hxxps://thepeacockproject[.]org/wiki/intel/installation/

Resubmissions

21/11/2024, 10:47

241121-mvkmzawker 3

21/11/2024, 10:45

241121-mtsl7a1bre 3

Analysis

max time kernel
86s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://thepeacockproject.org/wiki/intel/installation/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 37 IoCs

pid	Process
3912	msedge.exe
3912	msedge.exe
2216	msedge.exe
2216	msedge.exe
828	identity_helper.exe
828	identity_helper.exe
540	msedge.exe
540	msedge.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe
5400	PeacockPatcher.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5400	PeacockPatcher.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 4736	2216	msedge.exe	83
PID 2216 wrote to memory of 4736	2216	msedge.exe	83
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3860	2216	msedge.exe	84
PID 2216 wrote to memory of 3912	2216	msedge.exe	85
PID 2216 wrote to memory of 3912	2216	msedge.exe	85
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86
PID 2216 wrote to memory of 5064	2216	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://thepeacockproject.org/wiki/intel/installation/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff998d246f8,0x7ff998d24708,0x7ff998d24718
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:6104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17657615355898401343,7035862580705224853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:5300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5352

C:\Users\Admin\Downloads\Peacock-v7.4.1\Peacock-v7.4.1\PeacockPatcher.exe
"C:\Users\Admin\Downloads\Peacock-v7.4.1\Peacock-v7.4.1\PeacockPatcher.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5400

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\Peacock-v7.4.1\Peacock-v7.4.1\Start Server.cmd"
1⤵
PID:5560
- C:\Users\Admin\Downloads\Peacock-v7.4.1\Peacock-v7.4.1\nodedist\node.exe
  .\nodedist\node.exe chunk0.js
  2⤵
  PID:5692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b9f85e45620e1a36cbe7d3adb69c46b7

SHA1
06f5863a7031d6fbd644346e6d4ffb6a16ec3b9e

SHA256
42f8ea95da7160904eebfa629a8a17205cab9827b6807b9f74719287d77a4d68

SHA512
99ffccad8927e6fb75ac1220158815586d2d6ce8e535c71c99c4fed86ca732ef4176e969d5b8d6b99b1222b8c1bf8c3f27b2195a540fc9468528843bafca62cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
260d1b4f36cedec79dfa8c9a31e4260b

SHA1
586ffc3c833d71cd44289ed26a3be6de8cc3a642

SHA256
6b6897731ad77a904dc8ceb3d889f5b29705e9ee397bfb4b4a052044c0e8a11b

SHA512
cd293f510a35bb200ac1717474ae050f40063c034e6f15dbf5370de6285f553584a4592a3c83741efc768031f2afc868bd4ecbbe3d4457bb28c95edc6d780e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
86dccece57a54bf0211c53c3b297444e

SHA1
78873bfc0a7954d3980765a858b883a1cdbd55eb

SHA256
56fd0e90c18577e3ea09cd3778716bd9080f058e939656209a6a40d04dd6076b

SHA512
2dfebdc7eefc7be9d147cc89172905a3c1d45b77c9986584c7ef4d114ab57b78deca5774ebed658db40ce788b222bf3d9cbe38615da57070e0046ac6519e946b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99a5d0b46e827f564fa5446785ce3278

SHA1
77b8f45813808a8b2ff8fdc19986016574c6ae3b

SHA256
9b3dbeaa112805b308ab21780ae1e83bff94780ac5f60490bf9b4c6cea611391

SHA512
d9225ff4e7dc4ecbb9d4a2792ebcc1557298be9e49f7adf7a12ae5adce0b06ef668b45c0ebbf5c6358a20871a6da0666a50915a48ad69fc3b20d49f8921943d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f2d975c70b84688b6cc69bbd344a6ecb

SHA1
2dbafe1176a14cf932ac64ad8baee332426b4cfe

SHA256
e617b1275939e124a8a09bc4a20939a9ee993b84950b2cf46769855c16137884

SHA512
ae9168935cdba81d88164272ef306a1ea0df53e359f4b564243bf2242740702d5408216e2243dd031c010e7ddfaa88b05e46db98aac8547bd14330fed5985ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd92faf9f6d5428a8d849b0a96039e89

SHA1
ef127abe29f8fafdc8b62db95f98393a30ee7828

SHA256
d2ed14caaf50a5aed002b34b92c8e79c35b6cb42c4833fb6744e5b264bb424ef

SHA512
051fdb2c29b072af119502898fbfdc66bebd62b9df8c2c183ba55910d437fa8156b7a2558d4b0563d35fbcd75d4daaa36ffbcffcb0a7efef6c007ea56338da6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2140dcf75d75b364c3dddf30721a6124

SHA1
9a749fd40d6cbce70e3cf939febe2fde716a8c1f

SHA256
3540eb463a7c3cd5aeadd736afe7fd44dc77cbf4b5462e69018ac64240795cc6

SHA512
1ed4ccf94dce3ea662c55cbbc1c2f9ee6b658e17b681b75ac5750282a60e03ff346444b16cf28c6f47aa1f725d58dfcef995b4c0c6f391c22d9ef7382a4154d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6029bc711dd4fab9e437379a6a6e7ba3

SHA1
19efd9071682f693cd6bbe85c3d9b6d5f1cdb3ae

SHA256
ad9f716c4fc8bad5c31f85771cdc9c26e5fdce1f60ad41029a79ed134d7c4e1d

SHA512
ed911a3a328387945103fcb8cd80bbfecc1e592b123493c0a8eda596f3a70bd206245001128685dc88e6e5a7a304884779cd2232d58776d3219cf72fa99da1e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
ae34f172092e423c746367dd1ce16371

SHA1
61faf1a83e29eb3d4743cf006f7b2587ba308811

SHA256
2898cfdbca0505f9e8c947bf809ee9d13163ea7d9b7d3190cf472fb7de74ca42

SHA512
0d955e5b4137859bebc85f4734f32279f9724895eec10a402785a8ea608bb0a8344d0bfaa8bfe61128cbadcaa3356c9874cf9d2d84c6001f7a1d8e60e2feda40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2dafea9346a1290238d8164f3dcde001

SHA1
57e8984a8f1ec4069394d997e564ff5df042e2e8

SHA256
00714cb814a8918e4a8b6ef933657fdb5dca77ec5d61ba9bab7e445561da6107

SHA512
f17811dccae6c338b90d95ccc2967c60a11320b09941123deed481b6a38189ad5a9b0b6c414be45a1a5a5621ce5ccc0f66ce175688ca72eed4afa6e7d8bf7215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ac71575c55a0213f72e7e3b41e493a5

SHA1
d299a053d029e6fffe5f6da2a98ceb1b07a7cd5a

SHA256
531c59c6a080f80dd81d72a915bebbed813568afe0913fd86e257e767a6f5231

SHA512
19671ee942a546bd8cdd3825ecff12093ef7585f98cdae83ff599afcaf51ad2e370b8910830eb9fbeb16d2ce43368bfa2f208212afdb9e9af13e5c2336b87f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f3c6.TMP

Filesize
537B

MD5
2d10910c8dcb0e2443244689f6204ef9

SHA1
c3c435d9b681dac1cc4d4f28938f82320d3e3b3f

SHA256
979a00326054d951ba76ce4a9c5577c2cc929472a186c8aabfa53694d50a8dd2

SHA512
619e4e6cf6b441fc99edf918e8f05d43bae5feb88e20a4c42e60407f1e2ed3e19fb744e799e5746222a1519b4159115d6b5078cfce14122a6068d8e1e9e39637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b723b2e14f7bce6a0a32aa6690460116

SHA1
fbaf5edc6eae110caae4ba6ca0bc2b7dc52abb81

SHA256
ccab97fff95f8b9feb3e4ab2deda024a1bdaf809253494ae1d32060ed76d626a

SHA512
7fad8863872466c0865db245a15c5fa7bf0e4149fd680d797f69c906102dafb799546a2103300543eb9e5044746a6f85b3432db0deb2656fa3b6d9bb6f4a0515

Download Submit
memory/5400-324-0x000001F62E070000-0x000001F62E0BC000-memory.dmp

Filesize
304KB

Download