Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
Arixcel_Explorer_v8.7.8793.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Arixcel Explorer Installer, Author: Arixcel Ltd, Keywords: Arixcel Installer, Comments: Arixcel Explorer
is a spreadsheet analysis add-in for Microsoft Excel., Template: x64;1033, Revision Number: {536F3CBA-F2A0-411E-AC41-4EE4C94EE2D8},
Create Time/Date: Sun Jan 28 20:44:34 2024, Last Saved Time/Date: Sun Jan 28 20:44:34 2024, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.5722), Security: 2
|
initial sample
|
||
|
C:\Config.Msi\5cb73b.rbs
|
data
|
modified
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\Aga.Controls.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\Arixcel.Common.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\Arixcel.Controls.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\ArixcelExplorer.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\ArixcelExplorer.dll.config
|
XML 1.0 document, ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\ArixcelExplorer.dll.manifest
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (9465), with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\ArixcelExplorer.log4net
|
ASCII text
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\ArixcelExplorer.vsto
|
XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (9494), with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\ArixcelExplorer.xlam
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\Microsoft.Office.Tools.Common.v4.0.Utilities.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\Newtonsoft.Json.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\System.Buffers.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\System.Memory.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\System.Numerics.Vectors.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\System.Runtime.CompilerServices.Unsafe.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\System.Threading.Channels.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\System.Threading.Tasks.Extensions.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Arixcel Explorer\log4net.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1D601E47.tmp (copy)
|
Microsoft Excel 2007+
|
dropped
|
||
|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\AN5UOLP8\6O27WT20.log
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\ArixcelExplorer.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF, LF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI8C71.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI8CFF.tmp-\CustomAction.config
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI8CFF.tmp-\Microsoft.Deployment.WindowsInstaller.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI8E86.tmp-\ArixcelSetup.dll
|
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\MSI905C.tmp
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DF1BF63C73D47F646D.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\Temp\~DFD2AA41CFBB79474C.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\2YQK1WIO\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\9WIRSJYC\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\FNYW4YDD\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\HWC6L5O8\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\OCUJWGU0\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\PFAA2LU0\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\QMQ4QZ9O\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\V1H78IGM\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Local\assembly\tmp\ZDZO238B\__AssemblyInfo__.ini
|
data
|
dropped
|
||
|
C:\Users\user\AppData\Roaming\Microsoft\Installer\{C22576F4-B0E1-4CB8-A237-B8F2C5DF3505}\arixcel.ico
|
MS Windows icon resource - 4 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel
|
dropped
|
||
|
C:\Windows\Installer\5cb73a.msi
|
Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation
Database, Subject: Arixcel Explorer Installer, Author: Arixcel Ltd, Keywords: Arixcel Installer, Comments: Arixcel Explorer
is a spreadsheet analysis add-in for Microsoft Excel., Template: x64;1033, Revision Number: {536F3CBA-F2A0-411E-AC41-4EE4C94EE2D8},
Create Time/Date: Sun Jan 28 20:44:34 2024, Last Saved Time/Date: Sun Jan 28 20:44:34 2024, Number of Pages: 200, Number of
Words: 2, Name of Creating Application: Windows Installer XML Toolset (3.14.0.5722), Security: 2
|
dropped
|
||
|
C:\Windows\Installer\MSIB8FF.tmp
|
data
|
dropped
|
||
|
C:\Windows\Installer\SourceHash{C22576F4-B0E1-4CB8-A237-B8F2C5DF3505}
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Installer\inprogressinstallinfo.ipi
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log
|
Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\Temp\~DF4DC108F2BF5F5926.TMP
|
Composite Document File V2 Document, Cannot read section info
|
dropped
|
||
|
C:\Windows\Temp\~DF5055E0BD43DB7F38.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF56D4A918F02576FC.TMP
|
data
|
dropped
|
||
|
C:\Windows\Temp\~DF8E149199FA49F656.TMP
|
data
|
dropped
|
There are 39 hidden files, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
52.113.194.132
|
unknown
|
United States
|
||
|
52.109.28.46
|
unknown
|
United States
|
||
|
20.42.73.25
|
unknown
|
United States
|
||
|
2.18.97.153
|
unknown
|
European Union
|