Edit tour

Windows Analysis Report
https://ortelia.com/download-ortelia-curator/

Overview

General Information

Sample URL:	https://ortelia.com/download-ortelia-curator/
Analysis ID:	1427810
Infos:

Detection

Havoc

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected Havoc

Drops PE files

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ortelia.com/download-ortelia-curator/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1960,i,7051693355691581674,13052192012090512735,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7684 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1960,i,7051693355691581674,13052192012090512735,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Havoc	Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider.	No Attribution	https://4pfsec.com/havoc-c2-first-look/ https://checkmarx.com/blog/first-known-targeted-oss-supply-chain-attacks-against-the-banking-sector/ https://github.com/HavocFramework/Havoc https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q2%20Botnet%20Threat%20Update.pdf https://info.spamhaus.com/hubfs/Botnet%20Reports/2023%20Q3%20Botnet%20Threat%20Update.pdf	https://malpedia.caad.fkie.fraunhofer.de/details/win.havoc

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\Downloads\Unconfirmed 544668.crdownload	JoeSecurity_Havoc_1	Yara detected Havoc	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49790 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: unknown

DNS traffic detected: queries for: ortelia.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.16:49790 version: TLS 1.2

Source: classification engine

Classification label: mal48.troj.win@16/65@30/249

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://ortelia.com/download-ortelia-curator/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1960,i,7051693355691581674,13052192012090512735,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1960,i,7051693355691581674,13052192012090512735,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1960,i,7051693355691581674,13052192012090512735,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5572 --field-trial-handle=1960,i,7051693355691581674,13052192012090512735,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\a6bd36ad-1228-4702-930c-3c452afcbcf5.tmp			Jump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\Downloads\Unconfirmed 544668.crdownload			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Stealing of Sensitive Information

Yara detected Havoc

Source: Yara match

File source: C:\Users\user\Downloads\Unconfirmed 544668.crdownload, type: DROPPED

Remote Access Functionality

Yara detected Havoc

Source: Yara match

File source: C:\Users\user\Downloads\Unconfirmed 544668.crdownload, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ortelia.com	139.99.130.163	true	false	unknown
analytics-alv.google.com	216.239.38.181	true	false	high
ortelia.onfastspring.com	34.199.6.151	true	false	high
cdnjs.cloudflare.com	104.17.24.14	true	false	high
www.google.com	74.125.138.105	true	false	high
sbl.onfastspring.com	3.161.136.116	true	false	high
d8y8nchqlnmka.cloudfront.net	3.163.78.183	true	false	high
s.w.org	192.0.77.48	true	false	high
d1f8f9xcsvx3ha.cloudfront.net	3.161.169.89	true	false	high
stats.g.doubleclick.net	142.250.105.155	true	false	high
analytics.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://ortelia.com/download-ortelia-curator/	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.163.78.183	d8y8nchqlnmka.cloudfront.net	United States	16509	AMAZON-02US	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
3.163.78.195	unknown	United States	16509	AMAZON-02US	false
74.125.138.105	www.google.com	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.105.94	unknown	United States	15169	GOOGLEUS	false
139.99.130.163	ortelia.com	Canada	16276	OVHFR	false
44.194.213.178	unknown	United States	14618	AMAZON-AESUS	false
216.239.38.181	analytics-alv.google.com	United States	15169	GOOGLEUS	false
142.250.105.155	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
64.233.176.97	unknown	United States	15169	GOOGLEUS	false
172.253.124.94	unknown	United States	15169	GOOGLEUS	false
64.233.185.113	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.9.84	unknown	United States	15169	GOOGLEUS	false
142.250.9.101	unknown	United States	15169	GOOGLEUS	false
64.233.185.95	unknown	United States	15169	GOOGLEUS	false
142.251.15.95	unknown	United States	15169	GOOGLEUS	false
108.177.122.94	unknown	United States	15169	GOOGLEUS	false
74.125.136.102	unknown	United States	15169	GOOGLEUS	false
3.161.169.89	d1f8f9xcsvx3ha.cloudfront.net	United States	16509	AMAZON-02US	false
34.199.6.151	ortelia.onfastspring.com	United States	14618	AMAZON-AESUS	false
3.161.136.116	sbl.onfastspring.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1427810
Start date and time:	2024-04-18 08:07:08 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://ortelia.com/download-ortelia-curator/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.troj.win@16/65@30/249

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Excluded IPs from analysis (whitelisted): 108.177.122.94, 142.250.9.84, 74.125.136.102, 74.125.136.138, 74.125.136.113, 74.125.136.100, 74.125.136.139, 74.125.136.101, 34.104.35.123, 64.233.185.95, 142.250.105.94
Excluded domains from analysis (whitelisted): fonts.googleapis.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, fonts.gstatic.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Skipping network analysis since amount of network traffic is too extensive

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 05:07:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9900786019479555
Encrypted:	false
SSDEEP:
MD5:	5635A56209AE8F0B379ECDA42F4E97D7
SHA1:	1D00F5B4FB43288A5B0DEEF0E2B0D9A068F81637
SHA-256:	29987398850EB158B728E7C8AD296F14B629648312093E85A9A95139B824967C
SHA-512:	8C849E8FB308AF5FEB9C5DF589592EAAA2C0BE515E23A49DB1371DDE28E8E2E4ED4B071D9EE4E79C36925D22D7444D599F837AD0AC88FF68CBD8A3A5AE07F1F0
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....,.V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.0....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............./!.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 05:07:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.005740187406595
Encrypted:	false
SSDEEP:
MD5:	B910EFBB9E9DA13CA341C3C3844BDFBF
SHA1:	49CCA8492D346F323A33B774CE361479C2F32E0F
SHA-256:	B20ADF263BACDD813FC5B7247364AA0A88BD7C6659E596296F25E34555D16F69
SHA-512:	D1C1D97DC674A257B44DD44A102446BC85DB4BDFF6391439514D912DBDB1E1717895D8CAE57DA27431396AD8BA435DFCF946C54EC517BF92AB6D8D663F610559
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....H...V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.0....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............./!.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.010573041860281
Encrypted:	false
SSDEEP:
MD5:	DE714BB51018BE08BEF9A50BC6DEA61F
SHA1:	1E68EE8CB3FCC51B55594108378E909FF150451F
SHA-256:	220E3096BD335460A98A7EC5874F7FAE78CAC9FD4D84483EBCC59E6094E8A5E7
SHA-512:	2DA8807E4D6A19BE52ACBDD93CC6D8278EA438A68348D99E1C1CAF04CA956BDB754D8A94BD34AAA2C1E98012077EC7DEF951FDCDEBCD9DC3C4B6A8C366FC022D
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.0....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............./!.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 05:07:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.002194150181864
Encrypted:	false
SSDEEP:
MD5:	27A0DCA7915B9DDC08557ABF187EC453
SHA1:	9478BA07BDD14E5D160A119F66482C46BFB30796
SHA-256:	DE72B4E1B3E3F42102B2E04A3FD57C46E0D149BFDB9BD0881D222D71AC3035FD
SHA-512:	055B6493BA2B4031DB141B46D12C6EFF53A4C38DBC0750C9E054317C659EF28D69F81610B11083EDF1B7CD6F5856487E3ADFF4E08180BB639A84B4141DBFC7E5
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....YS..V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.0....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............./!.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 05:07:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.990779446320404
Encrypted:	false
SSDEEP:
MD5:	030F47ACFE9B989794638D15FD45B2C4
SHA1:	2DBA384A3A96ACFC89EED9431D73C102D8C4A656
SHA-256:	EE428875CAB5C8F38DE967F66DCCCABCB4CC96F594BB38A547389989E51B74FC
SHA-512:	D1D33370C0A7C312C5A17E0985E4033CA34B77419552E28D93C80F1A0D4B9AAD64D3649FF708122E89FDC4F1867B6404783380C4DE764BFA9294090A02A4AB0C
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....R.%.V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.0....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............./!.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 18 05:07:40 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.0023671979442526
Encrypted:	false
SSDEEP:
MD5:	1EFB615031EFC76ADBA55C4897BD9D92
SHA1:	859D3A763F363831B5A25A5175757F8FEB003BFA
SHA-256:	4749078627F9521B03E15C3710001AAEF1D8C227A4D230A4A3C8A1373467C008
SHA-512:	E6AEF4DC48C6DB30F25DC755A9B162192459FC5EA0FF11A8ECE2E9BF68E1D18F644439E5814B650238F4CB5D60E1939C575D46B4583124C8D792016E52384D7E
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....}..V...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.0....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X.0....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X.0....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X.0..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.0...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............./!.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\Unconfirmed 544668.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Category:	dropped
Size (bytes):	128237293
Entropy (8bit):	7.9978858757324005
Encrypted:	true
SSDEEP:
MD5:	5FECB00D4FD2731F380D2F322FD0DE36
SHA1:	80FA7AEB0EAF613FC207380EDC3F3588BDD66548
SHA-256:	60708071DFC35451443D0F3CF6AB390B6FC49F23122413FA7BD283379177D3F6
SHA-512:	9D7901BE621A67E89E94045B5CE7FB3A70D85B8B75F7F0D7D16648F118415D5550C11EE86558312D1465B66492EFD2481D51F90AC65D83141B181E95140EC38D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_Havoc_1, Description: Yara detected Havoc, Source: C:\Users\user\Downloads\Unconfirmed 544668.crdownload, Author: Joe Security
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F..v...F...@...F.Rich..F.........................PE..L...9.oZ.................d...\|.......2............@.......................................@.................................4...........@K...........................................................................................................text....b.......d.................. ..`.rdata..T............h..............@..@.data....U...........\|..............@....ndata...................................rsrc...@K.......L..................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Downloads\a6bd36ad-1228-4702-930c-3c452afcbcf5.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	32493
Entropy (8bit):	6.384304498070056
Encrypted:	false
SSDEEP:
MD5:	84E2884131893BD3517C81EEA01B8818
SHA1:	56B8D7845D0E97D35A7F2F4411A50B032B4461E5
SHA-256:	36C76767249A331CD3BA815737E4F29338B9B27AE5E51277EFC3EF1A9E798EC1
SHA-512:	EB0881957DAB29F4027D4023A02111BBE85163C467C15ED170065FEE050A1BF29C5087EF6610723E69AB1C3A5B0111E7F030B083011B31BDEFEBD77BF053454A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F......F...G.v.F......F..v...F...@...F.Rich..F.........................PE..L...9.oZ.................d...\|.......2............@.......................................@.................................4...........@K...........................................................................................................text....b.......d.................. ..`.rdata..T............h..............@..@.data....U...........\|..............@....ndata...................................rsrc...@K.......L..................@..@................................................................................................................................................................................................................................................................................................................................................

Chrome Cache Entry: 107

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 256 x 256, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	23405
Entropy (8bit):	7.960925670236826
Encrypted:	false
SSDEEP:
MD5:	D518557EA34AF9BF293B6046A1F7BC4F
SHA1:	AE4AFFA8259F189C7870122B2B5D7DB29067BD54
SHA-256:	4B4CC2F5D811779D313A7289AFA5B9F306C9632B0103FD230D2967272CE0BCAC
SHA-512:	CC6A83B10CBA15938E5D13848DBA5FF04DA91065E07873A577A100BFEE24D20226D0D2D7FA8B09FEE2A2DBA0A9EBE12531DD6F0C81C72E192250F628EC3A6E8D
Malicious:	false
Reputation:	unknown
URL:	https://d8y8nchqlnmka.cloudfront.net/LfM8Eo65Tho/QQAbHiRXRrc/icon.png
Preview:	.PNG........IHDR...............?1....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+.....x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D...A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (47529)
Category:	downloaded
Size (bytes):	47564
Entropy (8bit):	6.039312983249798
Encrypted:	false
SSDEEP:
MD5:	D54A4192CC3E4D54677C8091C1DAE73B
SHA1:	7E3E8E30C66C5751BB5477B4E9939969F4E2AA5E
SHA-256:	DE7BDCB93F2804E963F238713752A30A22A3A3AFEF6070FB78D206E6199CD353
SHA-512:	8CE610BD66B993A22DBE49C3D724480B7BE02639B0FC789F263CCBDC7D1152ECC68CDCEACFADA229EDCA9FF95E91B58E48E2918B0FE3447F2961124861F7F59A
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/css/dashicons.min.css?ver=5.3.17
Preview:	/! This file is auto-generated /.@font-face{font-family:dashicons;src:url("../fonts/dashicons.eot?50db0456fde2a241f005968eede3f987");src:url("../fonts/dashicons.eot?50db0456fde2a241f005968eede3f987#iefix") format("embedded-opentype"),url("data:application/x-font-woff;charset=utf-8;base64,d09GRgABAAAAAGOkAAsAAAAArpgAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAABHU1VCAAABCAAAADMAAABCsP6z7U9TLzIAAAE8AAAAQAAAAFZAuk8lY21hcAAAAXwAAAfLAAARhDPzNqdnbHlmAAAJSAAATqYAAIQUYJTKLWhlYWQAAFfwAAAALwAAADYSoxtRaGhlYQAAWCAAAAAfAAAAJAQxAwhobXR4AABYQAAAACMAAAQ4GgT/9mxvY2EAAFhkAAACHgAAAh6YX3d0bWF4cAAAWoQAAAAfAAAAIAIpAKBuYW1lAABapAAAATAAAAIiwytf8nBvc3QAAFvUAAAHzgAADrBt7+iZeJxjYGRgYOBikGPQYWB0cfMJYeBgYGGAAJAMY05meiJQDMoDyrGAaQ4gZoOIAgCKIwNPAHicY2Bk/Mc4gYGVgYOBhzGNgYHBHUp/ZZBkaGFgYGJgZWbACgLSXFMYHD4yfHVnAnH1mBgZGIE0CDMAAI/zCGl4nNXY939eZR3G8c9J0rQpraS7QQrpbrBAutOKkDaUtKgIFCh1lg5onW2hQHF1Aw5klOUWcW/FhQsVceIeuHGhuO+FKGq97lz8C/xg0nfPK8+rOc9z7nPu7/f6FhgGtMpcadOfu2ioL92pV5uh11sZOfR6W+s1+vl8+vU7k0NHGB3Gha5wXFgcloWBsDKsCuvCBWFr2BUOx

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2, orientation=upper-left], baseline, precision 8, 244x79, components 3
Category:	dropped
Size (bytes):	7402
Entropy (8bit):	7.872248717606417
Encrypted:	false
SSDEEP:
MD5:	B4CE0B4C33BA7464ABAD27B78AC82F3F
SHA1:	B74922D7B46C2E8969432BEE3D03C2B56C8A91B7
SHA-256:	16F4C171696A71A447FA2FEAEAFA6558E68D2A528D8DBC40675325F6D7E6AA19
SHA-512:	8A2BE7CDADEE39617EF14D5DFB1B34E7E0D097000105308C130B949F8CBF1EFF0133255D586FB7113D7F6AB10A9918050C694D3BBA9F74806A1DE8B0630F24B8
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....H.H.....XExif..MM....................i.........&.........................................O.......8Photoshop 3.0.8BIM........8BIM.%..................B~......O...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................................................................C....................................................................C...................................................................................?.....(.....~../..."..L....]Gn.. v.........V...u......j:.5...Y.Oee.<Vh~K....F.Hx..v............x.Y.......4.@.p...T...1_I.p.Z.U+>X.?..#....!.?.O....R?d...Iei....E.M+K..o.^..V..d...=....Y?e.BQ..x.M....+r...eo..-.

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1443), with no line terminators
Category:	downloaded
Size (bytes):	1443
Entropy (8bit):	5.158522959351445
Encrypted:	false
SSDEEP:
MD5:	43928880FF5EBADCD513755B011732CD
SHA1:	D0FDB17DB490123ED700C2CAA5D2D764794CB6D5
SHA-256:	37C5F58F12814DD0ECC28F15B7765C6BCD31A9479D330B4EF896E140BF89DC38
SHA-512:	BA9EC90A842C0AAD802294C3FE144C0ED737E51586ED19DC15DCF518DD0C9790E6BA5A1A8BC9E8A09D48CAC3941DF65C4D1D77B3B79D76A6CFAC9B306C2DA710
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/wp-embed.min.js?ver=5.3.17
Preview:	!function(d,l){"use strict";var e=!1,n=!1;if(l.querySelector)if(d.addEventListener)e=!0;if(d.wp=d.wp\|\|{},!d.wp.receiveEmbedMessage)if(d.wp.receiveEmbedMessage=function(e){var t=e.data;if(t)if(t.secret\|\|t.message\|\|t.value)if(!/[^a-zA-Z0-9]/.test(t.secret)){for(var r,i,a,s=l.querySelectorAll('iframe[data-secret="'+t.secret+'"]'),n=l.querySelectorAll('blockquote[data-secret="'+t.secret+'"]'),o=new RegExp("^https?:$","i"),c=0;c<n.length;c++)n[c].style.display="none";for(c=0;c<s.length;c++)if(r=s[c],e.source===r.contentWindow){if(r.removeAttribute("style"),"height"===t.message){if(1e3<(a=parseInt(t.value,10)))a=1e3;else if(~~a<200)a=200;r.height=a}if("link"===t.message)if(i=l.createElement("a"),a=l.createElement("a"),i.href=r.getAttribute("src"),a.href=t.value,o.test(a.protocol))if(a.host===i.host)if(l.activeElement===r)d.top.location.href=t.value}}},e)d.addEventListener("message",d.wp.receiveEmbedMessage,!1),l.addEventListener("DOMContentLoaded",t,!1),d.addEventListener("load",t,!1);functi

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2017:03:25 13:32:48], baseline, precision 8, 200x202, components 3
Category:	downloaded
Size (bytes):	19223
Entropy (8bit):	6.917235229327498
Encrypted:	false
SSDEEP:
MD5:	9DE0893E905B4195297110D72CA2C3A5
SHA1:	DAA9ACC6CD3B5A0CFFA4552C433AD05C8AF644B2
SHA-256:	9752D7063D26A49B2E7C1BDA2C440432E2A6A59018F08BE84A6373602A0C6479
SHA-512:	D2DF1BC3515904E1FE212AD226AF614E29F140AF054BBE0778C295DDEA0A60E5D5F9772F08713154971760162DBB4666974C7E9E684FB917E63D619D4646D786
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/uploads/2017/03/windows.jpg
Preview:	.....ZExif..MM.*.............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2017:03:25 13:32:48.................................................................................&.(.................................$.......H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.$..L..W[wX.....?...%......,..G...E.s....=/.?E..o.....U.1.n....o.rJuRIy.T....R..\\:.1..9..znu[....n...IO.$.....Zl$.".A.]M1..n..:....Xr'..y0{2.X

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (8580), with no line terminators
Category:	downloaded
Size (bytes):	8582
Entropy (8bit):	5.150518903225572
Encrypted:	false
SSDEEP:
MD5:	60ABE1ED1D645EE661071EC80959EBEB
SHA1:	858C297A0DB82A03681016E393AAE1261B00C954
SHA-256:	876FC6090BEF12C0F2017200E5F3BEBB6B9048A57DCDDD77260B9F78AB257471
SHA-512:	8C548D2B6AB7A388DDDA422A026CFC43D013D623A1C7C843257FDED360D536B9CDDB15D33ECF10CE550D89626FBBA7133ABCA255CB2ABCBC137A2B63A85DA0A6
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/dom.min.js?ver=2.5.3
Preview:	this.wp=this.wp\|\|{},this.wp.dom=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="2sUP")}({"25BE":function(e,t,n){"use strict";function

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 15815
Category:	downloaded
Size (bytes):	1745
Entropy (8bit):	7.886910493699812
Encrypted:	false
SSDEEP:
MD5:	A8AD416B8A2D5E47013E5423C8A5B0CB
SHA1:	D457BA4CCEC53DD758FD742C65D75B633AC73C5A
SHA-256:	90CD1A77E1587AC4912D570DFC7CC8621B2167B178560D7F0812EA3C31D6C580
SHA-512:	71BB5C172ECCF389B6612A9A4694D4BDD27D469D9856B5B9692AB2C5D8971CA7DAE355F4086F096937B79D95E1B89638363D55C4CC8D5D9E31E9B26712C51E1A
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.onfastspring.com/popup-ortelia/builder
Preview:	...........[mo.6..+......Gu.%(....fhZ.v..CQ0.m..I....E..N.$S...].....;R..swON.W.O8..9.....s..,...gx..{... ...}..s9Ba.5]U...A;.B..3.B....Q..d...0..%..r]..K......a.J......U..KK...=.}L..g...E..aI./..[...t....g......2).$y..H...'.8.,.b......{....jt....`F.......Z0"$&..W...g`...".. .....AzR.B.Y.......u...3.+d..U..[.,.Z9....C.3..2..>..rQ.n@...a/..p>.Sv..P"X.S.%..&4H.Y....S?M........y.\|..._t.,.F.QqD.8~=....t8a...o_.._}..........i.d......<v..=.t.dQx.=..hL..p.......G.....o.}.XrPZLR.(.....C".\.v...w.p.n....Y0N.OZ..j...1T`~.....X)....1..8..Y..Y.........~.{.....Y~Ja..^t&...-...z{..6.....K....)..F..uMcH._.+O..L...s..@\h.=._.0....../..2..@w..G..<vr~..vP-W..T.....R...N.........L.#.<[.....lq....5=...Q~.U.R.E....`UY.r....8......4..OK. ..$m.1..4....x..v?}.....k.}.}3..Y.gw.8..[.1.h......._..K..p..T..H=\|<..} ..:..A...3..Q.....}6.B.sH...X.D........Y.^....Y.C....@..y.MA]9..Ac...,.`\|.d....Y.r.6..,....-...!H>u.......4....2.U&.B.w..X)w......I.....&.7h.3.:.}zq..U.m.

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (629)
Category:	downloaded
Size (bytes):	114123
Entropy (8bit):	5.3751905132312325
Encrypted:	false
SSDEEP:
MD5:	8E891F5946C8E1780E362268CB45EC8B
SHA1:	CE7987D21787CE1FDFA7752204FB1EA00BBD0F74
SHA-256:	5903B1BEE475A683A2D2AC0869FBBDB16609E2B8DEDE8027D2FEE274122D9003
SHA-512:	68AA090E54C32E3186D8DDF8144D32A773D92EAE458B69B9C5D219158E9052524A568F56EEEE67FC7600BBD2D09E9BE575C8C215DA2473C24191E6279E76F7E0
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.9.0
Preview:	/** @license React v16.9.0. * react-dom.production.min.js. . Copyright (c) Facebook, Inc. and its affiliates.. . This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. /./. Modernizr 3.0.0pre (Custom Build) \| MIT.*/.'use strict';(function(ka,m){"object"===typeof exports&&"undefined"!==typeof module?module.exports=m(require("react")):"function"===typeof define&&define.amd?define(["react"],m):ka.ReactDOM=m(ka.React)})(this,function(ka){function m(a){for(var b=a.message,c="https://reactjs.org/docs/error-decoder.html?invariant="+b,d=1;d<arguments.length;d++)c+="&args[]="+encodeURIComponent(arguments[d]);a.message="Minified React error #"+b+"; visit "+c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings. ";.return a}function Ze(){if(jc)for(var a in Xa){var b=Xa[a],c=jc.indexOf(a);if(!(-1<c))throw m(Error(96),a);if(!kc[c]){if(!b.extractEvents)throw m(Error(

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	101423
Entropy (8bit):	4.99353779530965
Encrypted:	false
SSDEEP:
MD5:	0F505E9E91D717F983FE798CFC606A03
SHA1:	B5E265510E2C7339B6503FA861FC3D154AB8395E
SHA-256:	EF304CC68F4CC31AA1B7FB40434E108BD3FCE7A93FF2FBA75C15E63B2EFC8B15
SHA-512:	DFC004BA358D1D2ED747BBA4BFAE66B59F88B6EC1C461781069FE0BF81CF751A4BCA13C53EC04FA5B0F21B44B8B287760A47C13E1AD14DF57E09E4AE755896C4
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/components/style.min.css?ver=5.3.17
Preview:	.components-animate__appear{animation:components-animate__appear-animation .1s cubic-bezier(0,0,.2,1) 0s;animation-fill-mode:forwards}@media (prefers-reduced-motion:reduce){.components-animate__appear{animation-duration:1ms}}.components-animate__appear.is-from-top,.components-animate__appear.is-from-top.is-from-left{transform-origin:top left}.components-animate__appear.is-from-top.is-from-right{transform-origin:top right}.components-animate__appear.is-from-bottom,.components-animate__appear.is-from-bottom.is-from-left{transform-origin:bottom left}.components-animate__appear.is-from-bottom.is-from-right{transform-origin:bottom right}@keyframes components-animate__appear-animation{0%{transform:translateY(-2em) scaleY(0) scaleX(0)}to{transform:translateY(0) scaleY(1) scaleX(1)}}.components-animate__slide-in{animation:components-animate__slide-in-animation .1s cubic-bezier(0,0,.2,1);animation-fill-mode:forwards}@media (prefers-reduced-motion:reduce){.components-animate__slide-in{animation-

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	14647
Entropy (8bit):	4.510088595604485
Encrypted:	false
SSDEEP:
MD5:	22D732902F0AAFB3E52FB5EFCEE37466
SHA1:	E9AD6B3EA7E7195373BC28BB8458FF1F2C6D3556
SHA-256:	9946B8BF9D53B5CA6537781974239C99EB59CED7F04DEED289F0D2D83B00D989
SHA-512:	D934FC90122225C717BEDCFE22E5919A153BC36514D1FF4EC1D68CDB6532B8CEBA155BB7037749C0F306F64E7DCF5FF7F8791C09084383EBD5C87F698160DC0E
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/plugins/divi_extended_column_layouts/style.css?ver=5.3.17
Preview:	@media (min-width: 981px) {. . .et_pb_column_5_6 .et_pb_row_inner, .et_pb_column_4_5 .et_pb_row_inner {. padding: 3.735% 0;. }. . /gutters 1/. .et_pb_gutters1 .et_pb_column_1_6, .et_pb_gutters1 .et_pb_row .et_pb_column_1_6, body .et_pb_gutters1.et_pb_row > .et_pb_column_1_6 {. width: 16.665%;. }. . .et_pb_gutters1 .et_pb_column_1_7, .et_pb_gutters1 .et_pb_row .et_pb_column_1_7, body .et_pb_gutters1.et_pb_row > .et_pb_column_1_7 {. width: 14.2833%;. }. . .et_pb_gutters1 .et_pb_column_1_8, .et_pb_gutters1 .et_pb_row .et_pb_column_1_8, body .et_pb_gutters1.et_pb_row > .et_pb_column_1_8 {. width: 12.50%;. }. . .et_pb_gutters1 .et_pb_column_1_5, .et_pb_gutters1 .et_pb_row .et_pb_column_1_5, body .et_pb_gutters1.et_pb_row > .et_pb_column_1_5 {. width: 20%;. }. . .et_pb_gutters1 .et_pb_column_5_6, .et_pb_gutters1 .et_pb_row .et_pb_column_5_6, body .et_pb_gutters1.et_pb_row > .et_pb_column_5_6 {.

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (11488), with no line terminators
Category:	downloaded
Size (bytes):	11488
Entropy (8bit):	5.049591838457919
Encrypted:	false
SSDEEP:
MD5:	4945C3034C2A44A1472057FA6A20B863
SHA1:	DE659EAB815A43A78A363F724B1742C6E678A6DB
SHA-256:	D4AE6D0863B706358413C2055DC950FA0E3FAF2E878D1111B2828F25316B4839
SHA-512:	D5CC4494B92CD406AB86FD2726BA9C01CD7A3081F710E997EA093C05C0833DF6F99507787882DF47650C4A608C1D110A348ADDA3BE5ECE4A7098AD1042904C0B
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/compose.min.js?ver=3.7.2
Preview:	this.wp=this.wp\|\|{},this.wp.compose=function(t){var e={};function n(r){if(e[r])return e[r].exports;var o=e[r]={i:r,l:!1,exports:{}};return t[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)n.d(r,o,function(e){return t[e]}.bind(null,o));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s="PD33")}({"1OyB":function(t,e,n){"use strict";funct

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	exported SGML document, ASCII text, with very long lines (3737), with no line terminators
Category:	downloaded
Size (bytes):	3737
Entropy (8bit):	5.251811061858386
Encrypted:	false
SSDEEP:
MD5:	FED6763609ECE155FA401D3322F47905
SHA1:	DA2836BDBC49BB20982EC52A5272AE2D9E9C95AB
SHA-256:	097BE6B4D127BA32B01E2EB8DEC5721E0BE2A64F948F28B9347E8A04107BAE7F
SHA-512:	3D54E21A67C896A146E82E601DAC98A741F36EECC408F3744BE840ABD326828FA3FA79CD0A5F73ABC3A1EB54C7B6D3C99396285D48DB60545855888A611A4FFF
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/block-serialization-default-parser.min.js?ver=3.4.1
Preview:	this.wp=this.wp\|\|{},this.wp.blockSerializationDefaultParser=function(t){var n={};function r(e){if(n[e])return n[e].exports;var u=n[e]={i:e,l:!1,exports:{}};return t[e].call(u.exports,u,u.exports,r),u.l=!0,u.exports}return r.m=t,r.c=n,r.d=function(t,n,e){r.o(t,n)\|\|Object.defineProperty(t,n,{enumerable:!0,get:e})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,n){if(1&n&&(t=r(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var e=Object.create(null);if(r.r(e),Object.defineProperty(e,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var u in t)r.d(e,u,function(n){return t[n]}.bind(null,u));return e},r.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(n,"a",n),n},r.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},r.p="",r(r.s="SiJt")}({DSFK:function(t,n

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (64929)
Category:	downloaded
Size (bytes):	755424
Entropy (8bit):	4.891030988503317
Encrypted:	false
SSDEEP:
MD5:	872DA82F373E36FE1647F8CE76B7AE50
SHA1:	60FF3B4EC5F413BDFFB83560D5E16F1A4E8F559A
SHA-256:	DCB72D840308F3DE72843CA44E967C14064731DD8F5AE284B2F0A4900E57541E
SHA-512:	277603804DE68CC3A1BF590F650E9257D4AEDA46883DABD28B13EF6B356073D2C56307FDACA9789F7E7D95B8EADD1EBACF6136AB62201991C7F84920B1A3E372
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi/style.css
Preview:	/!.Theme Name: Divi.Theme URI: http://www.elegantthemes.com/gallery/divi/.Version: 4.0.6.Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection..Author: Elegant Themes.Author URI: http://www.elegantthemes.com.Tags: responsive-layout, one-column, two-columns, three-columns, four-columns, left-sidebar, right-sidebar, custom-background, custom-colors, featured-images, full-width-template, post-formats, rtl-language-support, theme-options, threaded-comments, translation-ready.License: GNU General Public License v2.License URI: http://www.gnu.org/licenses/gpl-2.0.html./a,abbr,acronym,address,applet,b,big,blockquote,body,center,cite,code,dd,del,dfn,div,dl,dt,em,fieldset,font,form,h1,h2,h3,h4,h5,h6,html,i,iframe,img,ins,kbd,label,legend,li,object,ol,p,pre,q,s,samp,small,span,strike,strong,sub,sup,tt,u,ul,var{margin:0;padding:0;border:0;outline:0;background:0 0;font-size:100%;vertical-align:baseline;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}b

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CS5.1 Windows, datetime=2017:03:25 13:36:49], baseline, precision 8, 200x202, components 3
Category:	dropped
Size (bytes):	20740
Entropy (8bit):	7.139427995053925
Encrypted:	false
SSDEEP:
MD5:	95149C47C52FBA63F1CB4221B653363F
SHA1:	D2DEA0B73CECAA6916B17EE3574F4BAB95A47159
SHA-256:	CB165EA4BFC5CB3AFD4A12C027FB19332696D9D6EDB21377EE43D99BE8589F67
SHA-512:	A3D6EB86202E89BB724098ABE11C056FA074719C06B2B353E79D6968686329C6654D8DB2120CC5AF3106A8FA4A30B38CF3F7CCC4076B767DDA63572942D77EE8
Malicious:	false
Reputation:	unknown
Preview:	......Exif..MM..............................b...........j.(...........1.........r.2...........i....................'.......'.Adobe Photoshop CS5.1 Windows.2017:03:25 13:36:49.................................................................................&.(.........................................H.......H..........Adobe_CM......Adobe.d......................................................................................................................................................"................?..........................................................................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE.t6..U.e...u..F'...............Vfv........7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te....u..F...............Vfv........'7GWgw.................?..T.I%)$.IJI$.R.I$...I%)b.a...:..r........D..,.m4....g...V...n..W@.k.....?E.},....s.>..~..-..M..}.96:........5...o..g..IN.T.....9.d...........9.......}

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	9053
Entropy (8bit):	5.277604967942265
Encrypted:	false
SSDEEP:
MD5:	BF3A614478F4AD8A34106447D68836DE
SHA1:	A6DB0BD49501475EDAA450443F76C5436B3B379F
SHA-256:	2A33FAA70B6540F8B78F7C29E38B24AB39080C566FEF615F320BBD78FCC5E9D6
SHA-512:	A798CE8D96D1CF0970D894B7BBF13E1D67805D569FA553EDDFA6162968DE024E525C22D22DF844B8F21F859E80864DC74F4B623F4AB32DEA1D0286F53D8ECEB0
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/i18n.min.js?ver=3.6.1
Preview:	this.wp=this.wp\|\|{},this.wp.i18n=function(n){var t={};function e(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return n[r].call(i.exports,i,i.exports,e),i.l=!0,i.exports}return e.m=n,e.c=t,e.d=function(n,t,r){e.o(n,t)\|\|Object.defineProperty(n,t,{enumerable:!0,get:r})},e.r=function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"__esModule",{value:!0})},e.t=function(n,t){if(1&t&&(n=e(n)),8&t)return n;if(4&t&&"object"==typeof n&&n&&n.__esModule)return n;var r=Object.create(null);if(e.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:n}),2&t&&"string"!=typeof n)for(var i in n)e.d(r,i,function(t){return n[t]}.bind(null,i));return r},e.n=function(n){var t=n&&n.__esModule?function(){return n.default}:function(){return n};return e.d(t,"a",t),t},e.o=function(n,t){return Object.prototype.hasOwnProperty.call(n,t)},e.p="",e(e.s="Vhyj")}({"4Z/T":function(n,t,e){var r;!function(){"us

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with CRLF line terminators
Category:	downloaded
Size (bytes):	96773
Entropy (8bit):	5.3643413655661
Encrypted:	false
SSDEEP:
MD5:	F7C00A3DFF8E4D8DD0990653A6F3DBD0
SHA1:	8B21CBC23119891FBE1D244578D6E3B079EEB6C6
SHA-256:	775F8D4C3472E0472292D38B6392FAC73DEC3319D8E1EADF88398DA1C12F1614
SHA-512:	8D75C543E3767E27B179597BEAA63EA36946C8635AD3908AC232FDC47A4C1382C81BE368CD70ADE00AE4BE72912D45A875DAEEF96D673B3AA89958BAE942977A
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/plugins/fastspring/public/js/fastspring-public.js?ver=1.0.0
Preview:	..document.addEventListener('click', function (event)...{....if (event.target.matches('.fsb-close'))....{.....event.preventDefault();.....fastspring_closeitall();.....return....}....if(event.target.hasAttribute('data-fsc-addthis'))....{.....var product = event.target.getAttribute("data-fsc-addthis");.....var cart = event.target.getAttribute("data-fsc-cart");.....fastspring_addProd(product, cart);.....return....}....if(event.target.hasAttribute('data-fsc-opencart'))....{.....event.preventDefault();.....fastspring_openCart(event.target.getAttribute("data-fsc-opencart"));.....return....}....if(event.target.hasAttribute('data-fsc-toggle')) {.....event.preventDefault();.....var modal = event.target.getAttribute("data-fsc-target");.....var element = document.querySelector(modal);.....element.classList.add('show');.......element.style.display = 'block';........}....if(event.target.hasAttribute('role')) {.....event.preventDefault();.....var modal = event.target.getAttribute("role");.....event.

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	1360
Entropy (8bit):	4.944300057947054
Encrypted:	false
SSDEEP:
MD5:	82B34A0F20682B94458A89521A92C7CA
SHA1:	CD97BDD72C8F7CA65A37EA7D78FF71580633169A
SHA-256:	C05EE8FAC93FDE19412046A913B9AECD86210ABA6B72CFF7C94E01170DD11E3B
SHA-512:	DF8292CF42883FD65320FDB0A7C731F38BD7ADF4BD8F9D7E90DE3F1F3FE927FFC6CC28267825E2F7F20B8F2E50CB7E2712CA6DF43CA74CC672A094913121ABC0
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi/core/admin/js/common.js?ver=4.0.6
Preview:	(function($){..$(document).ready( function(){...var user_agent = navigator.userAgent;...var is_opera_edge;...var browser = user_agent.match(/(opera\|chrome\|safari\|firefox\|msie\|trident(?=\/))/i) \|\| [];...var browser_name = '';...var browser_class = '';....if ( /trident/i.test( browser[0] ) ) {....browser_name = 'ie';...} else if ( browser[0] === 'Chrome' ) {....is_opera_edge = user_agent.match(/\b(OPR\|Edge)/);.....if ( is_opera_edge !== null ) {.....browser_name = is_opera_edge[0].replace('OPR', 'opera');....}...}....// use navigator.appName as browser name if we were unable to get it from user_agent...if ( '' === browser_name ) {....if ('standalone' in window.navigator && !window.navigator.standalone) {.....browser_name = 'uiwebview';....} else {.....browser_name = browser[0] && '' !== browser[0] ? browser[0] : navigator.appName;....}...}....browser_name = browser_name.toLowerCase();....// convert browser name to class. Some classes do not match the browser name...switch( browser_name )

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:
MD5:	9A03BBC93A9F87F31DD189503D57E955
SHA1:	F657ADF2AF821F0463395F5DDC4719F242D29168
SHA-256:	6C0E0E4909779F193E89158DFF3498D423EF285BDEB74BCB962648A30C2AB5FF
SHA-512:	6C50B94A16C5446CF249E30F9B7156D7495FA23314F0CCD6639295432F45ADB3046CA7423D59C0442514BE48DD58702F7D7DDC3E18EE35B9BEB353FE78A148B4
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAngTD0uDyVeERIFDWk-36w=?alt=proto
Preview:	CgkKBw1pPt+sGgA=

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9959)
Category:	downloaded
Size (bytes):	10056
Entropy (8bit):	5.308628526814024
Encrypted:	false
SSDEEP:
MD5:	7121994EEC5320FBE6586463BF9651C2
SHA1:	90532AFF6D4121954254CDF04994D834F7EC169B
SHA-256:	48EB8B500AE6A38617B5738D2B3FAEC481922A7782246E31D2755C034A45CD5D
SHA-512:	B74A2F03C64E883B9A34DE43690429327DFB4AA230A7A6AFCA8150A16E3D84E98461245FF264C26368D9904562CC34FE219F71F951D364FA5C68C039B76776CD
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Preview:	/! jQuery Migrate v1.4.1 \| (c) jQuery Foundation and other contributors \| jquery.org/license /."undefined"==typeof jQuery.migrateMute&&(jQuery.migrateMute=!0),function(a,b,c){function d(c){var d=b.console;f[c]\|\|(f[c]=!0,a.migrateWarnings.push(c),d&&d.warn&&!a.migrateMute&&(d.warn("JQMIGRATE: "+c),a.migrateTrace&&d.trace&&d.trace()))}function e(b,c,e,f){if(Object.defineProperty)try{return void Object.defineProperty(b,c,{configurable:!0,enumerable:!0,get:function(){return d(f),e},set:function(a){d(f),e=a}})}catch(g){}a._definePropertyBroken=!0,b[c]=e}a.migrateVersion="1.4.1";var f={};a.migrateWarnings=[],b.console&&b.console.log&&b.console.log("JQMIGRATE: Migrate is installed"+(a.migrateMute?"":" with logging active")+", version "+a.migrateVersion),a.migrateTrace===c&&(a.migrateTrace=!0),a.migrateReset=function(){f={},a.migrateWarnings.length=0},"BackCompat"===document.compatMode&&d("jQuery is not compatible with Quirks Mode");var g=a("<input/>",{size:1}).attr("size")&&a.attrFn,h=a.att

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	81849
Entropy (8bit):	5.12965101298285
Encrypted:	false
SSDEEP:
MD5:	462196A522559A5F078CE914D6E89667
SHA1:	C1883E449B0BB88D7A46357ABCF78E7D3CE9FB16
SHA-256:	D6AD3F1442E1FFD53E0FA20A94B361CF7A749491DE072ECAD093059CC890F352
SHA-512:	8B9F5DFB446881D17AE0908DDF28E52D18D2AC1BD6595275A843DFE9F370628BD174DE51F8CE484128B15E45D09C8E28C25E3245E0DBAD5970186ED6F2BFFD6C
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/plugins/fastspring/dist/blocks.style.build.css?ver=5.3.17
Preview:	.fastspring ,.fastspring ::before,.fastspring *::after{-webkit-box-sizing:border-box;box-sizing:border-box}.fastspring[tabindex="-1"]:focus:not(:focus-visible){outline:0 !important}.fastspring hr{margin:1rem 0;color:inherit;background-color:currentColor;border:0;opacity:0.25}.fastspring hr:not([size]){height:1px}.fastspring p,.fastspring a{margin:0px}.fastspring .originalPrice{color:#c0c0c0}.fastspring .container{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-width: 576px){.fastspring .container{max-width:540px}}@media (min-width: 768px){.fastspring .container{max-width:720px}}@media (min-width: 992px){.fastspring .container{max-width:960px}}@media (min-width: 1200px){.fastspring .container{max-width:1140px}}.fastspring .container-fluid,.fastspring .container-sm,.fastspring .container-md,.fastspring .container-lg,.fastspring .container-xl{width:100%;padding-right:15px;padding-left:15px;margin-right:auto;margin-left:auto}@media (min-widt

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4143)
Category:	downloaded
Size (bytes):	73015
Entropy (8bit):	5.342744191670081
Encrypted:	false
SSDEEP:
MD5:	9BECC40FB1D85D21D0CA38E2F7069511
SHA1:	AE854B04025DB8B7F48FDD6DEDF41E77EAE44394
SHA-256:	A9705DFC47C0763380D851AB1801BE6F76019F6B67E40E9B873F8B4A0603F7A9
SHA-512:	585374E3CE3AB1D28C20FE4B28DA6131A5B353B629332094DB8E5EB4ADE0FF601161B3CAF546F5F1E1BE96353DEAA29109687EAAE098EF279F4A6964430D4035
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/vendor/lodash.min.js?ver=4.17.21
Preview:	/*. @license. * Lodash <https://lodash.com/>. * Copyright OpenJS Foundation and other contributors <https://openjsf.org/>. * Released under MIT license <https://lodash.com/license>. * Based on Underscore.js 1.8.3 <http://underscorejs.org/LICENSE>. * Copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors. */.(function(){function n(n,t,r){switch(r.length){case 0:return n.call(t);case 1:return n.call(t,r[0]);case 2:return n.call(t,r[0],r[1]);case 3:return n.call(t,r[0],r[1],r[2])}return n.apply(t,r)}function t(n,t,r,e){for(var u=-1,i=null==n?0:n.length;++u<i;){var o=n[u];t(e,o,r(o),n)}return e}function r(n,t){for(var r=-1,e=null==n?0:n.length;++r<e&&t(n[r],r,n)!==!1;);return n}function e(n,t){for(var r=null==n?0:n.length;r--&&t(n[r],r,n)!==!1;);return n}function u(n,t){for(var r=-1,e=null==n?0:n.length;++r<e;)if(!t(n[r],r,n))return!1;.return!0}function i(n,t){for(var r=-1,e=null==n?0:n.length,u=0,i=[];++r<e;){var o=n[r];t(o,r,n)&&(i[u++]=o)}return i}function o(n

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (58392), with CRLF line terminators
Category:	downloaded
Size (bytes):	58582
Entropy (8bit):	4.719371383033278
Encrypted:	false
SSDEEP:
MD5:	26386564B5CF1594BE24059AF1CD0DB9
SHA1:	82E34D28F8A1169B20B60101D5BB0446DEBA3514
SHA-256:	B726A2CCED0A9E28DC93BE27AE974937E87D68DF8B09BAF2A4FCA2BA5C5A0404
SHA-512:	53A0BDEB132D835E6C5F96251F6877FAF7520A5FDE8A27F2565F788405F7E086071786AE948E3A49F51F44907032A1DCB51E8B3A2A907F4AD5A939728410D19F
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/plugins/fastspring/public/css/awesome.css?ver=5.3.17
Preview:	/!.. Font Awesome Free 5.13.0 by @fontawesome - https://fontawesome.com.. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License).. */...fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.f

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1498), with no line terminators
Category:	downloaded
Size (bytes):	1498
Entropy (8bit):	5.076058340438565
Encrypted:	false
SSDEEP:
MD5:	3EBDDC3C6334AB99A066A0BE18865679
SHA1:	4B9315669BC89804EEF9FF3541BA3D2FD71E32F6
SHA-256:	88D8F9613856B8389F68CE5D8D46952E58830B5C7A0F99D7E8C5632812B59A4D
SHA-512:	1F779BC6A8B759C24CB2A14625BDD5E6B22E5AAA05670352D05FB66402233C1330C9213E560D173477E594E6421F2712B3B123BE614D7D929810D69AA7A75DE4
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/priority-queue.min.js?ver=1.3.1
Preview:	this.wp=this.wp\|\|{},this.wp.priorityQueue=function(e){var t={};function n(r){if(t[r])return t[r].exports;var u=t[r]={i:r,l:!1,exports:{}};return e[r].call(u.exports,u,u.exports,n),u.l=!0,u.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var u in e)n.d(r,u,function(t){return e[t]}.bind(null,u));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="XPKI")}({XPKI:function(e,t,n){"use strict";n

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1647), with no line terminators
Category:	downloaded
Size (bytes):	1647
Entropy (8bit):	5.118675604619405
Encrypted:	false
SSDEEP:
MD5:	BBAFBB82C9E12E2E59FD97EF7BA7206D
SHA1:	6C81751613841AA4698908806F7A9151345CA6A0
SHA-256:	159C23A7B0AF92B2446284822DD87D89E6E6885A3E3E2248B934A73BCF75C821
SHA-512:	C43EB95877E2D012303984C0A3AD415053AEE52A950C289BD04DD04722698E7867D92315F47C868329808EFD865BFBC03746B770ADEF1071684B1F85CEB7AA9E
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/escape-html.min.js?ver=1.5.1
Preview:	this.wp=this.wp\|\|{},this.wp.escapeHtml=function(e){var t={};function n(r){if(t[r])return t[r].exports;var u=t[r]={i:r,l:!1,exports:{}};return e[r].call(u.exports,u,u.exports,n),u.l=!0,u.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var u in e)n.d(r,u,function(t){return e[t]}.bind(null,u));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="IsfW")}({IsfW:function(e,t,n){"use strict";n.r(

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.75
Encrypted:	false
SSDEEP:
MD5:	FA9C17CE126A76733ACA269345EB7D47
SHA1:	F1D8AA71F281509D55041F671B1A7BD94524AAD8
SHA-256:	15F88A501BBE49A103551BA087FE6FC7E101894E71C3A74A42E8EFC07DCEC0D8
SHA-512:	DD2E08D8D294E24330DDACFCC602D5AB9C9BD65346E0C6540F599725AB711E1F1621D3939318BFC069E67CEF889B80E781DA3E935D61C26E2086DAC79428818C
Malicious:	false
Reputation:	unknown
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAkgUQ1Ox9uW1xIFDRM0Cs4=?alt=proto
Preview:	CgkKBw0TNArOGgA=

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4080), with no line terminators
Category:	downloaded
Size (bytes):	4080
Entropy (8bit):	5.254366860080468
Encrypted:	false
SSDEEP:
MD5:	055C0B961014DB50ADECC8A397B876BE
SHA1:	34A4CE3869F3BAF35033D0D3A4D45A8AD9293CD5
SHA-256:	5DD3A24B533F3C7D187849D33426539C43B28C3D192BA9A741089CFAF05502C9
SHA-512:	61A4AAD0387E5EF6246E1C6902E456326498E5C3FF92EB962E49E0F3EF88DC57D29EDFB05A8157667A028FEA5375C58E3E5EE3106C126114B10A2D676570F8E8
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/shortcode.min.js?ver=2.4.1
Preview:	this.wp=this.wp\|\|{},this.wp.shortcode=function(t){var e={};function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:r})},n.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},n.t=function(t,e){if(1&e&&(t=n(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var i in t)n.d(r,i,function(e){return t[e]}.bind(null,i));return r},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},n.p="",n(n.s="/2FX")}({"/2FX":function(t,e,n){"use strict";n.r

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1379), with no line terminators
Category:	downloaded
Size (bytes):	1379
Entropy (8bit):	5.0122833324880505
Encrypted:	false
SSDEEP:
MD5:	9C2774F788BAD759B8E44747D4BE22F7
SHA1:	5F6FDBD7CC91EE4716E4E75E441CEE64359A36AD
SHA-256:	8DB7ACEA0AAFA5E779A6984FC1D0349406596380BFDA0DB05655F97B9961A552
SHA-512:	3376DC90D2CCF09EC70DAD5946FFD8167CBD5D2748A78B492C33E6ECB09BC17A3016E50005D705303AA8C08D31AF9E81E4E0E8E02BA62FCB3CCE79DC4B8ED50A
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/html-entities.min.js?ver=2.5.0
Preview:	this.wp=this.wp\|\|{},this.wp.htmlEntities=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="1FHn")}({"1FHn":function(e,t,n){"use strict";

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (20990)
Category:	downloaded
Size (bytes):	304642
Entropy (8bit):	5.142444669655825
Encrypted:	false
SSDEEP:
MD5:	97CD1CAF0D57E82F1B64A0ED4A9D54FD
SHA1:	1A2E8BDDBB7A69F18C595D85E8D12DCC6E036BE8
SHA-256:	755A22D4B8602F33AFDF12370046793172AF332A3FC57EDF604F3E7287786E62
SHA-512:	6DD777E87028409A90C0BD31F6816A9576E39E1DF9469E27866C495347A89229D111DC7B213DACFF1FE140AFCD8A157F6F698FD9546790F517D4F96FB09357EF
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi/js/custom.min.js?ver=4.0.6
Preview:	/! ET et_shortcodes_frontend.js /.!function($){$.fn.et_shortcodes_switcher=function(options){options=$.extend({slides:">div",activeClass:"active",linksNav:"",findParent:!0,lengthElement:"li",useArrows:!1,arrowLeft:"a#prev-arrow",arrowRight:"a#next-arrow",auto:!1,autoSpeed:5e3,slidePadding:"",pauseOnHover:!0,fx:"fade",sliderType:""},options);return this.each(function(){var $activeSlide,$nextSlide,$et_shortcodes_mobile_controls,slidesContainer=jQuery(this).parent().css("position","relative"),$slides=jQuery(this).css({overflow:"hidden",position:"relative"}),$slides_wrapper_box=slidesContainer.find(".et-tabs-content-wrapper"),$slides_wrapper=$slides_wrapper_box.parent(),$slide=$slides.find(".et-tabs-content-wrapper"+options.slides),slidesNum=$slide.length,currentPosition=1,slides_wrapper_width=$slides_wrapper.width();if("slide"===options.fx&&($slides_wrapper_box.width(200*(slidesNum+2)+"%"),$slide.css({width:slides_wrapper_width,visibility:"visible"}),$slides_wrapper_box.append($slide.fi

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1742)
Category:	downloaded
Size (bytes):	2242
Entropy (8bit):	4.875114075575898
Encrypted:	false
SSDEEP:
MD5:	2D2B907716B25AE5CD508979A8EEACAF
SHA1:	7001010E6700C30FC135557718B35F5AB06F0F36
SHA-256:	8A41AB5467C12FA500A501200063CE8CA9690051513860BD44135BB996380E33
SHA-512:	E5BDF070CA12A0B26AEFDCC5E2DB0A05972089F20559AC3E8D9AD4EEFA90BD320102407922A4DD4653064B10D4D43C0E34F0AEB14F84991F148D039632A159FB
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/nux/style.min.css?ver=5.3.17
Preview:	.nux-dot-tip:after,.nux-dot-tip:before{border-radius:100%;content:" ";pointer-events:none;position:absolute}.nux-dot-tip:before{animation:nux-pulse 1.6s cubic-bezier(.17,.67,.92,.62) infinite;background:rgba(0,115,156,.9);height:24px;left:-12px;top:-12px;transform:scale(.33333);width:24px}.nux-dot-tip:after{background:#00739c;height:8px;left:-4px;top:-4px;width:8px}@keyframes nux-pulse{to{background:rgba(0,115,156,0);transform:scale(1)}}.nux-dot-tip .components-popover__content{padding:5px 41px 5px 20px;width:350px}@media (min-width:600px){.nux-dot-tip .components-popover__content{width:450px}}.nux-dot-tip .components-popover__content .nux-dot-tip__disable{position:absolute;right:0;top:0}.nux-dot-tip.is-top{margin-top:-4px}.nux-dot-tip.is-bottom{margin-top:4px}.nux-dot-tip.is-middle.is-left{margin-left:-4px}.nux-dot-tip.is-middle.is-right{margin-left:4px}.nux-dot-tip.is-top .components-popover__content{margin-bottom:20px}.nux-dot-tip.is-bottom .components-popover__content{margin-top:20

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (41045), with no line terminators
Category:	downloaded
Size (bytes):	41045
Entropy (8bit):	4.930475777136065
Encrypted:	false
SSDEEP:
MD5:	612B7AB9F699E968F5B3206CA16EE834
SHA1:	12685FD0B83DABB9A2004DD4C74DE4515FEA3013
SHA-256:	DFD6D929422D1F69A727FB6B525F610562EAB183A333576516BEC0B0503CB049
SHA-512:	EBFC01EB31143DC78D878E3B1843AF0DCEF727E9F46569B6A41B88E5397A5EBD7BBAE9CCF9BBB575C5DEA6B9AEC0B7BC4D6E9ED957CAB03999D0D7471728B186
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/block-library/style.min.css?ver=5.3.17
Preview:	.wp-block-audio figcaption{margin-top:.5em;margin-bottom:1em}.wp-block-audio audio{width:100%;min-width:300px}.wp-block-button{color:#fff}.wp-block-button.aligncenter{text-align:center}.wp-block-button.alignright{text-align:right}.wp-block-button__link{background-color:#32373c;border:none;border-radius:28px;box-shadow:none;color:inherit;cursor:pointer;display:inline-block;font-size:18px;margin:0;padding:12px 24px;text-align:center;text-decoration:none;overflow-wrap:break-word}.wp-block-button__link:active,.wp-block-button__link:focus,.wp-block-button__link:hover,.wp-block-button__link:visited{color:inherit}.is-style-squared .wp-block-button__link{border-radius:0}.no-border-radius.wp-block-button__link{border-radius:0!important}.is-style-outline{color:#32373c}.is-style-outline .wp-block-button__link{background-color:transparent;border:2px solid}.wp-block-calendar{text-align:center}.wp-block-calendar tbody td,.wp-block-calendar th{padding:4px;border:1px solid #e2e4e7}.wp-block-calendar t

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31997)
Category:	downloaded
Size (bytes):	42091
Entropy (8bit):	5.224899429567009
Encrypted:	false
SSDEEP:
MD5:	EAC9FFC5C798C8CAACBF4FE188E27461
SHA1:	B0881E89C732321EEB37B17D9123ED4AEBC8CDCF
SHA-256:	F7B6329C4977F7477E81A843E0C732CACB8D58C1C514F7E497EB9E103CF9B600
SHA-512:	7D39B43DBDCB466073981FCB1BFB334ED97A7522B5B078F1ADB6824807B388EEC267548708049D4C3B297A1384428837326C04BCFEA1895A2FB6BB372448626E
Malicious:	false
Reputation:	unknown
URL:	https://d1f8f9xcsvx3ha.cloudfront.net/sbl/0.8.9/fastspring-builder.min.js?ver=1
Preview:	/! fastspring-builder 0.8.2 /..!function(){"use strict";function a(a){if(void 0===a\|\|null===a)return!0;for(var b in a)if(a.hasOwnProperty(b))return!1;return JSON.stringify(a)===JSON.stringify({})}function b(a){if(g.debug\|\|d.storage.getItem("debug")){var b=Array.prototype.slice.call(arguments);"string"==typeof a&&b.unshift("[FastSpring API] "+b.shift()),console.log.apply(console,b)}}function c(a){var b=Array.prototype.slice.call(arguments);"string"==typeof a&&b.unshift("[FastSpring API] "+b.shift()),(console.error\|\|console.log).apply(console,b)}var d={merge:function(a,b){for(var c in b)if(b.hasOwnProperty(c))try{"products"===c?(a.products=a.products\|\|[],a.products=a.products.concat(b.products)):"object"==typeof a[c]?a[c]=d.merge(a[c],b[c]):a[c]=b[c]}catch(d){a[c]=b[c]}return a},returnMeaningful:function(a){a.reverse();var b={},c=[];return a.forEach(function(a){b.hasOwnProperty(a.path)\|\|(b[a.path]=!0,c.push(a))}),c},runCallback:function(a,b){"function"==typeof a&&a.apply(null,b)}},e=!0

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10927)
Category:	downloaded
Size (bytes):	13849
Entropy (8bit):	4.974421699974807
Encrypted:	false
SSDEEP:
MD5:	D6AEFFD9E0126160FF89D369C05A5FBE
SHA1:	8480B15AD38E8E1D67960E72B513FA4F463E2CC1
SHA-256:	95309410230B1D3148E52211DCEE018BFA011A2D69E9D7D6F81164035E8518A0
SHA-512:	A8651BCED7F7B2F99BDEF53B45C83665A7B9930666F59F89A86B53F646E968EFAE932BEC907CF45CCADD05DFDB5C8D9C494C16008A282A46B662E5CBB7BC3C09
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/wp-emoji-release.min.js?ver=5.3.17
Preview:	// Source: wp-includes/js/twemoji.min.js.var twemoji=function(){"use strict";var f={base:"https://twemoji.maxcdn.com/v/12.1.3/",ext:".png",size:"72x72",className:"emoji",convert:{fromCodePoint:function(d){d="string"==typeof d?parseInt(d,16):d;if(d<65536)return a(d);return a(55296+((d-=65536)>>10),56320+(1023&d))},toCodePoint:i},onerror:function(){this.parentNode&&this.parentNode.replaceChild(g(this.alt,!1),this)},parse:function(d,u){u&&"function"!=typeof u\|\|(u={callback:u});return("string"==typeof d?function(d,t){return o(d,function(d){var u,f,c=d,e=x(d),a=t.callback(e,t);if(e&&a){for(f in c="<img ".concat('class="',t.className,'" ','draggable="false" ','alt="',d,'"',' src="',a,'"'),u=t.attributes(d,e))u.hasOwnProperty(f)&&0!==f.indexOf("on")&&-1===c.indexOf(" "+f+"=")&&(c=c.concat(" ",f,'="',u[f].replace(b,n),'"'));c=c.concat("/>")}return c})}:function(d,u){var f,c,e,a,t,b,n,r,o,i,s,l=function d(u,f){var c,e,a=u.childNodes,t=a.length;for(;t--;)c=a[t],3===(e=c.nodeType)?f.push(c):1!==e

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1686), with no line terminators
Category:	downloaded
Size (bytes):	1686
Entropy (8bit):	5.080340211644716
Encrypted:	false
SSDEEP:
MD5:	C4637B83A3287AF6327461C1E6E57B85
SHA1:	6D4D80411DE005CD82F2BC5CFC7DDE906699BA35
SHA-256:	B1CA48F3E73D0BB88AC3FE40DEE51B458B853C83CD1AAED9B475D91216B5275B
SHA-512:	F01F8BFD3AEF331CCB6760DFC50AAF3828FF5CB8004D56A64379B8843801A1CA3B4A25A18C69F91E068D78A991648A59437F41EBC3D22B5114C990F9CB644B6E
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/is-shallow-equal.min.js?ver=1.6.1
Preview:	this.wp=this.wp\|\|{},this.wp.isShallowEqual=function(r){var t={};function e(n){if(t[n])return t[n].exports;var o=t[n]={i:n,l:!1,exports:{}};return r[n].call(o.exports,o,o.exports,e),o.l=!0,o.exports}return e.m=r,e.c=t,e.d=function(r,t,n){e.o(r,t)\|\|Object.defineProperty(r,t,{enumerable:!0,get:n})},e.r=function(r){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(r,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(r,"__esModule",{value:!0})},e.t=function(r,t){if(1&t&&(r=e(r)),8&t)return r;if(4&t&&"object"==typeof r&&r&&r.__esModule)return r;var n=Object.create(null);if(e.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:r}),2&t&&"string"!=typeof r)for(var o in r)e.d(n,o,function(t){return r[t]}.bind(null,o));return n},e.n=function(r){var t=r&&r.__esModule?function(){return r.default}:function(){return r};return e.d(t,"a",t),t},e.o=function(r,t){return Object.prototype.hasOwnProperty.call(r,t)},e.p="",e(e.s="mNmh")}({"1O94":function(r,t,e){"use strict

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32645)
Category:	downloaded
Size (bytes):	61328
Entropy (8bit):	5.555101269736001
Encrypted:	false
SSDEEP:
MD5:	459E2218B0AF57BF2216BBC525414DA7
SHA1:	01DA04F2885CDC56CB09E8EA096AAD79F66728DF
SHA-256:	89BFDFA1A555FC4048AABD08E06D5851E7CBC02DD9D48B73E491434E7FA23963
SHA-512:	74E345A2F026A2333B34D3DC03CC0C7B04AF5252DB949246948718ABA2A5F2BB879E1643DBD87F2F266CAB4690685DFB252542B5E4C62DC7614E9BD893D25EE5
Malicious:	false
Reputation:	unknown
URL:	https://cdnjs.cloudflare.com/ajax/libs/handlebars.js/3.0.1/handlebars.min.js
Preview:	/*!.. handlebars v3.0.1..Copyright (C) 2011-2014 by Yehuda Katz..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9833), with no line terminators
Category:	downloaded
Size (bytes):	9833
Entropy (8bit):	5.017683582720058
Encrypted:	false
SSDEEP:
MD5:	519100ED09B88608579D2F022D1C19AC
SHA1:	AF1DD76F502677BC37555958DF67656132E4D306
SHA-256:	61C4B9EB3CCEBE2D1A29EDE778BFE99168F869C858278E61B02E29A861945BCF
SHA-512:	B0ABDA8AAE689D675798C5D0E2E4F252C06F804BD6E33343A116BAFAA2269AD7D917C899B9E502C62CC45AFF86CA989930D936CCBEB184D19356355A2FB46F7B
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/redux-routine.min.js?ver=3.6.2
Preview:	this.wp=this.wp\|\|{},this.wp.reduxRoutine=function(t){var r={};function e(n){if(r[n])return r[n].exports;var u=r[n]={i:n,l:!1,exports:{}};return t[n].call(u.exports,u,u.exports,e),u.l=!0,u.exports}return e.m=t,e.c=r,e.d=function(t,r,n){e.o(t,r)\|\|Object.defineProperty(t,r,{enumerable:!0,get:n})},e.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},e.t=function(t,r){if(1&r&&(t=e(t)),8&r)return t;if(4&r&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(e.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&r&&"string"!=typeof t)for(var u in t)e.d(n,u,function(r){return t[r]}.bind(null,u));return n},e.n=function(t){var r=t&&t.__esModule?function(){return t.default}:function(){return t};return e.d(r,"a",r),r},e.o=function(t,r){return Object.prototype.hasOwnProperty.call(t,r)},e.p="",e(e.s="+ekt")}({"+ekt":function(t,r,e){"use strict";

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	dropped
Size (bytes):	4458
Entropy (8bit):	4.980124440389103
Encrypted:	false
SSDEEP:
MD5:	E20C27B5D8A7703EDACF4DDB6DB909C1
SHA1:	40A910A423FF0DE806E6C6FD4DBB2CBBAD56723C
SHA-256:	E2EA9A55B25162F88177141D074841F48A6883AE24C6C6560B163BFAC705013A
SHA-512:	556FF86CA2B0B9F1826F325616650C74515DB195A06E91FACC21D8A123FA9AEA7BFAD02722A44EB776EED884DF543DAF9FD925255341934D15C4B464C4D0B986
Malicious:	false
Reputation:	unknown
Preview:	<svg width='100px' height='100px' xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" preserveAspectRatio="xMidYMid" class="uil-default"><rect x="0" y="0" width="100" height="100" fill="none" class="bk"></rect><rect x='46' y='46' width='8' height='8' rx='3' ry='3' fill='#ccc' transform='rotate(0 50 50) translate(0 -30)'> <animate attributeName='opacity' from='1' to='0' dur='1s' begin='0s' repeatCount='indefinite'/></rect><rect x='46' y='46' width='8' height='8' rx='3' ry='3' fill='#ccc' transform='rotate(21.176470588235293 50 50) translate(0 -30)'> <animate attributeName='opacity' from='1' to='0' dur='1s' begin='0.058823529411764705s' repeatCount='indefinite'/></rect><rect x='46' y='46' width='8' height='8' rx='3' ry='3' fill='#ccc' transform='rotate(42.35294117647059 50 50) translate(0 -30)'> <animate attributeName='opacity' from='1' to='0' dur='1s' begin='0.11764705882352941s' repeatCount='indefinite'/></rect><rect x='46' y='46' width='8' height='8' rx='3' ry='3' fill='#c

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (38766)
Category:	downloaded
Size (bytes):	84040
Entropy (8bit):	4.832766610880036
Encrypted:	false
SSDEEP:
MD5:	D442D0B49260043B2F1B9A4BBDF68B8B
SHA1:	BF61E8920114C2812C1E0A2F2C91CBABB74A112C
SHA-256:	6F944D84934DA070B5F32592C470E6D63EC33393B75830B1918C77B610990127
SHA-512:	C4F5738AFEEF8CF96C0721AE69366921C789FE673B58E54C9E3BFA91C5DD68CCDDF88E6657790A958FDBC90E2EFEC44933726BCB1659B542C71DBA2FE9E8FFC1
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/block-editor/style.min.css?ver=5.3.17
Preview:	@charset "UTF-8";.block-editor-block-drop-zone{border:none;border-radius:0}.block-editor-block-drop-zone .components-drop-zone__content,.block-editor-block-drop-zone.is-dragging-over-element .components-drop-zone__content{display:none}.block-editor-block-drop-zone.is-close-to-bottom,.block-editor-block-drop-zone.is-close-to-top{background:none}.block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #0085ba}body.admin-color-sunrise .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #d1864a}body.admin-color-ocean .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #a3b9a2}body.admin-color-midnight .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #e14d43}body.admin-color-ectoplasm .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #a7b656}body.admin-color-coffee .block-editor-block-drop-zone.is-close-to-top{border-top:3px solid #c2a68c}body.admin-color-blue .block-editor-block-drop-zone.is-close-to-top{border-top:

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (8738), with CRLF, LF line terminators
Category:	downloaded
Size (bytes):	42691
Entropy (8bit):	5.3286076299289835
Encrypted:	false
SSDEEP:
MD5:	FC4CDF2935EF7058688360CA0D4C77FB
SHA1:	C388BB06E353438D790EA69940C52C604EB3D5A1
SHA-256:	3BD8C13BE4C1E8AF02092C259D82CD3223DB1941EDA1CDF4F37A83433F6DB8BC
SHA-512:	415A4270573AACE4185D12C8CC159C6EFA6DA302115064B55E3770A411F2FF1C4CF0D9CDA2FE9A5F48B36EAD7A70D02D9542AEA3AF4BA0BC57E2365B4536B625
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/download-ortelia-curator/
Preview:	<!DOCTYPE html>.<html lang="en-US">.<head>..<meta charset="UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=edge">..<link rel="pingback" href="https://ortelia.com/ortelia-11-2016/xmlrpc.php" />...<script type="text/javascript">...document.documentElement.className = 'js';..</script>...<title>Ortelia Curator Download Page - Ortelia Interactive</title>.. This site is optimized with the Yoast SEO plugin v13.0 - https://yoast.com/wordpress/plugins/seo/ -->.<meta name="description" content="Download 14 day free trial of Ortelia Curator Exhibition Design Software. Making exhibition design a breeze. Designed to keep your creativity in motion."/>.<meta name="robots" content="max-snippet:-1, max-image-preview:large, max-video-preview:-1"/>.<link rel="canonical" href="https://ortelia.com/download-ortelia-curator/" />.<meta property="og:locale" content="en_US" />.<meta property="og:type" content="article" />.<meta property="og:title" content="Ortelia Curator Download Page - Ortelia In

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7711)
Category:	downloaded
Size (bytes):	320320
Entropy (8bit):	5.562538092951183
Encrypted:	false
SSDEEP:
MD5:	1B97813613C518FA556216808E8469E7
SHA1:	DAA9135CC1D2E8D1269A341610642E806909DBCF
SHA-256:	F9C54B674229C2D3EC40ACFD66FE257A21E17D199FC4C3F5E160AA3398797D74
SHA-512:	DA8E87A6755AC7E016ACA85C65F9B1EAA659B9E9363CBD25DF924A90A08D46A164C8022D418F504F3A31495F2783AE352E2286281ABA15D0299BE49FE49915C0
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-001DRFK6ZD
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"2",. . "macros":[{"function":"__e"},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0},{"vtp_signal":1,"function":"__c","vtp_value":1},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_ga_send","priority":17,"vtp_value":true,"tag_id":113},{"function":"__ogt_referral_exclusion","priority":17,"vtp_includeConditions":["list","ortelia\\.com"],"tag_id":115},{"function":"__ogt_session_timeout","priority":17,"vtp_sessionMinutes":30,"vtp_sessionHours":0,"tag_id":116},{"function":"__ogt_1p_data_v2","priority":17,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":""

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1665), with no line terminators
Category:	downloaded
Size (bytes):	1665
Entropy (8bit):	5.043142754557988
Encrypted:	false
SSDEEP:
MD5:	850A2B486B7ECF4EF41CF1AE19F8856E
SHA1:	8051EC6FCEEC9D4855FDCABFFD3C67831D2B1C31
SHA-256:	001B773686A6848DDFFA98BEC9A2B5EC7A2CFE68395C3815644707175C0A3742
SHA-512:	26879514D7A2B9D68F39FCE52BC1A7135F42DB8C9F6525F37366D6F3EA0475859EACF19905A1CF1F6DC0227702E382D8B4888470F8E19DBB9FB54291DA956B11
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/deprecated.min.js?ver=2.6.1
Preview:	this.wp=this.wp\|\|{},this.wp.deprecated=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="+BeG")}({"+BeG":function(e,t,n){"use strict";n.

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (18418), with no line terminators
Category:	downloaded
Size (bytes):	18448
Entropy (8bit):	4.918699221339293
Encrypted:	false
SSDEEP:
MD5:	84137FBDB381A4AC10C3B0AE548615E2
SHA1:	19C99EFF0C10267FF8A955994CF302461E22B6CA
SHA-256:	810D35CD3AFD2969EA108F833262A6137A82F41A725D4B08E345D0C232768720
SHA-512:	503B324F0F8722F54502440D58FF473D351D9E8641B1E8427FF4095FB16C12C942168C75A96A000392D2AAFF2C4AA912DBA86F1749A2915ACE3A30F5C94784F7
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/css/dist/editor/style.min.css?ver=5.3.17
Preview:	@charset "UTF-8";.editor-autocompleters__block .editor-block-icon{margin-right:8px}.editor-autocompleters__user .editor-autocompleters__user-avatar{margin-right:8px;flex-grow:0;flex-shrink:0;max-width:none;width:24px;height:24px}.editor-autocompleters__user .editor-autocompleters__user-name{white-space:nowrap;text-overflow:ellipsis;overflow:hidden;max-width:200px;flex-shrink:0;flex-grow:1}.editor-autocompleters__user .editor-autocompleters__user-slug{margin-left:8px;color:#8f98a1;white-space:nowrap;text-overflow:ellipsis;overflow:none;max-width:100px;flex-grow:0;flex-shrink:0}.editor-autocompleters__user:hover .editor-autocompleters__user-slug{color:#66c6e4}.document-outline{margin:20px 0}.document-outline ul{margin:0;padding:0}.document-outline__item{display:flex;margin:4px 0}.document-outline__item a{text-decoration:none}.document-outline__item .document-outline__emdash:before{color:#e2e4e7;margin-right:4px}.document-outline__item.is-h2 .document-outline__emdash:before{content:"."}

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1408), with no line terminators
Category:	downloaded
Size (bytes):	1408
Entropy (8bit):	5.0465504067648155
Encrypted:	false
SSDEEP:
MD5:	B57FE2AA7B3B16F6203A374CDDBB010D
SHA1:	F187CFCC266946FEB3BF8D56B2CE27EFD9B16332
SHA-256:	6A101E8471851CBDFEB1BD444E3DECA13B7AF3110FC207C3CE5BE72585D93EA2
SHA-512:	26F2FE74B07930E0B7F0F7F7DD605C79604EE381274B6A3FA20F633E9087F889E6A777BDD898C92EB754DA92DF439FFCF3B00534D3BDADB150DDDD173F247E5A
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/blob.min.js?ver=2.5.1
Preview:	this.wp=this.wp\|\|{},this.wp.blob=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="ca5x")}({ca5x:function(e,t,n){"use strict";n.r(t),n.d

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	5533
Entropy (8bit):	5.039013935080485
Encrypted:	false
SSDEEP:
MD5:	13B2F87FB1E96DEF14F89E1ED9F9E1AD
SHA1:	646E4A80A344009C6887C045E804C75529F92EA5
SHA-256:	A4F6E138D459D8545A38365BD53345973FBB0092D834209C8AB4BB66F32D2E01
SHA-512:	80B43C26E0FC0CDCB8672DB4904B4B6A4BAF518ED109E97BA6F79B2299B9D18C38F52DD18AEF181C4E36EDD3CE068CC96EDEADCE8CDFDBE186C8235EE8607442
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi-child/style.css?ver=4.0.6
Preview:	/. Theme Name: Divi Child Theme. Description: A child theme of the Divi default WordPress theme. Author: Alexandra Jarossay. Template: Divi. Version: 1.0.0./. .@import url("../Divi/style.css");. ./* =Theme customization starts here.------------------------------------------------------- /../. * Layout. /..et_pb_text_inner{...}..et_pb_row_6 {. padding: 0;.}..et_pb_column_1_6 {. margin: 0 !important; . width: 16.66667% !important;.}..et_pb_column_1_6 .et_pb_text {. display: flex;. justify-content: center;. align-items: center;. height: 80px;.}..et_pb_column_1_6 .et_pb_text p{. text-align: center;.}../. * Custom Post. */. #content-area {. max-width: 700px; . margin: 0 auto;. }. ..custom_post_meta_wrapper {. background-color: #fff;. padding-top: 100px;. text-align: center;.}...custom_post_meta_wrapper h1.entry-title {. max-width: 700px;. font-size: 50px;. text-align: center;. margin: 30px auto;. line-height: 1.3;.}...custom_post_m

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32058), with no line terminators
Category:	downloaded
Size (bytes):	32058
Entropy (8bit):	5.146812459954578
Encrypted:	false
SSDEEP:
MD5:	2F8B571930D23AF71C674187F3779580
SHA1:	B2FD9AA8B89FE0CCB8DC51FC6ADB7BB1ECA1CF2B
SHA-256:	56ECF00DDD8D2FE0B57C54E9D0FB04467CBE2DA325D8DDA48A1EFCDF64FBEAD5
SHA-512:	6E175C593D1369C6A66E8EFF2231E7441407A0DC5D0C441C80E05337E68F874C0BB939AEF937BB3D5C72074A2B22B24276B0027F2732A87EF17F5873A71E93CC
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/data.min.js?ver=4.9.2
Preview:	this.wp=this.wp\|\|{},this.wp.data=function(t){var e={};function r(n){if(e[n])return e[n].exports;var o=e[n]={i:n,l:!1,exports:{}};return t[n].call(o.exports,o,o.exports,r),o.l=!0,o.exports}return r.m=t,r.c=e,r.d=function(t,e,n){r.o(t,e)\|\|Object.defineProperty(t,e,{enumerable:!0,get:n})},r.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},r.t=function(t,e){if(1&e&&(t=r(t)),8&e)return t;if(4&e&&"object"==typeof t&&t&&t.__esModule)return t;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:t}),2&e&&"string"!=typeof t)for(var o in t)r.d(n,o,function(e){return t[e]}.bind(null,o));return n},r.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return r.d(e,"a",e),e},r.o=function(t,e){return Object.prototype.hasOwnProperty.call(t,e)},r.p="",r(r.s="pfJ3")}({"25BE":function(t,e,r){"use strict";function

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=2, orientation=upper-left], baseline, precision 8, 79x79, components 3
Category:	dropped
Size (bytes):	3858
Entropy (8bit):	7.8020744581037755
Encrypted:	false
SSDEEP:
MD5:	7C5F87B819EEBB42AA084147EBFDD0AF
SHA1:	1412B2E84C7DB3A83ABCC4761A7DCE29DD4F843F
SHA-256:	0D72DE77656BEA6E34AB4C5AEC00E22AF5E9C9BB2B9F62601CB2C699286799F2
SHA-512:	38292A00FCA6704708B9E749577E08B48A3AA3C723586A7A0A0B9E0B1A94243EE5652732B6E3E5A2C1976C65E4AFDF1D8A9F4600808996E653C77DBD58598EF4
Malicious:	false
Reputation:	unknown
Preview:	......JFIF.....H.H.....XExif..MM....................i.........&.............................O...........O.......8Photoshop 3.0.8BIM........8BIM.%..................B~......O.O...............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................................................................C....................................................................C...................................................................................?.......wwkai5.....[...4..8.@Y....T.I'.Qf.Bm-Y1._._....'Y./.~.....O......a..#.OI.....K7TU.f.p.........?f.$\|m.G...n.&x.I..f4..D.Q..L.....k...u.c.Z.....SS........Wo.^I.f$....<'.~..q.O<.H..'.?..f.u%.....i..I.F.

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7081), with no line terminators
Category:	downloaded
Size (bytes):	7081
Entropy (8bit):	5.361388960480087
Encrypted:	false
SSDEEP:
MD5:	CE765395A05B7D17345A7B4578852CC0
SHA1:	34C8D11C83FE1ED05D211E214694493F22C49430
SHA-256:	FACEF80239E29E5D6E89E921124E0EF96704FEC191B7640BD3552DB1E804F514
SHA-512:	4E77CB36B17A045AF1F36BE47F847BC1541A233CB9E3D87573703C080B11152707C6C7C31CEB9E6A3ECC97C2C6C4EB4A2DBEBCE268E10C94158DF91AB959C087
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/autop.min.js?ver=2.5.1
Preview:	this.wp=this.wp\|\|{},this.wp.autop=function(e){var r={};function n(t){if(r[t])return r[t].exports;var p=r[t]={i:t,l:!1,exports:{}};return e[t].call(p.exports,p,p.exports,n),p.l=!0,p.exports}return n.m=e,n.c=r,n.d=function(e,r,t){n.o(e,r)\|\|Object.defineProperty(e,r,{enumerable:!0,get:t})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,r){if(1&r&&(e=n(e)),8&r)return e;if(4&r&&"object"==typeof e&&e&&e.__esModule)return e;var t=Object.create(null);if(n.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:e}),2&r&&"string"!=typeof e)for(var p in e)n.d(t,p,function(r){return e[r]}.bind(null,p));return t},n.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(r,"a",r),r},n.o=function(e,r){return Object.prototype.hasOwnProperty.call(e,r)},n.p="",n(n.s="zbAn")}({DSFK:function(e,r,n){"use strict";function

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5555), with no line terminators
Category:	downloaded
Size (bytes):	5555
Entropy (8bit):	5.124616832700892
Encrypted:	false
SSDEEP:
MD5:	D5B9C5921CFD8CCB98E341DBB57738B3
SHA1:	2B6D2F220DC7773E587D9A7CF6E8FE94B219F642
SHA-256:	CAB9228187B0232700F03B182963AD62B2303803D4843AD095492843CA501454
SHA-512:	3EEBB7723B1D0E19D77E559276691943E9D7CB502648F0EACC13123A476E6FCAF64E3E93C05CD74591A8662F387E3B98810A88BBE91A653C5388FB1309F90852
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/hooks.min.js?ver=2.6.0
Preview:	this.wp=this.wp\|\|{},this.wp.hooks=function(n){var r={};function e(t){if(r[t])return r[t].exports;var o=r[t]={i:t,l:!1,exports:{}};return n[t].call(o.exports,o,o.exports,e),o.l=!0,o.exports}return e.m=n,e.c=r,e.d=function(n,r,t){e.o(n,r)\|\|Object.defineProperty(n,r,{enumerable:!0,get:t})},e.r=function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"__esModule",{value:!0})},e.t=function(n,r){if(1&r&&(n=e(n)),8&r)return n;if(4&r&&"object"==typeof n&&n&&n.__esModule)return n;var t=Object.create(null);if(e.r(t),Object.defineProperty(t,"default",{enumerable:!0,value:n}),2&r&&"string"!=typeof n)for(var o in n)e.d(t,o,function(r){return n[r]}.bind(null,o));return t},e.n=function(n){var r=n&&n.__esModule?function(){return n.default}:function(){return n};return e.d(r,"a",r),r},e.o=function(n,r){return Object.prototype.hasOwnProperty.call(n,r)},e.p="",e(e.s="gEOj")}({"25BE":function(n,r,e){"use strict";functio

Chrome Cache Entry: 161

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (31997)
Category:	downloaded
Size (bytes):	96873
Entropy (8bit):	5.372169393547772
Encrypted:	false
SSDEEP:
MD5:	49EDCCEA2E7BA985CADC9BA0531CBED1
SHA1:	F8747F8EE704D9AF31D0950015E01D3F9635B070
SHA-256:	1DB21D816296E6939BA1F42962496E4134AE2B0081E26970864C40C6D02BB1DF
SHA-512:	F766DF685B673657BDF57551354C149BE2024385102854D2CA351E976684BB88361EAE848F11F714E6E5973C061440831EA6F5BE995B89FD5BD2D4559A0DC4A6
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Preview:	/! jQuery v1.12.4 \| (c) jQuery Foundation \| jquery.org/license \| WordPress 2019-05-16 /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="1.12.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?a<0?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,fu

Chrome Cache Entry: 162

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	614
Entropy (8bit):	4.740801338771575
Encrypted:	false
SSDEEP:
MD5:	0D36C2739324AECC812D76BBD0A38132
SHA1:	DA595445D111FB187DC882C98595E12885667C25
SHA-256:	E949D6CD6CAC34B1BDA23BDD60F8FD1503E4D1B7F8BB92E93139558298DF0494
SHA-512:	381DF369D549BBDA955BBA667A79EF057A5383A2DCC989EF1CFDCC136A4287F97337E8256C9C003EB36EED1FFF648E794993C9757A6D43B1667044F8CA405913
Malicious:	false
Reputation:	unknown
URL:	https://d1f8f9xcsvx3ha.cloudfront.net/sbl/0.8.9/fastspring.css
Preview:	.fs-popup-background {. background: -webkit-linear-gradient(rgba(0,0,0,0.9), rgba(0,0,0,0.8)) !important;. background: -o-linear-gradient(rgba(0,0,0,0.9), rgba(0,0,0,0.8)) !important;. background: -moz-linear-gradient(rgba(0,0,0,0.9), rgba(0,0,0,0.8)) !important;. background: linear-gradient(rgba(0,0,0,0.9), rgba(0,0,0,0.8)) !important;. width: 100% !important;. height: 100% !important;. position: fixed !important;. top: 0 !important;. left: 0 !important;. z-index: 100000000000000 !important;. overflow-y: scroll !important;. -webkit-overflow-scrolling: touch !important;.}

Chrome Cache Entry: 163

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (526)
Category:	downloaded
Size (bytes):	13317
Entropy (8bit):	5.36938963465719
Encrypted:	false
SSDEEP:
MD5:	F80458708D0A9701B76D741D35B6722F
SHA1:	7DF21035302D6FE31FB09AE7A35432DB12A6B352
SHA-256:	D797BB58F111874A36C0EE0B3504B5E7A6B42D9E84A581D8F70CC0A72AA27B4F
SHA-512:	1342DE461A251249ABFD196A4E1ECE69ADB3474463CC0CDE237819A201AD1045A3E5863A63049BF7CC1384EE3A4B14BA5569AFAFBC15D98C4AF5D3CA34665B21
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/vendor/react.min.js?ver=16.9.0
Preview:	/** @license React v16.9.0. * react.production.min.js. . Copyright (c) Facebook, Inc. and its affiliates.. . This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */.'use strict';(function(t,q){"object"===typeof exports&&"undefined"!==typeof module?module.exports=q():"function"===typeof define&&define.amd?define(q):t.React=q()})(this,function(){function t(a){for(var b=a.message,c="https://reactjs.org/docs/error-decoder.html?invariant="+b,d=1;d<arguments.length;d++)c+="&args[]="+encodeURIComponent(arguments[d]);a.message="Minified React error #"+b+"; visit "+c+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings. ";.return a}function q(a,b,c){this.props=a;this.context=b;this.refs=fa;this.updater=c\|\|ha}function ia(){}function O(a,b,c){this.props=a;this.context=b;this.refs=fa;this.updater=c\|\|ha}function ja(a,b,c){var d=void 0,g={},k=null,e=null;if(null!=b)f

Chrome Cache Entry: 164

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (62142)
Category:	downloaded
Size (bytes):	156176
Entropy (8bit):	5.571032440767143
Encrypted:	false
SSDEEP:
MD5:	A13A80E20F889342C68CFEE9850BC146
SHA1:	403BB5B331CD343ADED2D8F88A312F90AC6DB2C2
SHA-256:	1408922173B4B385852383626D3B3BE19835FC47DAB952F226930A5B20EB9A0D
SHA-512:	E6114F08C47AE3C7954D668AEFEF29AC401112A7AAFD053A4C10D58EDBB393FABBF92B4347BA72BDD8099C5C67419E6B065DC70DCCA8BF0ABF1424D41273AD53
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/blocks.min.js?ver=6.7.3
Preview:	this.wp=this.wp\|\|{},this.wp.blocks=function(e){var t={};function r(n){if(t[n])return t[n].exports;var a=t[n]={i:n,l:!1,exports:{}};return e[n].call(a.exports,a,a.exports,r),a.l=!0,a.exports}return r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var a in e)r.d(n,a,function(t){return e[t]}.bind(null,a));return n},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"a",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="",r(r.s="0ATp")}({"0ATp":function(e,t,r){"use strict";r.r(t)

Chrome Cache Entry: 165

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (9322), with no line terminators
Category:	downloaded
Size (bytes):	9322
Entropy (8bit):	5.11823961573372
Encrypted:	false
SSDEEP:
MD5:	EAF34A70B058CAED1CC33E4EB15BF8DD
SHA1:	970A758DD312283B3560A42713AC99D6C36C0CC7
SHA-256:	2EA5DA3376DB367AF52AF4FDE0E02F2FC0F0F6F9C16AF7F2A7071F6F3F371D0B
SHA-512:	C162A5AF0EE03B20DEC6385280D8D287EE6A30F41476C5953232A83D0FD2D6D7C61F2A4EAED5B65A065BB73A391B4283FCC98738EE2F40407A3D07B9A8A8E3B3
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/element.min.js?ver=2.8.2
Preview:	this.wp=this.wp\|\|{},this.wp.element=function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}return n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)\|\|Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(n.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)n.d(r,o,function(t){return e[t]}.bind(null,o));return r},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s="o/Ny")}({Ff2n:function(e,t,n){"use strict";functio

Chrome Cache Entry: 166

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	10134
Entropy (8bit):	5.5111418130136505
Encrypted:	false
SSDEEP:
MD5:	983F4D0C8EA4663350F28F7BA051E9BE
SHA1:	78D3F42047DE76A9C36A46867AC557C67956BAF7
SHA-256:	F34FB057BB101500E05A36BD0ACBD27316C1FD2621B44A2E1A1B30E743EEA6CA
SHA-512:	FF438A1DE44E9BCB8AB50DA3B5B2F3A6D093EFB37151C4E99CDC49F9087E9F611D471A1D43F0AE2F46104447EC1D3EE060C5C3A0DFAC9B59A2FC3DA33A00BDB5
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Noto+Serif%3A400%2C400i%2C700%2C700i&ver=5.3.17
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Noto Serif';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/notoserif/v23/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3Lct-FG.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Noto Serif';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/notoserif/v23/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3vct-FG.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Noto Serif';. font-style: italic;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/notoserif/v23/ga6faw1J5X9T9RW6j9bNfFIMZhhWnFTyNZIQD1-_P3Pct-FG.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Noto Serif';.

Chrome Cache Entry: 169

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (34747), with NEL line terminators
Category:	downloaded
Size (bytes):	99133
Entropy (8bit):	5.413795487854038
Encrypted:	false
SSDEEP:
MD5:	7D2EF4BB244BAC8A81D13EF4382D168E
SHA1:	A6FC91F32DB89C2FE0C3EB2D15C13E20C1D6C8A4
SHA-256:	96ED609B415BE6EE67EADB8D2DE7CE64D13DE9C928BCE8E1373BEC97E233E74C
SHA-512:	1627BF7D0CCE98331185F075BC85ABC8A1ABC8F4739D187A57F91EC9FDB197276EDAD571DF59490A50167BD4FAEC9706103C01E4FE70ADA4A3BB54C7F2FBECD4
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=7.4.4
Preview:	!function e(u,c,a){function s(r,t){if(!c[r]){if(!u[r]){var n="function"==typeof require&&require;if(!t&&n)return n(r,!0);if(f)return f(r,!0);var i=new Error("Cannot find module '"+r+"'");throw i.code="MODULE_NOT_FOUND",i}var o=c[r]={exports:{}};u[r][0].call(o.exports,function(t){var n=u[r][1][t];return s(n\|\|t)},o,o.exports,e,u,c,a)}return c[r].exports}for(var f="function"==typeof require&&require,t=0;t<a.length;t++)s(a[t]);return s}({1:[function(t,n,r){"use strict";t(2);var e=function _interopRequireDefault(t){return t&&t.__esModule?t:{default:t}}(t(15));e.default._babelPolyfill&&"undefined"!=typeof console&&console.warn&&console.warn("@babel/polyfill is loaded more than once on this page. This is probably not desirable/intended and may have consequences if different versions of the polyfills are applied sequentially. If you do need to load the polyfill more than once, use @babel/polyfill/noConflict instead to bypass the warning."),e.default._babelPolyfill=!0},{15:15,2:2}],2:[function(

Chrome Cache Entry: 170

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, modules
Category:	downloaded
Size (bytes):	92400
Entropy (8bit):	6.338905888169191
Encrypted:	false
SSDEEP:
MD5:	DE27B3E66B2F8017E000AA9D8D24D60E
SHA1:	E6D716DE8F35BA6DAF55D57E7FE0ED8D8E50F1F7
SHA-256:	D201A2C3118A00C82CC48E89815F5139F23956BBE248107DCF522ACC77B97C09
SHA-512:	F62A3C304DC43B6FC6B8DD8AF84863F9651C8BDCE5BECD35503929482799FBE253C7AAD3A94966713B2CA71C4CCFBB1E67F2ECC30634955284EBC81FD983C238
Malicious:	false
Reputation:	unknown
URL:	https://ortelia.com/ortelia-11-2016/wp-content/themes/Divi/core/admin/fonts/modules.ttf
Preview:	...........0OS/2...........`cmap..........dgasp............glyf4.v.......[.head.....],...6hhea.A....]d...$hmtxa.c...]....hloca...R..c....6maxp......g(... name.X....gH....post......h.... ...........................3...................................@.........@...@............... .................................H.............~...&........... .............. b.l..........................................79..................79..................79.......I.@...>.#..%265...2764/...'&"....0"1.....2?..... ...........................@...s...............................I.B...@.#..."...'&".....021....27>.?.64'&"...4&. ............................@...........................s........................0.1..2764/.!2654&#!764'&"..0.1......18.1..............s...............................................................(.....3!.....2?.>.7>.58.9.4&'../.&".....!"......s.................................................................I.w.@.*.....326=...2764'.32654&#!".....0"10.1......1.............v.....

Chrome Cache Entry: 171

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	56115
Entropy (8bit):	5.347323537885137
Encrypted:	false
SSDEEP:
MD5:	3C89B4E5563F4BA0410A1D7D4F3AD23E
SHA1:	6455000459BF2AD68625B8B554A652CC84145261
SHA-256:	B17609553B24140FC01409B78FA834FE878DE6410FE9E8996B0A5F6A984DDD6D
SHA-512:	F85D5BA57633E85A9A3DC826A33DE76FF22725DE7398FC0049E1395CD46603F0B1F2E1BB47422BCF0D2D71FC2BA497322CFC40EF5101A3FF25E89757E4F6CA56
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Open+Sans%3A300%2C300italic%2Cregular%2Citalic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic&ver=5.3.17
Preview:	/* cyrillic-ext /.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtE6F15M.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./ cyrillic /.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWvU6F15M.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./ greek-ext /.@font-face {. font-family: 'Open Sans';. font-style: italic;. font-weight: 300;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWtU6F15M.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./ greek */.@font-face {. font-family: 'Open Sans';. font-style

Static File Info

⊘No static file info

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://ortelia.com/download-ortelia-curator/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Yara Signatures

Dropped Files

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\Unconfirmed 544668.crdownload

C:\Users\user\Downloads\a6bd36ad-1228-4702-930c-3c452afcbcf5.tmp

Chrome Cache Entry: 107

Chrome Cache Entry: 108

Chrome Cache Entry: 109

Chrome Cache Entry: 110

Chrome Cache Entry: 111

Chrome Cache Entry: 112

Chrome Cache Entry: 113

Chrome Cache Entry: 114

Chrome Cache Entry: 116

Chrome Cache Entry: 117

Chrome Cache Entry: 118

Chrome Cache Entry: 119

Chrome Cache Entry: 120

Chrome Cache Entry: 122

Chrome Cache Entry: 123

Chrome Cache Entry: 124

Chrome Cache Entry: 125

Chrome Cache Entry: 126

Chrome Cache Entry: 127

Chrome Cache Entry: 128

Chrome Cache Entry: 129

Chrome Cache Entry: 131

Chrome Cache Entry: 132

Chrome Cache Entry: 133

Chrome Cache Entry: 134

Chrome Cache Entry: 135

Chrome Cache Entry: 136

Windows Analysis Report
https://ortelia.com/download-ortelia-curator/