IOC Report
is it legal to kill a peacock in california 93889.js

loading gif

Files

File Path
Type
Category
Malicious
is it legal to kill a peacock in california 93889.js
ASCII text
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
data
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3kjv115d.kal.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g4piv51b.s4m.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hjkzvefq.kmv.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nchiupsg.fke.psm1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pxxrwmnz.m5k.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sv5chdui.cd3.ps1
ASCII text, with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Balance Training.js (copy)
ASCII text, with very long lines (65536), with no line terminators
dropped
C:\Users\user\AppData\Roaming\Microsoft\Insurance Negotiations.dat
ASCII text, with very long lines (65536), with no line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\wscript.exe
C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\is it legal to kill a peacock in california 93889.js"
 malicious
C:\Windows\System32\wscript.exe
C:\Windows\system32\wscript.EXE BALANC~1.JS
 malicious
C:\Windows\System32\wscript.exe
C:\Windows\system32\wscript.EXE BALANC~1.JS
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell
 malicious
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell
 malicious
C:\Windows\System32\cscript.exe
"C:\Windows\System32\cscript.exe" "BALANC~1.JS"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cscript.exe
"C:\Windows\System32\cscript.exe" "BALANC~1.JS"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

URLs

Name
IP
Malicious
https://github.com/apache/incubator-echarts/issues/11369
unknown
https://www.shamara.de/
109.237.132.6
https://github.com/apache/incubator-echarts/issues/12229
unknown
https://github.com/d3/d3-hierarchy/blob/4c1f038f2725d6eae2e49b61d01456400694bac4/src/tree.js
unknown
http://www.apache.org/licenses/LICENSE-2.0
unknown
https://echarts.apache.org/examples/en/editor.html?c=custom-gantt-flight
unknown
https://developer.mozilla.org/en-US/docs/Web/API/CanvasRenderingContext2D/globalCompositeOperation
unknown
https://ipacrack.com/
188.114.96.3
https://ellinikiaktoploia.net/
104.21.67.130
https://github.com/apache/echarts/issues/14266
unknown
https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/layout/force.js
unknown
https://jsperf.com/try-catch-performance-overhead
unknown
https://graphics.ethz.ch/teaching/scivis_common/Literature/squarifiedTreeMaps.pdf
unknown
https://jsbench.me/2vkpcekkvw/1)
unknown
http://0.30000000000000004.com/
unknown
https://github.com/ecomfe/zrender/blob/master/LICENSE.txt
unknown
https://tc39.github.io/ecma262/#sec-daylight-saving-time-adjustment).
unknown
https://github.com/d3/d3/blob/b516d77fb8566b576088e73410437494717ada26/src/time/scale.js
unknown
https://momentjs.com/
unknown
https://developer.mozilla.org/en-US/docs/Web/Events/mousewheel)
unknown
https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/arrays/quantile.js
unknown
https://github.com/d3/d3/blob/9cc9a875e636a1dcf36cc1e07bdf77e1ad6e2c74/src/layout/treemap.js
unknown
There are 12 hidden URLs, click here to show them.

Domains

Name
IP
Malicious
ipacrack.com
188.114.96.3
ellinikiaktoploia.net
104.21.67.130
www.shamara.de
109.237.132.6

IPs

IP
Domain
Country
Malicious
104.21.67.130
ellinikiaktoploia.net
United States
109.237.132.6
www.shamara.de
Germany
188.114.96.3
ipacrack.com
European Union

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wscript.exe
JScriptSetScriptStateStarted
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\cscript.exe
JScriptSetScriptStateStarted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASAPI32
FileDirectory
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableAutoFileTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
EnableConsoleTracing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
ConsoleTracingMask
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
MaxFileSize
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\powershell_RASMANCS
FileDirectory
There are 7 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
22D01E01000
heap
page read and write
22D0D29B000
heap
page read and write
22D09262000
heap
page read and write
282CB835000
heap
page read and write
1B566DCA000
heap
page read and write
282CC235000
heap
page read and write
282C9035000
heap
page read and write
1B5683F1000
heap
page read and write
1B56C426000
heap
page read and write
22D00A01000
heap
page read and write
2909D61D000
heap
page read and write
29097F1B000
heap
page read and write
1B56B5F1000
heap
page read and write
2909751B000
heap
page read and write
282C660B000
heap
page read and write
22D0B062000
heap
page read and write
1B5645CA000
heap
page read and write
1B5663CA000
heap
page read and write
22D07E62000
heap
page read and write
282C5C0B000
heap
page read and write
22D0A662000
heap
page read and write
1B568DF1000
heap
page read and write
22D09C62000
heap
page read and write
1B5679F1000
heap
page read and write
22D0C462000
heap
page read and write
282C9A35000
heap
page read and write
1B56ABF1000
heap
page read and write
2909891B000
heap
page read and write
290A0611000
heap
page read and write
22D00001000
heap
page read and write
1B564FCA000
heap
page read and write
282C8635000
heap
page read and write
290A1A11000
heap
page read and write
282CCC35000
heap
page read and write
2909E01D000
heap
page read and write
290A2411000
heap
page read and write
282CA435000
heap
page read and write
22D01401000
heap
page read and write
1B56BFF1000
heap
page read and write
1B566FF1000
heap
page read and write
1B5697F1000
heap
page read and write
1B56A1F1000
heap
page read and write
2909F41D000
heap
page read and write
2909FE1D000
heap
page read and write
290A2E11000
heap
page read and write
22D0CE62000
heap
page read and write
22D02801000
heap
page read and write
2909CC1D000
heap
page read and write
1B5659CA000
heap
page read and write
282CD635000
heap
page read and write
290A1011000
heap
page read and write
22D08862000
heap
page read and write
282CAE35000
heap
page read and write
2909EA1D000
heap
page read and write
22D0BA62000
heap
page read and write
There are 45 hidden memdumps, click here to show them.