Edit tour

Windows Analysis Report
https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jM

Overview

General Information

Sample URL:https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd
Analysis ID:1400847

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 1268 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jMDuFk0C94AyEexQYcKaeybnAX4njmZPGbsuvmnncIDKee64yQ_YmKUPU_InZcDHlyXP_UMj7bHtpkkrbxWytpGKU3vKgH2nsj4PMzpuKiaHm8wpCHtE--4i9smMLrmp8SREQ7yk94ummBl_%26u%3DaHR0cHMlM2ElMmYlMmZoZWx0YWJhLmNvbSUyZmRlc2Jsb3F1ZWFyLW8tZnV0dXJvLWRhcy1kZXNwZXNhcy1pbnRlbGlnZW50ZXMtY29tLW8tc29mdHdhcmUtZGEtaGVsdGFiYSUyZiUzZm1zY2xraWQlM2Q1Y2IwMjI1OTVmNDcxMmFiZjYxYTQ3YjkwMDJiYzY4OSUyNmFkSWQlM2Q4MjM5NTAyNjU2NjQ2MCUyNmJpZHR5cGUlM2RiZSUyNmNhbXBhaWduaWQlM2Q1MjAyNDYyNDYlMjZ0YXJnZXRpZCUzZCUzYWxvYy0xNTIlMjZxdWVyeXN0cmluZyUzZCUyNmtleXdvcmQlM2QlMjZhZGdyb3VwJTNkMTMxODMxNjc4Nzg3NDAwNSUyNnNlYXJjaCUzZA%26rlid%3D5cb022595f4712abf61a47b9002bc689&rtype=targetURL&tagId=webcompar-inarticle-1&trafficGroup=zfa_vagy_rzrn&trafficSubGroup=ego MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1940,i,17579645052984150217,11411958456602694495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=HTTP Parser: No favicon
Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=HTTP Parser: No favicon
Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=HTTP Parser: No <meta name="author".. found
Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=HTTP Parser: No <meta name="author".. found
Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=HTTP Parser: No <meta name="copyright".. found
Source: https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.83:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49807 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 16MB later: 36MB
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownDNS traffic detected: queries for: heltaba.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49770 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.17:49771 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.24.83:443 -> 192.168.2.17:49804 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49805 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.17:49807 version: TLS 1.2
Source: classification engineClassification label: clean0.win@15/67@6/119
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jMDuFk0C94AyEexQYcKaeybnAX4njmZPGbsuvmnncIDKee64yQ_YmKUPU_InZcDHlyXP_UMj7bHtpkkrbxWytpGKU3vKgH2nsj4PMzpuKiaHm8wpCHtE--4i9smMLrmp8SREQ7yk94ummBl_%26u%3DaHR0cHMlM2ElMmYlMmZoZWx0YWJhLmNvbSUyZmRlc2Jsb3F1ZWFyLW8tZnV0dXJvLWRhcy1kZXNwZXNhcy1pbnRlbGlnZW50ZXMtY29tLW8tc29mdHdhcmUtZGEtaGVsdGFiYSUyZiUzZm1zY2xraWQlM2Q1Y2IwMjI1OTVmNDcxMmFiZjYxYTQ3YjkwMDJiYzY4OSUyNmFkSWQlM2Q4MjM5NTAyNjU2NjQ2MCUyNmJpZHR5cGUlM2RiZSUyNmNhbXBhaWduaWQlM2Q1MjAyNDYyNDYlMjZ0YXJnZXRpZCUzZCUzYWxvYy0xNTIlMjZxdWVyeXN0cmluZyUzZCUyNmtleXdvcmQlM2QlMjZhZGdyb3VwJTNkMTMxODMxNjc4Nzg3NDAwNSUyNnNlYXJjaCUzZA%26rlid%3D5cb022595f4712abf61a47b9002bc689&rtype=targetURL&tagId=webcompar-inarticle-1&trafficGroup=zfa_vagy_rzrn&trafficSubGroup=ego
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1940,i,17579645052984150217,11411958456602694495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1940,i,17579645052984150217,11411958456602694495,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection
1
Extra Window Memory Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jMDuFk0C94AyEexQYcKaeybnAX4njmZPGbsuvmnncIDKee64yQ_YmKUPU_InZcDHlyXP_UMj7bHtpkkrbxWytpGKU3vKgH2nsj4PMzpuKiaHm8wpCHtE--4i9smMLrmp8SREQ7yk94ummBl_%26u%3DaHR0cHMlM2ElMmYlMmZoZWx0YWJhLmNvbSUyZmRlc2Jsb3F1ZWFyLW8tZnV0dXJvLWRhcy1kZXNwZXNhcy1pbnRlbGlnZW50ZXMtY29tLW8tc29mdHdhcmUtZGEtaGVsdGFiYSUyZiUzZm1zY2xraWQlM2Q1Y2IwMjI1OTVmNDcxMmFiZjYxYTQ3YjkwMDJiYzY4OSUyNmFkSWQlM2Q4MjM5NTAyNjU2NjQ2MCUyNmJpZHR5cGUlM2RiZSUyNmNhbXBhaWduaWQlM2Q1MjAyNDYyNDYlMjZ0YXJnZXRpZCUzZCUzYWxvYy0xNTIlMjZxdWVyeXN0cmluZyUzZCUyNmtleXdvcmQlM2QlMjZhZGdyb3VwJTNkMTMxODMxNjc4Nzg3NDAwNSUyNnNlYXJjaCUzZA%26rlid%3D5cb022595f4712abf61a47b9002bc689&rtype=targetURL&tagId=webcompar-inarticle-1&trafficGroup=zfa_vagy_rzrn&trafficSubGroup=ego0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
heltaba.com1%VirustotalBrowse
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
heltaba.com
104.21.32.67
truefalseunknown
www.google.com
142.251.41.4
truefalse
    high
    NameMaliciousAntivirus DetectionReputation
    https://heltaba.com/desbloquear-o-futuro-das-despesas-inteligentes-com-o-software-da-heltaba/?msclkid=5cb022595f4712abf61a47b9002bc689&adId=82395026566460&bidtype=be&campaignid=520246246&targetid=:loc-152&querystring=&keyword=&adgroup=1318316787874005&search=false
      unknown
      https://heltaba.com/about/false
        unknown
        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs
        IPDomainCountryFlagASNASN NameMalicious
        1.1.1.1
        unknownAustralia
        13335CLOUDFLARENETUSfalse
        204.79.197.200
        unknownUnited States
        8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
        142.251.40.206
        unknownUnited States
        15169GOOGLEUSfalse
        142.250.64.106
        unknownUnited States
        15169GOOGLEUSfalse
        142.250.80.42
        unknownUnited States
        15169GOOGLEUSfalse
        142.250.80.67
        unknownUnited States
        15169GOOGLEUSfalse
        104.21.32.67
        heltaba.comUnited States
        13335CLOUDFLARENETUSfalse
        142.251.40.131
        unknownUnited States
        15169GOOGLEUSfalse
        239.255.255.250
        unknownReserved
        unknownunknownfalse
        142.251.32.110
        unknownUnited States
        15169GOOGLEUSfalse
        142.251.41.4
        www.google.comUnited States
        15169GOOGLEUSfalse
        142.251.163.84
        unknownUnited States
        15169GOOGLEUSfalse
        IP
        192.168.2.17
        Joe Sandbox version:40.0.0 Tourmaline
        Analysis ID:1400847
        Start date and time:2024-02-29 12:10:15 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:defaultwindowsinteractivecookbook.jbs
        Sample URL:https://www.bing.com/api/v1/mediation/tracking?adUnit=378186&auId=c73b8e76-d200-49e5-b833-e8f32d78bdd9&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=378186&publisherId=17160724&rId=ca99ca5e-3457-4454-8fd2-c75e2a934d18&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8I5FS-rqHgmVnD9pUsFsAEDVUCUzfFYF9jMDuFk0C94AyEexQYcKaeybnAX4njmZPGbsuvmnncIDKee64yQ_YmKUPU_InZcDHlyXP_UMj7bHtpkkrbxWytpGKU3vKgH2nsj4PMzpuKiaHm8wpCHtE--4i9smMLrmp8SREQ7yk94ummBl_%26u%3DaHR0cHMlM2ElMmYlMmZoZWx0YWJhLmNvbSUyZmRlc2Jsb3F1ZWFyLW8tZnV0dXJvLWRhcy1kZXNwZXNhcy1pbnRlbGlnZW50ZXMtY29tLW8tc29mdHdhcmUtZGEtaGVsdGFiYSUyZiUzZm1zY2xraWQlM2Q1Y2IwMjI1OTVmNDcxMmFiZjYxYTQ3YjkwMDJiYzY4OSUyNmFkSWQlM2Q4MjM5NTAyNjU2NjQ2MCUyNmJpZHR5cGUlM2RiZSUyNmNhbXBhaWduaWQlM2Q1MjAyNDYyNDYlMjZ0YXJnZXRpZCUzZCUzYWxvYy0xNTIlMjZxdWVyeXN0cmluZyUzZCUyNmtleXdvcmQlM2QlMjZhZGdyb3VwJTNkMTMxODMxNjc4Nzg3NDAwNSUyNnNlYXJjaCUzZA%26rlid%3D5cb022595f4712abf61a47b9002bc689&rtype=targetURL&tagId=webcompar-inarticle-1&trafficGroup=zfa_vagy_rzrn&trafficSubGroup=ego
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:19
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • EGA enabled
        Analysis Mode:stream
        Analysis stop reason:Timeout
        Detection:CLEAN
        Classification:clean0.win@15/67@6/119
        • Exclude process from analysis (whitelisted): svchost.exe
        • Excluded IPs from analysis (whitelisted): 142.251.40.131, 204.79.197.200, 13.107.21.200, 142.251.40.206, 142.251.163.84, 34.104.35.123, 142.250.80.42, 142.250.80.67, 142.250.64.106, 142.251.35.170, 142.250.65.234, 142.251.40.234, 142.250.176.202, 142.251.40.202, 142.250.80.74, 142.251.40.170, 142.250.81.234, 142.250.65.170, 142.251.32.106, 142.250.80.106, 142.251.41.10, 142.251.40.138, 142.251.40.106, 142.250.65.202
        • Excluded domains from analysis (whitelisted): www.bing.com, fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, dual-a-0001.a-msedge.net, fonts.gstatic.com, www-bing-com.dual-a-0001.a-msedge.net, clientservices.googleapis.com, clients.l.google.com, www-www.bing.com.trafficmanager.net
        • Not all processes where analyzed, report is missing behavior information
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2677
        Entropy (8bit):3.9920679989405494
        Encrypted:false
        SSDEEP:
        MD5:EAFF14CDBC6A6235EFD61ADC3B415BBC
        SHA1:D2D9E99EDBE6721467A1BBFF7257DCB0BCB08CC7
        SHA-256:5E8B45CA6DDA734ABF83BB07DC8534CF9DD03003D95F8F72FC92F607F3AE59D5
        SHA-512:ECFE4E6F4EBADFB37042FE5EFA7D8D427DD7ED86F4AAD5BC3F674C77930846A0F21C75B41A9014BC36602ED75AED61FACC5266F37F87C8D193EA85FAB243AD25
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,....q1...j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2679
        Entropy (8bit):4.007915001838628
        Encrypted:false
        SSDEEP:
        MD5:2AA75241457FC5B9E30CB1942DC23CBC
        SHA1:16055E21A83F15AA6F06B67095095522FB9218DA
        SHA-256:26AAE26A998FCB08B41A78ABF1454E4EE2ED33C29F26639FC97038BD265EEFA4
        SHA-512:5E3D54B4DE1B981D61AD9428F8B31F0647CA2DEC30B48476D64A1C0D87865B026E6E0BDD23FDF063ED5E51DB092BA0B4179DE434D2BD7ABA08CA0BB45BAA4F88
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,.....N...j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2693
        Entropy (8bit):4.019137844757941
        Encrypted:false
        SSDEEP:
        MD5:79456186B517C34605C228CE5172EC2A
        SHA1:8BBDD88A84D301B4F2031BB8C83BBF013D937C18
        SHA-256:825151C8394A4148ABC5904AE11D137768EC9C3FDDF69175DC87396079E5D347
        SHA-512:5A022984B93BC082449577E4C6F1591ACDD56C95ACE34B554301CDA4796D59F6C66562FACD6FB52B3D6E579513FDB6128EDB9AFEC9E098E1BDAF9F81A9CC9DD5
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2681
        Entropy (8bit):4.008552756175401
        Encrypted:false
        SSDEEP:
        MD5:D63945B7E6AEC8F1B08F2E9C2C0FA67D
        SHA1:924CAF778FB25301ACD0A5719A86E064201A0522
        SHA-256:06CF9EAD55C5732EA3C28C04F113EA45C775D6CA869E50AA46CEA2B484B9F3EE
        SHA-512:49C549A65EE1842B6EE04FC5492127334BC4B8DB9DD89F48AF6985DF34F806278A08CD271DE2E356652DF21AD5E8FE4849FB586C6637EEE9FE26D33AF1A0BE46
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,....."...j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2681
        Entropy (8bit):3.9961915283046405
        Encrypted:false
        SSDEEP:
        MD5:EDB3441C0EF574B85A06585DD945FD57
        SHA1:DCED4242340774192E83C400F49709AFABBEA929
        SHA-256:C09A912231A51A7980197253AF9800A50BAA3AB855F491FAF23E25CD5F283DCC
        SHA-512:711C540D35DF9DD475DABE63FB7914339BC535AE56DB3579D6E5A5CDE8CAAF7BC244A6F5EB9CC7B9DB0DC48F246798DF8B8C6E08147F039C120471AF9343D73A
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,.....,...j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Jan 31 10:10:55 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
        Category:dropped
        Size (bytes):2683
        Entropy (8bit):4.008518887518633
        Encrypted:false
        SSDEEP:
        MD5:AD2420C17D01D5131B391BD59759ACC5
        SHA1:860986E59BD457A26231C2C8E20044A6077C991F
        SHA-256:FB3F267DEB86574372E13E4A4DE27DFE16DADBB69E59FD9C0C7900B0B26FAE11
        SHA-512:6AA799AEE0973100BDB8D6C7DF6A1DFE8AB896AE77176D4D28EA4569CEDB7D8560C3C9A94DFA912CC77556AFA4E85D5FF58EC10A5ED729300173848F4E1582DA
        Malicious:false
        Reputation:unknown
        Preview:L..................F.@.. ...$+.,....'....j......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I]XSY....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V]XZY....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V]XZY....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V]XZY...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V]X\Y...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............-.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (9881)
        Category:downloaded
        Size (bytes):9921
        Entropy (8bit):4.316351642023709
        Encrypted:false
        SSDEEP:
        MD5:73E3F87CE33A9C36F2C8FB8B74D3A905
        SHA1:D9F85374F2F88EB9DC1DFCB2BD4483D294F210BF
        SHA-256:4328D8D919C1337A543FEAB510A2C1192938F15A88D5AB9C8AFFE824A9FC87E9
        SHA-512:57BB977B372D74AA20A6CD03FA010C4EE5BC4AB5C28A1A2573010562662691403C358F733E56EEBB31E308101B8315C50BFD2564ABA66D39856C4BEE58F5C06B
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/css/widget-icon-list.min.css
        Preview:/*! elementor - v3.19.0 - 29-01-2024 */..elementor-widget.elementor-icon-list--layout-inline .elementor-widget-container{overflow:hidden}.elementor-widget .elementor-icon-list-items.elementor-inline-items{margin-right:-8px;margin-left:-8px}.elementor-widget .elementor-icon-list-items.elementor-inline-items .elementor-icon-list-item{margin-right:8px;margin-left:8px}.elementor-widget .elementor-icon-list-items.elementor-inline-items .elementor-icon-list-item:after{width:auto;left:auto;right:auto;position:relative;height:100%;border-top:0;border-bottom:0;border-right:0;border-left-width:1px;border-style:solid;right:-8px}.elementor-widget .elementor-icon-list-items{list-style-type:none;margin:0;padding:0}.elementor-widget .elementor-icon-list-item{margin:0;padding:0;position:relative}.elementor-widget .elementor-icon-list-item:after{position:absolute;bottom:0;width:100%}.elementor-widget .elementor-icon-list-item,.elementor-widget .elementor-icon-list-item a{display:flex;font-size:inherit;
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (4592)
        Category:downloaded
        Size (bytes):4627
        Entropy (8bit):5.095794162824313
        Encrypted:false
        SSDEEP:
        MD5:7BD48EB3BD568033E96CAF0FB62E6690
        SHA1:B38066999294B99D92D95DB5F38BC15707EB1F22
        SHA-256:7868467C94A5AA0B3F11EF542F45287967F9627B3B5ACDC86E47F8F77A126596
        SHA-512:7FEC30CC4223C39D9EE3CCBBA8CC66C90467A9987279334BE43AAE4C251F6C618F6B3CCF223147C79CE6C463C89F0CEB0D0E4E471AD9AB6574AB32AF728A535F
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/dist/hooks.min.js?ver=c6aec9a8d4e5a5d543a1
        Preview:/*! This file is auto-generated */.!function(){"use strict";var n={d:function(t,r){for(var e in r)n.o(r,e)&&!n.o(t,e)&&Object.defineProperty(t,e,{enumerable:!0,get:r[e]})},o:function(n,t){return Object.prototype.hasOwnProperty.call(n,t)},r:function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"__esModule",{value:!0})}},t={};n.r(t),n.d(t,{actions:function(){return S},addAction:function(){return m},addFilter:function(){return p},applyFilters:function(){return k},createHooks:function(){return f},currentAction:function(){return w},currentFilter:function(){return I},defaultHooks:function(){return h},didAction:function(){return O},didFilter:function(){return j},doAction:function(){return b},doingAction:function(){return x},doingFilter:function(){return T},filters:function(){return z},hasAction:function(){return _},hasFilter:function(){return y},removeAction:function(){return A},removeAllActions:functio
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 37000, version 1.0
        Category:downloaded
        Size (bytes):37000
        Entropy (8bit):7.994304587862501
        Encrypted:true
        SSDEEP:
        MD5:C15D94AA24B88AF859F1724B62B08D84
        SHA1:13C9CEECE82E23EADB9F4E6DBABDD6A617F5E285
        SHA-256:F2113DE896C7FFCC1D75FE539E9BA823BB93ADA5CBF6FA83873D35A042B2CA46
        SHA-512:68C5C4FBAF73538B3F59799947927767678C58629BE61ADB3EB9B299E5157C34C92B244B8C3A1CDC4D068E63E63A0BF24D059AD93269A8CE44436822B7BACB3C
        Malicious:false
        Reputation:unknown
        URL:https://fonts.gstatic.com/s/dmsans/v14/rP2Yp2ywxg089UriI5-g4vlH9VoD8Cmcqbu0-K4.woff2
        Preview:wOF2...............X..............................>...4..J?HVAR.X.`?STAT.\'2.../l.....,.A....0..0.6.$..8. .....8..[u.q.[.}.....~.d....@w\.-.Q~........ ........--E..8.C....!x.g....h....|..y.8....S..X...U.q{.4.Qq.H.....}..U.vl"...;"..'...w9%...0b..DU......\sk.FG.....v...k...o...A.......4K.........Q..K..._...Oh.W.2O.&d...p^.e.{.FbK.Ey:........ .c..K..;.y..K..r..v.9..~;.o...=..hD..XcUSFa.:..fQ...,.,".?..5... ...f7..A.H H.[..:T.;.......].z....=......W.e;.......d...,V.%..?.(%g......!..~..1..a..pYvK%.:A....u...$... -6.n.z2....P....r.@*.....>o`.D..).p......H...rK........'!.$$!.$....j...9.O..>E.....v.+...'.U..Xd.q...3`....S.c..h..w..$[Pu.n.3.R...U..`.].kyn..~knp5.I.}~3#.L..........k......I6Y......ECSz.s.....#.......I..V......+..._........'N..J.3;.. ..ppS...R....M@..1.,....~.;'..~..l\......)...i.x.;.O.S. 9.]..T.T..X.R.P...D~.?....n`.'.........B.R.&.....dx..6..Sq.`+v3h......n.{.t..rX..v..@...4...4u....p.t..M%....T....~k(q...^.).L..~m...[...S.5.?..c.\...=
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Unicode text, UTF-8 text, with very long lines (65533), with no line terminators
        Category:downloaded
        Size (bytes):115127
        Entropy (8bit):5.23489166377138
        Encrypted:false
        SSDEEP:
        MD5:9A98016751E498C06D434CC022CA1A44
        SHA1:6AA9AF5FE436EAB9C313DE9F0BEA072C04637624
        SHA-256:DA9ED5720B674F0D297FE621AC2D8D518C4E622BEF1E9B0D4AE489DEE9AA43F8
        SHA-512:DE3BF5E595ED42258FCDE6D93AD40C0D9DC8E523F8E01FCC93CA6588588FAD07A26D7115C6583486BE286A6CD7FA35720091876AFB0AAA2DE4DE58C370151E3D
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
        Preview:!function(t){"use strict";var r,e,n;e={},(n=function(t){if(e[t])return e[t].exports;var o=e[t]={i:t,l:!1,exports:{}};return r[t].call(o.exports,o,o.exports,n),o.l=!0,o.exports}).m=r=[function(t,r,e){e(1),e(71),e(78),e(81),e(82),e(84),e(87),e(91),e(92),e(100),e(101),e(104),e(109),e(125),e(129),e(130),e(132),e(134),e(137),e(138),e(139),e(140),e(141),e(145),e(148),e(155),e(156),e(159),e(160),e(166),e(167),e(170),e(171),e(172),e(173),e(175),e(176),e(178),e(179),e(180),e(181),e(182),e(183),e(184),e(189),e(212),e(213),e(214),e(216),e(217),e(218),e(219),e(220),e(221),e(226),e(227),e(228),e(229),e(230),e(231),e(233),e(234),e(235),e(236),e(237),e(238),e(239),e(240),e(241),e(242),e(243),e(246),e(248),e(250),e(252),e(253),e(254),e(255),e(256),e(257),e(260),e(261),e(263),e(264),e(265),e(266),e(267),e(268),e(271),e(272),e(273),e(274),e(276),e(277),e(278),e(279),e(280),e(284),e(285),e(286),e(287),e(288),e(289),e(290),e(292),e(293),e(294),e(298),e(299),e(301),e(302),e(303),e(304),e(310),e(312),e(313)
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (5756), with no line terminators
        Category:downloaded
        Size (bytes):5756
        Entropy (8bit):5.087231260328181
        Encrypted:false
        SSDEEP:
        MD5:5BE56BC9E617084E1CBB84C994912FC3
        SHA1:A3ADCA593D4EC4AFB41E32D073405610AE37EEF7
        SHA-256:3C3C0EBE37E4FD4187131A0A8D039064A9014215C4B83199D909E7E0B2D7F450
        SHA-512:091A8004A7773D77FAEBD736D6626E5BC68609A366DC8377163B5BB96A87A8EA7B5C25A8EFF9CABB17664A1E313769393429B9E6CB7AD3E0E58A810B94B2EF7F
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/themes/hello-elementor/style.min.css?ver=3.0.0
        Preview:html{line-height:1.15;-webkit-text-size-adjust:100%}*,:after,:before{box-sizing:border-box}body{margin:0;font-family:-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-size:1rem;font-weight:400;line-height:1.5;color:#333;background-color:#fff;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}h1,h2,h3,h4,h5,h6{margin-block-start:.5rem;margin-block-end:1rem;font-family:inherit;font-weight:500;line-height:1.2;color:inherit}h1{font-size:2.5rem}h2{font-size:2rem}h3{font-size:1.75rem}h4{font-size:1.5rem}h5{font-size:1.25rem}h6{font-size:1rem}p{margin-block-start:0;margin-block-end:.9rem}hr{box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:1em;white-space:pre-wrap}a{background-color:transparent;text-decoration:none;color:#c36}a:active,a:hover{color:#336}a:not([href]):not([tabindex]),a:not([href]):not([tabindex]):focus,a:
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (13479)
        Category:downloaded
        Size (bytes):13577
        Entropy (8bit):5.272065782731947
        Encrypted:false
        SSDEEP:
        MD5:9FFEB32E2D9EFBF8F70CAABDED242267
        SHA1:3AD0C10E501AC2A9BFA18F9CD7E700219B378738
        SHA-256:5274F11E6FB32AE0CF2DFB9F8043272865C397A7C4223B4CFA7D50EA52FBDE89
        SHA-512:8D6BE545508A1C38278B8AD780C3758AE48A25E4E12EEE443375AA56031D9B356F8C90F22D4F251140FA3F65603AF40523165E33CAE2E2D62FC78EC106E3D731
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
        Preview:/*! jQuery Migrate v3.4.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(t){"use strict";"function"==typeof define&&define.amd?define(["jquery"],function(e){return t(e,window)}):"object"==typeof module&&module.exports?module.exports=t(require("jquery"),window):t(jQuery,window)}(function(s,n){"use strict";function e(e){return 0<=function(e,t){for(var r=/^(\d+)\.(\d+)\.(\d+)/,n=r.exec(e)||[],o=r.exec(t)||[],a=1;a<=3;a++){if(+o[a]<+n[a])return 1;if(+n[a]<+o[a])return-1}return 0}(s.fn.jquery,e)}s.migrateVersion="3.4.1";var t=Object.create(null);s.migrateDisablePatches=function(){for(var e=0;e<arguments.length;e++)t[arguments[e]]=!0},s.migrateEnablePatches=function(){for(var e=0;e<arguments.length;e++)delete t[arguments[e]]},s.migrateIsPatchEnabled=function(e){return!t[e]},n.console&&n.console.log&&(s&&e("3.0.0")&&!e("5.0.0")||n.console.log("JQMIGRATE: jQuery 3.x-4.x REQUIRED"),s.migrateWarnings
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65536), with no line terminators
        Category:downloaded
        Size (bytes):445765
        Entropy (8bit):5.044828150647657
        Encrypted:false
        SSDEEP:
        MD5:6EBE41C763A5E85F95427CCFC8A5D6AF
        SHA1:93DFB2CBF2611A3B60F7DB6413C98B8857587B76
        SHA-256:83929A28D24C5571F82C02BAA51EEBB64FC862719E370622EE03FB6311DEC34D
        SHA-512:BB60A6BD8B5BF6599ED5F64F5736EF2589650B5F99108B98550F7AEEE95EBB5D59EAB24E06A7B7CED7D03A9B416B773E409909DA0F4155D69392BC2EB50A24BB
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/widget-styles.css?ver=3.0.4
        Preview:.ekit-wid-con .row{display:-ms-flexbox;display:-webkit-box;display:flex;-ms-flex-wrap:wrap;flex-wrap:wrap;margin-right:-15px;margin-left:-15px}.ekit-wid-con .col,.ekit-wid-con .col-1,.ekit-wid-con .col-10,.ekit-wid-con .col-11,.ekit-wid-con .col-12,.ekit-wid-con .col-2,.ekit-wid-con .col-3,.ekit-wid-con .col-4,.ekit-wid-con .col-5,.ekit-wid-con .col-6,.ekit-wid-con .col-7,.ekit-wid-con .col-8,.ekit-wid-con .col-9,.ekit-wid-con .col-auto,.ekit-wid-con .col-lg,.ekit-wid-con .col-lg-1,.ekit-wid-con .col-lg-10,.ekit-wid-con .col-lg-11,.ekit-wid-con .col-lg-12,.ekit-wid-con .col-lg-2,.ekit-wid-con .col-lg-3,.ekit-wid-con .col-lg-4,.ekit-wid-con .col-lg-5,.ekit-wid-con .col-lg-6,.ekit-wid-con .col-lg-7,.ekit-wid-con .col-lg-8,.ekit-wid-con .col-lg-9,.ekit-wid-con .col-lg-auto,.ekit-wid-con .col-md,.ekit-wid-con .col-md-1,.ekit-wid-con .col-md-10,.ekit-wid-con .col-md-11,.ekit-wid-con .col-md-12,.ekit-wid-con .col-md-2,.ekit-wid-con .col-md-3,.ekit-wid-con .col-md-4,.ekit-wid-con .col-md-5,.e
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (40266)
        Category:downloaded
        Size (bytes):40306
        Entropy (8bit):5.274973361941598
        Encrypted:false
        SSDEEP:
        MD5:9BED355558398A2DDBDCB244E3F698E9
        SHA1:7AB56418B4DA1CE328CB3F0F9FB88A583A735B79
        SHA-256:A6096481CA8E8441840771673A349CA49FC40B7E392A8A0583FE36E5CA52D7D3
        SHA-512:7C3B3CCF3FF2CE5B49D52CDB77E7A31E7AC76B16CA6FCE66413DADB16F43A6F7CA67587DBBED50E8F67F2FE4CE25F566CE2E65BC244BE99DC998151192876A50
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.18.3
        Preview:/*! elementor - v3.19.0 - 29-01-2024 */."use strict";(self.webpackChunkelementor=self.webpackChunkelementor||[]).push([[819],{9220:(e,t,n)=>{var o=n(3203);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var i=o(n(8135));class _default extends elementorModules.ViewModule{constructor(){super(...arguments),this.documents={},this.initDocumentClasses(),this.attachDocumentsClasses()}getDefaultSettings(){return{selectors:{document:".elementor"}}}getDefaultElements(){const e=this.getSettings("selectors");return{$documents:jQuery(e.document)}}initDocumentClasses(){this.documentClasses={base:i.default},elementorFrontend.hooks.doAction("elementor/frontend/documents-manager/init-classes",this)}addDocumentClass(e,t){this.documentClasses[e]=t}attachDocumentsClasses(){this.elements.$documents.each(((e,t)=>this.attachDocumentClass(jQuery(t))))}attachDocumentClass(e){const t=e.data(),n=t.elementorId,o=t.elementorType,i=this.documentClasses[o]||this.documentClasses.base;this.documents[
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (681), with no line terminators
        Category:downloaded
        Size (bytes):681
        Entropy (8bit):5.202494651221147
        Encrypted:false
        SSDEEP:
        MD5:F5945DB2F3337FD9F1CBEF5B07B2A493
        SHA1:8A11439D56AF9FB27836BB5F2A30AEB35B93BB5A
        SHA-256:A8642BCD147BA3528345F5BD17F788CD524931E093255B2C1C8344677A1AB505
        SHA-512:DDFAE8040510DCA2E41C5F745B2EC8E349053A02409C41CBC3CBF8DF1561B7C586F93090974EE6821FC27E19ABA68CC6C95FABE9D9321934FB185D20A8DA7A12
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/animate-circle.min.js?ver=3.0.4
        Preview:function animateCircle({percentage:e=100,onScroll:t=!1,speed:i=1,element:n,size:o=50,backgroundClr:r="white",color:l="blue",strokeWidth:a=5}){let c=Math.ceil(document.body.scrollHeight-window.innerHeight);if(!n)return void console.error("Invalid element:",n);let d=n,h=d.getContext("2d"),s=2*o+a,g=s,m=s/2,u=g/2;d.width=s,d.height=g;let k=()=>{let n=t?Math.floor(window.pageYOffset/c*100):e>100?100:e+i;h.clearRect(0,0,s,g),h.beginPath(),h.lineWidth=a,h.arc(m,u,o,0,2*Math.PI),h.strokeStyle=r,h.stroke(),(e=>{h.beginPath(),h.lineWidth=a,h.strokeStyle=l,h.arc(m,u,o,0,2*Math.PI*e/100),h.stroke()})(n),(!t||n<e)&&requestAnimationFrame(k)};t?document.addEventListener("scroll",k):k()}
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (715)
        Category:downloaded
        Size (bytes):758
        Entropy (8bit):5.1206753054199865
        Encrypted:false
        SSDEEP:
        MD5:E09B9D7EBB213B8392C3153134F1B86E
        SHA1:4E14D9EAE96F0CCE753C41EC75A7D394BEAE0DB3
        SHA-256:101BB31F66E24B15253746CAFCADBE71B60E2EA93611AACF4C3133D0101EC994
        SHA-512:16A031C6885FAEBC5726F3D93390E187E59D42DE4A33029C6126F3CDD67EB713FF6F1469E7A68F1F6F0A66A0AD7F329C20910958B4DEC45723E35C3077B9722A
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/popup.483b906ddaa1af17ff14.bundle.min.js
        Preview:/*! elementor-pro - v3.7.7 - 20-09-2022 */."use strict";(self.webpackChunkelementor_pro=self.webpackChunkelementor_pro||[]).push([[50],{8872:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var o=elementorModules.frontend.handlers.Base.extend({getDefaultSettings:()=>({selectors:{form:".elementor-form"}}),getDefaultElements(){var e=this.getSettings("selectors"),t={};return t.$form=this.$element.find(e.form),t},bindEvents(){this.elements.$form.on("submit_success",this.handleFormAction)},handleFormAction(e,t){if(void 0===t.data.popup)return;const o=t.data.popup;if("open"===o.action)return elementorProFrontend.modules.popup.showPopup(o);setTimeout((()=>elementorProFrontend.modules.popup.closePopup(o,e)),1e3)}});t.default=o}}]);
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (3133), with no line terminators
        Category:downloaded
        Size (bytes):3133
        Entropy (8bit):4.650341485167323
        Encrypted:false
        SSDEEP:
        MD5:8A9EAA67AE1F36C4AD0761B7D2E8241E
        SHA1:DC8F72D1F248D740444E35B0265EB371E6B11930
        SHA-256:45EA19AFC21CB3859E23ECE1C24028C66516D37002B0B6767E1D3C695FCA4073
        SHA-512:0BDF528746E0215FF21C1457959A9F0C4D9867872B8855EBB005FA2B4D594560C474879A2AA24ED10D780A1E69969F115BAF649B7930BF55CE9DEB8CA246BD9A
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/uploads/elementor/css/post-164.css?ver=1705064648
        Preview:.elementor-164 .elementor-element.elementor-element-f049a21{text-align:center;}.elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-field-group{padding-right:calc( 10px/2 );padding-left:calc( 10px/2 );margin-bottom:10px;}.elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-form-fields-wrapper{margin-left:calc( -10px/2 );margin-right:calc( -10px/2 );margin-bottom:-10px;}.elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-field-group.recaptcha_v3-bottomleft, .elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-field-group.recaptcha_v3-bottomright{margin-bottom:0;}body.rtl .elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-labels-inline .elementor-field-group > label{padding-left:0px;}body:not(.rtl) .elementor-164 .elementor-element.elementor-element-7c18cd0 .elementor-labels-inline .elementor-field-group > label{padding-right:0px;}body .elementor-164 .elementor-element.elementor-element-7c18cd0 .
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1536x933, components 3
        Category:dropped
        Size (bytes):116714
        Entropy (8bit):7.94454395391067
        Encrypted:false
        SSDEEP:
        MD5:CD2D9F484DBA671F1A0737C3B74DC579
        SHA1:CB397C18E4FD8E3ECBCEFB0CB497B9826DCDA0ED
        SHA-256:DECFC7F10458243834DA7AA08E225520F8B9E36F6BD11E909F6D9FF8FAEC3EEE
        SHA-512:D54B814A8ED5F4149C8B9ACFCD7711068C22D4353BA2B9FCFFFE47D5E7CA37C8D2F15DDCDD46ABD802D13387B6E439BB6D18E228E445FA9A5B7228ADA954D938
        Malicious:false
        Reputation:unknown
        Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....*....*.U...T...4....f..KE.\v..@....R.R...Z1K.....Q...,-5.......CJ*n2D.*4..Jb.)qE0.(....1E.....%...jx...J.j..*.'.Lq...F..g]&A...c[W..k&u.T....1KEI`i)sE..R.I@...P.IJ(......1E...QE...QE..R.(...E..J)qI...(...(.4...SI@.E/JJ.))h=(.))M%...N4....4...b.CKMb.d......V&....DB.Wq...^]......tz\&F.).~...4P.2:....
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (62936), with no line terminators
        Category:downloaded
        Size (bytes):62936
        Entropy (8bit):5.125248664889248
        Encrypted:false
        SSDEEP:
        MD5:C0BDC68E75B5C2F3DD1BFF3088E2E66C
        SHA1:84FDD08B80F95B02989BDEEEADDC8E2749B57134
        SHA-256:3990F397C4B65E707EAA128F9C07EF2B00CB7582FBA53BE88A6FCDEE75D67659
        SHA-512:A60B1CCCE3D1F8BC9A9F1E2F9D06251E8C5E677460AF59EA066A60F5C9D13ACB21A95D5BE943D2826EC1FD5D88FF7EE761E322717D9B5D6C5A38BC4AFA6A894D
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/assets/js/main.min.js?ver=6.4.3
        Preview:!function(d){"use strict";window.qodefAddonsCore={},qodefAddonsCore.shortcodes={},qodefAddonsCore.body=d("body"),qodefAddonsCore.html=d("html"),qodefAddonsCore.windowWidth=d(window).width(),qodefAddonsCore.windowHeight=d(window).height(),qodefAddonsCore.scroll=0,d(document).ready(function(){qodefAddonsCore.scroll=d(window).scrollTop(),i.init(),x.init(),e.init()}),d(window).resize(function(){qodefAddonsCore.windowWidth=d(window).width(),qodefAddonsCore.windowHeight=d(window).height()}),d(window).scroll(function(){qodefAddonsCore.scroll=d(window).scrollTop()}),d(window).on("load",function(){o.init()});var x={init:function(e){this.holder=d(".qodef-qi-swiper-container"),d.extend(this.holder,e),this.holder.length&&this.holder.each(function(){x.initSlider(d(this))})},initSlider:function(e){var o,t=x.getOptions(e),n=x.getEvents(e,t);elementorFrontend.config.experimentalFeatures.e_optimized_assets_loading?o=setInterval(function(){"undefined"!==elementorFrontend.utils.swiper&&(new elementorFron
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (6625), with no line terminators
        Category:downloaded
        Size (bytes):6625
        Entropy (8bit):5.021395915232743
        Encrypted:false
        SSDEEP:
        MD5:FD7EF2E4737ACD74FD0DCDC3B515E304
        SHA1:0D792B33F12A48EE8AAAF2560A63A5682470645B
        SHA-256:1D52E1AC7D3BC25A8B0FFC257153F9DD50249F96FE9A4DF5E0D771241A69062C
        SHA-512:3C4358F9605F1CCE097F36689099B8364C43CC360C3D4F5CA77BE5CEE43BB818C6562496F26AD57CE44C34C474FE4CCB6DEED01A14ED259D498F5BC17F9532C7
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0
        Preview:var runtime=function(t){"use strict";var e,r=Object.prototype,n=r.hasOwnProperty,o=Object.defineProperty||function(t,e,r){t[e]=r.value},i=(w="function"==typeof Symbol?Symbol:{}).iterator||"@@iterator",a=w.asyncIterator||"@@asyncIterator",c=w.toStringTag||"@@toStringTag";function u(t,e,r){return Object.defineProperty(t,e,{value:r,enumerable:!0,configurable:!0,writable:!0}),t[e]}try{u({},"")}catch(r){u=function(t,e,r){return t[e]=r}}function h(t,r,n,i){var a,c,u,h;r=r&&r.prototype instanceof v?r:v,r=Object.create(r.prototype),i=new O(i||[]);return o(r,"_invoke",{value:(a=t,c=n,u=i,h=f,function(t,r){if(h===p)throw new Error("Generator is already running");if(h===y){if("throw"===t)throw r;return{value:e,done:!0}}for(u.method=t,u.arg=r;;){var n=u.delegate;if(n&&(n=function t(r,n){var o=n.method,i=r.iterator[o];return i===e?(n.delegate=null,"throw"===o&&r.iterator.return&&(n.method="return",n.arg=e,t(r,n),"throw"===n.method)||"return"!==o&&(n.method="throw",n.arg=new TypeError("The iterator
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:C++ source, ASCII text
        Category:downloaded
        Size (bytes):2937
        Entropy (8bit):4.908473755258273
        Encrypted:false
        SSDEEP:
        MD5:37A18CD57014E833A5C4A7BFA6EEA9B3
        SHA1:BDAA4DC40B15D010D66959BFE7A40B10292D1763
        SHA-256:FAD3123058CCE0346EE9998342EF09CFA766DC1393EE3B5C2B450A18936C7D1B
        SHA-512:3D721D447BD732F96BF1B2FEAE5EF6B6064EC6B2396022F06A0D96F8CA1478F77C8910733BC277EBE414A5E85C77CA80B9D2F9A5F9AE77C7E99884C82F15A9A3
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/themes/hello-elementor/assets/js/hello-frontend.min.js?ver=3.0.0
        Preview:/******/ (() => { // webpackBootstrap./******/ ."use strict";.var __webpack_exports__ = {};...class elementorHelloThemeHandler {. constructor() {. this.initSettings();. this.initElements();. this.bindEvents();. }. initSettings() {. this.settings = {. selectors: {. menuToggle: '.site-header .site-navigation-toggle',. menuToggleHolder: '.site-header .site-navigation-toggle-holder',. dropdownMenu: '.site-header .site-navigation-dropdown'. }. };. }. initElements() {. this.elements = {. window,. menuToggle: document.querySelector(this.settings.selectors.menuToggle),. menuToggleHolder: document.querySelector(this.settings.selectors.menuToggleHolder),. dropdownMenu: document.querySelector(this.settings.selectors.dropdownMenu). };. }. bindEvents() {. var _this$elements$menuTo;. if (!this.elements.menuToggleHolder || (_this$elements$menuTo = this.elements.menuToggleHolder) !== null && _this$elements$menuTo !==
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (12198), with no line terminators
        Category:downloaded
        Size (bytes):12198
        Entropy (8bit):5.031745242580206
        Encrypted:false
        SSDEEP:
        MD5:3819C3569DA71DAEC283A75483735F7E
        SHA1:ECD40A5CC6F0B76200C454CA880210DC301CFAB8
        SHA-256:214674CC77ABA35AB3567B88E2739FD08E8E96C61D279559AD61874069683EA0
        SHA-512:2710655DFF46653DAEB3A6E3F6D36F885E51D5B375738EE353ACA40C6F66AE1A7DECE57039D58747012ED9EA2822191143C06F270123B8CC580F6A41B8E8AEF4
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
        Preview:!function(){"use strict";function Waypoint(options){if(!options)throw new Error("No options passed to Waypoint constructor");if(!options.element)throw new Error("No element option passed to Waypoint constructor");if(!options.handler)throw new Error("No handler option passed to Waypoint constructor");this.key="waypoint-"+keyCounter,this.options=Waypoint.Adapter.extend({},Waypoint.defaults,options),this.element=this.options.element,this.adapter=new Waypoint.Adapter(this.element),this.callback=options.handler,this.axis=this.options.horizontal?"horizontal":"vertical",this.enabled=this.options.enabled,this.triggerPoint=null,this.group=Waypoint.Group.findOrCreate({name:this.options.group,axis:this.axis}),this.context=Waypoint.Context.findOrCreateByElement(this.options.context),Waypoint.offsetAliases[this.options.offset]&&(this.options.offset=Waypoint.offsetAliases[this.options.offset]),this.group.add(this),this.context.add(this),allWaypoints[this.key]=this,keyCounter+=1}var keyCounter=0,allW
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (44809), with no line terminators
        Category:downloaded
        Size (bytes):44809
        Entropy (8bit):4.852427896405663
        Encrypted:false
        SSDEEP:
        MD5:FFE1A7F04CED6B595FB66127118187FE
        SHA1:9B5A41CAD8E41074BB03FD5C299D27B69C6909E0
        SHA-256:86E3A02E65E8D41D632CBF626F0D824B20165BDF2A354013276105FD94607ECF
        SHA-512:2D6B889822FB95CF43034355DCAAF3710D646935FBB4295108257153E3B403A1AFEC733317510D853166F9B34FA7331E58781F360FAE51AC3AC05FE85471F9FA
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/assets/css/grid.min.css?ver=6.4.2
        Preview:.qodef-qi-grid>.qodef-grid-inner{position:relative;display:grid;gap:30px}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--1{order:1}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--2{order:2}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--3{order:3}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--4{order:4}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--5{order:5}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--6{order:6}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--7{order:7}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--8{order:8}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--9{order:9}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--10{order:10}.qodef-qi-grid>.qodef-grid-inner>.qodef-grid-item.qodef-order--11{order:11}.qodef-qi-grid>.qodef-grid-inner.qodef-qi-clear:after,.qodef-qi-grid>.qodef-grid-inner.qodef-qi-clear:before{display:non
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 39844, version 1.0
        Category:downloaded
        Size (bytes):39844
        Entropy (8bit):7.995663894005643
        Encrypted:true
        SSDEEP:
        MD5:7BBEEE428F14BAA641734CB620969742
        SHA1:3950E359AD6B8D09FB99EF1E1DC54FA187B80A7B
        SHA-256:7F9064A6FCEBF724AD3F38CCB77C31ED14F7C57882314C49936627DEF4406F9D
        SHA-512:0259631B9C3025C4EA13AB3294CD432367933358200678344549CCA2D8762EE58516AA0739CD8325277C86AE258AEA9D66D5144208CF87C3BA1755DCC62D2EBB
        Malicious:false
        Reputation:unknown
        URL:https://fonts.gstatic.com/s/dmsans/v14/rP2Wp2ywxg089UriCZaSExd86J3t9jz86MvyyKy58Q.woff2
        Preview:wOF2..............0..../..........................:......J?HVAR.l.`?STAT.X'2.../l.....|.;....0..H.6.$.... ..,..D..[..q..w...m. ...^>k......6..yk..u......p.z...g&..3-.....A..A...X"..%.%...T.!..".t....d[.]+.C.5M....'H....BG...m....^.0.......-....I_MFt%.;.....K.!..1"l...E....,..~.....B3..6..X......x.Q.}.._.V.y...Dq.M.'.....A...^.wK|..r.....2..p.....9.....c.Fi#b.. ..."......,....V3......C.E@...E.RB1@....J5.j...............[D..al....s.H{..0<M.&.hR.$..I....g.zSMK.(b.".Cu.....0.T......w/.1.X&`............}..m..;L:-Q.M.Xjdb$.....n....*I.(.H./...\...v.}b.j2*.;-e(.U.N#.d..y..G.K_`..d.e......s.{.!..W.......k.....'..}&.GM....B>.R....s.F.f...I].a..m.v$..G....G.O2I..H9..q.M.....[.NR..9~..FI.....3g.A:p..h.X[..$..4.jv...7.Q.1c.[...,.$....|'.:I.)...g.DC..u..Z............x"j....GB&.*%P...9}.,+..&......v...N..t..O.)...H...j.gd..$..{./.._...>\|.J...G.n>. .6...E......;.. ..._S..w..(UH.U..5%.g\.........|.24sW.......x..-'2P.].....?..4..1....(Q,....C./b.U..ZB|..>L.
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (1320)
        Category:downloaded
        Size (bytes):1360
        Entropy (8bit):5.131451368325105
        Encrypted:false
        SSDEEP:
        MD5:8889EE34FC45512F1AD5DEC55A03A515
        SHA1:CCE4017BD9D62F6ACCC52A8F8B646E5F3D44811E
        SHA-256:3669E1E2EB5F930785056AE940C44618AF66F5DC194B944CD1E765E06EB3FD07
        SHA-512:2C96FAA74D91941F624AB12C2EF418A3A073ACE96EADC7F681A9FF5EA4D1547E24627613BFA2C149F47C65C0BF85EABB29E4E46A8538E552576710F424ED6553
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
        Preview:/*! elementor - v3.19.0 - 29-01-2024 */."use strict";(self.webpackChunkelementor=self.webpackChunkelementor||[]).push([[357],{1327:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class TextEditor extends elementorModules.frontend.handlers.Base{getDefaultSettings(){return{selectors:{paragraph:"p:first"},classes:{dropCap:"elementor-drop-cap",dropCapLetter:"elementor-drop-cap-letter"}}}getDefaultElements(){const e=this.getSettings("selectors"),t=this.getSettings("classes"),r=jQuery("<span>",{class:t.dropCap}),p=jQuery("<span>",{class:t.dropCapLetter});return r.append(p),{$paragraph:this.$element.find(e.paragraph),$dropCap:r,$dropCapLetter:p}}wrapDropCap(){if(!this.getElementSettings("drop_cap"))return void(this.dropCapLetter&&(this.elements.$dropCap.remove(),this.elements.$paragraph.prepend(this.dropCapLetter),this.dropCapLetter=""));const e=this.elements.$paragraph;if(!e.length)return;const t=e.html().replace(/&nbsp;/g," "),r=t.match(/^ *([^ ] ?)/);if(!r)return;
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
        Category:dropped
        Size (bytes):613
        Entropy (8bit):7.493288017654313
        Encrypted:false
        SSDEEP:
        MD5:7E3A3D931FCA8BA0DB7933ACF5B2D824
        SHA1:D8DA72D07E959FFA3E94911783E64E8C8166B2A5
        SHA-256:5561BE17162D8CD9FC2DF4F5A7778217037F97DD5B8A08ADB7A89818D15A648E
        SHA-512:726828D77D8392C1678B65CC792C385C0F5E836AFF8395757458FE3E4EFBCCEB2AFE0D18004E85EB56CE0B33C244A91D4457635381A841A749184009A9F42D34
        Malicious:false
        Reputation:unknown
        Preview:.PNG........IHDR... ... .....szz.....pHYs..........+......IDATX...1hSQ.....J."A..)"...C..."E.1...t. "."..n"N....AD.ED.H.Q.....*RQ$.........I^....?..].=...=..C.X..L..t.'Q..w...y.X....D.....~.<..B.8..>.:".....t.....>...{...|..\.B.....DX._..8 d.6.....f.P.!o.....:......x. .w4....}B..{bU..E}86...~.?..8..S..0..t..q.f......^a..B.e.Q.s.p..q...9M...:M.....<....JK..LV.Y.. y$..TZ.2n..f=.y..!.1.$..C~Z.].m.m......mEB.......DX.%/.*..Y....\.D..k.Bm...A.+.2j.7..MY.G.q..fz..8*d.F@5.bBU.[......q...y&O.6...-..!..Me...a..*.!..O..X7x...u.m.).%.ca&a......b..J......p....M..E.6.7.pU.G....,.d..z......IEND.B`.
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65496)
        Category:downloaded
        Size (bytes):118650
        Entropy (8bit):4.713885874931415
        Encrypted:false
        SSDEEP:
        MD5:CAB4F87C423B8F468A5465D6947353AD
        SHA1:F74FDE11973E5863BF39E81F7CFFFCDEDC14D963
        SHA-256:A9641A0A832C182F004429274EAAF7EFE35BFAD3EDF1B3F1C0C1D5E361FEDD4A
        SHA-512:E09E375CB4B7B08DE91FA2B8C9ACC06AD901602DC746C3DE869AA19E0AC9A23CCA01D19B4B30D3FB46D5777C0785F70024E0333046F6BE46275D465906A9823C
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/css/frontend-lite.min.css?ver=3.18.3
        Preview:/*! elementor - v3.19.0 - 29-01-2024 */..dialog-widget-content{background-color:var(--e-a-bg-default);position:absolute;border-radius:3px;box-shadow:2px 8px 23px 3px rgba(0,0,0,.2);overflow:hidden}.dialog-message{line-height:1.5;box-sizing:border-box}.dialog-close-button{cursor:pointer;position:absolute;margin-block-start:15px;right:15px;color:var(--e-a-color-txt);font-size:15px;line-height:1;transition:var(--e-a-transition-hover)}.dialog-close-button:hover{color:var(--e-a-color-txt-hover)}.dialog-prevent-scroll{overflow:hidden;max-height:100vh}.dialog-type-lightbox{position:fixed;height:100%;width:100%;bottom:0;left:0;background-color:rgba(0,0,0,.8);z-index:9999;-webkit-user-select:none;-moz-user-select:none;user-select:none}.elementor-editor-active .elementor-popup-modal{background-color:initial}.dialog-type-alert .dialog-widget-content,.dialog-type-confirm .dialog-widget-content{margin:auto;width:400px;padding:20px}.dialog-type-alert .dialog-header,.dialog-type-confirm .dialog-heade
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format (Version 2), TrueType, length 34636, version 1.0
        Category:downloaded
        Size (bytes):34636
        Entropy (8bit):7.993507713883684
        Encrypted:true
        SSDEEP:
        MD5:6024D3E0BEB60477220BD8321F72A815
        SHA1:73567F11300F973AE39B2017744CA78EC030353D
        SHA-256:9229AB12D7AA296F54276F883C0447E7C77205A25E250D6DBA499C49B759E829
        SHA-512:E3877255B4698293539885405BBD391B91441AE629968B29B7E8C6C3F2485D9F6A8330FC94C3D9BFC30EC69452CB0F085A8BA05929D154DED51BD7D40E4A8B42
        Malicious:false
        Reputation:unknown
        URL:https://fonts.gstatic.com/s/syne/v22/8vIH7w4qzmVxm2BL9A.woff2
        Preview:wOF2.......L............................................2?HVAR.'.`?STATf'".../V.....\.@..X.0..&.6.$..,. ........[..Q#....m..^..4.N.s.yP.!..f#.foVAg..9I..5...4..:..h".....]{`..p.......B.a....8.\.....z.U..(oJ...=.WFX.t..>......{.0.!..,ICngJt. .SV.a...].;~]i..SV.-...8.e..,B...h~.B.?..!.UO..D.KB.>.E.......?.....^*f=.....t...HSE..Bq...2"...w./..x.6?....}.xK..5.G*(.D....1..Fb......`.b..F#V...........}.G..\5........qD^..-.L.960.QL{.+k.[...E..BQ......F:.........}.d>y8.#..I.:h........6.B"$..-]..G.p..g....-..A,..x."...|.....fs.......y.]Q...V...i.....\.....]...J...]#k1Hg6..0.&<.Y..$.IF8......k.....G..k...}...&.4.........i...a.![.cD..F.....h...)...V2.........8...Y..M|D.2.X.-_,3.JK........T.rfUK....L.h..HV.u..7...&.......=|m..._....{8E.5C."8.=...M.....?...a..,........{...N..wV.i..).l.[I.v_...j.an'.;n]..[.../....."....1y{m..9.w..?....q.pL[.~s...Zq5M..9..y...../..J..N.......:.....7.WR#N.d.J.F.....u...."....q@..5..N.^E..w.f.iC.....M...\u.).H...!....m..YA
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (24339)
        Category:downloaded
        Size (bytes):24382
        Entropy (8bit):5.189701451762292
        Encrypted:false
        SSDEEP:
        MD5:86DE1334F0884CAB20195DBA73F64196
        SHA1:328ABB226F8F6ADB486DA41F34FDEDD065DD97A8
        SHA-256:CF318AFFE78386FD3458C28D3148EB84D7443F8CCF8AD74088F5F051C50B9BA4
        SHA-512:6CC3AA118A31464AB29DA6661184E7751076193D0610C250BD8404F5A223A43AD96AB21585E2372C56BC6792F6A8157A69770253D9382AEAE8D0D7B99898290C
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.7.7
        Preview:/*! elementor-pro - v3.7.7 - 20-09-2022 */."use strict";(self.webpackChunkelementor_pro=self.webpackChunkelementor_pro||[]).push([[437],{7996:(e,t,n)=>{var o=n(3203),s=o(n(4042)),r=o(n(8528)),l=o(n(7857)),a=o(n(3184)),d=o(n(7043)),i=o(n(4223)),u=o(n(4231)),c=o(n(2741)),m=o(n(3513)),h=o(n(3002)),f=o(n(8650)),g=o(n(6701)),_=o(n(102)),p=o(n(1748)),v=o(n(5438)),b=o(n(2439)),M=o(n(5032));const extendDefaultHandlers=e=>({...e,...{animatedText:s.default,carousel:r.default,countdown:l.default,hotspot:a.default,form:d.default,gallery:i.default,lottie:u.default,nav_menu:c.default,popup:m.default,posts:h.default,share_buttons:f.default,slides:g.default,social:_.default,themeBuilder:v.default,themeElements:b.default,woocommerce:M.default,tableOfContents:p.default}});elementorProFrontend.on("elementor-pro/modules/init:before",(()=>{elementorFrontend.hooks.addFilter("elementor-pro/frontend/handlers",extendDefaultHandlers)}))},8115:(e,t,n)=>{var o=n(3203);Object.defineProperty(t,"__esModule",{value:!
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 1536 x 349, 8-bit/color RGBA, non-interlaced
        Category:downloaded
        Size (bytes):32448
        Entropy (8bit):7.89387181718408
        Encrypted:false
        SSDEEP:
        MD5:956771BCE9A00469A42679099D01C1DF
        SHA1:707CED55D51C09B30B8CDC34333E4544B6125085
        SHA-256:B421FDCC85BDA47426D968B9C4CE592E8FF198CA6D023A71A2A87513F111C939
        SHA-512:6C99F890396D9E113F76CE52EC9C3B4FE2015EB9C6AC285BB1B057D80F539E3F33729FBC122C35F8B3485300B4D861CF57298E7728A04C108948F328F8490739
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/uploads/2024/01/heltaba-high-resolution-logo-black-transparent-1536x349.png
        Preview:.PNG........IHDR.......]......Y......pHYs..........+.... .IDATx...{.\.}.......3........(..*.]YQdE..Qt.!.!...1!...........(./..C.B......`l...1&..D&..eY.X..,.a4.?~.3...<z.......%.C...{.^k.~....$I.$I.$.W.0.....&0...v.{..b....P...$I.$I.$.B.X....F...~`...x.....x.L3%I.$I.$I.T..o...<.<w...7......$I.$I.$.............?.....o.$I.$I.$I:.~.j.........~ w.%I.$I.$I....3..>.j..$I.$I.$I..5......u|.X....$I.$I.$.`s..y.C..x....&..$I.$I.$..6.'.9.A.%.?%I.$I.$IR...whO....K...v\. I.$I.$I*....X......^.c...$I.$I.$.r.pZ...K......$I.$I.$.......D....I......$I.$I.$).&p.pB...6.l.v'xmI.$I.$I.t.......V..3s..I.$I.$I.....n..9.[..\o..R,..$I.$I..R...`.0.(......'j..k..D....c..$.5.9$I.$I.$I.4..e_.............:..QD.@.-..A......\oH.$I.$I...z.F..^|r..Q{.Jb2Z.......t..?#...I.$I.$IR&...#&..3Q...5`...@..~L.....5..\oH.$I.$I..~M.d...n....I......K..?..+s.!I.$I.$IR.........^Oi4.7.O.n..).u..C.$I.$I.:..L..../.........i......zC.$I.$I.]..b...)...Q..6X.UR.XG..o...3..X?.......n..'..C.$I.$I.5........^....6.}
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65447)
        Category:downloaded
        Size (bytes):87553
        Entropy (8bit):5.262620498676155
        Encrypted:false
        SSDEEP:
        MD5:826EB77E86B02AB7724FE3D0141FF87C
        SHA1:79CD3587D565AFE290076A8D36C31C305A573D18
        SHA-256:CB6F2D32C49D1C2B25E9FFC9AAAFA3F83075346C01BCD4AE6EB187392A4292CF
        SHA-512:FC79FDB76763025DC39FAC045A215FF155EF2F492A0E9640079D6F089FA6218AF2B3AB7C6EAF636827DEE9294E6939A95AB24554E870C976679C25567AD6374C
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
        Preview:/*! jQuery v3.7.1 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n||C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text
        Category:downloaded
        Size (bytes):5129
        Entropy (8bit):4.700664166204722
        Encrypted:false
        SSDEEP:
        MD5:DAF9EAE9179F002388FB321ED4288679
        SHA1:9907A6EAD885DE61203B254A34033B4EEF8DAA0E
        SHA-256:D02058E489DEB6CA066D9D7836125819C2D6D5D0149472C6165F039175303456
        SHA-512:67732B473787562A32AE244FAA3B75C67B665002C9744BF190256E44D799443F63D72D97DC03B42FF9A6944ACE9C8F6377C77B4E6B5C7368D843590738BB6574
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/inc/plugins/elementor/assets/js/elementor.js?ver=6.4.3
        Preview:(function ( $ ) {..'use strict';...$( window ).on(...'elementor/frontend/init',...function () {....qodefAddonsElementor.init();....qodefAddonsElementorPromoWidgets.init();....}..);...var qodefAddonsElementor = {...init: function () {....var isEditMode = Boolean( elementorFrontend.isEditMode() );.....if ( isEditMode ) {.....for ( var key in qodefAddonsCore.shortcodes ) {......for ( var keyChild in qodefAddonsCore.shortcodes[key] ) {.......qodefAddonsElementor.reInitShortcode(........key,........keyChild.......);......}.....}....}...},...reInitShortcode: function ( key, keyChild ) {....elementorFrontend.hooks.addAction(.....'frontend/element_ready/' + key + '.default',.....function ( e ) {......// Check if object doesn't exist and print the module where is the error......if ( typeof qodefAddonsCore.shortcodes[key][keyChild] === 'undefined' ) {.......console.log( keyChild );......} else if ( typeof qodefAddonsCore.shortcodes[key][keyChild].initSlider === 'function' && e.find( '.qodef-qi-s
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Unicode text, UTF-8 text, with very long lines (8189)
        Category:downloaded
        Size (bytes):21438
        Entropy (8bit):5.300921910116817
        Encrypted:false
        SSDEEP:
        MD5:C4E68A0F3463C0BD3C39EAB38815E881
        SHA1:0CE58644E9F3C5063A11453FF287C5EC096465A7
        SHA-256:CA7DCE2391845E8AEC7DA135F33FABD10F74EED28A532AC66FD01F761FCFB42F
        SHA-512:E871F258F625A5C8E8EC3848242352FD75DCB0F0B580333FCE07625A6A2F53E83F22E4DD7492F2D12A880709D540DE0BCDD9B335D853FE9CCCFC0EFCCF718BCE
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
        Preview:/*! jQuery UI - v1.13.2 - 2022-07-14.* http://jqueryui.com.* Includes: widget.js, position.js, data.js, disable-selection.js, effect.js, effects/effect-blind.js, effects/effect-bounce.js, effects/effect-clip.js, effects/effect-drop.js, effects/effect-explode.js, effects/effect-fade.js, effects/effect-fold.js, effects/effect-highlight.js, effects/effect-puff.js, effects/effect-pulsate.js, effects/effect-scale.js, effects/effect-shake.js, effects/effect-size.js, effects/effect-slide.js, effects/effect-transfer.js, focusable.js, form-reset-mixin.js, jquery-patch.js, keycode.js, labels.js, scroll-parent.js, tabbable.js, unique-id.js, widgets/accordion.js, widgets/autocomplete.js, widgets/button.js, widgets/checkboxradio.js, widgets/controlgroup.js, widgets/datepicker.js, widgets/dialog.js, widgets/draggable.js, widgets/droppable.js, widgets/menu.js, widgets/mouse.js, widgets/progressbar.js, widgets/resizable.js, widgets/selectable.js, widgets/selectmenu.js, widgets/slider.js, widgets/sorta
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with no line terminators
        Category:downloaded
        Size (bytes):28
        Entropy (8bit):4.039148671903071
        Encrypted:false
        SSDEEP:
        MD5:12FB20D62460EBE9EDD4B750C00F8DB1
        SHA1:ECEEFCB2DBFA7429965ECA5915E561425D657DB4
        SHA-256:5CD32C4949CDA7FD7CC07A6B18785DCEC0D4CE811DC5A29BEA4A95DFBFDE4599
        SHA-512:31F6EDB994F6B292D124E24D996D5C3E9FD89F8601A56ADEAD00844149DD41AFCDAA1648F37F15A8F49A39539F2397D1E09B2EC04CDD70DA57BA3884E1346097
        Malicious:false
        Reputation:unknown
        URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSFwk6D1lPi5yWuxIFDfZbc9ISBQ3TkGWE?alt=proto
        Preview:ChIKBw32W3PSGgAKBw3TkGWEGgA=
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (8171), with no line terminators
        Category:downloaded
        Size (bytes):8171
        Entropy (8bit):5.072859919696532
        Encrypted:false
        SSDEEP:
        MD5:DDA652DB133FDDB9B80A05C6D1B5C540
        SHA1:60C8514C57A5DB2980C4B046B0DD479BD427357B
        SHA-256:C1A9A3E223BAD631DFF12D33B5499EB145CB08D8621C20D9D73870E78D97AFE4
        SHA-512:05CB3673448A79AA81887C60A82ABA51F9A843DC13AB4FC39B3E6D8AE7D632732D9AFEFAF72FC3D197C2795A3364FDFD4F83C9B628644D98F1C9017BFD435E62
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
        Preview:!function(e){"object"==typeof exports&&"undefined"!=typeof module||"function"!=typeof define||!define.amd?e():define("inert",e)}((function(){"use strict";var e,t,n,i,o,r,s=function(e,t,n){return t&&a(e.prototype,t),n&&a(e,n),e};function a(e,t){for(var n=0;n<t.length;n++){var i=t[n];i.enumerable=i.enumerable||!1,i.configurable=!0,"value"in i&&(i.writable=!0),Object.defineProperty(e,i.key,i)}}function d(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}function u(e,t){d(this,u),this._inertManager=t,this._rootElement=e,this._managedNodes=new Set,this._rootElement.hasAttribute("aria-hidden")?this._savedAriaHidden=this._rootElement.getAttribute("aria-hidden"):this._savedAriaHidden=null,this._rootElement.setAttribute("aria-hidden","true"),this._makeSubtreeUnfocusable(this._rootElement),this._observer=new MutationObserver(this._onMutation.bind(this)),this._observer.observe(this._rootElement,{attributes:!0,childList:!0,subtree:!0})}function h(e,t){d(this,h),thi
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text
        Category:downloaded
        Size (bytes):18865
        Entropy (8bit):5.428490540008547
        Encrypted:false
        SSDEEP:
        MD5:F5C90460EA0E2A4DF3FCB5B81BB41A94
        SHA1:318CD988207C26C1DFB9A7F5B322A001AFBDD8CD
        SHA-256:8D055DC2BC41F8E8BDAD012BDB150F79FF147540CFF31D8903A7B9BB743C3715
        SHA-512:EE5DE9378C0EB22AFA73F2C02D16EED41685973D71F26AA140F5294C90EA293D3EE5AEF9F9594F41D568B7A1EB68924A944E9975F239A0F0991D83CBF4F0BFDD
        Malicious:false
        Reputation:unknown
        URL:https://fonts.googleapis.com/css?family=Syne%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CDM+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.4.3
        Preview:/* latin-ext */.@font-face {. font-family: 'DM Sans';. font-style: italic;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/dmsans/v14/rP2Wp2ywxg089UriCZaSExd86J3t9jz86MvyyKK58VXh.woff2) format('woff2');. unicode-range: U+0100-02AF, U+0304, U+0308, U+0329, U+1E00-1E9F, U+1EF2-1EFF, U+2020, U+20A0-20AB, U+20AD-20C0, U+2113, U+2C60-2C7F, U+A720-A7FF;.}./* latin */.@font-face {. font-family: 'DM Sans';. font-style: italic;. font-weight: 100;. src: url(https://fonts.gstatic.com/s/dmsans/v14/rP2Wp2ywxg089UriCZaSExd86J3t9jz86MvyyKy58Q.woff2) format('woff2');. unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02BB-02BC, U+02C6, U+02DA, U+02DC, U+0304, U+0308, U+0329, U+2000-206F, U+2074, U+20AC, U+2122, U+2191, U+2193, U+2212, U+2215, U+FEFF, U+FFFD;.}./* latin-ext */.@font-face {. font-family: 'DM Sans';. font-style: italic;. font-weight: 200;. src: url(https://fonts.gstatic.com/s/dmsans/v14/rP2Wp2ywxg089UriCZaSExd86J3t9jz86MvyyKK58VXh.woff2) format('woff2');. unicode
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (18562), with no line terminators
        Category:downloaded
        Size (bytes):18562
        Entropy (8bit):4.684986973406293
        Encrypted:false
        SSDEEP:
        MD5:37A23D586B2C476D3AB6E9BB2B3E08D6
        SHA1:8BCE43CF3926507D44A11651975F9535A90F7D0C
        SHA-256:5AEFE68B6A58F89F105E26BFBDE7F93D5443FEA8AAD4DCBD237F39380C048338
        SHA-512:FEE2020994BC858DF38058D02CEBECBBDABA1577CA79988A4C6079A026B78F2857A9BB36A995D1F2D7DFA2AAF86484D4546873AB55000457F332A8719EC63B2D
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/uploads/elementor/css/post-108.css?ver=1705063357
        Preview:.elementor-108 .elementor-element.elementor-element-6513bbcb:not(.elementor-motion-effects-element-type-background), .elementor-108 .elementor-element.elementor-element-6513bbcb > .elementor-motion-effects-container > .elementor-motion-effects-layer{background-color:var( --e-global-color-e777cd9 );}.elementor-108 .elementor-element.elementor-element-6513bbcb{transition:background 0.3s, border 0.3s, border-radius 0.3s, box-shadow 0.3s;z-index:10;}.elementor-108 .elementor-element.elementor-element-6513bbcb > .elementor-background-overlay{transition:background 0.3s, border-radius 0.3s, opacity 0.3s;}.elementor-bc-flex-widget .elementor-108 .elementor-element.elementor-element-74b90464.elementor-column .elementor-widget-wrap{align-items:center;}.elementor-108 .elementor-element.elementor-element-74b90464.elementor-column.elementor-element[data-element_type="column"] > .elementor-widget-wrap.elementor-element-populated{align-content:center;align-items:center;}.elementor-108 .elementor-elem
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:HTML document, ASCII text, with very long lines (9462)
        Category:downloaded
        Size (bytes):49752
        Entropy (8bit):5.256435722391161
        Encrypted:false
        SSDEEP:
        MD5:8DE0EBA25C45F37C7F90F030D8B78EC3
        SHA1:F99A5FAC87A98583365F1037CF426C4D36ECE0E1
        SHA-256:E567DA14E40EAC32D2F7139907936343CBBBECCF410907C6DFE95FE5BA23871D
        SHA-512:D83798335DDFA4D1317A91E02B7F7926CF3334DC89A83E0DCEFDE306A89584DAD40DA644528F546FB1A1BE32E14658E5CAF2EA8F7DF5B7406D4B67294ED9BB51
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/about/
        Preview:<!doctype html>.<html lang="en-US">.<head>..<meta charset="UTF-8">..<meta name="viewport" content="width=device-width, initial-scale=1">..<link rel="profile" href="https://gmpg.org/xfn/11">..<title>About &#8211; Heltaba</title>.<meta name='robots' content='max-image-preview:large' />.<link rel="alternate" type="application/rss+xml" title="Heltaba &raquo; Feed" href="https://heltaba.com/feed/" />.<link rel="alternate" type="application/rss+xml" title="Heltaba &raquo; Comments Feed" href="https://heltaba.com/comments/feed/" />.<script>.window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/14.0.0\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/heltaba.com\/wp-includes\/js\/wp-emoji-release.min.js?ver=6.4.3"}};./*! This file is auto-generated */.!function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.string
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (45047)
        Category:downloaded
        Size (bytes):137549
        Entropy (8bit):5.214399783307629
        Encrypted:false
        SSDEEP:
        MD5:6C087AABA5BCB76BC96366600B854E20
        SHA1:6DE8049F8F4E6C83300BE31FFA9E54D652F10F1A
        SHA-256:03CA8C38633872B885F1E54E729C4597DA2F1C52D06F9A5289DDDA7CA3A9930C
        SHA-512:C8226FE12963B09E5A70E4987D38B20D54AEF88FC871F221275F883B68DAC1DE51799C3EDD479778BDA958167F30EEB1F8B73E3AE12C13B5D12E407B5369301F
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/widget-scripts.js?ver=3.0.4
        Preview:!function(){var t={793:function(){var t=function(t,e){if(window.google){var i=e("#"+t.find(".ekit-google-map").attr("id")),n=i.data("id"),o=i.data("api_key"),s=i.data("map_type"),r=i.data("map_address_type"),a=i.data("map_lat")||23.7808875,h=i.data("map_lng")||90.2792373,l=i.data("map_addr"),c=i.data("map_basic_marker_title"),u=i.data("map_basic_marker_content"),d=i.data("map_basic_marker_icon_enable"),f=i.data("map_basic_marker_icon"),p=i.data("map_basic_marker_icon_width"),m=i.data("map_basic_marker_icon_height"),g=i.data("map_zoom")||14,v=i.data("map_markers"),y=i.data("map_static_width"),_=i.data("map_static_height"),w=i.data("map_polylines"),b=i.data("map_stroke_color"),x=i.data("map_stroke_opacity"),E=i.data("map_stroke_weight"),C=i.data("map_stroke_fill_color"),S=i.data("map_stroke_fill_opacity"),I=i.data("map_overlay_content"),T=i.data("map_routes_origin_lat"),k=i.data("map_routes_origin_lng"),z=i.data("map_routes_dest_lat"),L=i.data("map_routes_dest_lng"),O=i.data("map_routes_
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (30299), with no line terminators
        Category:downloaded
        Size (bytes):30299
        Entropy (8bit):4.712196414781506
        Encrypted:false
        SSDEEP:
        MD5:317FBC87772718EB181EC7FEBA35E148
        SHA1:E08708D82FBA6BDB5D2A6826CC5099662F7DAAB1
        SHA-256:12C3F7BC60C99D1B6B634D6CD16FBB0E26AE75DDDA15D7A6E5106CD5DAD83F14
        SHA-512:12F3E8E96F53D74B1A93F80D1B3F5174879B29588F74C1EAE3E67C6BFC76AFC0613D4392B3B46B488B5557BF1DCD1752B4FE27E26ACFBAC2B2F88BF8AED1796A
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/css/responsive.css?ver=3.0.4
        Preview:@media (max-width:480px){.ekit-wid-con .hotspot-following-line-style .ekit-hotspot-horizontal-line{width:50px}.ekit-wid-con .ekit-location_inner{left:0;right:auto}}@media (max-width:767px){.ekit-wid-con .elementskit-image-accordion-wraper{-ms-flex-wrap:wrap;flex-wrap:wrap}}@media screen and (min-width:1025px){.ekit-image-accordion-vertical .ekit-image-accordion{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ekit-image-accordion-vertical .ekit-image-accordion-item{min-height:0!important}}@media screen and (min-width:768px) and (max-width:1024px){.ekit-image-accordion-tablet-vertical .ekit-image-accordion,.ekit-image-accordion-vertical:not(.ekit-image-accordion-tablet-horizontal) .ekit-image-accordion{-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}.ekit-image-accordion-tablet-vertical .ekit-image-accordion-item,.ekit-image-accordion-vertical:not(.ekit-image-accordion-table
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1920x1280, components 3
        Category:dropped
        Size (bytes):264791
        Entropy (8bit):7.977483258883484
        Encrypted:false
        SSDEEP:
        MD5:2090032BC90D7A2AD81FB671E8388F98
        SHA1:CEFBB51E8D472199D9C2B6F462680033ABE6F587
        SHA-256:BDD002CBCA0039F3C47E5032C78E59764DBFA040064FC4677D44CAC7939D0348
        SHA-512:D17545493B85E69D817F4740A05D34043672A9E90A65A5097D0A3568E471A0DB5F7124C8EFD883ED6D8EADC6CC8959620CCDFF64A8380344E1C301B8BD99956D
        Malicious:false
        Reputation:unknown
        Preview:......JFIF.............(ICC_PROFILE............0..mntrRGB XYZ ............acsp.......................................-....................................................desc.......trXYZ...d....gXYZ...x....bXYZ........rTRC.......(gTRC.......(bTRC.......(wtpt........cprt.......<mluc............enUS...X.....s.R.G.B................................................................................XYZ ......o...8.....XYZ ......b.........XYZ ......$.........para..........ff......Y.......[........XYZ ...............-mluc............enUS... .....G.o.o.g.l.e. .I.n.c... .2.0.1.6...C....................................................................C............................................................................"..........................................].......................!.1..A.."Qaq.....2B..#R...3b...$Cr.4S...%D....cs....&5d....T.6FUetu.................................3.......................!1..AQ.."2aq.BR.#.3..$.b..............?.....S...j..h.6.."d.l*..@...6. '...6...S.4.
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Unicode text, UTF-8 text, with very long lines (60132)
        Category:downloaded
        Size (bytes):60173
        Entropy (8bit):5.2155020500734866
        Encrypted:false
        SSDEEP:
        MD5:C83BCA241B2C0FF5914A86BA02B1150F
        SHA1:1D5EAD82CB86A3CAD088E5930BCD2BBADBE19F86
        SHA-256:2F7F7CC8FB87B8AE16FFD03663FB1DE67B5493973CECF154C55EC2C5E7E0C0FC
        SHA-512:1EC07B4ED80BF32E00E1925509FDCD1344A4585228BBEC324BDC385D8DEB323CE0FD0EC12A797469F6402DD42776AA720BE9E39877E55D1CFE3A3D7B1321753C
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.19.0
        Preview:/*! elementor - v3.19.0 - 29-01-2024 */.(self.webpackChunkelementor=self.webpackChunkelementor||[]).push([[354],{381:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;t.default=(e,t)=>{t=Array.isArray(t)?t:[t];for(const n of t)if(e.constructor.name===n.prototype[Symbol.toStringTag])return!0;return!1}},8135:(e,t)=>{"use strict";Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class _default extends elementorModules.ViewModule{getDefaultSettings(){return{selectors:{elements:".elementor-element",nestedDocumentElements:".elementor .elementor-element"},classes:{editMode:"elementor-edit-mode"}}}getDefaultElements(){const e=this.getSettings("selectors");return{$elements:this.$element.find(e.elements).not(this.$element.find(e.nestedDocumentElements))}}getDocumentSettings(e){let t;if(this.isEdit){t={};const e=elementor.settings.page.model;jQuery.each(e.getActiveControls(),(n=>{t[n]=e.attributes[n]}))}else t=this.$element.data("elementor-sett
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (2456), with no line terminators
        Category:downloaded
        Size (bytes):2456
        Entropy (8bit):4.642190104401375
        Encrypted:false
        SSDEEP:
        MD5:8F82A23C3B765C4FA7E856B8D23D36C3
        SHA1:763C5A4F7584008113D42577351DA40C72CC0206
        SHA-256:EE9BACA7CC683D399A2AFC399BF57307767AD66597FB44623CEDC140022B16AF
        SHA-512:D47B2A947C209930EEE9068171BD32C4E7EB5C64A513D0B9177D73751FA0AC25B3940F827AC9B6C6A7031A958C1E514851B74DEC3D4F15E05602649DD3A424A2
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/uploads/elementor/css/post-102.css?ver=1706603437
        Preview:.elementor-102 .elementor-element.elementor-element-1615105d:not(.elementor-motion-effects-element-type-background), .elementor-102 .elementor-element.elementor-element-1615105d > .elementor-motion-effects-container > .elementor-motion-effects-layer{background-color:var( --e-global-color-cff305b );}.elementor-102 .elementor-element.elementor-element-1615105d{transition:background 0.3s, border 0.3s, border-radius 0.3s, box-shadow 0.3s;padding:60px 0px 100px 0px;}.elementor-102 .elementor-element.elementor-element-1615105d > .elementor-background-overlay{transition:background 0.3s, border-radius 0.3s, opacity 0.3s;}.elementor-102 .elementor-element.elementor-element-4753668f > .elementor-element-populated{padding:0px 0px 0px 0px;}.elementor-102 .elementor-element.elementor-element-152dc350 .elementor-icon-list-icon i{color:var( --e-global-color-text );transition:color 0.3s;}.elementor-102 .elementor-element.elementor-element-152dc350 .elementor-icon-list-icon svg{fill:var( --e-global-col
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1536x1024, components 3
        Category:downloaded
        Size (bytes):116547
        Entropy (8bit):7.933032210233883
        Encrypted:false
        SSDEEP:
        MD5:2ADCDD1726284BEBB50507D4228B6C01
        SHA1:DD19CF0FE913BA91FAD4BC7B1CDED8E26E8D8958
        SHA-256:B8BB5FA614A1D8F3037B041A783DDFB03D9E33934F98C70F2E39B4864BCF3E67
        SHA-512:D0B96D629E9C954CFBE29F3AE3860C2E57EF30B83ABA3F3B97F152AD2C59C7A45C4DCEF7C2A4E97AE9CC224B5CC7051D9E1A442DA3C79F8903827A01EF2086E5
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/uploads/2024/01/aida-4-1536x1024.jpg
        Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..x2..........P..........R...N.....]e...G.yf.~....}G .....p)G&..0p.[^k#D5.5VE..I...4.c9...SJ.t.9.R..+.R....Njt.R,..d..g.\..I..+R).V.T..)R-B....IH.;T..*j@i\.?4..f...(.i...".....@.N...S.4R.P.i..`.R..p...\R(.(..R.!..).8...:....-(.....KI@4.;....QR....."..h.,...i.EW#.Vp..A.iqK.\V...K.R..M.c.I@.(..@.(
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (12876), with no line terminators
        Category:downloaded
        Size (bytes):12876
        Entropy (8bit):5.1179527069320745
        Encrypted:false
        SSDEEP:
        MD5:BCAD7781B3E74DB2565B8424C45232CD
        SHA1:41B0D94434EF667897C06E1184B703064FFCEDA1
        SHA-256:D622534D53D3AC1095AF275F0B30274FCD835785577DF2DDE6D9398E6F7A2C8F
        SHA-512:8BF688AD357079C992136D62AD437795165F22EA1F23919611FCB756D1975D34FE2272819CFCB6B16AA79980997149F253C20334F8AB7BF133E3C91B3F9E98B7
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6
        Preview:.swiper-container{margin-left:auto;margin-right:auto;position:relative;overflow:hidden;z-index:1}.swiper-container .swiper-slide figure{line-height:0}.swiper-container .elementor-lightbox-content-source{display:none}.swiper-container-no-flexbox .swiper-slide{float:left}.swiper-container-vertical>.swiper-wrapper{flex-direction:column}.swiper-wrapper{position:relative;width:100%;height:100%;z-index:1;display:flex;transition-property:transform;box-sizing:content-box}.swiper-container-android .swiper-slide,.swiper-wrapper{transform:translateZ(0)}.swiper-container-multirow>.swiper-wrapper{flex-wrap:wrap}.swiper-container-free-mode>.swiper-wrapper{transition-timing-function:ease-out;margin:0 auto}.swiper-slide{flex-shrink:0;width:100%;height:100%;position:relative}.swiper-container-autoheight,.swiper-container-autoheight .swiper-slide{height:auto}.swiper-container-autoheight .swiper-wrapper{align-items:flex-start;transition-property:transform,height}.swiper-container .swiper-notification{pos
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65536), with no line terminators
        Category:downloaded
        Size (bytes):124837
        Entropy (8bit):4.4798601298691025
        Encrypted:false
        SSDEEP:
        MD5:9323FD320E12C4D0D865A254138147D4
        SHA1:93218FBF674488BE2FECCEBF36055C6FC1D8A1EE
        SHA-256:49EBAF0BFAD5AAF0C66DE0BB84A2C7D1E32F33ADD8D6CB75897AE56CB07BCDA9
        SHA-512:CB338E09174455CEA49D9967CC4D7CE230AE0D9D6D9F5484D630C3FA5C315D8F8E1104A8CFC9A1181A5974CFE6C01E2A7A0EC1DADA425C480200841F77F6E241
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/css/ekiticons.css?ver=3.0.4
        Preview:@font-face{font-family:elementskit;src:url(../fonts/elementskit.woff?y24e1e) format("woff");font-weight:400;font-style:normal;font-display:swap}.ekit-wid-con .fasicon,.ekit-wid-con .icon,.ekit-wid-con .icon::before,.fasicon,.icon,.icon::before{font-family:elementskit!important;speak:none;font-style:normal;font-weight:400;font-variant:normal;text-transform:none;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.ekit-wid-con .fasicon.icon-home::before,.ekit-wid-con .icon.icon-home::before,.icon.icon-home::before{content:"\e800"}.ekit-wid-con .fasicon.icon-advanced-slider::before,.ekit-wid-con .icon.icon-advanced-slider::before,.icon.icon-advanced-slider::before{content:"\e9c8"}.ekit-wid-con .fasicon.icon-image-box::before,.ekit-wid-con .icon.icon-image-box::before,.icon.icon-image-box::before{content:"\ebd1"}.ekit-wid-con .fasicon.icon-image-swap::before,.ekit-wid-con .icon.icon-image-swap::before,.icon.icon-image-swap::before{content:"\eba4"}.ekit-wid-co
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (19201)
        Category:downloaded
        Size (bytes):19244
        Entropy (8bit):5.030248364631859
        Encrypted:false
        SSDEEP:
        MD5:8E94A15C4CBCD2E1A07D1C7AE27BD0A3
        SHA1:A75F92A3069353B930FC663EEA2EE71C6B9FAA20
        SHA-256:E5117A3E07D7C12E247EAAA7973E6499584000C5ECFA1B2A66FBF830ED064650
        SHA-512:C1FBC9E3D8DF6B0447B9CE6005ECF132B8210C42BF7C5581D3C37C11F6EBCD09396F9785CEA9416F1B4F4763AD6B4DAC66ED66A7D63551473EF7CA3CAF8A12C5
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/form.72b77b99d67b130634d2.bundle.min.js
        Preview:/*! elementor-pro - v3.7.7 - 20-09-2022 */."use strict";(self.webpackChunkelementor_pro=self.webpackChunkelementor_pro||[]).push([[680],{2679:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class DataTimeFieldBase extends elementorModules.frontend.handlers.Base{getDefaultSettings(){return{selectors:{fields:this.getFieldsSelector()},classes:{useNative:"elementor-use-native"}}}getDefaultElements(){const{selectors:e}=this.getDefaultSettings();return{$fields:this.$element.find(e.fields)}}addPicker(e){const{classes:t}=this.getDefaultSettings();jQuery(e).hasClass(t.useNative)||e.flatpickr(this.getPickerOptions(e))}onInit(){super.onInit(...arguments),this.elements.$fields.each(((e,t)=>this.addPicker(t)))}}t.default=DataTimeFieldBase},784:(e,t,s)=>{var r=s(3203);Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;var i=r(s(2679));class DateField extends i.default{getFieldsSelector(){return".elementor-date-field"}getPickerOptions(e){const t=jQuery(e);retu
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (30394), with no line terminators
        Category:downloaded
        Size (bytes):30394
        Entropy (8bit):4.669957100122824
        Encrypted:false
        SSDEEP:
        MD5:BA5D969D5AF53CEFFEE54F203C905B87
        SHA1:8B5E650A9A322A6F19594D914E35015ACF379062
        SHA-256:6EFE352E9CBE2E9A8D4D6E4F1370A5AD66D26B493D85ED32D37E978A4D511941
        SHA-512:7ED40F0EC3DC01C2DF417E93295267491E165360900DF24AF5C2818539305AEB8F559AADD9044CCE4C497B6B1B4F9F21597CC302AEFEA32756786B9386E31257
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/assets/css/helper-parts.min.css?ver=6.4.2
        Preview:@keyframes qi-addons-for-elementor-fade-in{0%{opacity:0;visibility:hidden;z-index:102}100%{opacity:1;visibility:visible;z-index:102}}@keyframes qi-addons-for-elementor-fade-out{0%{opacity:1;visibility:visible;z-index:102}100%{opacity:0;visibility:hidden;z-index:0}}@keyframes qodef-animate-underline-from-left{0%{transform:scaleX(1);transform-origin:right}37%{transform:scaleX(0);transform-origin:right}38%{transform:scaleX(0);transform-origin:left}100%{transform:scaleX(1);transform-origin:left}}@keyframes qodef-animate-underline-from-right{0%{transform:scaleX(1);transform-origin:left}37%{transform:scaleX(0);transform-origin:left}38%{transform:scaleX(0);transform-origin:right}100%{transform:scaleX(1);transform-origin:right}}@keyframes qodef-animate-underline-multiline{0%{background-size:100% 87%;background-position-x:right}38%{background-size:0 87%;background-position-x:right}39%{background-size:0 87%;background-position-x:left}100%{background-size:100% 87%;background-position-x:left}}@key
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with no line terminators
        Category:downloaded
        Size (bytes):40
        Entropy (8bit):4.184183719779189
        Encrypted:false
        SSDEEP:
        MD5:94D041D462DB321CDB888066586F2068
        SHA1:717D2F9DA7FB9F9E2BF2058A8177A0344F8A8647
        SHA-256:B8166C5475DF6A64AB2456E95F64564164ED697D258E8BFED8CEBCA40EFD6FA5
        SHA-512:9A320FBC1DBEDA1700F54140F814A285D1CDADF947F927DB7E1D70A686D15FC74D69530BD13AB7CF9C3A2009791F2AC8F358CD9F748B1C2995EB9712B68DC574
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementskit-lite/libs/framework/assets/js/frontend-script.js?ver=3.0.4
        Preview:jQuery(document).ready((function(e){}));
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (2701), with no line terminators
        Category:downloaded
        Size (bytes):2701
        Entropy (8bit):4.688141301851713
        Encrypted:false
        SSDEEP:
        MD5:4050C0609245D6CAE046D3EC997DFDCB
        SHA1:2259A15C6B298A09691231BBA15C7EB930E6F373
        SHA-256:001935E396D66FAF9490154709867CDF0675B13760014FF3EE055AAF0DB78340
        SHA-512:F9A6C5C0138B82FED2DF4AC3E3BC601550A959E91155CAFF2631DEAEF6A36BE4799ED36C8B2DA7565CB256FCF15ED8B24A4D841EC57BB0B910D99DBE12EB2445
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/uploads/elementor/css/post-87.css?ver=1705306165
        Preview:.elementor-87 .elementor-element.elementor-element-5a20edc0:not(.elementor-motion-effects-element-type-background), .elementor-87 .elementor-element.elementor-element-5a20edc0 > .elementor-motion-effects-container > .elementor-motion-effects-layer{background-position:center center;background-repeat:no-repeat;background-size:auto;}.elementor-87 .elementor-element.elementor-element-5a20edc0 > .elementor-background-overlay{background-color:var( --e-global-color-7e293d1 );opacity:0.75;transition:background 0.3s, border-radius 0.3s, opacity 0.3s;}.elementor-87 .elementor-element.elementor-element-5a20edc0{transition:background 0.3s, border 0.3s, border-radius 0.3s, box-shadow 0.3s;margin-top:0px;margin-bottom:0px;padding:100px 0px 100px 0px;z-index:5;}.elementor-87 .elementor-element.elementor-element-755b749a.elementor-column > .elementor-widget-wrap{justify-content:center;}.elementor-87 .elementor-element.elementor-element-755b749a > .elementor-element-populated{padding:0% 12% 0% 12%;}.el
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (14777), with no line terminators
        Category:downloaded
        Size (bytes):14777
        Entropy (8bit):4.8965109001118
        Encrypted:false
        SSDEEP:
        MD5:2FCC896F4277EE71CBE72BF861F773BB
        SHA1:CFFD00BAD826531B93968BBD550C374B88D6CBF9
        SHA-256:6F5352CE60BB69C27848400A2A9FBB440D4308C0C5ACAF1E56A72A3194712F92
        SHA-512:F47F64B1D5FCBF12776AFA0B442B38CC3D6244E0331CA47F4F276112731CCF686E16247332864547BE7F0D7CC0A2A983C5A5196F606802D0A91B93EA3893D8B7
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/uploads/elementor/css/post-35.css?ver=1705063357
        Preview:.elementor-kit-35{--e-global-color-primary:#7868E6;--e-global-color-secondary:#B8B5FF;--e-global-color-text:#222831;--e-global-color-accent:#E4FBFF;--e-global-color-e777cd9:#FFFFFF;--e-global-color-e632858:#FFFFFF00;--e-global-color-cff305b:#EDEEF7;--e-global-color-d59e8a8:#DDDDDD;--e-global-color-9947692:#FFFFFFD1;--e-global-color-7e293d1:#22283170;--e-global-color-8fd35ab:#41384F;--e-global-color-58a7729:#DE7954;--e-global-typography-primary-font-family:"Syne";--e-global-typography-primary-font-size:80px;--e-global-typography-primary-font-weight:700;--e-global-typography-primary-line-height:90px;--e-global-typography-primary-letter-spacing:-1.5px;--e-global-typography-secondary-font-family:"DM Sans";--e-global-typography-secondary-font-size:24px;--e-global-typography-secondary-font-weight:400;--e-global-typography-secondary-line-height:36px;--e-global-typography-secondary-letter-spacing:0px;--e-global-typography-text-font-family:"DM Sans";--e-global-typography-text-font-size:17px;--e
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (65536), with no line terminators
        Category:downloaded
        Size (bytes):280175
        Entropy (8bit):4.73593920647419
        Encrypted:false
        SSDEEP:
        MD5:E637406702A3447F5E724960F075C31F
        SHA1:9F8E3D2A6653B7078482BDCFF5FA968B0C631231
        SHA-256:6F12F6F2D0598E2C1A69D71E5BB3ADE38B4E192279593F2BA80806DC4006BBB2
        SHA-512:F5F34E80D3427220BC77E137F571120E1841D327FAEA4A072F0E5F4E4B1D61ECD0D01561222CB436E9FB40BCFABE47087C19FA35DBA1C5D0F387C4CD73BE41D2
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/qi-addons-for-elementor/assets/css/main.min.css?ver=6.4.3
        Preview:.qodef-addons-blog-list{position:relative;display:inline-block;width:100%;vertical-align:top}.qodef-addons-blog-list .qodef-blog-item{position:relative;display:inline-block;width:100%;vertical-align:top}.qodef-addons-blog-list .qodef-blog-item .qodef-e-content,.qodef-addons-blog-list .qodef-blog-item .qodef-e-inner,.qodef-addons-blog-list .qodef-blog-item .qodef-e-media{position:relative;display:inline-block;width:100%;vertical-align:top}.qodef-addons-blog-list .qodef-blog-item .qodef-e-media-image{position:relative;display:inline-block;vertical-align:top;max-width:100%;overflow:hidden;z-index:1}.qodef-addons-blog-list .qodef-blog-item .qodef-e-media{display:block}.qodef-addons-blog-list .qodef-blog-item .qodef-e-media iframe{display:block;height:100%}.qodef-addons-blog-list .qodef-blog-item .qodef-e-title{margin:0 0 .5em}.qodef-addons-blog-list .qodef-blog-item .qodef-e-excerpt{margin:0}.qodef-addons-blog-list .qodef-blog-item .qodef-e-info{position:relative;display:flex;flex-wrap:wra
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (5141)
        Category:downloaded
        Size (bytes):5184
        Entropy (8bit):5.469433986279472
        Encrypted:false
        SSDEEP:
        MD5:D34A31C190BE8BDF335FA0C44EF52699
        SHA1:483E1B4BA88B6E7CA8153871811E32CAB021D6E4
        SHA-256:F032F0B942EA9F4BD771DDB2262C518E948328A305A5268DACC74F3EEE364514
        SHA-512:867865608F99F5C9FECF0A583E3434DF06BAE7BEB5C5A6F2C24655F6030EC93E1C238AB934EC269601741ED122A483931FF719C84A1E8EDED8C943C75FCF7A58
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.7.7
        Preview:/*! elementor-pro - v3.7.7 - 20-09-2022 */.(()=>{"use strict";var e,r,_,a={},n={};function __webpack_require__(e){var r=n[e];if(void 0!==r)return r.exports;var _=n[e]={exports:{}};return a[e](_,_.exports,__webpack_require__),_.exports}__webpack_require__.m=a,e=[],__webpack_require__.O=(r,_,a,n)=>{if(!_){var c=1/0;for(o=0;o<e.length;o++){for(var[_,a,n]=e[o],i=!0,t=0;t<_.length;t++)(!1&n||c>=n)&&Object.keys(__webpack_require__.O).every((e=>__webpack_require__.O[e](_[t])))?_.splice(t--,1):(i=!1,n<c&&(c=n));if(i){e.splice(o--,1);var b=a();void 0!==b&&(r=b)}}return r}n=n||0;for(var o=e.length;o>0&&e[o-1][2]>n;o--)e[o]=e[o-1];e[o]=[_,a,n]},__webpack_require__.f={},__webpack_require__.e=e=>Promise.all(Object.keys(__webpack_require__.f).reduce(((r,_)=>(__webpack_require__.f[_](e,r),r)),[])),__webpack_require__.u=e=>714===e?"code-highlight.28a979661569ddbbf60d.bundle.min.js":721===e?"video-playlist.0c9d14b28f7b8990e895.bundle.min.js":256===e?"paypal-button.3d0d5af7df85963df32c.bundle.min.js":15
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (872)
        Category:downloaded
        Size (bytes):912
        Entropy (8bit):5.0199058968156445
        Encrypted:false
        SSDEEP:
        MD5:426BA3FD28FB39069C787463E2EEE5C7
        SHA1:88E82EACC838A8A3B557B843171DD8DEB2234681
        SHA-256:166101412BB5C1F75B4E75C4DA7460A6621E8456F47D2D01653EABB9DFF0E59E
        SHA-512:6CEB9CC99B8F9E9EBA3C06A40E1FEC1DF715C5C7E6280C340A4F56BBE784B395F4433B250E2685B2C3A1FEA5630AFB0909B8FB7C37C339FEF8000FF6E8B2A7BE
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/js/counter.02cef29c589e742d4c8c.bundle.min.js
        Preview:/*! elementor - v3.19.0 - 29-01-2024 */."use strict";(self.webpackChunkelementor=self.webpackChunkelementor||[]).push([[120],{7884:(e,t)=>{Object.defineProperty(t,"__esModule",{value:!0}),t.default=void 0;class Counter extends elementorModules.frontend.handlers.Base{getDefaultSettings(){return{selectors:{counterNumber:".elementor-counter-number"}}}getDefaultElements(){const e=this.getSettings("selectors");return{$counterNumber:this.$element.find(e.counterNumber)}}onInit(){super.onInit(),this.intersectionObserver=elementorModules.utils.Scroll.scrollObserver({callback:e=>{if(e.isInViewport){this.intersectionObserver.unobserve(this.elements.$counterNumber[0]);const e=this.elements.$counterNumber.data(),t=e.toValue.toString().match(/\.(.*)/);t&&(e.rounding=t[1].length),this.elements.$counterNumber.numerator(e)}}}),this.intersectionObserver.observe(this.elements.$counterNumber[0])}}t.default=Counter}}]);
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (18593), with no line terminators
        Category:downloaded
        Size (bytes):18593
        Entropy (8bit):5.095782734715352
        Encrypted:false
        SSDEEP:
        MD5:CE634C6621026E8FB98418CE432C4B75
        SHA1:40A1A488094B4569C3A903EB043ECDA0D6BF929E
        SHA-256:D22A8CE5B62F7DE94C4183B2528D1BC7D6B220BE97B72D04C7AEA220E273D58F
        SHA-512:985C80C03CC6B2AC537A15ABB722631EC5627E12630689C329D9E27DE28B5594FF14A67B338D1B81D6E27C1518E729103015D773062AAA99DDA0FE04F3BCCA1C
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementskit-lite/widgets/init/assets/js/elementor.js?ver=3.0.4
        Preview:!function(e,t){"use strict";window.ElementsKit_Helper={},ElementsKit_Helper.setURLHash=function(t,n,i){if(void 0===t||!("ekit_hash_change"in t))return;void 0===i&&(i="ekit-handler-id");let s="#"+e(n).data(i);window.location.hash=s},ElementsKit_Helper.ajaxLoading=function(n,i){if(n.hasClass("ekit-template-ajax--yes")){var s=i.find("[data-ajax-post-id]");s.hasClass("is--loaded")||e.ajax({type:"POST",url:ekit_config.ajaxurl,data:{action:"ekit_widgetarea_content",nonce:ekit_config.nonce,post_id:s.data("ajax-post-id")},success:function(n){s.addClass("is--loaded").html(n),s.find("[data-widget_type]").each((function(){var n=e(this);t.hooks.doAction("frontend/element_ready/"+n.data("widget_type"),n)}))}})}},ElementsKit_Helper.triggerClickOnEvent=function(t,n){"click"!==t&&n.on(t,(function(){e(this).trigger("click")}))},ElementsKit_Helper.megaMenuAjaxLoad=function(t){let n=t.find(".elementskit-submenu-indicator, .ekit-submenu-indicator-icon"),i=t.find(".megamenu-ajax-load"),s=t.closest(".ekit-w
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (10019)
        Category:downloaded
        Size (bytes):18468
        Entropy (8bit):4.942984129844562
        Encrypted:false
        SSDEEP:
        MD5:4601BA55044413706C2022CB6C1C3D05
        SHA1:5103EC2FBB389568EBF5CFE4FD721F3DF2FF7AEC
        SHA-256:FE513EF974B767510D0A2B9F1B4D3AFA53185B89AB617C869E5E3D6DB960192C
        SHA-512:8DAB2D19378E34B40043621AAC57B418E56486DCFEBD1A5991BE8A02EE6B071D07EC6BFD9408DEA8FF0198995DE9D42A46E66513D68B40B68056707E4E691E01
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/lib/animations/animations.min.css?ver=3.18.3
        Preview:@keyframes bounce{20%,53%,80%,from,to{animation-timing-function:cubic-bezier(.215,.61,.355,1);transform:translate3d(0,0,0)}40%,43%{animation-timing-function:cubic-bezier(.755,.050,.855,.060);transform:translate3d(0,-30px,0)}70%{animation-timing-function:cubic-bezier(.755,.050,.855,.060);transform:translate3d(0,-15px,0)}90%{transform:translate3d(0,-4px,0)}}.bounce{animation-name:bounce;transform-origin:center bottom}@keyframes flash{50%,from,to{opacity:1}25%,75%{opacity:0}}.flash{animation-name:flash}@keyframes pulse{from,to{transform:scale3d(1,1,1)}50%{transform:scale3d(1.05,1.05,1.05)}}.pulse{animation-name:pulse}@keyframes rubberBand{from,to{transform:scale3d(1,1,1)}30%{transform:scale3d(1.25,.75,1)}40%{transform:scale3d(.75,1.25,1)}50%{transform:scale3d(1.15,.85,1)}65%{transform:scale3d(.95,1.05,1)}75%{transform:scale3d(1.05,.95,1)}}.rubberBand{animation-name:rubberBand}@keyframes shake{from,to{transform:translate3d(0,0,0)}10%,30%,50%,70%,90%{transform:translate3d(-10px,0,0)}20%,40%
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:PNG image data, 1200 x 627, 8-bit/color RGB, non-interlaced
        Category:dropped
        Size (bytes):846114
        Entropy (8bit):7.992455741763255
        Encrypted:true
        SSDEEP:
        MD5:D5EB32A97DC6093DCBB3971BF0A2FEC8
        SHA1:341AAF59B7928744C2C9ABB12F5F9C4B3FE22B39
        SHA-256:92E41948D9DE01BAD237B37799F776A45058BF66BB57B61237A79DF08388EBAD
        SHA-512:D81C777D2759F0724A716B36F03CF2D12444F39FE1BBBF114038D0A7B02BD937BF17AC8942C714AAF7600F7C70910AD4FB2D0C94B7EDC41CC741244C2634E0F3
        Malicious:false
        Reputation:unknown
        Preview:.PNG........IHDR.......s.......}.....pHYs................~iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c006 79.164753, 2021/02/15-11:52:13 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmp:CreatorTool="Adobe Photoshop 22.3 (Windows)" xmp:CreateDate="2024-01-12T17:07:29+02:00" xmp:MetadataDate="2024-01-12T17:07:29+02:00" xmp:ModifyDate="2024-01-12T17:07:29+02:00" xmpMM:InstanceID="xmp.iid:59cad56d-7d1d-bc4d-9115-209bdb8707e8" xmpMM:DocumentID="adobe:docid:photoshop:2bb9eeb3-fde4-7c44-b5ab-79a2ff780885" xmpMM:OriginalDocumentID="xmp.did:95258573-acb0-bd4c-9b49-311e09564626" photoshop:Color
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (19607)
        Category:downloaded
        Size (bytes):19653
        Entropy (8bit):4.557444692455203
        Encrypted:false
        SSDEEP:
        MD5:B311208315B983433B38A9CDE809140E
        SHA1:C39B3852D5395482916F552D79BF7E20B2F76309
        SHA-256:811C9E254F52EE41C67C23E2A744EE74B11A0BC9A5D262CAFD103E5B975EEE68
        SHA-512:D55E7BE195E85404B061592AE092D9270F10622FF6259AF99D843C68A3867107529B8559B64F08C08E877A55C46EAD233DCDED733BF859993176C561DEDB99CA
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.25.0
        Preview:/*! elementor-icons - v5.27.0 - 16-01-2024 */.@font-face{font-family:eicons;src:url(../fonts/eicons.eot?5.27.0);src:url(../fonts/eicons.eot?5.27.0#iefix) format("embedded-opentype"),url(../fonts/eicons.woff2?5.27.0) format("woff2"),url(../fonts/eicons.woff?5.27.0) format("woff"),url(../fonts/eicons.ttf?5.27.0) format("truetype"),url(../fonts/eicons.svg?5.27.0#eicon) format("svg");font-weight:400;font-style:normal}[class*=" eicon-"],[class^=eicon]{display:inline-block;font-family:eicons;font-size:inherit;font-weight:400;font-style:normal;font-variant:normal;line-height:1;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}@keyframes a{0%{transform:rotate(0deg)}to{transform:rotate(359deg)}}.eicon-animation-spin{animation:a 2s infinite linear}.eicon-editor-link:before{content:"\e800"}.eicon-editor-unlink:before{content:"\e801"}.eicon-editor-external-link:before{content:"\e802"}.eicon-editor-close:before{content:"\e803"}.eicon-editor-list-ol:before{cont
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Unicode text, UTF-8 text, with very long lines (5127), with no line terminators
        Category:downloaded
        Size (bytes):5131
        Entropy (8bit):4.948242348088103
        Encrypted:false
        SSDEEP:
        MD5:08FAE0E9F8CE7E1CC244D6957A0FC71C
        SHA1:958FBF4F8B318E39612DD25EEFAE43C006769883
        SHA-256:30C2E510F9FAC929EEAB0EA915D80904A4E72B22EB8612DD8C83C7DFB71862E0
        SHA-512:E8F69BB51F6CAF9AB132B1BE8F6EE3248C80DD74E47823C17CE4C1A14B289BDB2C2AC19035309724E3F8F53A2647B3204F8DC83AE85081E9069275FCAC7AE4E3
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/themes/hello-elementor/theme.min.css?ver=3.0.0
        Preview:@charset "UTF-8";.comments-area a,.page-content a{text-decoration:underline}.alignright{float:right;margin-left:1rem}.alignleft{float:left;margin-right:1rem}.aligncenter{clear:both;display:block;margin-left:auto;margin-right:auto}.alignwide{margin-left:-80px;margin-right:-80px}.alignfull{margin-left:calc(50% - 50vw);margin-right:calc(50% - 50vw);max-width:100vw}.alignfull,.alignfull img{width:100vw}.wp-caption{margin-block-end:1.25rem;max-width:100%}.wp-caption.alignleft{margin:5px 20px 20px 0}.wp-caption.alignright{margin:5px 0 20px 20px}.wp-caption img{display:block;margin-left:auto;margin-right:auto}.wp-caption-text{margin:0}.gallery-caption{display:block;font-size:.8125rem;line-height:1.5;margin:0;padding:.75rem}.pagination{margin:20px auto}.sticky{position:relative;display:block}.bypostauthor{font-size:inherit}.hide{display:none!important}.post-password-form p{width:100%;display:flex;align-items:flex-end}.post-password-form [type=submit]{margin-inline-start:3px}.screen-reader-text
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (4957)
        Category:downloaded
        Size (bytes):4997
        Entropy (8bit):5.39682838602873
        Encrypted:false
        SSDEEP:
        MD5:3B9E1F6362F47DDE1F2AD6B163566F77
        SHA1:57B45DA6040C12052E0C4C479382EAA31DD6E4BA
        SHA-256:7717D46C8BD7D7F895BA4DF7C6AE5B7FAEB926C54F96B2FA401F71F7A7704713
        SHA-512:F27F4F397004070E9BA600B3981E93036F04978A8C76BCCB93557244CD984CC4DA9350D6A6BCF05A94FBF0238FC847C80669BC4149A9EEC323B4948F39C3F179
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.19.0
        Preview:/*! elementor - v3.19.0 - 29-01-2024 */.(()=>{"use strict";var e,r,_,t,a,i={},n={};function __webpack_require__(e){var r=n[e];if(void 0!==r)return r.exports;var _=n[e]={exports:{}};return i[e].call(_.exports,_,_.exports,__webpack_require__),_.exports}__webpack_require__.m=i,e=[],__webpack_require__.O=(r,_,t,a)=>{if(!_){var i=1/0;for(u=0;u<e.length;u++){for(var[_,t,a]=e[u],n=!0,c=0;c<_.length;c++)(!1&a||i>=a)&&Object.keys(__webpack_require__.O).every((e=>__webpack_require__.O[e](_[c])))?_.splice(c--,1):(n=!1,a<i&&(i=a));if(n){e.splice(u--,1);var o=t();void 0!==o&&(r=o)}}return r}a=a||0;for(var u=e.length;u>0&&e[u-1][2]>a;u--)e[u]=e[u-1];e[u]=[_,t,a]},_=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,__webpack_require__.t=function(e,t){if(1&t&&(e=this(e)),8&t)return e;if("object"==typeof e&&e){if(4&t&&e.__esModule)return e;if(16&t&&"function"==typeof e.then)return e}var a=Object.create(null);__webpack_require__.r(a);var i={};r=r||[null,_({}),_([]),_(_)];for(var n=2&t&&e;
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (1801), with no line terminators
        Category:downloaded
        Size (bytes):1801
        Entropy (8bit):4.880476915782121
        Encrypted:false
        SSDEEP:
        MD5:4D43B2FCB5EF3E6AFDCD539F46148514
        SHA1:0FF4D5160BEB004C439B20C6343044917C629D10
        SHA-256:9AA9BB8BE2B834059533CE5DE7EED3A662AD3D3E70643BBE5F75265075E9BD28
        SHA-512:00A0C46B067C1609D996BD438D6EF3342A6CDD6323FC8B8C4853CF4A8C2FF983B98E77545AB3B16BA2A8D0E58A2D35EC77B5765BA172F6532B8000239F06E396
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor/assets/lib/jquery-numerator/jquery-numerator.min.js?ver=0.2.1
        Preview:!function(t){"use strict";if("function"==typeof define&&define.amd)define(["jquery"],t);else if("object"==typeof exports)t(require("jquery"));else{if("undefined"==typeof jQuery)throw"jquery-numerator requires jQuery to be loaded first";t(jQuery)}}(function(t){function e(e,s){this.element=e,this.settings=t.extend({},i,s),this._defaults=i,this._name=n,this.init()}var n="numerator",i={easing:"swing",duration:500,delimiter:void 0,rounding:0,toValue:void 0,fromValue:void 0,queue:!1,onStart:function(){},onStep:function(){},onProgress:function(){},onComplete:function(){}};e.prototype={init:function(){this.parseElement(),this.setValue()},parseElement:function(){var e=t.trim(t(this.element).text());this.settings.fromValue=this.settings.fromValue||this.format(e)},setValue:function(){var e=this;t({value:e.settings.fromValue}).animate({value:e.settings.toValue},{duration:parseInt(e.settings.duration,10),easing:e.settings.easing,start:e.settings.onStart,step:function(n,i){t(e.element).text(e.format
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Unicode text, UTF-8 text, with very long lines (7323), with no line terminators
        Category:downloaded
        Size (bytes):7325
        Entropy (8bit):4.780228229829862
        Encrypted:false
        SSDEEP:
        MD5:4F6608672AAE4899D264369DD0C580D9
        SHA1:C4B0007B7F9377CD9D7C6B8106DFFEDAA03D1610
        SHA-256:97A09CB2AF7D4406F6163874DAD15C607D571749611D00890D47143495A0A617
        SHA-512:71269B46A4C18FB845DC411D6DE352B8F3ED0BF320E05C4873209B18298BEEE451975D5108C55A1249F6E37E1227B0B3E4C1DE4FCFE85D9DCABF608F5AE39A5F
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/themes/hello-elementor/header-footer.min.css?ver=3.0.0
        Preview:@charset "UTF-8";.site-header{display:flex;flex-wrap:wrap;justify-content:space-between;padding-block-start:1rem;padding-block-end:1rem;position:relative}.site-header .site-navigation{justify-content:flex-end}.site-header .site-branding{display:flex;flex-direction:column;justify-content:center}.site-header .header-inner{display:flex;flex-wrap:wrap;justify-content:space-between}.site-header .header-inner .custom-logo-link{display:block}.site-header .header-inner .site-branding .site-description,.site-header .header-inner .site-branding .site-title{margin:0}.site-header .header-inner .site-branding.show-logo .site-title,.site-header .header-inner .site-branding.show-title .site-logo{display:none!important}.site-header:not(.header-stacked) .header-inner .site-branding{max-width:30%}.site-header:not(.header-stacked) .header-inner .site-navigation{max-width:70%}.site-header.header-inverted .header-inner{flex-direction:row-reverse}.site-header.header-inverted .header-inner .site-branding{tex
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:data
        Category:downloaded
        Size (bytes):9445
        Entropy (8bit):5.276617475726948
        Encrypted:false
        SSDEEP:
        MD5:C2C4E2A562E06E1CB22293A5B920ACA6
        SHA1:A7B5A369AC4883F1EE7FA701B238D20238B675CA
        SHA-256:698E93FE491CC7BBF07A470579A33DBD0DB53C19142B7BE41EBFD39A23AEF11F
        SHA-512:7117E879A8A4D8C8E1ACD1A34247A7CF420128DA970ED42975D6A04665EC571DC388C62FC3B50DEDA0B9E896F599D56FFBC28B25A45119CD79F5F45E3E58C178
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/dist/i18n.min.js?ver=7701b0c3857f914212ef
        Preview:/*! This file is auto-generated */.!function(){var t={124:function(t,e,n){var r;!function(){"use strict";var i={not_string:/[^s]/,not_bool:/[^t]/,not_type:/[^T]/,not_primitive:/[^v]/,number:/[diefg]/,numeric_arg:/[bcdiefguxX]/,json:/[j]/,not_json:/[^j]/,text:/^[^\x25]+/,modulo:/^\x25{2}/,placeholder:/^\x25(?:([1-9]\d*)\$|\(([^)]+)\))?(\+)?(0|'[^$])?(-)?(\d+)?(?:\.(\d+))?([b-gijostTuvxX])/,key:/^([a-z_][a-z_\d]*)/i,key_access:/^\.([a-z_][a-z_\d]*)/i,index_access:/^\[(\d+)\]/,sign:/^[+-]/};function o(t){return function(t,e){var n,r,a,s,u,l,c,p,f,d=1,h=t.length,g="";for(r=0;r<h;r++)if("string"==typeof t[r])g+=t[r];else if("object"==typeof t[r]){if((s=t[r]).keys)for(n=e[d],a=0;a<s.keys.length;a++){if(null==n)throw new Error(o('[sprintf] Cannot access property "%s" of undefined value "%s"',s.keys[a],s.keys[a-1]));n=n[s.keys[a]]}else n=s.param_no?e[s.param_no]:e[d++];if(i.not_type.test(s.type)&&i.not_primitive.test(s.type)&&n instanceof Function&&(n=n()),i.numeric_arg.test(s.type)&&"number"!
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (21374)
        Category:downloaded
        Size (bytes):21417
        Entropy (8bit):5.114311969304168
        Encrypted:false
        SSDEEP:
        MD5:D3292C1B42AF288C371C5411C4253F18
        SHA1:A563F69F9EF58E0304BBFCC783B12AB21FD4D401
        SHA-256:B00CBC0AB0A8A635EBEAF832CC1E0775145B3775E617EDE3C1E45F19681FFCBA
        SHA-512:72C49665EFF145A54EBF4545F6D77342EEFB2222E00F4161313A4AA9270717E81C525F666A0D5FCC00E292BD635F56CFE58B1E82DC106A67A70DDFF029436F1B
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.7.7
        Preview:/*! elementor-pro - v3.7.7 - 20-09-2022 */.(self.webpackChunkelementor_pro=self.webpackChunkelementor_pro||[]).push([[819],{2:(e,t,n)=>{"use strict";var s=n(3203);n(4242);var i=s(n(4774)),o=s(n(9575)),r=s(n(6254)),a=s(n(5161)),l=s(n(5039)),c=s(n(9210));class ElementorProFrontend extends elementorModules.ViewModule{onInit(){super.onInit(),this.config=ElementorProFrontendConfig,this.modules={}}bindEvents(){jQuery(window).on("elementor/frontend/init",this.onElementorFrontendInit.bind(this))}initModules(){let e={motionFX:i.default,sticky:o.default,codeHighlight:r.default,videoPlaylist:a.default,payments:l.default,progressTracker:c.default};elementorProFrontend.trigger("elementor-pro/modules/init:before"),elementorProFrontend.trigger("elementor-pro/modules/init/before"),e=elementorFrontend.hooks.applyFilters("elementor-pro/frontend/handlers",e),jQuery.each(e,((e,t)=>{this.modules[e]=new t})),this.modules.linkActions={addAction:function(){elementorFrontend.utils.urlActions.addAction(...argum
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:Web Open Font Format, TrueType, length 459244, version 1.0
        Category:downloaded
        Size (bytes):459244
        Entropy (8bit):6.340058734612562
        Encrypted:false
        SSDEEP:
        MD5:407C921B145401549A255EAFB621F326
        SHA1:6FC4E9882755A810A985EF82E93CED29AA881CD3
        SHA-256:C1A14078BE47BD4E4CF5BA42F7EBC1000A6AE1BFC084F1C7E6132F49823ED038
        SHA-512:A27A43AE51502AC652DB8C1C19AEF1507B9BC110E6C6EFC66611A2C86DD98AE91076CE0755D63F4B7C8954C1D93D317A21A2601BCAF5AA2C3A06FC2AA63021ED
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementskit-lite/modules/elementskit-icon-pack/assets/fonts/elementskit.woff?y24e1e
        Preview:wOFF........................................OS/2.......`...`...Jcmap...h...|...|....gasp................glyf.............phead...|...6...6-O.hhea......$...$...vhmtx.............di.loca..............a|maxp...<... ... ....name...\...p...p.:~.post....... ... ...............................3...................................@.........@...@............... .................................`............. .E............... ...G.......................................................................79..................79..................79.............].%./.K......#8.1"........326?....3!265....7>.'.#546;.2.....+.54&+."...#"&5..>.32.......<.......<.........m-..4.-m.......m..........- . -....$.......$.Q...............x.f -- ..x..................--.......B.......-.............................#.'.+./.3.7.;.?.C.G.K.O.S.W.[._.........3.#.3.#.3.#.3.#.3.#53.#.3.#.3.#.3.#.3.#.3.#53.#.3.#.3.#.3.#.3.#.3.#53.#.3.#.3.#.3.#.3.#.3.#53.#.#.4&/.54&'........#"....3!2654&#.....!..%467%.!...33333333333
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (15718)
        Category:downloaded
        Size (bytes):18692
        Entropy (8bit):4.754375391922092
        Encrypted:false
        SSDEEP:
        MD5:4CC444663C1E69CB8AC7B909E7192BCA
        SHA1:D00DDC5B9526193FA99BC3995A6D05F995452EA1
        SHA-256:4F79A89D16A5F717110FE080C0BF90B7E05FF95A4C4983F64D33110BF5F9C230
        SHA-512:AE37D08D11AA4337650CBEC0D0F1205A5505CB3E82373873E82CBA093019521CD2B93CFE2DBE4840CE098717287E1F732E9330C90063B122F1C6358664F1B8EE
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.2
        Preview:/*! This file is auto-generated */.// Source: wp-includes/js/twemoji.min.js.var twemoji=function(){"use strict";var m={base:"https://twemoji.maxcdn.com/v/14.0.2/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typeof d?parseInt(d,16):d;if(d<65536)return e(d);return e(55296+((d-=65536)>>10),56320+(1023&d))},toCodePoint:o},onerror:function(){this.parentNode&&this.parentNode.replaceChild(x(this.alt,!1),this)},parse:function(d,u){u&&"function"!=typeof u||(u={callback:u});return m.doNotParse=u.doNotParse,("string"==typeof d?function(d,a){return n(d,function(d){var u,f,c=d,e=N(d),b=a.callback(e,a);if(e&&b){for(f in c="<img ".concat('class="',a.className,'" ','draggable="false" ','alt="',d,'"',' src="',b,'"'),u=a.attributes(d,e))u.hasOwnProperty(f)&&0!==f.indexOf("on")&&-1===c.indexOf(" "+f+"=")&&(c=c.concat(" ",f,'="',u[f].replace(t,r),'"'));c=c.concat("/>")}return c})}:function(d,u){var f,c,e,b,a,t,r,n,o,i,s,l=function d(u,f){var c,e,b=u.childNodes,
        Process:C:\Program Files\Google\Chrome\Application\chrome.exe
        File Type:ASCII text, with very long lines (11487)
        Category:downloaded
        Size (bytes):11530
        Entropy (8bit):4.626670224424019
        Encrypted:false
        SSDEEP:
        MD5:33DEBED92CDFE17EF21592FAA1912B42
        SHA1:E5200050784E2A3722CC0EC0D1CE5CC0F0C19854
        SHA-256:B37CFBED115311E2234D160428F52AAD1A8BAAE0EDBD0F5ABEAA3115495A19F1
        SHA-512:C6BBF3F2C1CCA5773EF1AA0E2B9DA44DD3F2DA77EC263BB75F959C2177CF28EE7812AC3C8A25E716BF0BC188483AD25C7E34403C37332A33E62AEF45A83532BC
        Malicious:false
        Reputation:unknown
        URL:https://heltaba.com/wp-content/plugins/elementor-pro/assets/css/frontend-lite.min.css?ver=3.7.7
        Preview:/*! elementor-pro - v3.7.7 - 20-09-2022 */..elementor-bg-transform .elementor-bg{will-change:transform}.elementor-bg-transform-zoom-in:hover .elementor-bg,.elementor-bg-transform-zoom-out .elementor-bg{-webkit-transform:scale(1.2);-ms-transform:scale(1.2);transform:scale(1.2)}.elementor-bg-transform-zoom-out:hover .elementor-bg{-webkit-transform:scale(1);-ms-transform:scale(1);transform:scale(1)}.elementor-bg-transform-move-left .elementor-bg{-webkit-transform:scale(1.2) translateX(8%);-ms-transform:scale(1.2) translateX(8%);transform:scale(1.2) translateX(8%)}.elementor-bg-transform-move-left:hover .elementor-bg,.elementor-bg-transform-move-right .elementor-bg{-webkit-transform:scale(1.2) translateX(-8%);-ms-transform:scale(1.2) translateX(-8%);transform:scale(1.2) translateX(-8%)}.elementor-bg-transform-move-right:hover .elementor-bg{-webkit-transform:scale(1.2) translateX(8%);-ms-transform:scale(1.2) translateX(8%);transform:scale(1.2) translateX(8%)}.elementor-bg-transform-move-up
        No static file info