logo

IoC Search

Search for observables

Use wildcard

TypeValue
directory$($a.Path)
directory$($ENV:ExchangeInstallPath)\bin
file$77_Install.exe
file$77_loader.exe
file$77_Loader.exe
file$77_oracle.exe
directory$APPDATA\Embarcadero
directory$appdata\Microsoft\Windows
directory$CASDOOR/files/
directory$D
directory$D/.4dai8ovb
directory\\\\$Domain\\NETLOGON\\
directory$ElasticInstallPath\Endpoint\cache\RansomwareDumps
directory$env:appdata
directory$env:APPDATA
directory$env:AppData
directory$env:APPDATA\CheckExtension
directory$env:APPDATA\logicpro
directory$env:APPDATA\\Microsoft\\Windows\\Start Menu\\Programs\\Startup
directory$env:APPDATA\Microsoft\Windows
directory$env:APPDATA\Microsoft\Windows\Start Menu\Programs\Startup
directory$env:APPDATA\reaper
directory$env:appdata\WPy64-31401\python
directory\\$env:COMPUTERNAME\$_
file$env:computername.txt
file$env:computername.txt
directory$env:LOCALAPPDATA
directory$env:LOCALAPPDATA\EAnLaxUKaI
directory$env:LOCALAPPDATA\Microsoft\OneDrive
directory$env:LOCALAPPDATA\Mozilla\Firefox\Profiles\*.default-release\cache2\entries\
directory$env:LOCALAPPDATA\Packages\Microsoft.WindowsSoundDiagnostics\Cache
directory$env:programdata\ssh
directory$env:ProgramFiles\WinMemoryCleaner
directory$env:public
directory$Env:SystemRoot\System32
directory$env:temp
directory$env:TEMP
directory$env:Temp
directory$env:TEMP\crystall
directory$env:TEMP\rfolder
directory$env:tmp
directory$Env:tmp\AB
directory$env:tmp\backuplog1
directory$env:tmp\backuplog
directory$env:USERPROFILE
directory$env:userprofile
directory$env:USERPROFILE\Desktop
directory$env:USERPROFILE\Documents\SENSITIVE_FILES_HERE
directory$env:USERPROFILE\Downloads\
directory$env:USERPROFILE\Pictures

Built by the dogesec team. Copyright 2026.