Windows
Analysis Report
https://tax.thomson-reuterfiles.com/
Overview
Detection
Score: | 52 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w11x64_office
chrome.exe (PID: 728 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --s tart-maxim ized "abou t:blank" MD5: DBE43C1D0092437B88CFF7BD9ABC336C) chrome.exe (PID: 3288 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --no-pre-r ead-main-d ll --field -trial-han dle=1860,i ,152835219 7566565164 7,56628589 9295852714 2,262144 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion --var iations-se ed-version =20250316- 180048.776 000 --mojo -platform- channel-ha ndle=2232 /prefetch: 11 MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
chrome.exe (PID: 6520 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" "htt ps://tax.t homson-reu terfiles.c om/" MD5: DBE43C1D0092437B88CFF7BD9ABC336C)
rundll32.exe (PID: 6676 cmdline:
C:\Windows \System32\ rundll32.e xe C:\Wind ows\System 32\shell32 .dll,SHCre ateLocalSe rverRunDll {9aa46009 -3ce0-458a -a354-7156 10a075e6} -Embedding MD5: C87FA6FC1D294962EABE44509FE1921C)
- cleanup
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-03-24T23:26:56.613384+0100 | 2056643 | 2 | Possible Social Engineering Attempted | 192.168.2.24 | 60871 | 194.163.44.11 | 443 | TCP |
- • Phishing
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Persistence and Installation Behavior
- • Hooking and other Techniques for Hiding and Protection
Click to jump to signature section
Phishing |
---|
Source: | Joe Sandbox AI: |
Source: | Joe Sandbox AI: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTP Parser: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Memory has grown: |
Source: | Suricata IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: |
Source: | File deleted: |
Source: | Classification label: |
Source: | File created: |
Source: | Key opened: |
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 2 Browser Extensions | 1 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Information Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 Extra Window Memory Injection | 1 Rundll32 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | 4 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Process Injection | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 5 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Obfuscated Files or Information | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 3 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Extra Window Memory Injection | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.251.40.142 | true | false | high | |
d22lao95g8jow9.cloudfront.net | 18.238.55.96 | true | false | unknown | |
tax.thomson-reuterfiles.com | 185.241.61.45 | true | false | high | |
www.google.com | 142.251.32.100 | true | false | high | |
down.tradingviewdownload.top | 194.163.44.11 | true | true | unknown | |
app-data.gcs.trstatic.net | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true | unknown | ||
true |
| unknown | |
true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
64.233.180.84 | unknown | United States | 15169 | GOOGLEUS | false | |
1.1.1.1 | unknown | Australia | 13335 | CLOUDFLARENETUS | false | |
185.241.61.45 | tax.thomson-reuterfiles.com | unknown | 204476 | ULX-UKGB | false | |
142.250.80.110 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.176.202 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.40.227 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.32.99 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.40.131 | unknown | United States | 15169 | GOOGLEUS | false | |
8.8.8.8 | unknown | United States | 15169 | GOOGLEUS | false | |
142.250.65.238 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.32.110 | unknown | United States | 15169 | GOOGLEUS | false | |
142.251.32.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
18.238.55.96 | d22lao95g8jow9.cloudfront.net | United States | 16509 | AMAZON-02US | false | |
194.163.44.11 | down.tradingviewdownload.top | Germany | 6659 | NEXINTO-DE | true | |
142.251.35.163 | unknown | United States | 15169 | GOOGLEUS | false |
IP |
---|
192.168.2.24 |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1647531 |
Start date and time: | 2025-03-24 23:25:33 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsinteractivecookbook.jbs |
Sample URL: | https://tax.thomson-reuterfiles.com/ |
Analysis system description: | Windows 11 23H2 with Office Professional Plus 2021, Chrome 131, Firefox 133, Adobe Reader DC 24, Java 8 Update 431, 7zip 24.09 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | stream |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal52.phis.win@30/19@23/150 |
- Exclude process from analysis
(whitelisted): dllhost.exe - Excluded IPs from analysis (wh
itelisted): 104.18.38.233, 172 .64.149.23 - Excluded domains from analysis
(whitelisted): crt.comodoca.c om.cdn.cloudflare.net, crt.com odoca.com - Not all processes where analyz
ed, report is missing behavior information - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data. - VT rate limit hit for: https:
//tax.thomson-reuterfiles.com/
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1536 |
Entropy (8bit): | 1.2751541137543159 |
Encrypted: | false |
SSDEEP: | |
MD5: | 144FB7197B41C3CCC5DD71646E029F3A |
SHA1: | AD3401ACD1E8155B59D82024D2FA5C51368343BC |
SHA-256: | B1206A178E400750828BFEA3ABB6850E662C1B7310AE61488AAA41D07E757652 |
SHA-512: | 3DF2E7D138C633F2EF28B0752631B05CA992667772A70CCFBFE8D4566D18E437B9457DC4E3AD198FF15AB429CAFC416B39EF2C4BEB9C4347DD8FDB9EB6233F23 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 0 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | |
MD5: | BA222AD5AFF9A6C4C854D89F59C84D52 |
SHA1: | FB4B3461554849B79E60C5A227E9B652E15E5F9E |
SHA-256: | 2A79CE303DF4FDECE161FF1E7A5D56FF613FD4521B1F6A0914BA6A7A8394981E |
SHA-512: | 84FDCFFD865C69F36DFF8C27ACB5A696CC67E419EFDDA04D3C9B307E59B3B27F302799E26D03B7095578F617C5AAB3F43501256B95808FFDDBBD5274358DC0FF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 83360 |
Entropy (8bit): | 6.51284712717126 |
Encrypted: | false |
SSDEEP: | |
MD5: | BA222AD5AFF9A6C4C854D89F59C84D52 |
SHA1: | FB4B3461554849B79E60C5A227E9B652E15E5F9E |
SHA-256: | 2A79CE303DF4FDECE161FF1E7A5D56FF613FD4521B1F6A0914BA6A7A8394981E |
SHA-512: | 84FDCFFD865C69F36DFF8C27ACB5A696CC67E419EFDDA04D3C9B307E59B3B27F302799E26D03B7095578F617C5AAB3F43501256B95808FFDDBBD5274358DC0FF |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 7751 |
Entropy (8bit): | 6.230964105718949 |
Encrypted: | false |
SSDEEP: | |
MD5: | 71051E702EF1925286D950CF7A3F00D4 |
SHA1: | 458F9323F7315F822011501A6E4CE1E22B1B7B76 |
SHA-256: | 7187E4503153448CF8503892E70ED1359E7EED72A040BB4457102A6E577A7DC3 |
SHA-512: | C7F013F97D8091D4E737D3ACD773DA68CC5CFBD2DF50D245B3D3E8A71DE1A434D52000FCC80BD6BA66A68C9D677F6F541FBAF525361FA9AA52B900A1898AD5C3 |
Malicious: | false |
Reputation: | unknown |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 60925 |
Entropy (8bit): | 5.221090580255161 |
Encrypted: | false |
SSDEEP: | |
MD5: | 28F2F56C3974CCB9FFA2913CF382BFC0 |
SHA1: | 7CDB9B252F4DA482716EE433F4D779661F77042A |
SHA-256: | 351B7DF005DB3E41B0C212E6ECFFAC299DD0F2E911D81AEA685D3B02B2F95E63 |
SHA-512: | 5877813AA9B0BB1CD40EC8C30FFEF87D9D40BD2D260818DB025B1456DE0F0DA2C17BFD3DAD3D6E531587F05188A9D5BC92F5BEB89F5742B11EFB49436B5864EE |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/index-899e26e961b4ef93.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 28740 |
Entropy (8bit): | 7.992640337554668 |
Encrypted: | true |
SSDEEP: | |
MD5: | 30164609C16364DE36B51BAF83BDEC4E |
SHA1: | FE93B8F82DC099CCA5E441FDEAF30FEA53202FB1 |
SHA-256: | 7A19A7027E125257D310C6DBD78AE3A30B5EA1E3794D60B12BB28227A003BFDA |
SHA-512: | A2F1B37730D209BC6E638E98BFF78EC294BE964A2B95308207EA84521409803523E11C62337A38CDB331A5E4FB58CB0171F139574C50B38414A5CD26325EE4EB |
Malicious: | false |
Reputation: | unknown |
URL: | https://fonts.gstatic.com/s/sourcesans3/v18/nwpStKy2OAdR1K-IwhWudF-R3w8aZQ.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 315 |
Entropy (8bit): | 5.0572271090563765 |
Encrypted: | false |
SSDEEP: | |
MD5: | A34AC19F4AFAE63ADC5D2F7BC970C07F |
SHA1: | A82190FC530C265AA40A045C21770D967F4767B8 |
SHA-256: | D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3 |
SHA-512: | 42E53D96E5961E95B7A984D9C9778A1D3BD8EE0C87B8B3B515FA31F67C2D073C8565AFC2F4B962C43668C4EFA1E478DA9BB0ECFFA79479C7E880731BC4C55765 |
Malicious: | false |
Reputation: | unknown |
URL: | https://down.tradingviewdownload.top/files/images/Logo.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 117898 |
Entropy (8bit): | 5.374105106842063 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4E1FA4B25BB3E13122ADB6FC89B692A9 |
SHA1: | 62A57CC9D9D92E27254C8FCA63A7C217741FE0DC |
SHA-256: | BD3F95C00C05EFA6CD717A4B287146FF3148D9637EFAAFB7F697EA8EBB162017 |
SHA-512: | 40145E4843102AAF203EC6F9CCADA0D846A4CECAED2AFFF92C93FD6D070B83BF2E526F0038452A732A4AF1E9A37E694F1CA78695308014CE071F43AEB5D9C3C4 |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/chunks/main-49b0a41ec78c7394.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 77 |
Entropy (8bit): | 4.37144473219773 |
Encrypted: | false |
SSDEEP: | |
MD5: | B6652DF95DB52FEB4DAF4ECA35380933 |
SHA1: | 65451D110137761B318C82D9071C042DB80C4036 |
SHA-256: | 6F5B4AA00D2F8D6AED9935B471806BF7ACEF464D0C1D390260E5FE27F800C67E |
SHA-512: | 3390C5663EF9081885DF8CDBC719F6C2F1597A4E25168529598097E9472608A4A62EC7F7E0BC400D22AAC81BF6EA926532886E4DC6E4E272D3B588490A090473 |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_ssgManifest.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3472 |
Entropy (8bit): | 5.1522869804082845 |
Encrypted: | false |
SSDEEP: | |
MD5: | F309517DC333784216BE4FF5DEA5045C |
SHA1: | F2434DC4F60F3B892C062B84E463BFD2BF3B5679 |
SHA-256: | FC06A24B94DBA08EF5DADAE7F769BBD17DC2ED115AD8614EBECDD86EF4E8BF87 |
SHA-512: | FBBF64844F63F035A075C8B173708B9F2BF21E35C92EAD9ED9F6EAE359851ECA38BE90B0A311D81AF185A9E6200D77B3D60E54AB2AF68A6053D9ABACD2782136 |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/ |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 1966 |
Entropy (8bit): | 5.172480733240752 |
Encrypted: | false |
SSDEEP: | |
MD5: | 424CAF40614A148FC5159DE89A28E904 |
SHA1: | 86EA812BFBB08497B8102D8D65D949B5FBA4E742 |
SHA-256: | 8548F0E5D0AD9F008612807170927D4E3126C46496C184C05F0FB1CE4B728003 |
SHA-512: | EA9CA9A7CE2961671FA958C06D2234766DEA994DFF0B0980215867DCCA66886F19AD4095BB734230241C706BDD42667DFE02573F415B48D9E437BF8CDD014A02 |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/chunks/webpack-2555a4296ab7a1b2.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 470 |
Entropy (8bit): | 5.434697340185277 |
Encrypted: | false |
SSDEEP: | |
MD5: | B46E5B6908337511AFAC3760D2E1E518 |
SHA1: | D947F28C2EB370CA33E2182E36D7D7BCCBF31AD8 |
SHA-256: | B06E69FA3D38C5D4428B915BA50061C4CDBDA9766870CE3BF3525226C43EABB2 |
SHA-512: | 2127A842815B996FF922418DDBD343FCA05DB0E56871938EA55456DDA7A91F412DBD9097389071CA9D0C1EB4744400ABACE931A706997D18FC0A375B26521F2A |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/dhg8d-lD2_-X_5yKOp3qE/_buildManifest.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 3627 |
Entropy (8bit): | 5.366412655772073 |
Encrypted: | false |
SSDEEP: | |
MD5: | 75FA40EDDBA53306AD2E634AD1BD5E5D |
SHA1: | F764E73DC771AB69130FAD742B93E45A5B0D368F |
SHA-256: | CC67D35B4F8D98C17C105961CC2F26D8C98457922DF87EE3FB8C08B165BBF097 |
SHA-512: | 00B2EE38A0DB465890A9B40DCAC8EF122774E32F47A8142D167A35A22FDF9E1FEDEEAF60C6415462A997D033DCD8DCB7818800E360CA1A41CD0A976B7C14F7CB |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/chunks/849-a4a13dffe91c49e7.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 5118 |
Entropy (8bit): | 5.42635093571842 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8283D5A5DEE609F59A5E2D8178FAC306 |
SHA1: | 33C121F2C64F6BE3535693EEDB43E39C44812FCC |
SHA-256: | EFE2A4309C2E2CF8B24023D7DDD9F65C50F7B2E187CB28C1BD68AC8FD1D88BC6 |
SHA-512: | 7757CC826335058EB94B682C740ADDABC0424E9A7490833387A8E107CE3DE08F8A7254C05DF6D82A50C4353DC2BE09CA3C34A1704E41B427CF642398E0E43AA0 |
Malicious: | false |
Reputation: | unknown |
URL: | "https://fonts.googleapis.com/css2?family=Source+Sans+3:ital,wght@0,200..900;1,200..900&display=swap" |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 141047 |
Entropy (8bit): | 5.3354666088633245 |
Encrypted: | false |
SSDEEP: | |
MD5: | 71351D23ECDBFB39CB548F7CB628ECF9 |
SHA1: | 12811C1FC35D5864974BC4B98A641C037B56B9FC |
SHA-256: | 1CD1CCA3AEBCDD10C33D713A95479909354DDBC5D5AD9761466AC27EA528895D |
SHA-512: | 7016A1D5DA3B69C5002CB7079CEC48D4A7AB41A3C9DC2EA29D1EA3F236B7DAD83F4380AFFC75C2772D157327F94F6A0F41723B85F5031FF6EB732AD052B279B7 |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/chunks/framework-0c7baedefba6b077.js |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 16 |
Entropy (8bit): | 3.875 |
Encrypted: | false |
SSDEEP: | |
MD5: | 46DF3E5E2D15256CA16616EBFDA5427F |
SHA1: | BE8F9B307E458075DA0D43585A05F1D451469182 |
SHA-256: | AF3248D0B278571EFF9A22F8ED1CEB54B70D202B44FD70ECA4CA13A5771CECC3 |
SHA-512: | 88FBCC0A92317A0BADE7D4B72C023A16792F3728443075BF4B1767C8A55258836B54D56B24EABE36AE4EF240F796B58B8F1EA10C7E3C146BDE89882FC9ADE302 |
Malicious: | false |
Reputation: | unknown |
URL: | https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC44ORIZCYl_7RMjcnElEgUNkWGVTiHxs0hN1qpbJw==?alt=proto |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 135160 |
Entropy (8bit): | 7.959503731592724 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8626685AEF425B8F971E7FDB64FACF98 |
SHA1: | 2F4042AFD5312BCE15757730870ED4ED7ED86F31 |
SHA-256: | 0467919FBAE3F5AB1B3109BBC941916142A7C68FE16823795F6CB13BC7E936A5 |
SHA-512: | E565B4F94019C358610645EC826844A1498F03AD2A86BA962C26847BCCC3A0E1490F21F7ECE24E19E7E26DF4FE64A2E0AFDCE3121E7548080545D61B1E1F7031 |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/media/search-background-desktop.a9bd8cdc.png |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 30040 |
Entropy (8bit): | 5.166885302002284 |
Encrypted: | false |
SSDEEP: | |
MD5: | 31DE4512A833E5551978867D98FF011C |
SHA1: | CD7032688634A063ED7AF8B36400C61D575742EB |
SHA-256: | B2EDCCC182DDAC5009DB3D04D352201D7833006B9EAE33F5E8ECAFB6FC976FDB |
SHA-512: | 7614EC6B5C309E62ED66AB621142E6A8566D8D3B8C8298E5C4E05CD41A272A9715E3E06631CD5047112B85F99F01646902365C3A70EA16202766A72B4BE69AC7 |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/css/6c5712a607796dcd.css |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 39304 |
Entropy (8bit): | 7.994120188451945 |
Encrypted: | true |
SSDEEP: | |
MD5: | 20DCA63D8EE3254B712C7171AE987713 |
SHA1: | BFF49469BB0DC3989D8DD4726A85D060396B100F |
SHA-256: | CCAEE6F0BB7DCF2A0EE729096CFBA2CF24EA535E068F6CBFB827F79733F8181D |
SHA-512: | F1678F40E5DC86ACE717DCB33196D31BF2951C36E266419E61580313BEFBC44C049CFC86267A5156C20B561B3ED213807D44A96B8F57EB22E04BD2133CD7AE98 |
Malicious: | false |
Reputation: | unknown |
URL: | https://app-data.gcs.trstatic.net/wel-trdotcom/fonts/all-characters/knowledge2017-medium-webfont.woff2 |
Preview: |
Process: | C:\Program Files\Google\Chrome\Application\chrome.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 202199 |
Entropy (8bit): | 5.911594171548854 |
Encrypted: | false |
SSDEEP: | |
MD5: | 4CBBD1EB0EC89177917AD99F6C68F535 |
SHA1: | DD9DF4DFDC929A5193122BBD1C9342CDF59F4FC5 |
SHA-256: | BA7D803F2960371F9C72EAC0F1D2C9F2C874216C29470746545A6DB212BFD3CA |
SHA-512: | 954EDBDEC7AD7AFA4F89E29C64C803C17F0D1F80122F15BC7B61574A908B0F4ADBD4C2FF8D871C5C8D371CDA5E0E2EDAB6BDA583ED0EC03717BAC476392B243F |
Malicious: | false |
Reputation: | unknown |
URL: | https://tax.thomson-reuterfiles.com/_next/static/chunks/pages/_app-1e66c022522ffc96.js |
Preview: |