IOC Report
http://portal.acsexpress.ca

loading gif

Files

File Path
Type
Category
Malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 13:58:54 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
dropped
Chrome Cache Entry: 100
ASCII text, with very long lines (65509)
downloaded
Chrome Cache Entry: 101
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 102
ASCII text, with very long lines (14099)
downloaded
Chrome Cache Entry: 103
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 104
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 105
PNG image data, 320 x 142, 8-bit/color RGB, non-interlaced
downloaded
Chrome Cache Entry: 106
HTML document, ASCII text, with very long lines (1037), with CRLF line terminators
dropped
Chrome Cache Entry: 107
ASCII text, with very long lines (29162)
downloaded
Chrome Cache Entry: 108
ASCII text, with very long lines (7655)
downloaded
Chrome Cache Entry: 109
PNG image data, 3083 x 2232, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 110
ASCII text
downloaded
Chrome Cache Entry: 111
ASCII text, with very long lines (2706)
downloaded
Chrome Cache Entry: 112
Unicode text, UTF-8 text, with very long lines (371)
downloaded
Chrome Cache Entry: 113
data
downloaded
Chrome Cache Entry: 114
PNG image data, 3083 x 2232, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 115
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 116
Web Open Font Format (Version 2), TrueType, length 23236, version 1.0
downloaded
Chrome Cache Entry: 117
ASCII text
downloaded
Chrome Cache Entry: 118
ASCII text, with no line terminators
downloaded
Chrome Cache Entry: 119
HTML document, ASCII text, with very long lines (1037), with CRLF line terminators
downloaded
Chrome Cache Entry: 120
ASCII text, with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 121
ASCII text, with very long lines (32033)
downloaded
Chrome Cache Entry: 122
ASCII text, with very long lines (6727)
downloaded
Chrome Cache Entry: 123
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
downloaded
Chrome Cache Entry: 124
ASCII text, with very long lines (3690)
downloaded
Chrome Cache Entry: 125
assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
downloaded
Chrome Cache Entry: 126
ASCII text
downloaded
Chrome Cache Entry: 86
ASCII text, with very long lines (65230)
downloaded
Chrome Cache Entry: 87
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 88
ASCII text, with very long lines (32038)
downloaded
Chrome Cache Entry: 89
ASCII text, with very long lines (1799)
downloaded
Chrome Cache Entry: 90
ASCII text, with CRLF, LF line terminators
downloaded
Chrome Cache Entry: 91
CSV text
downloaded
Chrome Cache Entry: 92
ASCII text
downloaded
Chrome Cache Entry: 93
PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
dropped
Chrome Cache Entry: 94
Unicode text, UTF-8 text, with very long lines (34729), with NEL line terminators
downloaded
Chrome Cache Entry: 95
ASCII text, with very long lines (32073)
downloaded
Chrome Cache Entry: 96
PNG image data, 320 x 142, 8-bit/color RGB, non-interlaced
dropped
Chrome Cache Entry: 97
ASCII text, with CRLF line terminators
downloaded
Chrome Cache Entry: 98
ASCII text, with very long lines (36809)
downloaded
Chrome Cache Entry: 99
ASCII text, with very long lines (24654), with CRLF line terminators
downloaded
There are 38 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://portal.acsexpress.ca/
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2092 --field-trial-handle=1936,i,8295493026085998376,4714871982554601653,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8

URLs

Name
IP
Malicious
http://portal.acsexpress.ca
https://github.com/lipis/bootstrap-social
unknown
https://github.com/jzaefferer/jquery-validation
unknown
https://cdnjs.cloudflare.com/ajax/libs/babel-polyfill/7.10.1/polyfill.min.js
104.17.24.14
http://www.unicode.org/reports/tr35/#Language_and_Locale_IDs
unknown
http://jquery.org/license
unknown
https://github.com/moment/moment/issues/1423
unknown
http://www.unicode.org/reports/tr35/tr35-numbers.html#Currencies
unknown
http://www.unicode.org/reports/tr35/tr35-dates.html#Week_Data
unknown
https://github.com/bantikyan/icheck-bootstrap)
unknown
https://cdnjs.cloudflare.com/ajax/libs/jszip/3.1.5/jszip.min.js
104.17.24.14
http://api.jqueryui.com/dialog/#theming
unknown
https://github.com/stefslon
unknown
https://gitcdn.github.io/bootstrap-toggle/2.2.0/css/bootstrap-toggle.min.css
185.199.111.153
https://adminlte.io
unknown
http://jqueryui.com
unknown
http://unicode.org/cldr/trac/ticket/6790
unknown
http://stackoverflow.com/questions/181348/instantiating-a-javascript-object-by-calling-prototype-con
unknown
http://stuartk.com/jszip
unknown
http://www.unicode.org/reports/tr35/#u_Extension
unknown
https://www.almsaeedstudio.com
unknown
http://momentjs.com/guides/#/warnings/add-inverted-param/
unknown
https://github.com/pablohess
unknown
http://jsperf.com/my-stringify
unknown
http://www.json.org/json2.js
unknown
https://github.com/bantikyan/icheck-bootstrap/blob/master/LICENSE)
unknown
http://www.unicode.org/reports/tr35/#Unicode_language_identifier
unknown
https://fontawesome.com
unknown
https://github.com/chris-rock
unknown
https://github.com/MrRio/jsPDF
unknown
https://github.com/lifof
unknown
http://git.io/TrdQbw
unknown
http://momentjs.com/guides/#/warnings/js-date/
unknown
https://github.com/warrenweckesser
unknown
http://www.unicode.org/reports/tr35/tr35-dates.html#Date_Format_Patterns
unknown
http://git.io/h4lmVg
unknown
https://fontawesome.com/license
unknown
http://momentjs.com/guides/#/warnings/define-locale/
unknown
http://getbootstrap.com)
unknown
https://cdnjs.cloudflare.com/ajax/libs/FileSaver.js/2.0.5/FileSaver.min.js
104.17.24.14
http://www.unicode.org/reports/tr35/#Field_Definitions
unknown
http://jquery.com/)
unknown
https://github.com/Eonasdan/bootstrap-datetimepicker/
unknown
https://github.com/diegocr
unknown
http://www.unicode.org/reports/tr35/tr35-numbers.html
unknown
https://github.com/dollaruw
unknown
http://github.com/jquery/globalize
unknown
http://momentjs.com/guides/#/warnings/zone/
unknown
https://github.com/nodeca/pako/blob/master/LICENSE
unknown
https://github.com/acspike
unknown
http://bootswatch.com
unknown
http://pegjs.majda.cz/
unknown
https://github.com/Gavvers
unknown
https://cdnjs.cloudflare.com/ajax/libs/exceljs/3.8.0/exceljs.min.js
104.17.24.14
http://opensource.org/licenses/MIT
unknown
http://api.jqueryui.com/tooltip/#theming
unknown
https://github.com/moment/moment/issues/2978
unknown
http://jqueryui.com/themeroller/?ffDefault=Arial%2CHelvetica%2Csans-serif&fsDefault=1em&fwDefault=no
unknown
http://momentjs.com/guides/#/warnings/dst-shifted/
unknown
https://use.fontawesome.com/releases/v5.0.9/css/all.css
unknown
https://github.com/mathiasbynens/regenerate
unknown
http://www.unicode.org/reports/tr35/tr35-dates.html#Time_Data
unknown
http://www.bootstraptoggle.com
unknown
https://github.com/moment/moment/pull/1871
unknown
http://www.unicode.org/reports/tr35/#Unicode_locale_identifier
unknown
https://github.com/lsdriscoll
unknown
https://github.com/moment/moment/issues/2166
unknown
http://www.unicode.org/reports/tr35/#Likely_Subtags
unknown
http://www.unicode.org/reports/tr35/tr35-dates.html#months_days_quarters_eras
unknown
https://raw.github.com/Stuk/jszip/master/LICENSE.markdown.
unknown
https://gitcdn.github.io/bootstrap-toggle/2.2.0/js/bootstrap-toggle.min.js
185.199.111.153
http://www.unicode.org/reports/tr35/tr35-numbers.html#otherNumberingSystems
unknown
http://jquery.com/).
unknown
https://github.com/jmorel
unknown
http://cldr.unicode.org/index/bcp47-extension
unknown
https://github.com/dordille/moment-isoduration/blob/master/moment.isoduration.js
unknown
https://github.com/mathiasbynens/unicode-7.0.0
unknown
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/round
unknown
https://github.com/twbs/bootstrap/blob/master/LICENSE)
unknown
https://github.com/fjenett
unknown
https://github.com/Eonasdan/bootstrap-datetimepicker
unknown
http://unicode.org/cldr/trac/ticket/6786
unknown
http://jquery.com/
unknown
https://github.com/Flamenco
unknown
https://github.com/juanpgaviria
unknown
https://nodejs.org/dist/latest/docs/api/util.html#util_custom_inspect_function_on_objects
unknown
http://momentjs.com/guides/#/warnings/min-max/
unknown
http://api.jqueryui.com/autocomplete/#theming
unknown
There are 77 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
portal.acsexpress.ca
216.128.182.16
cdnjs.cloudflare.com
104.17.24.14
www.google.com
74.125.136.147
gitcdn.github.io
185.199.111.153
use.fontawesome.com
unknown

IPs

IP
Domain
Country
Malicious
104.17.24.14
cdnjs.cloudflare.com
United States
192.168.2.16
unknown
unknown
185.199.111.153
gitcdn.github.io
Netherlands
239.255.255.250
unknown
Reserved
74.125.136.147
www.google.com
United States
216.128.182.16
portal.acsexpress.ca
United States

DOM / HTML

URL
Malicious
https://portal.acsexpress.ca/CCweb4/login/index