Proximity Operator
Table of Contents
Proximity Operator
- Use the proximity operator to search for multiple artifacts that can appear under a WildFire Analysis category of a sample. Enter two or more artifacts in the value field of the search condition.Example:The search HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData ueepd-a.exereturns a sample that has both values in at least one of its registry activities:
![]()
- The order in which the strings are entered does not affect the search results.Example:The search ueepd-a.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData returns the same results as the previous example.
- Searches with the proximity operator are not case-sensitive.
- You can enter partial strings in a proximity search, but you must type the full strings that appear between any special characters that are not letters or numbers (e.g. period, backslash, hyphen, space, @ symbol) for accurate matches.Example:The search HKCU\Software\Microsoft\Windows\CurrentVersion ueepd-a.exe returns the following results:
![]()
The search HKCU\Software\Microsoft\Windows\Current ueepd-a.exe will not return the search results above.
