Windows Analysis Report
http://portal.acsexpress.ca

Overview

General Information

Sample URL:	http://portal.acsexpress.ca
Analysis ID:	1428817
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

HTML body contains low number of good links

HTML title does not match URL

Invalid 'forgot password' link found

Stores files to the Windows start menu directory

Classification

Signatures

HTML body contains low number of good links

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: Title: CCWeb 4 does not match URL

Invalid 'forgot password' link found

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: Invalid link: Having trouble logging in?

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: <input type="password" .../> found

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: No favicon

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: No <meta name="author".. found

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49761 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /CCweb4/login/index HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/bootstrap.min.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/bootstrap-datetimepicker.min.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/bootstrap-float-label.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/Site.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/themes/base/jquery-ui.min.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/themes/base/dialog.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /bootstrap-toggle/2.2.0/css/bootstrap-toggle.min.css HTTP/1.1Host: gitcdn.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap-toggle/2.2.0/js/bootstrap-toggle.min.js HTTP/1.1Host: gitcdn.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jszip/3.1.5/jszip.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/babel-polyfill/7.10.1/polyfill.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/exceljs/3.8.0/exceljs.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/themes/base/tooltip.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/themes/base/autocomplete.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/icheck-bootstrap.min.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/navigation-style/AdminLTE.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/navigation-style/_all-skins.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/DXR.axd?r=0_4860,1_50,1_53,1_51,0_4864,1_40,1_17,0_4732,1_16,0_4736,0_4739,0_4743,1_18,1_4,24_359,24_364,24_360,1_20,9_12,9_15,0_4903,9_1,0_4907,9_4,1_11-LI_kr HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/DXR.axd?r=1_228,1_226,1_227,1_225,1_304,1_211,1_185,1_221,1_188,1_182,1_280,1_293,1_271,1_287,1_290,1_184,17_42,17_3,1_286,1_189,17_8,1_298,1_193,17_10,1_288,1_195,1_194,17_11,1_209,1_217,1_296,1_279,1_302,1_254,1_235,1_247,1_303,1_222,17_12,1_297,17_41,1_190,1_223,1_291,1_289,1_196,1_256,1_263,1_262,1_255,1_252,1_259,1_253,1_261,1_258,1_257,1_248,1_244,1_242,1_251,1_250,1_249,1_246,1_245,1_260,1_241,1_238,1_239,1_240,1_243,17_15,17_17,1_272,1_273,17_19,1_274,1_275,17_20,17_21,1_224,17_14,1_277,17_24,17_28,1_281,17_25,1_294,17_27,1_292,1_295,17_32,1_299,17_36,17_40,1_198,17_1,1_208,1_236,17_16,1_213,1_197,17_0,1_199,17_2,1_200,17_4,1_201,1_202,1_203,1_205,1_219,1_206,17_7,1_212,17_23,1_207,17_9,1_276,1_215,1_216,17_22,1_214,1_218,17_38,1_220,1_229,24_401,24_400,24_402,24_403,24_406,24_407,24_408,24_404,24_405,1_230,24_379,24_380,9_45,9_36,24_388,24_398,9_38,9_37,17_30,9_46,17_44,9_42,9_39,9_31,17_29,9_41,9_32,9_44,9_43,9_40-LI_kr&p=d7a99294 HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/jquery-ui-1.12.1.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/bootstrap.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/moment.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/bootstrap-datetimepicker.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/jspdf.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/aspnet/dx.aspnet.mvc.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/aspnet/dx.aspnet.data.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/navigation-script/adminlte.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/logo.png HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/cc-logo-white-sm.png HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/cc-logo-white-sm.png HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/logo.png HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/login-background-2.jpg HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCWeb4/Content/Site.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/login-background-2.jpg HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCweb4/login/index HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCweb4/login/index HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkbVmH8hToHn6HA&MD=HBWOSauf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkbVmH8hToHn6HA&MD=HBWOSauf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: portal.acsexpress.ca

Source: chromecache_103.1.dr	String found in binary or memory: http://api.jqueryui.com/autocomplete/#theming
Source: chromecache_87.1.dr	String found in binary or memory: http://api.jqueryui.com/dialog/#theming
Source: chromecache_101.1.dr	String found in binary or memory: http://api.jqueryui.com/tooltip/#theming
Source: chromecache_86.1.dr	String found in binary or memory: http://bootswatch.com
Source: chromecache_88.1.dr	String found in binary or memory: http://cldr.unicode.org/index/bcp47-extension
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: http://fonts.googleapis.com/css?family=Lato:400
Source: chromecache_121.1.dr, chromecache_86.1.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_88.1.dr	String found in binary or memory: http://git.io/TrdQbw
Source: chromecache_88.1.dr	String found in binary or memory: http://git.io/h4lmVg
Source: chromecache_88.1.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_88.1.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_122.1.dr	String found in binary or memory: http://jquery.com/)
Source: chromecache_122.1.dr	String found in binary or memory: http://jquery.com/).
Source: chromecache_87.1.dr, chromecache_101.1.dr, chromecache_103.1.dr, chromecache_88.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_87.1.dr, chromecache_107.1.dr, chromecache_101.1.dr, chromecache_103.1.dr, chromecache_88.1.dr, chromecache_95.1.dr, chromecache_91.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_107.1.dr	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=no
Source: chromecache_91.1.dr	String found in binary or memory: http://js.devexpress.com/themebuilder/
Source: chromecache_88.1.dr	String found in binary or memory: http://jsperf.com/my-stringify
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
Source: chromecache_102.1.dr, chromecache_90.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_88.1.dr	String found in binary or memory: http://pegjs.majda.cz/
Source: chromecache_89.1.dr	String found in binary or memory: http://stackoverflow.com/questions/181348/instantiating-a-javascript-object-by-calling-prototype-con
Source: chromecache_89.1.dr	String found in binary or memory: http://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript
Source: chromecache_113.1.dr	String found in binary or memory: http://stuartk.com/jszip
Source: chromecache_88.1.dr	String found in binary or memory: http://unicode.org/cldr/trac/ticket/6786
Source: chromecache_88.1.dr	String found in binary or memory: http://unicode.org/cldr/trac/ticket/6790
Source: chromecache_117.1.dr, chromecache_124.1.dr	String found in binary or memory: http://www.bootstraptoggle.com
Source: chromecache_88.1.dr	String found in binary or memory: http://www.devexpress.com/Support/Center/p/K18487.aspx.
Source: chromecache_88.1.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Field_Definitions
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Language_and_Locale_IDs
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Likely_Subtags
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Unicode_language_identifier
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Unicode_locale_identifier
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#u_Extension
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-dates.html#Date_Format_Patterns
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-dates.html#Time_Data
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-dates.html#Week_Data
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-dates.html#months_days_quarters_eras
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-numbers.html
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-numbers.html#Currencies
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-numbers.html#otherNumberingSystems
Source: chromecache_90.1.dr	String found in binary or memory: https://adminlte.io
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.10.1/polyfill.min.js
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/exceljs/3.8.0/exceljs.min.js
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jszip/3.1.5/jszip.min.js
Source: chromecache_88.1.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions?redirectlocale=en-
Source: chromecache_88.1.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/round
Source: chromecache_98.1.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_98.1.dr	String found in binary or memory: https://fontawesome.com/license
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato:300
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Titillium
Source: chromecache_126.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwaPGR_p.woff2)
Source: chromecache_126.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_110.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdM3mDbRS.woff2)
Source: chromecache_110.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2)
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://gitcdn.github.io/bootstrap-toggle/2.2.0/css/bootstrap-toggle.min.css
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://gitcdn.github.io/bootstrap-toggle/2.2.0/js/bootstrap-toggle.min.js
Source: chromecache_115.1.dr	String found in binary or memory: https://github.com/DevExpress/DevExtreme.AspNet.Data
Source: chromecache_122.1.dr	String found in binary or memory: https://github.com/Eonasdan/bootstrap-datetimepicker
Source: chromecache_108.1.dr	String found in binary or memory: https://github.com/Eonasdan/bootstrap-datetimepicker/
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/Flamenco
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/Gavvers
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/MrRio/jsPDF
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/acspike
Source: chromecache_99.1.dr	String found in binary or memory: https://github.com/bantikyan/icheck-bootstrap)
Source: chromecache_99.1.dr	String found in binary or memory: https://github.com/bantikyan/icheck-bootstrap/blob/master/LICENSE)
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/chris-rock
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/diegocr
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/dollaruw
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/dordille/moment-isoduration/blob/master/moment.isoduration.js
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/fjenett
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/jmorel
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/juanpgaviria
Source: chromecache_88.1.dr	String found in binary or memory: https://github.com/jzaefferer/jquery-validation
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/lifof
Source: chromecache_90.1.dr	String found in binary or memory: https://github.com/lipis/bootstrap-social
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/lsdriscoll
Source: chromecache_88.1.dr	String found in binary or memory: https://github.com/mathiasbynens/regenerate
Source: chromecache_88.1.dr	String found in binary or memory: https://github.com/mathiasbynens/unicode-7.0.0
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/moment/moment/issues/1423
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/moment/moment/issues/2166
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/moment/moment/issues/2978
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/moment/moment/pull/1871
Source: chromecache_113.1.dr	String found in binary or memory: https://github.com/nodeca/pako/blob/master/LICENSE
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/pablohess
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/stefslon
Source: chromecache_86.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/warrenweckesser
Source: chromecache_88.1.dr, chromecache_91.1.dr	String found in binary or memory: https://js.devexpress.com/Licensing/
Source: chromecache_89.1.dr	String found in binary or memory: https://nodejs.org/dist/latest/docs/api/util.html#util_custom_inspect_function_on_objects
Source: chromecache_113.1.dr	String found in binary or memory: https://raw.github.com/Stuk/jszip/master/LICENSE.markdown.
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://use.fontawesome.com/releases/v5.0.9/css/all.css
Source: chromecache_102.1.dr	String found in binary or memory: https://www.almsaeedstudio.com
Source: chromecache_104.1.dr	String found in binary or memory: https://www.devexpress.com/Support/EULAs/DevExtreme.xml
Source: chromecache_88.1.dr, chromecache_91.1.dr	String found in binary or memory: https://www.devexpress.com/Support/EULAs/NetComponents.xml
Source: chromecache_88.1.dr	String found in binary or memory: https://www.devexpress.com/kbid=

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49761 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@15/84@14/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://portal.acsexpress.ca/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1936,i,8295493026085998376,4714871982554601653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1936,i,8295493026085998376,4714871982554601653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
185.199.111.153	gitcdn.github.io	Netherlands	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
74.125.136.147	www.google.com	United States	15169	GOOGLEUS	false
216.128.182.16	portal.acsexpress.ca	United States	20473	AS-CHOOPAUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
portal.acsexpress.ca	216.128.182.16	true
cdnjs.cloudflare.com	104.17.24.14	true
www.google.com	74.125.136.147	true
gitcdn.github.io	185.199.111.153	true
use.fontawesome.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.10.1/polyfill.min.js	false	high
https://cdnjs.cloudflare.com/ajax/libs/jszip/3.1.5/jszip.min.js	false	high
https://gitcdn.github.io/bootstrap-toggle/2.2.0/css/bootstrap-toggle.min.css	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js	false	high
https://cdnjs.cloudflare.com/ajax/libs/exceljs/3.8.0/exceljs.min.js	false	high
https://gitcdn.github.io/bootstrap-toggle/2.2.0/js/bootstrap-toggle.min.js	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6EDA8EFA94B1ED540CB444655AC72140	1A4B043ADABA37DB44639BAEC4BC7215D6A392B4	8343A2B7D24340EA14E0D7CEBFF936107724CDA0348C7C878606E985C6DFBE2C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	756A46A9CE4A375B2A1795C8EB7A4F74	B141BC9F480B163F6B772BC9238AC6BCD465E073	C076BAC38A0E7AFB1E92C852C2B29AA55833D082D4E1EA43276A0002A1A2D56E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	EFD48571D3A2E38F1B76CFC4A7EF4A3C	1C1A5D54DB175B060B16CBBB5762C22BCF11B17C	BBC09C52D2F0E9473623ABD7B68EEEDCBA56345C701B5B2B8A49A6F92C43E1CD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	81BD233DEACF5E50B277192AD8330883	F02435BD9D2B4CE245BA88148AC8C49E7F41A5C4	5E08AE154339D20BB2CAC303C7AF60DE65739D688210BD6CC1361AE7B40813AB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	ADB9906DAC21388AC1F4CA1F3D922899	1E61F4E798F6B2668BE7066034DED61E8CDD7A69	863EE7C79BA396A3F4623CE50D7BDE8ABA849AA673E339813EF05B173BC619B6
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E7B56A59F1A2F15C5392F33A275D502F	0B3687EBCD0D6704580D27B3C1E6CB358C1E1D19	AB49D0A9420BB0C766768FC7378416BD69993AEBFF28D9974D16793CA0D9B7BA
Chrome Cache Entry: 100	ASCII text, with very long lines (65509)	B3F8A6FC420104698919807D5C9C2FA6	B7E05421B76353311769F92F11758793D004E0EE	16735BF821F96708DB5AF241CCDFB4A6175D7CA3C1804C4B71718131186E61CF
Chrome Cache Entry: 101	ASCII text, with CRLF line terminators	4A0F9BF8342A4DBA5532B96E6C02011B	408C9D1DF84F0F3A152AEB749E12081E3D6FB8C9	BAD09CB038BAC74BDD2400309FCE6D56A50370BBA742D9D264F47616D0FBF1D1
Chrome Cache Entry: 102	ASCII text, with very long lines (14099)	4911659DEFC6111C28A478081B0D8932	C56D79AF3A4575853DDEC533EE911135C31E9A4F	43F6A2CE130353E9B629000939F7982C232B925B4A91A364BDD1ABD9B73103BE
Chrome Cache Entry: 103	ASCII text, with CRLF line terminators	77E5BD06CE0E7EF49AE14C9EE41BD9F7	B759678E833704DA69DB5F16903A176B34332274	E172D7435D78E822A54E9841CF97EE2147CA2BCCC6145B1A0ABF7D25897FC8E8
Chrome Cache Entry: 104	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	DB671469EFCDB1A054B074FF0BFB7063	0DF40BD5A41797806A0F3A245DF6DC104F90EA78	908AD24C507EA46F82624B747AF2FADFD56B7C4B43FAC168406E8D7CCA5579F8
Chrome Cache Entry: 105	PNG image data, 320 x 142, 8-bit/color RGB, non-interlaced	17CA7F0C9C3DF7F0078515E8BAE2FFC2	F027804E3C686B134EF67703BED7D869701505C5	B4586455CE70FDD22153DA28F1FF961F84FBAE261E07D9CCBD9B701DF68F5E81
Chrome Cache Entry: 106	HTML document, ASCII text, with very long lines (1037), with CRLF line terminators	B52E83724105212EB1D82DCFC60E9C37	CA722CA8B124C123EF73D7B694CAF2D9C2533133	66EF84B4CEC8CBB03ADE022F664DB16502A063E86A1EDA8E35733C2CDD08014D
Chrome Cache Entry: 107	ASCII text, with very long lines (29162)	3A8A3E360BDE80A41FCDDEF291382A53	B6260D6474B3043C130B922D1CABBF6094169AEA	7C717E77EA8C479623D97F1CAF75EE82A29346BFFE4ABFCB45659AD21082481F
Chrome Cache Entry: 108	ASCII text, with very long lines (7655)	7E0213575636854FF85D912ED2EC8457	F6FF3506FA1C4CC68AE1F89FD79BE32D2AE00004	FF7D7EFF114C91969E4FD49911C8EDF9F5C51091AFFF5074E222D61E61F030D3
Chrome Cache Entry: 109	PNG image data, 3083 x 2232, 8-bit/color RGBA, non-interlaced	CFC0DE11D775189729EDA9C017667778	1EF8D4D2359925A599D50F776CC3C165FD379C6D	B58E13A4505A52D54B837FF6DD95CC8CB8B7EA9F1BED40D8F765F86A29429EB6
Chrome Cache Entry: 110	ASCII text	F64EFCD79051F84943EEDF58A35D0452	8F65AAAF105790492335C3CC28D36F30AD85D373	45E07663A8C681E18260AA709E973877858F73AEDF602823AC1A7C5973700CDF
Chrome Cache Entry: 111	ASCII text, with very long lines (2706)	349C8ACA9D3D0518362D1982D08F1A0F	39230DC78E799B40FFEA09B3F1031DCAE953A226	C68874CBAA2FD1650B7D770B328680EA765FB3376023CC3608427FDE4F0D0481
Chrome Cache Entry: 112	Unicode text, UTF-8 text, with very long lines (371)	246EBE56383D228983C780AB1324ECAC	F98AB4162B7DCF09E5C5A7AEB0159C858BF47722	A21780ADAE31C55F97A069978549DB6B96CB9C5621C95AD514597CEFE4165714
Chrome Cache Entry: 113	data	6266A7868CC6D88B1B99BFA411CE5108	DD6C9829408677A15A9BBC821E5E2C86A4E8936B	3D9FCEBDD5F1116D6EDE7B930140928DDE25C9AA09DD4269BFF5F5D71D868B97
Chrome Cache Entry: 114	PNG image data, 3083 x 2232, 8-bit/color RGBA, non-interlaced	CFC0DE11D775189729EDA9C017667778	1EF8D4D2359925A599D50F776CC3C165FD379C6D	B58E13A4505A52D54B837FF6DD95CC8CB8B7EA9F1BED40D8F765F86A29429EB6
Chrome Cache Entry: 115	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	C628DFCAFF595E8ACD43F9212872B91B	E1DE8188B2F48D2B3A1F2CF0E062BD50C1A8B8A8	DB29D652D726E68015FEA57ACC3F6788E489B5BD7438D5ACE6E454D5EF1D5BA4
Chrome Cache Entry: 116	Web Open Font Format (Version 2), TrueType, length 23236, version 1.0	716309AAB2BCA045F9627F63AD79D0BF	38804233A29AAF975D557FE14E762C627BEF76E0	115F6A626CA115D4AD5581B59275327E0E860B30330A52B0F785561332DD2429
Chrome Cache Entry: 117	ASCII text	94DC143D099325003C266DF15D85334E	980A7B7C532FA58E8838317631EF72A56C296C36	AC3597E97AE646DB56C9505E3E19ABA479E767510F98CE96411425EA1D21EC9F
Chrome Cache Entry: 118	ASCII text, with no line terminators	78690A4E54357A34727E6A1CBB34790C	904A14242B7C4925C7A1AC0458C10C14C0523B6C	7EB31BB84F9828FF8F969E3851094FA251197449A40D2725B8BB77604AF772F6
Chrome Cache Entry: 119	HTML document, ASCII text, with very long lines (1037), with CRLF line terminators	B52E83724105212EB1D82DCFC60E9C37	CA722CA8B124C123EF73D7B694CAF2D9C2533133	66EF84B4CEC8CBB03ADE022F664DB16502A063E86A1EDA8E35733C2CDD08014D
Chrome Cache Entry: 120	ASCII text, with CRLF, LF line terminators	22A16E288535912E8F33A9EEF482CC14	56299A0A6E0530DAC36072414D49BED9390B8C9E	C7AB8BC9A3130F66F10C64D644162232E266D798CCC7674C07151991A9167218
Chrome Cache Entry: 121	ASCII text, with very long lines (32033)	5869C96CC8F19086AEE625D670D741F9	430A443D74830FE9BE26EFCA431F448C1B3740F9	53964478A7C634E8DAD34ECC303DD8048D00DCE4993906DE1BACF67F663486EF
Chrome Cache Entry: 122	ASCII text, with very long lines (6727)	05A5DA9C5D841FC6C2BAB4F51E91DB06	58679ADADD551C53E02C360794AA54C934F41F1E	8071189A495E950FF2854F5C3CE51B0ED90BC7F6F5AAC7FDBAD8B154E8EF9770
Chrome Cache Entry: 123	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	A02DF3C0BAB30BF92865D60B30135B53	5E64FDD9E2ABEE9FF0947165DFBABA245D04AAA3	4D9D398F5D40472B74AD49676F694D8ED2C29251B3DF106E3B4DF1B441AD4511
Chrome Cache Entry: 124	ASCII text, with very long lines (3690)	4F3A8E499DE27E992B7F0E0F92DE3491	1C63C7C95FEF5B586BBACAF3046D39FC35CF2FDB	799360060BAD2C8E3BACACE97D48E2FDD0FDB7A2D1B36808DD8A9729DA033A6A
Chrome Cache Entry: 125	assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	ACF88298FA52F269C41DCE57B08D2B2E	5EE9306C860579A7D6663DB4301AF3F8A177E715	E7822527519C9697DFD3CB24FCB63D88CB99177C6B9C4C6DD2B2B77D82240C5A
Chrome Cache Entry: 126	ASCII text	B3C5E74575A180FD7312866364363D87	E526C313DAFB4471B6F916AFA677F424AE20BEBD	411C8D500FDFDF7DEB280DDD1EC897A2762A58EE0F5760166F2A3BDC7212877C
Chrome Cache Entry: 86	ASCII text, with very long lines (65230)	E0EEA1C0A5875981D9D78D6CDED84353	0A9FECAD223E6206CDFCF2B05F59A12763DCC9AA	226B792D1DFE6FCB7032C0E748FB011AF95AEE29C4C16E7EA94EEB614F57441D
Chrome Cache Entry: 87	ASCII text, with CRLF line terminators	43B3CC6461E2B9E2286ED1B27896F622	B128EFFCBDBB53588D4A07926EA6F653479C2714	EB7EC9F094C87B9CF9A5D146E7F3970681BA28AFE9DA07B600DCA20C9E78CF1F
Chrome Cache Entry: 88	ASCII text, with very long lines (32038)	0CD87E5947621E3172169B967887AE2E	87833304B2EFC92EB89F603A3702EF0E9391BBD6	473632F288437F38085C6FB0AFF287EEFA1EF273735B9498D523A31B49F394BA
Chrome Cache Entry: 89	ASCII text, with very long lines (1799)	0A8C0ED69DE37D65B29E9E0DE39E1EAA	0EEEC1BC6E620CD1020BB1A7D5760ED45C969937	1A7ECC510A27A3C2D4C537D1034599CC9813B9AE7651D9B521FAE4E78DB5CE40
Chrome Cache Entry: 90	ASCII text, with CRLF, LF line terminators	B3C3FE596DA6B8EE65B4BED0394968C0	ABEA9826444581B3B4182AD4875A3B0A8BEDC341	9721BB5685F50CD3C5575BD85906BAFA9B16A468069CB604637C44836E1A3230
Chrome Cache Entry: 91	CSV text	02B25B5FD88B6F999327CACA41C9481D	69BA38061D6C3422214971EDD413C23948DD6457	46A30190F55792F83BEBC503155FD9B0BB870A326F12EE6E0D537B23099730B0
Chrome Cache Entry: 92	ASCII text	A836A503574CA8049144CE0F91323B1F	BEBB999E6080AC870FC8E8530BD3161F0292407E	94BD3BD035DD4F59E16DD14EE9D7F60A836A86D11C788F6CEB886C4B47893C78
Chrome Cache Entry: 93	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced	A02DF3C0BAB30BF92865D60B30135B53	5E64FDD9E2ABEE9FF0947165DFBABA245D04AAA3	4D9D398F5D40472B74AD49676F694D8ED2C29251B3DF106E3B4DF1B441AD4511
Chrome Cache Entry: 94	Unicode text, UTF-8 text, with very long lines (34729), with NEL line terminators	5090BAE2C114802440412E301BDF5174	3850AFD52816EE686ECCD881DF06764B426CD86A	D36E5D7328268D21C6941039A7B6A15C7ED7414F60DBEE72D2231D11AC9BDAF3
Chrome Cache Entry: 95	ASCII text, with very long lines (32073)	0A497D4661DF7B82FEEE14332CE0BDAF	F77D06B0C5DEDEF1F1DB051A44A2B0D7F233BA3A	55ACCFF7B642C2D7A402CBE03C1494C0F14A76BC03DEE9D47D219562B6A152A5
Chrome Cache Entry: 96	PNG image data, 320 x 142, 8-bit/color RGB, non-interlaced	17CA7F0C9C3DF7F0078515E8BAE2FFC2	F027804E3C686B134EF67703BED7D869701505C5	B4586455CE70FDD22153DA28F1FF961F84FBAE261E07D9CCBD9B701DF68F5E81
Chrome Cache Entry: 97	ASCII text, with CRLF line terminators	E134F16F3FBF6FDD0BC17CD728A47B2A	690C07E90773AF3F60CEC0B1ADF3971908777445	DC7C0DCFD275AA895B9153CFD36D88F72E7C7FF790E6D3438671102CD440133C
Chrome Cache Entry: 98	ASCII text, with very long lines (36809)	BEE5A66D62A031345FD944787F05F538	C7A5A4D3E4A69144794861B9119BB4DD1A106177	A3F65921AFD556D3E8917B214D5324C6D62849A9F0608C53556F3792A6CE9D36
Chrome Cache Entry: 99	ASCII text, with very long lines (24654), with CRLF line terminators	5209C8533727D02A5CE92F679E8E12E3	400D18F3BEAE0D5F6C01319CC66FF64BCADDF19F	D916FD3D9E5D626230B2DC46B008F6D1959315E377BAF81B77EB7DDFC02F0FD0

HTML body contains low number of good links

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: Title: CCWeb 4 does not match URL

Invalid 'forgot password' link found

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: Invalid link: Having trouble logging in?

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: <input type="password" .../> found

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: No favicon

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: No <meta name="author".. found

Source: https://portal.acsexpress.ca/CCweb4/login/index

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49761 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203

Source: global traffic	HTTP traffic detected: GET /CCweb4/login/index HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/bootstrap.min.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/bootstrap-datetimepicker.min.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/bootstrap-float-label.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/Site.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/themes/base/jquery-ui.min.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/themes/base/dialog.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /bootstrap-toggle/2.2.0/css/bootstrap-toggle.min.css HTTP/1.1Host: gitcdn.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap-toggle/2.2.0/js/bootstrap-toggle.min.js HTTP/1.1Host: gitcdn.github.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/jszip/3.1.5/jszip.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/babel-polyfill/7.10.1/polyfill.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/exceljs/3.8.0/exceljs.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/themes/base/tooltip.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/themes/base/autocomplete.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/icheck-bootstrap.min.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/navigation-style/AdminLTE.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/navigation-style/_all-skins.css HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/DXR.axd?r=0_4860,1_50,1_53,1_51,0_4864,1_40,1_17,0_4732,1_16,0_4736,0_4739,0_4743,1_18,1_4,24_359,24_364,24_360,1_20,9_12,9_15,0_4903,9_1,0_4907,9_4,1_11-LI_kr HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/DXR.axd?r=1_228,1_226,1_227,1_225,1_304,1_211,1_185,1_221,1_188,1_182,1_280,1_293,1_271,1_287,1_290,1_184,17_42,17_3,1_286,1_189,17_8,1_298,1_193,17_10,1_288,1_195,1_194,17_11,1_209,1_217,1_296,1_279,1_302,1_254,1_235,1_247,1_303,1_222,17_12,1_297,17_41,1_190,1_223,1_291,1_289,1_196,1_256,1_263,1_262,1_255,1_252,1_259,1_253,1_261,1_258,1_257,1_248,1_244,1_242,1_251,1_250,1_249,1_246,1_245,1_260,1_241,1_238,1_239,1_240,1_243,17_15,17_17,1_272,1_273,17_19,1_274,1_275,17_20,17_21,1_224,17_14,1_277,17_24,17_28,1_281,17_25,1_294,17_27,1_292,1_295,17_32,1_299,17_36,17_40,1_198,17_1,1_208,1_236,17_16,1_213,1_197,17_0,1_199,17_2,1_200,17_4,1_201,1_202,1_203,1_205,1_219,1_206,17_7,1_212,17_23,1_207,17_9,1_276,1_215,1_216,17_22,1_214,1_218,17_38,1_220,1_229,24_401,24_400,24_402,24_403,24_406,24_407,24_408,24_404,24_405,1_230,24_379,24_380,9_45,9_36,24_388,24_398,9_38,9_37,17_30,9_46,17_44,9_42,9_39,9_31,17_29,9_41,9_32,9_44,9_43,9_40-LI_kr&p=d7a99294 HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/jquery-ui-1.12.1.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/bootstrap.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/moment.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/bootstrap-datetimepicker.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/jspdf.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/aspnet/dx.aspnet.mvc.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Scripts/aspnet/dx.aspnet.data.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/Content/navigation-script/adminlte.min.js HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/logo.png HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/cc-logo-white-sm.png HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/cc-logo-white-sm.png HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/logo.png HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/login-background-2.jpg HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCWeb4/Content/Site.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCWeb4/images/login-background-2.jpg HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCweb4/login/index HTTP/1.1Host: portal.acsexpress.caConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://portal.acsexpress.ca/CCweb4/login/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /CCweb4/login/index HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ASP.NET_SessionId=d1upjqkl1gsp4a5zd2vouqql
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkbVmH8hToHn6HA&MD=HBWOSauf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nkbVmH8hToHn6HA&MD=HBWOSauf HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: portal.acsexpress.caConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: portal.acsexpress.ca

Source: chromecache_103.1.dr	String found in binary or memory: http://api.jqueryui.com/autocomplete/#theming
Source: chromecache_87.1.dr	String found in binary or memory: http://api.jqueryui.com/dialog/#theming
Source: chromecache_101.1.dr	String found in binary or memory: http://api.jqueryui.com/tooltip/#theming
Source: chromecache_86.1.dr	String found in binary or memory: http://bootswatch.com
Source: chromecache_88.1.dr	String found in binary or memory: http://cldr.unicode.org/index/bcp47-extension
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: http://fonts.googleapis.com/css?family=Lato:400
Source: chromecache_121.1.dr, chromecache_86.1.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_88.1.dr	String found in binary or memory: http://git.io/TrdQbw
Source: chromecache_88.1.dr	String found in binary or memory: http://git.io/h4lmVg
Source: chromecache_88.1.dr	String found in binary or memory: http://github.com/jquery/globalize
Source: chromecache_88.1.dr	String found in binary or memory: http://jquery.com/
Source: chromecache_122.1.dr	String found in binary or memory: http://jquery.com/)
Source: chromecache_122.1.dr	String found in binary or memory: http://jquery.com/).
Source: chromecache_87.1.dr, chromecache_101.1.dr, chromecache_103.1.dr, chromecache_88.1.dr	String found in binary or memory: http://jquery.org/license
Source: chromecache_87.1.dr, chromecache_107.1.dr, chromecache_101.1.dr, chromecache_103.1.dr, chromecache_88.1.dr, chromecache_95.1.dr, chromecache_91.1.dr	String found in binary or memory: http://jqueryui.com
Source: chromecache_107.1.dr	String found in binary or memory: http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=no
Source: chromecache_91.1.dr	String found in binary or memory: http://js.devexpress.com/themebuilder/
Source: chromecache_88.1.dr	String found in binary or memory: http://jsperf.com/my-stringify
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
Source: chromecache_89.1.dr	String found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
Source: chromecache_102.1.dr, chromecache_90.1.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_88.1.dr	String found in binary or memory: http://pegjs.majda.cz/
Source: chromecache_89.1.dr	String found in binary or memory: http://stackoverflow.com/questions/181348/instantiating-a-javascript-object-by-calling-prototype-con
Source: chromecache_89.1.dr	String found in binary or memory: http://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript
Source: chromecache_113.1.dr	String found in binary or memory: http://stuartk.com/jszip
Source: chromecache_88.1.dr	String found in binary or memory: http://unicode.org/cldr/trac/ticket/6786
Source: chromecache_88.1.dr	String found in binary or memory: http://unicode.org/cldr/trac/ticket/6790
Source: chromecache_117.1.dr, chromecache_124.1.dr	String found in binary or memory: http://www.bootstraptoggle.com
Source: chromecache_88.1.dr	String found in binary or memory: http://www.devexpress.com/Support/Center/p/K18487.aspx.
Source: chromecache_88.1.dr	String found in binary or memory: http://www.json.org/json2.js
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Field_Definitions
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Language_and_Locale_IDs
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Likely_Subtags
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Unicode_language_identifier
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#Unicode_locale_identifier
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/#u_Extension
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-dates.html#Date_Format_Patterns
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-dates.html#Time_Data
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-dates.html#Week_Data
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-dates.html#months_days_quarters_eras
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-numbers.html
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-numbers.html#Currencies
Source: chromecache_88.1.dr	String found in binary or memory: http://www.unicode.org/reports/tr35/tr35-numbers.html#otherNumberingSystems
Source: chromecache_90.1.dr	String found in binary or memory: https://adminlte.io
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.10.1/polyfill.min.js
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/exceljs/3.8.0/exceljs.min.js
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jszip/3.1.5/jszip.min.js
Source: chromecache_88.1.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions?redirectlocale=en-
Source: chromecache_88.1.dr	String found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/round
Source: chromecache_98.1.dr	String found in binary or memory: https://fontawesome.com
Source: chromecache_98.1.dr	String found in binary or memory: https://fontawesome.com/license
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato:300
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:300
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Titillium
Source: chromecache_126.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwaPGR_p.woff2)
Source: chromecache_126.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh7USSwiPGQ.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fABc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBxc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCBc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCRc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fChc4EsA.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fCxc4EsA.woff2)
Source: chromecache_110.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdM3mDbRS.woff2)
Source: chromecache_110.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2)
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://gitcdn.github.io/bootstrap-toggle/2.2.0/css/bootstrap-toggle.min.css
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://gitcdn.github.io/bootstrap-toggle/2.2.0/js/bootstrap-toggle.min.js
Source: chromecache_115.1.dr	String found in binary or memory: https://github.com/DevExpress/DevExtreme.AspNet.Data
Source: chromecache_122.1.dr	String found in binary or memory: https://github.com/Eonasdan/bootstrap-datetimepicker
Source: chromecache_108.1.dr	String found in binary or memory: https://github.com/Eonasdan/bootstrap-datetimepicker/
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/Flamenco
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/Gavvers
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/MrRio/jsPDF
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/acspike
Source: chromecache_99.1.dr	String found in binary or memory: https://github.com/bantikyan/icheck-bootstrap)
Source: chromecache_99.1.dr	String found in binary or memory: https://github.com/bantikyan/icheck-bootstrap/blob/master/LICENSE)
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/chris-rock
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/diegocr
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/dollaruw
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/dordille/moment-isoduration/blob/master/moment.isoduration.js
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/fjenett
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/jmorel
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/juanpgaviria
Source: chromecache_88.1.dr	String found in binary or memory: https://github.com/jzaefferer/jquery-validation
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/lifof
Source: chromecache_90.1.dr	String found in binary or memory: https://github.com/lipis/bootstrap-social
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/lsdriscoll
Source: chromecache_88.1.dr	String found in binary or memory: https://github.com/mathiasbynens/regenerate
Source: chromecache_88.1.dr	String found in binary or memory: https://github.com/mathiasbynens/unicode-7.0.0
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/moment/moment/issues/1423
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/moment/moment/issues/2166
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/moment/moment/issues/2978
Source: chromecache_89.1.dr	String found in binary or memory: https://github.com/moment/moment/pull/1871
Source: chromecache_113.1.dr	String found in binary or memory: https://github.com/nodeca/pako/blob/master/LICENSE
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/pablohess
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/stefslon
Source: chromecache_86.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_112.1.dr	String found in binary or memory: https://github.com/warrenweckesser
Source: chromecache_88.1.dr, chromecache_91.1.dr	String found in binary or memory: https://js.devexpress.com/Licensing/
Source: chromecache_89.1.dr	String found in binary or memory: https://nodejs.org/dist/latest/docs/api/util.html#util_custom_inspect_function_on_objects
Source: chromecache_113.1.dr	String found in binary or memory: https://raw.github.com/Stuk/jszip/master/LICENSE.markdown.
Source: chromecache_106.1.dr, chromecache_119.1.dr	String found in binary or memory: https://use.fontawesome.com/releases/v5.0.9/css/all.css
Source: chromecache_102.1.dr	String found in binary or memory: https://www.almsaeedstudio.com
Source: chromecache_104.1.dr	String found in binary or memory: https://www.devexpress.com/Support/EULAs/DevExtreme.xml
Source: chromecache_88.1.dr, chromecache_91.1.dr	String found in binary or memory: https://www.devexpress.com/Support/EULAs/NetComponents.xml
Source: chromecache_88.1.dr	String found in binary or memory: https://www.devexpress.com/kbid=

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49758 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.16:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49759 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49761 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@15/84@14/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://portal.acsexpress.ca/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1936,i,8295493026085998376,4714871982554601653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1936,i,8295493026085998376,4714871982554601653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1428817
Product:	CloudBasic
Start time:	16:58:21
Start date:	19.04.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://portal.acsexpress.ca

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://portal.acsexpress.ca

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://portal.acsexpress.ca