ScreenShot
| Created | 2023.05.26 20:14 | Machine | s1_win7_x6402 |
| Filename | BLNR1389.js | ||
| Type | Little-endian UTF-16 Unicode text, with very long lines, with CRLF, CR, LF line terminators | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | |||
| md5 | d66279c46cb9a2e4d466c045d6f89bce | ||
| sha256 | 8fcccb6e6d160b8573c1d8cdce231562cb6c2dc25f22eff2a44043166541ce32 | ||
| ssdeep | 3072:ITKuZYU0V4Nom2QFrRP7AkUisHAUy9+2fhQWmrj/qyGd7Q9uS9mL2K+S8LzzLlnb:BP | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (2cnts)
| Level | Description |
|---|---|
| warning | Uses WMI to create a new process |
| info | Queries for the computername |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|