 202

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (872)
Category:	downloaded
Size (bytes):	912
Entropy (8bit):	5.0199058968156445
Encrypted:	false
SSDEEP:
MD5:	426BA3FD28FB39069C787463E2EEE5C7
SHA1:	88E82EACC838A8A3B557B843171DD8DEB2234681
SHA-256:	166101412BB5C1F75B4E75C4DA7460A6621E8456F47D2D01653EABB9DFF0E59E
SHA-512:	6CEB9CC99B8F9E9EBA3C06A40E1FEC1DF715C5C7E6280C340A4F56BBE784B395F4433B250E2685B2C3A1FEA5630AFB0909B8FB7C37C339FEF8000FF6E8B2A7BE
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/js/counter.02cef29c589e742d4c8c.bundle.min.js
Preview:	/! elementor - v3.19.0 - 29-01-2024 /."use strict";(self.webpackChunkelementor=self.webpackChunkelementor\|\|[]).push([[120],{7884:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class Counter extends elementorModules.frontend.handlers.Base{getDefaultSettings(){return{selectors:{counterNumber:".elementor-counter-number"}}}getDefaultElements(){const e=this.getSettings("selectors");return{$counterNumber:this.$element.find(e.counterNumber)}}onInit(){super.onInit(),this.intersectionObserver=elementorModules.utils.Scroll.scrollObserver({callback:e=>{if(e.isInViewport){this.intersectionObserver.unobserve(this.elements.$counterNumber[0]);const e=this.elements.$counterNumber.data(),t=e.toValue.toString().match(/\.(.*)/);t&&(e.rounding=t[1].length),this.elements.$counterNumber.numerator(e)}}}),this.intersectionObserver.observe(this.elements.$counterNumber[0])}}t.default=Counter}}]);

Chrome Cache Entry: 203

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (18593), with no line terminators
Category:	downloaded
Size (bytes):	18593
Entropy (8bit):	5.095782734715352
Encrypted:	false
SSDEEP:
MD5:	CE634C6621026E8FB98418CE432C4B75
SHA1:	40A1A488094B4569C3A903EB043ECDA0D6BF929E
SHA-256:	D22A8CE5B62F7DE94C4183B2528D1BC7D6B220BE97B72D04C7AEA220E273D58F
SHA-512:	985C80C03CC6B2AC537A15ABB722631EC5627E12630689C329D9E27DE28B5594FF14A67B338D1B81D6E27C1518E729103015D773062AAA99DDA0FE04F3BCCA1C
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=3.0.4
Preview:	!function(e,t){"use strict";window.ElementsKit_Helper={},ElementsKit_Helper.setURLHash=function(t,n,i){if(void 0===t\|\|!("ekit_hash_change"in t))return;void 0===i&&(i="ekit-handler-id");let s="#"+e(n).data(i);window.location.hash=s},ElementsKit_Helper.ajaxLoading=function(n,i){if(n.hasClass("ekit-template-ajax--yes")){var s=i.find("[data-ajax-post-id]");s.hasClass("is--loaded")\|\|e.ajax({type:"POST",url:ekit_config.ajaxurl,data:{action:"ekit_widgetarea_content",nonce:ekit_config.nonce,post_id:s.data("ajax-post-id")},success:function(n){s.addClass("is--loaded").html(n),s.find("[data-widget_type]").each((function(){var n=e(this);t.hooks.doAction("frontend/element_ready/"+n.data("widget_type"),n)}))}})}},ElementsKit_Helper.triggerClickOnEvent=function(t,n){"click"!==t&&n.on(t,(function(){e(this).trigger("click")}))},ElementsKit_Helper.megaMenuAjaxLoad=function(t){let n=t.find(".elementskit-submenu-indicator, .ekit-submenu-indicator-icon"),i=t.find(".megamenu-ajax-load"),s=t.closest(".ekit-w

Chrome Cache Entry: 204

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10019)
Category:	downloaded
Size (bytes):	18468
Entropy (8bit):	4.942984129844562
Encrypted:	false
SSDEEP:
MD5:	4601BA55044413706C2022CB6C1C3D05
SHA1:	5103EC2FBB389568EBF5CFE4FD721F3DF2FF7AEC
SHA-256:	FE513EF974B767510D0A2B9F1B4D3AFA53185B89AB617C869E5E3D6DB960192C
SHA-512:	8DAB2D19378E34B40043621AAC57B418E56486DCFEBD1A5991BE8A02EE6B071D07EC6BFD9408DEA8FF0198995DE9D42A46E66513D68B40B68056707E4E691E01
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.18.3
Preview:	@keyframes bounce{20%,53%,80%,from,to{animation-timing-function:cubic-bezier(.215,.61,.355,1);transform:translate3d(0,0,0)}40%,43%{animation-timing-function:cubic-bezier(.755,.050,.855,.060);transform:translate3d(0,-30px,0)}70%{animation-timing-function:cubic-bezier(.755,.050,.855,.060);transform:translate3d(0,-15px,0)}90%{transform:translate3d(0,-4px,0)}}.bounce{animation-name:bounce;transform-origin:center bottom}@keyframes flash{50%,from,to{opacity:1}25%,75%{opacity:0}}.flash{animation-name:flash}@keyframes pulse{from,to{transform:scale3d(1,1,1)}50%{transform:scale3d(1.05,1.05,1.05)}}.pulse{animation-name:pulse}@keyframes rubberBand{from,to{transform:scale3d(1,1,1)}30%{transform:scale3d(1.25,.75,1)}40%{transform:scale3d(.75,1.25,1)}50%{transform:scale3d(1.15,.85,1)}65%{transform:scale3d(.95,1.05,1)}75%{transform:scale3d(1.05,.95,1)}}.rubberBand{animation-name:rubberBand}@keyframes shake{from,to{transform:translate3d(0,0,0)}10%,30%,50%,70%,90%{transform:translate3d(-10px,0,0)}20%,40%

Chrome Cache Entry: 207

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 627, 8-bit/color RGB, non-interlaced
Category:	dropped
Size (bytes):	846114
Entropy (8bit):	7.992455741763255
Encrypted:	true
SSDEEP:
MD5:	D5EB32A97DC6093DCBB3971BF0A2FEC8
SHA1:	341AAF59B7928744C2C9ABB12F5F9C4B3FE22B39
SHA-256:	92E41948D9DE01BAD237B37799F776A45058BF66BB57B61237A79DF08388EBAD
SHA-512:	D81C777D2759F0724A716B36F03CF2D12444F39FE1BBBF114038D0A7B02BD937BF17AC8942C714AAF7600F7C70910AD4FB2D0C94B7EDC41CC741244C2634E0F3
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......s.......}.....pHYs................~iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmp:CreatorTool="Adobe Photoshop 22.3 (Windows)" xmp:CreateDate="2024-01-12T17:07:29+02:00" xmp:MetadataDate="2024-01-12T17:07:29+02:00" xmp:ModifyDate="2024-01-12T17:07:29+02:00" xmpMM:InstanceID="xmp.iid:59cad56d-7d1d-bc4d-9115-209bdb8707e8" xmpMM:DocumentID="adobe:docid:photoshop:2bb9eeb3-fde4-7c44-b5ab-79a2ff780885" xmpMM:OriginalDocumentID="xmp.did:95258573-acb0-bd4c-9b49-311e09564626" photoshop:Color

Chrome Cache Entry: 208

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (19607)
Category:	downloaded
Size (bytes):	19653
Entropy (8bit):	4.557444692455203
Encrypted:	false
SSDEEP:
MD5:	B311208315B983433B38A9CDE809140E
SHA1:	C39B3852D5395482916F552D79BF7E20B2F76309
SHA-256:	811C9E254F52EE41C67C23E2A744EE74B11A0BC9A5D262CAFD103E5B975EEE68
SHA-512:	D55E7BE195E85404B061592AE092D9270F10622FF6259AF99D843C68A3867107529B8559B64F08C08E877A55C46EAD233DCDED733BF859993176C561DEDB99CA
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.25.0
Preview:	/! elementor-icons - v5.27.0 - 16-01-2024 /.@font-face{font-family:eicons;src:url(../fonts/eicons.eot?5.27.0);src:url(../fonts/eicons.eot?5.27.0#iefix) format("embedded-opentype"),url(../fonts/eicons.woff2?5.27.0) format("woff2"),url(../fonts/eicons.woff?5.27.0) format("woff"),url(../fonts/eicons.ttf?5.27.0) format("truetype"),url(../fonts/eicons.svg?5.27.0#eicon) format("svg");font-weight:400;font-style:normal}[class*=" eicon-"],[class^=eicon]{display:inline-block;font-family:eicons;font-size:inherit;font-weight:400;font-style:normal;font-variant:normal;line-height:1;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}@keyframes a{0%{transform:rotate(0deg)}to{transform:rotate(359deg)}}.eicon-animation-spin{animation:a 2s infinite linear}.eicon-editor-link:before{content:"\e800"}.eicon-editor-unlink:before{content:"\e801"}.eicon-editor-external-link:before{content:"\e802"}.eicon-editor-close:before{content:"\e803"}.eicon-editor-list-ol:before{cont

Chrome Cache Entry: 209

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (5127), with no line terminators
Category:	downloaded
Size (bytes):	5131
Entropy (8bit):	4.948242348088103
Encrypted:	false
SSDEEP:
MD5:	08FAE0E9F8CE7E1CC244D6957A0FC71C
SHA1:	958FBF4F8B318E39612DD25EEFAE43C006769883
SHA-256:	30C2E510F9FAC929EEAB0EA915D80904A4E72B22EB8612DD8C83C7DFB71862E0
SHA-512:	E8F69BB51F6CAF9AB132B1BE8F6EE3248C80DD74E47823C17CE4C1A14B289BDB2C2AC19035309724E3F8F53A2647B3204F8DC83AE85081E9069275FCAC7AE4E3
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/themes/hello-elementor/theme.min.css?ver=3.0.0
Preview:	@charset "UTF-8";.comments-area a,.page-content a{text-decoration:underline}.alignright{float:right;margin-left:1rem}.alignleft{float:left;margin-right:1rem}.aligncenter{clear:both;display:block;margin-left:auto;margin-right:auto}.alignwide{margin-left:-80px;margin-right:-80px}.alignfull{margin-left:calc(50% - 50vw);margin-right:calc(50% - 50vw);max-width:100vw}.alignfull,.alignfull img{width:100vw}.wp-caption{margin-block-end:1.25rem;max-width:100%}.wp-caption.alignleft{margin:5px 20px 20px 0}.wp-caption.alignright{margin:5px 0 20px 20px}.wp-caption img{display:block;margin-left:auto;margin-right:auto}.wp-caption-text{margin:0}.gallery-caption{display:block;font-size:.8125rem;line-height:1.5;margin:0;padding:.75rem}.pagination{margin:20px auto}.sticky{position:relative;display:block}.bypostauthor{font-size:inherit}.hide{display:none!important}.post-password-form p{width:100%;display:flex;align-items:flex-end}.post-password-form [type=submit]{margin-inline-start:3px}.screen-reader-text

Chrome Cache Entry: 212

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4957)
Category:	downloaded
Size (bytes):	4997
Entropy (8bit):	5.39682838602873
Encrypted:	false
SSDEEP:
MD5:	3B9E1F6362F47DDE1F2AD6B163566F77
SHA1:	57B45DA6040C12052E0C4C479382EAA31DD6E4BA
SHA-256:	7717D46C8BD7D7F895BA4DF7C6AE5B7FAEB926C54F96B2FA401F71F7A7704713
SHA-512:	F27F4F397004070E9BA600B3981E93036F04978A8C76BCCB93557244CD984CC4DA9350D6A6BCF05A94FBF0238FC847C80669BC4149A9EEC323B4948F39C3F179
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.19.0
Preview:	/! elementor - v3.19.0 - 29-01-2024 /.(()=>{"use strict";var e,r,_,t,a,i={},n={};function __webpack_require__(e){var r=n[e];if(void 0!==r)return r.exports;var _=n[e]={exports:{}};return i[e].call(_.exports,_,_.exports,__webpack_require__),_.exports}__webpack_require__.m=i,e=[],__webpack_require__.O=(r,_,t,a)=>{if(!_){var i=1/0;for(u=0;u<e.length;u++){for(var[_,t,a]=e[u],n=!0,c=0;c<_.length;c++)(!1&a\|\|i>=a)&&Object.keys(__webpack_require__.O).every((e=>__webpack_require__.O[e](_[c])))?_.splice(c--,1):(n=!1,a<i&&(i=a));if(n){e.splice(u--,1);var o=t();void 0!==o&&(r=o)}}return r}a=a\|\|0;for(var u=e.length;u>0&&e[u-1][2]>a;u--)e[u]=e[u-1];e[u]=[_,t,a]},_=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,__webpack_require__.t=function(e,t){if(1&t&&(e=this(e)),8&t)return e;if("object"==typeof e&&e){if(4&t&&e.__esModule)return e;if(16&t&&"function"==typeof e.then)return e}var a=Object.create(null);__webpack_require__.r(a);var i={};r=r\|\|[null,_({}),_([]),_(_)];for(var n=2&t&&e;

Chrome Cache Entry: 214

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1801), with no line terminators
Category:	downloaded
Size (bytes):	1801
Entropy (8bit):	4.880476915782121
Encrypted:	false
SSDEEP:
MD5:	4D43B2FCB5EF3E6AFDCD539F46148514
SHA1:	0FF4D5160BEB004C439B20C6343044917C629D10
SHA-256:	9AA9BB8BE2B834059533CE5DE7EED3A662AD3D3E70643BBE5F75265075E9BD28
SHA-512:	00A0C46B067C1609D996BD438D6EF3342A6CDD6323FC8B8C4853CF4A8C2FF983B98E77545AB3B16BA2A8D0E58A2D35EC77B5765BA172F6532B8000239F06E396
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1
Preview:	!function(t){"use strict";if("function"==typeof define&&define.amd)define(["jquery"],t);else if("object"==typeof exports)t(require("jquery"));else{if("undefined"==typeof jQuery)throw"jquery-numerator requires jQuery to be loaded first";t(jQuery)}}(function(t){function e(e,s){this.element=e,this.settings=t.extend({},i,s),this._defaults=i,this._name=n,this.init()}var n="numerator",i={easing:"swing",duration:500,delimiter:void 0,rounding:0,toValue:void 0,fromValue:void 0,queue:!1,onStart:function(){},onStep:function(){},onProgress:function(){},onComplete:function(){}};e.prototype={init:function(){this.parseElement(),this.setValue()},parseElement:function(){var e=t.trim(t(this.element).text());this.settings.fromValue=this.settings.fromValue\|\|this.format(e)},setValue:function(){var e=this;t({value:e.settings.fromValue}).animate({value:e.settings.toValue},{duration:parseInt(e.settings.duration,10),easing:e.settings.easing,start:e.settings.onStart,step:function(n,i){t(e.element).text(e.format

Chrome Cache Entry: 216

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (7323), with no line terminators
Category:	downloaded
Size (bytes):	7325
Entropy (8bit):	4.780228229829862
Encrypted:	false
SSDEEP:
MD5:	4F6608672AAE4899D264369DD0C580D9
SHA1:	C4B0007B7F9377CD9D7C6B8106DFFEDAA03D1610
SHA-256:	97A09CB2AF7D4406F6163874DAD15C607D571749611D00890D47143495A0A617
SHA-512:	71269B46A4C18FB845DC411D6DE352B8F3ED0BF320E05C4873209B18298BEEE451975D5108C55A1249F6E37E1227B0B3E4C1DE4FCFE85D9DCABF608F5AE39A5F
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/themes/hello-elementor/header-footer.min.css?ver=3.0.0
Preview:	@charset "UTF-8";.site-header{display:flex;flex-wrap:wrap;justify-content:space-between;padding-block-start:1rem;padding-block-end:1rem;position:relative}.site-header .site-navigation{justify-content:flex-end}.site-header .site-branding{display:flex;flex-direction:column;justify-content:center}.site-header .header-inner{display:flex;flex-wrap:wrap;justify-content:space-between}.site-header .header-inner .custom-logo-link{display:block}.site-header .header-inner .site-branding .site-description,.site-header .header-inner .site-branding .site-title{margin:0}.site-header .header-inner .site-branding.show-logo .site-title,.site-header .header-inner .site-branding.show-title .site-logo{display:none!important}.site-header:not(.header-stacked) .header-inner .site-branding{max-width:30%}.site-header:not(.header-stacked) .header-inner .site-navigation{max-width:70%}.site-header.header-inverted .header-inner{flex-direction:row-reverse}.site-header.header-inverted .header-inner .site-branding{tex

Chrome Cache Entry: 217

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	9445
Entropy (8bit):	5.276617475726948
Encrypted:	false
SSDEEP:
MD5:	C2C4E2A562E06E1CB22293A5B920ACA6
SHA1:	A7B5A369AC4883F1EE7FA701B238D20238B675CA
SHA-256:	698E93FE491CC7BBF07A470579A33DBD0DB53C19142B7BE41EBFD39A23AEF11F
SHA-512:	7117E879A8A4D8C8E1ACD1A34247A7CF420128DA970ED42975D6A04665EC571DC388C62FC3B50DEDA0B9E896F599D56FFBC28B25A45119CD79F5F45E3E58C178
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/dist/i18n.min.js?ver=7701b0c3857f914212ef
Preview:	/! This file is auto-generated /.!function(){var t={124:function(t,e,n){var r;!function(){"use strict";var i={not_string:/[^s]/,not_bool:/[^t]/,not_type:/[^T]/,not_primitive:/[^v]/,number:/[diefg]/,numeric_arg:/[bcdiefguxX]/,json:/[j]/,not_json:/[^j]/,text:/^[^\x25]+/,modulo:/^\x25{2}/,placeholder:/^\x25(?:([1-9]\d)\$\|$([^)]+)$)?(\+)?(0\|'[^$])?(-)?(\d+)?(?:\.(\d+))?([b-gijostTuvxX])/,key:/^([a-z_][a-z_\d])/i,key_access:/^\.([a-z_][a-z_\d]*)/i,index_access:/^\[(\d+)\]/,sign:/^[+-]/};function o(t){return function(t,e){var n,r,a,s,u,l,c,p,f,d=1,h=t.length,g="";for(r=0;r<h;r++)if("string"==typeof t[r])g+=t[r];else if("object"==typeof t[r]){if((s=t[r]).keys)for(n=e[d],a=0;a<s.keys.length;a++){if(null==n)throw new Error(o('[sprintf] Cannot access property "%s" of undefined value "%s"',s.keys[a],s.keys[a-1]));n=n[s.keys[a]]}else n=s.param_no?e[s.param_no]:e[d++];if(i.not_type.test(s.type)&&i.not_primitive.test(s.type)&&n instanceof Function&&(n=n()),i.numeric_arg.test(s.type)&&"number"!

Chrome Cache Entry: 218

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (21374)
Category:	downloaded
Size (bytes):	21417
Entropy (8bit):	5.114311969304168
Encrypted:	false
SSDEEP:
MD5:	D3292C1B42AF288C371C5411C4253F18
SHA1:	A563F69F9EF58E0304BBFCC783B12AB21FD4D401
SHA-256:	B00CBC0AB0A8A635EBEAF832CC1E0775145B3775E617EDE3C1E45F19681FFCBA
SHA-512:	72C49665EFF145A54EBF4545F6D77342EEFB2222E00F4161313A4AA9270717E81C525F666A0D5FCC00E292BD635F56CFE58B1E82DC106A67A70DDFF029436F1B
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.7
Preview:	/! elementor-pro - v3.7.7 - 20-09-2022 /.(self.webpackChunkelementor_pro=self.webpackChunkelementor_pro\|\|[]).push([[819],{2:(e,t,n)=>{"use strict";var s=n(3203);n(4242);var i=s(n(4774)),o=s(n(9575)),r=s(n(6254)),a=s(n(5161)),l=s(n(5039)),c=s(n(9210));class ElementorProFrontend extends elementorModules.ViewModule{onInit(){super.onInit(),this.config=ElementorProFrontendConfig,this.modules={}}bindEvents(){jQuery(window).on("elementor/frontend/init",this.onElementorFrontendInit.bind(this))}initModules(){let e={motionFX:i.default,sticky:o.default,codeHighlight:r.default,videoPlaylist:a.default,payments:l.default,progressTracker:c.default};elementorProFrontend.trigger("elementor-pro/modules/init:before"),elementorProFrontend.trigger("elementor-pro/modules/init/before"),e=elementorFrontend.hooks.applyFilters("elementor-pro/frontend/handlers",e),jQuery.each(e,((e,t)=>{this.modules[e]=new t})),this.modules.linkActions={addAction:function(){elementorFrontend.utils.urlActions.addAction(...argum

Chrome Cache Entry: 219

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format, TrueType, length 459244, version 1.0
Category:	downloaded
Size (bytes):	459244
Entropy (8bit):	6.340058734612562
Encrypted:	false
SSDEEP:
MD5:	407C921B145401549A255EAFB621F326
SHA1:	6FC4E9882755A810A985EF82E93CED29AA881CD3
SHA-256:	C1A14078BE47BD4E4CF5BA42F7EBC1000A6AE1BFC084F1C7E6132F49823ED038
SHA-512:	A27A43AE51502AC652DB8C1C19AEF1507B9BC110E6C6EFC66611A2C86DD98AE91076CE0755D63F4B7C8954C1D93D317A21A2601BCAF5AA2C3A06FC2AA63021ED
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/fonts/elementskit.woff?y24e1e
Preview:	wOFF........................................OS/2.......`...`...Jcmap...h...\|...\|....gasp................glyf.............phead...\|...6...6-O.hhea......$...$...vhmtx.............di.loca..............a\|maxp...<... ... ....name...\...p...p.:~.post....... ... ...............................3...................................@.........@...@............... .................................`............. .E............... ...G.......................................................................79..................79..................79.............].%./.K......#8.1"........326?....3!265....7>.'.#546;.2.....+.54&+."...#"&5..>.32.......<.......<.........m-..4.-m.......m..........- . -....$.......$.Q...............x.f -- ..x..................--.......B.......-.............................#.'.+./.3.7.;.?.C.G.K.O.S.W.[._.........3.#.3.#.3.#.3.#.3.#53.#.3.#.3.#.3.#.3.#.3.#53.#.3.#.3.#.3.#.3.#.3.#53.#.3.#.3.#.3.#.3.#.3.#53.#.#.4&/.54&'........#"....3!2654&#.....!..%467%.!...33333333333

Chrome Cache Entry: 220

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15718)
Category:	downloaded
Size (bytes):	18692
Entropy (8bit):	4.754375391922092
Encrypted:	false
SSDEEP:
MD5:	4CC444663C1E69CB8AC7B909E7192BCA
SHA1:	D00DDC5B9526193FA99BC3995A6D05F995452EA1
SHA-256:	4F79A89D16A5F717110FE080C0BF90B7E05FF95A4C4983F64D33110BF5F9C230
SHA-512:	AE37D08D11AA4337650CBEC0D0F1205A5505CB3E82373873E82CBA093019521CD2B93CFE2DBE4840CE098717287E1F732E9330C90063B122F1C6358664F1B8EE
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.2
Preview:	/! This file is auto-generated /.// Source: wp-includes/js/twemoji.min.js.var twemoji=function(){"use strict";var m={base:"https://twemoji.maxcdn.com/v/14.0.2/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typeof d?parseInt(d,16):d;if(d<65536)return e(d);return e(55296+((d-=65536)>>10),56320+(1023&d))},toCodePoint:o},onerror:function(){this.parentNode&&this.parentNode.replaceChild(x(this.alt,!1),this)},parse:function(d,u){u&&"function"!=typeof u\|\|(u={callback:u});return m.doNotParse=u.doNotParse,("string"==typeof d?function(d,a){return n(d,function(d){var u,f,c=d,e=N(d),b=a.callback(e,a);if(e&&b){for(f in c="<img ".concat('class="',a.className,'" ','draggable="false" ','alt="',d,'"',' src="',b,'"'),u=a.attributes(d,e))u.hasOwnProperty(f)&&0!==f.indexOf("on")&&-1===c.indexOf(" "+f+"=")&&(c=c.concat(" ",f,'="',u[f].replace(t,r),'"'));c=c.concat("/>")}return c})}:function(d,u){var f,c,e,b,a,t,r,n,o,i,s,l=function d(u,f){var c,e,b=u.childNodes,

Chrome Cache Entry: 222

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11487)
Category:	downloaded
Size (bytes):	11530
Entropy (8bit):	4.626670224424019
Encrypted:	false
SSDEEP:
MD5:	33DEBED92CDFE17EF21592FAA1912B42
SHA1:	E5200050784E2A3722CC0EC0D1CE5CC0F0C19854
SHA-256:	B37CFBED115311E2234D160428F52AAD1A8BAAE0EDBD0F5ABEAA3115495A19F1
SHA-512:	C6BBF3F2C1CCA5773EF1AA0E2B9DA44DD3F2DA77EC263BB75F959C2177CF28EE7812AC3C8A25E716BF0BC188483AD25C7E34403C37332A33E62AEF45A83532BC
Malicious:	false
Reputation:	unknown
URL:	https://heltaba.com/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.7.7
Preview:	/! elementor-pro - v3.7.7 - 20-09-2022 /..elementor-bg-transform .elementor-bg{will-change:transform}.elementor-bg-transform-zoom-in:hover .elementor-bg,.elementor-bg-transform-zoom-out .elementor-bg{-webkit-transform:scale(1.2);-ms-transform:scale(1.2);transform:scale(1.2)}.elementor-bg-transform-zoom-out:hover .elementor-bg{-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}.elementor-bg-transform-move-left .elementor-bg{-webkit-transform:scale(1.2) translateX(8%);-ms-transform:scale(1.2) translateX(8%);transform:scale(1.2) translateX(8%)}.elementor-bg-transform-move-left:hover .elementor-bg,.elementor-bg-transform-move-right .elementor-bg{-webkit-transform:scale(1.2) translateX(-8%);-ms-transform:scale(1.2) translateX(-8%);transform:scale(1.2) translateX(-8%)}.elementor-bg-transform-move-right:hover .elementor-bg{-webkit-transform:scale(1.2) translateX(8%);-ms-transform:scale(1.2) translateX(8%);transform:scale(1.2) translateX(8%)}.elementor-bg-transform-move-up

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject malicious code into process via Extra Window Memory (EWM) in order to evade process-based defenses as well as possibly elevate privileges. EWM injection is a method of executing arbitrary code in the address space of a separate live process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Process: OS API Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 140

Chrome Cache Entry: 141

Chrome Cache Entry: 144

Chrome Cache Entry: 145

Chrome Cache Entry: 147

Chrome Cache Entry: 149

Chrome Cache Entry: 152

Chrome Cache Entry: 153

Chrome Cache Entry: 154

Chrome Cache Entry: 155

Chrome Cache Entry: 156

Chrome Cache Entry: 157

Chrome Cache Entry: 158

Chrome Cache Entry: 159

Chrome Cache Entry: 160

Chrome Cache Entry: 161

Chrome Cache Entry: 162

Chrome Cache Entry: 163

Chrome Cache Entry: 164

Chrome Cache Entry: 165

Chrome Cache Entry: 166

Chrome Cache Entry: 168

Chrome Cache Entry: 169

Chrome Cache Entry: 170

Chrome Cache Entry: 172

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184