Detonate File - Generic
Detonate files through one or more active integrations that support file detonation. Supported integrations: - SecneurX Analysis - ANY.RUN Cloud Sandbox - McAfee Advanced Threat Defense - WildFire - Lastline - Cuckoo Sandbox - Cisco Secure Malware Analytics (ThreatGrid) - JoeSecurity - CrowdStrike Falcon Sandbox - FireEye AX - VMRay Analyzer - Polygon - CrowdStrike Falcon Intelligence Sandbox - OPSWAT Filescan.
Common Playbooks · 21 tasks · 3 inputs · 489 outputs
Inputs
EntryID— Entry ID of file to be detonatedFile— File object of file to be detonatedanyrun_os— Specify ANY.RUN operation system type. Supports: windows, linux, android
Outputs
Joe.Analysis.Status— Analysis Status.File.Name— The file's name (only in case of report type=json).File.SHA1— SHA1 hash of the file.File.SHA256— SHA256 hash of the file.File.Size— File size (only in case of report type=json).File.Type— File type e.g. "PE" (only in case of report type=json).File.Malicious— The File malicious description.File.Malicious.Description— For malicious files, the reason for the vendor to make the decision.File.Malicious.Vendor— For malicious files, the vendor that made the decision.DBotScore— The Indicator's object.DBotScore.Indicator— The indicator that was tested.DBotScore.Score— The actual score.DBotScore.Type— The type of the indicator.DBotScore.Vendor— Vendor used to calculate the score.IP.Address— IP's relevant to the sample.DBotScore.Malicious.Vendor— Vendor used to calculate the score.DBotScore.Malicious.Detections— The sub analysis detection statuses.DBotScore.Malicious.SHA1— The SHA1 of the file.File— The File's object.File.MD5— MD5 hash of the file.Joe.Analysis.SampleName— Sample Data, could be a file name or URL.Joe.Analysis.Comments— Analysis Comments.Joe.Analysis.Time— Submitted Time.Joe.Analysis.Runs— Sub-Analysis Information.Joe.Analysis.Result— Analysis Results.Joe.Analysis.Errors— Raised errors during sampling.Joe.Analysis.Systems— Analysis OS.Joe.Analysis.MD5— MD5 of analysis sample.Joe.Analysis.SHA1— SHA1 of analysis sample.Joe.Analysis.SHA256— SHA256 of analysis sample.InfoFile.Name— FileName of the report file.InfoFile.EntryID— The EntryID of the report file.InfoFile.Size— File Size.InfoFile.Type— File type e.g. "PE".InfoFile.Info— Basic information of the file.File.Extension— The extension of the file.InfoFile— The report file's object.WildFire.Report— The submission object.WildFire.Report.Status— The status of the submission.WildFire.Report.SHA256— SHA256 of the submission.WildFire.Report.MD5— MD5 of the submission.WildFire.Report.FileType— The type of the submission.WildFire.Report.Size— The size of the submission.Joe.Analysis— The Analysis object.Cuckoo.Task.Category— Category of task.Cuckoo.Task.Machine— Machine of task.Cuckoo.Task.Errors— Errors of task.Cuckoo.Task.Target— Target of task.Cuckoo.Task.Package— Package of task.Cuckoo.Task.SampleID— Sample ID of task.Cuckoo.Task.Guest— Task guest.Cuckoo.Task.Custom— Custom values of task.Cuckoo.Task.Owner— Task owner.Cuckoo.Task.Priority— Priority of task.Cuckoo.Task.Platform— Platform of task.Cuckoo.Task.Options— Task options.Cuckoo.Task.Status— Task status.Cuckoo.Task.EnforceTimeout— Is timeout of task enforced.Cuckoo.Task.Timeout— Task timeout.Cuckoo.Task.Memory— Task memory.Cuckoo.Task.Tags— Task tags.Cuckoo.Task.ID— ID of task.Cuckoo.Task.AddedOn— Date on which the task was added.Cuckoo.Task.CompletedOn— Date on which the task was completed.Cuckoo.Task.Score— Reported score of the the task.Cuckoo.Task.Monitor— Monitor of the reported task.VMRay.Job— The Job Object.VMRay.Job.JobID— The ID of a new job.VMRay.Job.SampleID— The ID of sample.VMRay.Job.Created— The timestamp of the created job.VMRay.Job.VMName— The name of virtual machine.VMRay.Job.VMID— The ID of virtual machine.VMRay.Sample— The Sample For Analysis.VMRay.Sample.SampleID— The sample ID of the task.VMRay.Sample.Created— The timestamp of the created sample.VMRay.Sample.FileName— The file name of the sample.VMRay.Sample.MD5— The MD5 hash of the sample.VMRay.Sample.SHA1— The SHA1 hash of the sample.VMRay.Sample.SHA256— The SHA256 hash of the sample.VMRay.Sample.SSDeep— The SSDeep of the sample.VMRay.Sample.Verdict— Verdict for the sample (Malicious, Suspicious, Clean, Not Available).VMRay.Sample.VerdictReason— Description of the Verdict Reason.VMRay.Sample.Severity— Severity of the sample (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.VMRay.Sample.Type— The file type.VMRay.Sample.Classifications— The classifications of the sample.VMRay.Submission— Submission Object.VMRay.Submission.SubmissionID— The submission ID.VMRay.Submission.HadErrors— Whether there are any errors in the submission.VMRay.Submission.IsFinished— The status of submission. Can be, "true" or "false".VMRay.Submission.MD5— The MD5 hash of the sample in submission.VMRay.Submission.SHA1— The SHA1 hash of the sample in submission.VMRay.Submission.SHA256— The SHA256 hash of the sample in submission.VMRay.Submission.Verdict— Verdict for the sample (Malicious, Suspicious, Clean, Not Available).VMRay.Submission.VerdictReason— Description of the Verdict Reason.VMRay.Submission.Severity— Severity of the sample (Malicious, Suspicious, Good, Blacklisted, Whitelisted, Unknown). Deprecated.VMRay.Submission.SSDeep— The SSDeep hash of the sample in submission.VMRay.Submission.SampleID— The ID of the sample in submission.VMRay.Sample.IOC.File— File Object.VMRay.Sample.IOC.File.AnalysisID— The IDs of other analyses that contain the given file.VMRay.Sample.IOC.File.Name— The name of the file.VMRay.Sample.IOC.File.Operation— The operation of the given file.VMRay.Sample.IOC.File.ID— The ID of the file.VMRay.Sample.IOC.File.Type— The type of the file.VMRay.Sample.IOC.File.Hashes— File Hashes Object.VMRay.Sample.IOC.File.Hashes.MD5— The MD5 hash of the given file.VMRay.Sample.IOC.File.Hashes.SSDeep— The SSDeep hash of the given file.VMRay.Sample.IOC.File.Hashes.SHA256— The SHA256 hash of the given file.VMRay.Sample.IOC.File.Hashes.SHA1— The SHA1 hash of the given file.VMRay.Sample.IOC.URL— URL Object.VMRay.Sample.IOC.URL.AnalysisID— The IDs of the other analyses that contain the given URL.VMRay.Sample.IOC.URL.URL— The URL.VMRay.Sample.IOC.URL.Operation— The operation of the specified URL.VMRay.Sample.IOC.URL.ID— The ID of the URL.VMRay.Sample.IOC.URL.Type— The type of the URL.VMRay.Sample.IOC.Domain— Domain Object.VMRay.Sample.IOC.Domain.AnalysisID— The IDs of the other analyses that contain the given domain.VMRay.Sample.IOC.Domain.Domain— The domain.VMRay.Sample.IOC.Domain.ID— The ID of the domain.VMRay.Sample.IOC.Domain.Type— The type of the domain.VMRay.Sample.IOC.IP— IP Object.VMRay.Sample.IOC.IP.AnalysisID— The IDs of the other analyses that contain the given IP address.VMRay.Sample.IOC.IP.IP— The IP address.VMRay.Sample.IOC.IP.Operation— The operation of the given IP address.VMRay.Sample.IOC.IP.ID— The ID of the IP address.VMRay.Sample.IOC.IP.Type— The type of the IP address.VMRay.Sample.IOC.Mutex— Mutex Object.VMRay.Sample.IOC.Mutex.AnalysisID— The IDs of other analyses that contain the given IP address.VMRay.Sample.IOC.Mutex.Name— The name of the mutex.VMRay.Sample.IOC.Mutex.Operation— The operation of the given mutex.VMRay.Sample.IOC.Mutex.ID— The ID of the mutex.VMRay.Sample.IOC.Mutex.Type— The type of the mutex.VMRay.ThreatIndicator— Indicator Object.VMRay.ThreatIndicator.AnalysisID— The list of connected analysis IDs.VMRay.ThreatIndicator.Category— The category of threat indicators.VMRay.ThreatIndicator.Classification— The classifications of threat indicators.VMRay.ThreatIndicator.ID— The ID of the threat indicator.VMRay.ThreatIndicator.Operation— The operation that caused the indicators.SecneurXAnalysis.Report.SHA256— SHA256 value of the analyzed sample.SecneurXAnalysis.Report.Verdict— Summary result of the analyzed sample.SecneurXAnalysis.Report.Tags— More details of the analyzed sample.SecneurXAnalysis.Report.IOC— List of IOC's observed in the analyzed sample.SecneurXAnalysis.Report.Status— Analysis queued sample state.SecneurXAnalysis.Report.DnsRequests— List of DNS data observed in the analyzed sample.SecneurXAnalysis.Report.HttpRequests— List of HTTP data observed in the analyzed sample.SecneurXAnalysis.Report.JA3Digests— List of JA3 data observed in the analyzed sample.SecneurXAnalysis.Report.ProcessCreated— Process behaviour data observed in the analyzed sample.SecneurXAnalysis.Report.RegistrySet— List of Registry creations observed in the analyzed sample.SecneurXAnalysis.Report.RegistryDeleted— List of Registry deletions observed in the analyzed sample.SecneurXAnalysis.Report.FileCreated— List of File creations observed in the analyzed sample.SecneurXAnalysis.Report.FileDropped— List of File drops observed in the analyzed sample.SecneurXAnalysis.Report.FileDeleted— List of File deletions observed in the analyzed sample.SecneurXAnalysis.Report.FileModified— List of File changes observed in the analyzed sample.SecneurXAnalysis.Report.Platform— Platform of the analyzed sample.ATD.Task.taskId— The task ID of the sample uploaded.ATD.Task.jobId— The job ID of the sample uploaded.ATD.Task.messageId— The message Id relevant to the sample uploaded.ATD.Task.srcIp— Source IPv4 address.ATD.Task.destIp— Destination IPv4 address.ATD.Task.MD5— MD5 of the sample uploaded.ATD.Task.SHA1— SHA1 of the sample uploaded.ATD.Task.SHA256— SHA256 of the sample uploaded.InfoFile.Extension— The extension of the report file.File.EntryID— The Entry ID of the sample.URL.Data— List of malicious URLs identified by Lastline analysis.URL.Malicious.Vendor— For malicious URLs, the vendor that made the decision.URL.Malicious.Description— For malicious URLs, the reason for the vendor to make the decision.URL.Malicious.Score— For malicious URLs, the score from the vendor.Lastline.Submission.Status— Status of the submission.Lastline.Submission.DNSqueries— List of DNS queries done by the analysis subject.Lastline.Submission.NetworkConnections— ist of network connections done by the analysis subject.Lastline.Submission.DownloadedFiles— List of files that were downloaded using the Microsoft Windows file-download API functions. Each element is a tuple of file-origin URL and a File element.Lastline.Submission.UUID— Task UUID of submitted sample.Lastline.Submission.YaraSignatures.name— Yara signatures name.Lastline.Submission.YaraSignatures.score— The score according to the yara signatures. from 0 to 100.Lastline.Submission.YaraSignatures.internal— True if the signature is only for internal usage.Lastline.Submission.Process.arguments— Argument of the process.Lastline.Submission.Process.process_id— The process ID.Lastline.Submission.Process.executable.abs_path— Absolute path of the executable of the process.Lastline.Submission.Process.executable.filename— Filename of the executable.Lastline.Submission.Process.executable.yara_signature_hits— Yara signature of the executable of the process.Lastline.Submission.Process.executable.ext_info— Executable info of the process.Joe.Analysis.ID— Web ID.Domain.Name— The Domain name.Domain.DNS— A list of IP objects resolved by DNS.RegistryKey.Path— The path to the registry key.RegistryKey.Value— The value at the given RegistryKey.Process.Name— Process name.Process.PID— Process PID.Process.CommandLine— Process Command Line.Process.Path— Process path.Process.StartTime— Process start time.Process.EndTime— Process end time.Polygon.Analysis.ID— Analysis ID in THF.Polygon.Analysis.Name— File Name.Polygon.Analysis.Size— File Size.Polygon.Analysis.Started— Analysis start timestamp.Polygon.Analysis.Analyzed— Analysis finish timestamp.Polygon.Analysis.MD5— Analyzed file MD5 hash.Polygon.Analysis.SHA1— Analyzed file SHA1 hash.Polygon.Analysis.SHA256— Analyzed file SHA256.Polygon.Analysis.Result— Analysis verdict.Polygon.Analysis.Status— The analysis status.Polygon.Analysis.Verdict— Analysis verdict.Polygon.Analysis.Probability— Verdict probability.Polygon.Analysis.Families— Malware families.Polygon.Analysis.Score— Polygon score.Polygon.Analysis.Internet-connection— Internet availability.Polygon.Analysis.Type— File type.Polygon.Analysis.DumpExists— Network activity dump exists.Polygon.Analysis.File— The information about files in analysis.Polygon.Analysis.URL— The information about URL indicators.Polygon.Analysis.IP— The information about IP indicators.Polygon.Analysis.Domain— The information about Domain indicators.Polygon.Analysis.RegistryKey— The information about registry keys which were modified during the analysis.Polygon.Analysis.Process— The information about processes started during the analysis.csfalconx.resource.id— Analysis ID.csfalconx.resource.verdict— Analysis verdict.csfalconx.resource.created_timestamp— Analysis start time.csfalconx.resource.environment_id— Environment ID.csfalconx.resource.threat_score— Score of the threat.csfalconx.resource.submit_url— URL submitted for analysis.csfalconx.resource.submission_type— Type of submitted artifact, for example file, URL, etc.csfalconx.resource.filetype— File type.csfalconx.resource.filesize— File size.csfalconx.resource.sha256— SHA256 hash of the submitted file.csfalconx.resource.ioc_report_strict_csv_artifact_id— ID of the IOC pack to download (CSV).csfalconx.resource.ioc_report_broad_csv_artifact_id— ID of the IOC pack to download (CSV).csfalconx.resource.ioc_report_strict_json_artifact_id— ID of the IOC pack to download (JSON).csfalconx.resource.ioc_report_broad_json_artifact_id— ID of the IOC pack to download (JSON).csfalconx.resource.ioc_report_strict_stix_artifact_id— ID of the IOC pack to download (STIX).csfalconx.resource.ioc_report_broad_stix_artifact_id— ID of the IOC pack to download (STIX).csfalconx.resource.ioc_report_strict_maec_artifact_id— ID of the IOC pack to download (MAEC).csfalconx.resource.ioc_report_broad_maec_artifact_id— ID of the IOC pack to download (MAEC).csfalconx.resource.snadbox.environment_description— Environment description.OPSWAT.Filescan.Submission.flow_id— The flow ID.OPSWAT.Filescan.Analysis.finalVerdict.verdict— The final verdict.OPSWAT.Filescan.Analysis.allTags— All tags.OPSWAT.Filescan.Analysis.overallState— Overall state of the scan.OPSWAT.Filescan.Analysis.subtaskReferences— Status of scan subtasks.OPSWAT.Filescan.Analysis.allSignalGroups— All signal groups.OPSWAT.Filescan.Analysis.resources— Resources.OPSWAT.Filescan.Analysis.taskReference.name— Name of the main scan task.OPSWAT.Filescan.Analysis.taskReference.additionalInfo— Additional informations about the main scan task.OPSWAT.Filescan.Analysis.taskReference.ID— ID of the main scan task.OPSWAT.Filescan.Analysis.taskReference.state— State of the main scan task.OPSWAT.Filescan.Analysis.taskReference.resourceReference— Resource reference of the main scan task.OPSWAT.Filescan.Analysis.taskReference.opcount— Counter.OPSWAT.Filescan.Analysis.taskReference.processTime— processTime.OPSWAT.Filescan.Analysis.file.name— The name of the file.OPSWAT.Filescan.Analysis.file.hash— The SHA256 of the file.OPSWAT.Filescan.Analysis.file.type— The type of the submission.ANYRUN.SandboxAnalysis.mitre.name— MITRE Technic text description.ANYRUN.SandboxAnalysis.mitre.phases— MITRE Technic phases.ANYRUN.SandboxAnalysis.mitre.id— MITRE Technic identifier.ANYRUN.SandboxAnalysis.debugStrings— Analysis debug information.ANYRUN.SandboxAnalysis.incidents.process— Analysis process.ANYRUN.SandboxAnalysis.incidents.events.time— Event time.ANYRUN.SandboxAnalysis.incidents.events.cmdline— Event command line.ANYRUN.SandboxAnalysis.incidents.events.image— Event image.ANYRUN.SandboxAnalysis.incidents.mitre.v— MITRE version.ANYRUN.SandboxAnalysis.incidents.mitre.sid— SID.ANYRUN.SandboxAnalysis.incidents.mitre.tid— TID.ANYRUN.SandboxAnalysis.incidents.count— Count of related incidents.ANYRUN.SandboxAnalysis.incidents.firstSeen— Incident first seen date.ANYRUN.SandboxAnalysis.incidents.source— Incident source.ANYRUN.SandboxAnalysis.incidents.desc— Incident description.ANYRUN.SandboxAnalysis.incidents.title— Incident title.ANYRUN.SandboxAnalysis.incidents.threatLevel— Incident threat level.ANYRUN.SandboxAnalysis.incidents.events.typeValue— Event type value.ANYRUN.SandboxAnalysis.incidents.events.key— Event key.ANYRUN.SandboxAnalysis.incidents.events.value— Event value.ANYRUN.SandboxAnalysis.incidents.events.name— Event name.ANYRUN.SandboxAnalysis.incidents.events.operation— Even operation.ANYRUN.SandboxAnalysis.incidents.events.cmdParent— Event parent cmd.ANYRUN.SandboxAnalysis.incidents.events.cmdChild— Event child cmd.ANYRUN.SandboxAnalysis.modified.registry.time— Registry time.ANYRUN.SandboxAnalysis.modified.registry.process— Registry process.ANYRUN.SandboxAnalysis.modified.registry.operation— Registry operation.ANYRUN.SandboxAnalysis.modified.registry.value— Registry value.ANYRUN.SandboxAnalysis.modified.registry.name— Registry name.ANYRUN.SandboxAnalysis.modified.registry.key— Registry key.ANYRUN.SandboxAnalysis.modified.files.process— File process.ANYRUN.SandboxAnalysis.modified.files.size— File size.ANYRUN.SandboxAnalysis.modified.files.filename— Filename.ANYRUN.SandboxAnalysis.modified.files.time— File creating time.ANYRUN.SandboxAnalysis.modified.files.info.mime— File MIME type.ANYRUN.SandboxAnalysis.modified.files.info.file— File content.ANYRUN.SandboxAnalysis.modified.files.permanentUrl— File url.ANYRUN.SandboxAnalysis.modified.files.hashes.ssdeep— File SSDeep.ANYRUN.SandboxAnalysis.modified.files.hashes.sha256— File sha256 hash.ANYRUN.SandboxAnalysis.modified.files.hashes.sha1— File sha1 hash.ANYRUN.SandboxAnalysis.modified.files.hashes.md5— File md5 hash.ANYRUN.SandboxAnalysis.modified.files.threatLevel— File threat level.ANYRUN.SandboxAnalysis.modified.files.type— File type.ANYRUN.SandboxAnalysis.network.threats— Analysis network threats.ANYRUN.SandboxAnalysis.network.connections.reputation— Network connection reputation.ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3SFullstring— Network connection ja3S.ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3S— Network connection ja3S.ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3Fullstring— Network connection ja3F.ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.ja3— Network connection ja3F.ANYRUN.SandboxAnalysis.network.connections.time— Network connection time.ANYRUN.SandboxAnalysis.network.connections.asn— Network connection ASN.ANYRUN.SandboxAnalysis.network.connections.country— Network connection country.ANYRUN.SandboxAnalysis.network.connections.protocol— Network connection protocol.ANYRUN.SandboxAnalysis.network.connections.port— Network connection port.ANYRUN.SandboxAnalysis.network.connections.ip— Network connection ip.ANYRUN.SandboxAnalysis.network.connections.process— Network connection processes.ANYRUN.SandboxAnalysis.network.connections.tlsFingerprint.jarm— Network connection jarm.ANYRUN.SandboxAnalysis.network.httpRequests.country— HTTP Request country.ANYRUN.SandboxAnalysis.network.httpRequests.reputation— HTTP Request reputation.ANYRUN.SandboxAnalysis.network.httpRequests.process— HTTP Request related process.ANYRUN.SandboxAnalysis.network.httpRequests.httpCode— HTTP Request status code.ANYRUN.SandboxAnalysis.network.httpRequests.status— HTTP Request status.ANYRUN.SandboxAnalysis.network.httpRequests.user-agent— HTTP Request User-Agent header value.ANYRUN.SandboxAnalysis.network.httpRequests.proxyDetected— HTTP Request is proxy detected.ANYRUN.SandboxAnalysis.network.httpRequests.port— HTTP Request port.ANYRUN.SandboxAnalysis.network.httpRequests.ip— HTTP Request ip.ANYRUN.SandboxAnalysis.network.httpRequests.url— HTTP Request url.ANYRUN.SandboxAnalysis.network.httpRequests.host— HTTP Request host.ANYRUN.SandboxAnalysis.network.httpRequests.method— HTTP Request method.ANYRUN.SandboxAnalysis.network.httpRequests.time— HTTP Request time estimate.ANYRUN.SandboxAnalysis.network.dnsRequests.reputationNumber— DNS Request reputation number.ANYRUN.SandboxAnalysis.network.dnsRequests.reputation— DNS Request reputation.ANYRUN.SandboxAnalysis.network.dnsRequests.ips— DNS Request IPs.ANYRUN.SandboxAnalysis.network.dnsRequests.domain— DNS Request domain.ANYRUN.SandboxAnalysis.network.dnsRequests.time— DNS Request time estimate.ANYRUN.SandboxAnalysis.malconf— Analysis malconf.ANYRUN.SandboxAnalysis.processes.synchronization— Analysis processes synchronization.ANYRUN.SandboxAnalysis.processes.modules— Analysis processes modules.ANYRUN.SandboxAnalysis.processes.hasMalwareConfig— Process has malware config.ANYRUN.SandboxAnalysis.processes.parentUUID— Process parent UUID.ANYRUN.SandboxAnalysis.processes.status— Process status.ANYRUN.SandboxAnalysis.processes.scores.specs.malwareConfig— Process malware config.ANYRUN.SandboxAnalysis.processes.scores.specs.privEscalation— Process priv escalation.ANYRUN.SandboxAnalysis.processes.scores.specs.stealing— Process stealing.ANYRUN.SandboxAnalysis.processes.scores.specs.networkLoader— Process network loader.ANYRUN.SandboxAnalysis.processes.scores.specs.network— Process network.ANYRUN.SandboxAnalysis.processes.scores.specs.lowAccess— Process low access.ANYRUN.SandboxAnalysis.processes.scores.specs.knownThreat— Process known threat.ANYRUN.SandboxAnalysis.processes.scores.specs.injects— Process inject.ANYRUN.SandboxAnalysis.processes.scores.specs.exploitable— Process exploitable.ANYRUN.SandboxAnalysis.processes.scores.specs.executableDropped— Process executable dropped.ANYRUN.SandboxAnalysis.processes.scores.specs.debugOutput— Process debug output.ANYRUN.SandboxAnalysis.processes.scores.specs.crashedApps— Process crashed apps.ANYRUN.SandboxAnalysis.processes.scores.specs.autoStart— Process auto start.ANYRUN.SandboxAnalysis.processes.scores.loadsSusp— Process loads susp.ANYRUN.SandboxAnalysis.processes.scores.injected— Process injected.ANYRUN.SandboxAnalysis.processes.scores.dropped— Process dropped.ANYRUN.SandboxAnalysis.processes.scores.verdict.threatLevelText— Process threat level text.ANYRUN.SandboxAnalysis.processes.scores.verdict.threatLevel— Process threat level.ANYRUN.SandboxAnalysis.processes.scores.verdict.score— Process score.ANYRUN.SandboxAnalysis.processes.context.userName— Process context username.ANYRUN.SandboxAnalysis.processes.context.integrityLevel— Process context integrity level.ANYRUN.SandboxAnalysis.processes.context.rebootNumber— Process context reboot number.ANYRUN.SandboxAnalysis.processes.versionInfo.version— Process version.ANYRUN.SandboxAnalysis.processes.versionInfo.description— Process description.ANYRUN.SandboxAnalysis.processes.versionInfo.company— Process company.ANYRUN.SandboxAnalysis.processes.mainProcess— Process main process.ANYRUN.SandboxAnalysis.processes.fileType— Process file type.ANYRUN.SandboxAnalysis.processes.fileName— Process filename.ANYRUN.SandboxAnalysis.processes.commandLine— Process cmd.ANYRUN.SandboxAnalysis.processes.image— Process image.ANYRUN.SandboxAnalysis.processes.uuid— Process uuid.ANYRUN.SandboxAnalysis.processes.ppid— Process PPID.ANYRUN.SandboxAnalysis.processes.important— Process important.ANYRUN.SandboxAnalysis.processes.pid— Process PID.ANYRUN.SandboxAnalysis.processes.exitCode— Process exit code.ANYRUN.SandboxAnalysis.processes.times.terminate— Process time terminate.ANYRUN.SandboxAnalysis.processes.times.start— Process time start.ANYRUN.SandboxAnalysis.processes.resolvedCOM.title— Process resolved COM title.ANYRUN.SandboxAnalysis.processes.synchronization.operation— Process sync operation.ANYRUN.SandboxAnalysis.processes.synchronization.type— Process sync type.ANYRUN.SandboxAnalysis.processes.synchronization.name— Process sync name.ANYRUN.SandboxAnalysis.processes.synchronization.time— Process sync time.ANYRUN.SandboxAnalysis.processes.modules.image— Process module image.ANYRUN.SandboxAnalysis.processes.modules.time— Process module time.ANYRUN.SandboxAnalysis.processes.scores.monitoringReason— Process monitoring reason.ANYRUN.SandboxAnalysis.processes.times.monitoringSince— Process monitoring since.ANYRUN.SandboxAnalysis.counters.synchronization.type.event— Process sync event.ANYRUN.SandboxAnalysis.counters.synchronization.type.mutex— Process sync mutex.ANYRUN.SandboxAnalysis.counters.synchronization.operation.create— Process sync operation create.ANYRUN.SandboxAnalysis.counters.synchronization.operation.open— Process sync operation open.ANYRUN.SandboxAnalysis.counters.synchronization.total— Process sync total.ANYRUN.SandboxAnalysis.counters.registry.delete— Registry delete.ANYRUN.SandboxAnalysis.counters.registry.write— Registry write.ANYRUN.SandboxAnalysis.counters.registry.read— Registry reed.ANYRUN.SandboxAnalysis.counters.registry.total— Registry total.ANYRUN.SandboxAnalysis.counters.files.malicious— File malicious count.ANYRUN.SandboxAnalysis.counters.files.suspicious— File suspicious count.ANYRUN.SandboxAnalysis.counters.files.text— File text.ANYRUN.SandboxAnalysis.counters.files.unknown— File unknown count.ANYRUN.SandboxAnalysis.counters.network.threats— Network threats count.ANYRUN.SandboxAnalysis.counters.network.dns— Network dns count.ANYRUN.SandboxAnalysis.counters.network.connections— Network connections count.ANYRUN.SandboxAnalysis.counters.network.http— Network networks count.ANYRUN.SandboxAnalysis.counters.processes.malicious— Malicious processes count.ANYRUN.SandboxAnalysis.counters.processes.suspicious— Suspicious processes count.ANYRUN.SandboxAnalysis.counters.processes.monitored— Monitored processes count.ANYRUN.SandboxAnalysis.counters.processes.total— Total processes count.ANYRUN.SandboxAnalysis.environments.hotfixes.title— Environment hotfixes title.ANYRUN.SandboxAnalysis.environments.software.version— Environment software version.ANYRUN.SandboxAnalysis.environments.software.title— Environment software title.ANYRUN.SandboxAnalysis.environments.internetExplorer.kbnum— Environment Internet Explorer KBNUM.ANYRUN.SandboxAnalysis.environments.internetExplorer.version— Environment Internet Explorer version.ANYRUN.SandboxAnalysis.environments.os.bitness— Environment OS version.ANYRUN.SandboxAnalysis.environments.os.softSet— Environment OS software set.ANYRUN.SandboxAnalysis.environments.os.servicePack— Environment OS service pack.ANYRUN.SandboxAnalysis.environments.os.major— Environment OS major version.ANYRUN.SandboxAnalysis.environments.os.productType— Environment OS product type.ANYRUN.SandboxAnalysis.environments.os.variant— Environment OS variant.ANYRUN.SandboxAnalysis.environments.os.product— Environment OS product.ANYRUN.SandboxAnalysis.environments.os.build— Environment OS build.ANYRUN.SandboxAnalysis.environments.os.title— Environment OS title.ANYRUN.SandboxAnalysis.analysis.content.dumps— Content dumps.ANYRUN.SandboxAnalysis.analysis.content.screenshots.thumbnailUrl— Screenshots thumbnail url.ANYRUN.SandboxAnalysis.analysis.content.screenshots.permanentUrl— Screenshots permanent url.ANYRUN.SandboxAnalysis.analysis.content.screenshots.time— Screenshots time.ANYRUN.SandboxAnalysis.analysis.content.screenshots.uuid— Screenshots uuid.ANYRUN.SandboxAnalysis.analysis.content.sslkeys.present— SSL keys present.ANYRUN.SandboxAnalysis.analysis.content.pcap.permanentUrl— Pcap dump permanent url.ANYRUN.SandboxAnalysis.analysis.content.pcap.present— Pcap present.ANYRUN.SandboxAnalysis.analysis.content.video.permanentUrl— Video permanent url.ANYRUN.SandboxAnalysis.analysis.content.video.present— Video present.ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.ssdeep— Main object ssdeep.ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.sha256— Main object sha256.ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.sha1— Main object sha1.ANYRUN.SandboxAnalysis.analysis.content.mainObject.hashes.md5— Main object md5.ANYRUN.SandboxAnalysis.analysis.content.mainObject.url— Main object url.ANYRUN.SandboxAnalysis.analysis.content.mainObject.type— Main object type.ANYRUN.SandboxAnalysis.analysis.scores.specs.knownThreat— Specs known threat.ANYRUN.SandboxAnalysis.analysis.scores.specs.malwareConfig— Specs malware Config.ANYRUN.SandboxAnalysis.analysis.scores.specs.notStarted— Specs not started.ANYRUN.SandboxAnalysis.analysis.scores.specs.privEscalation— Specs priv escalation.ANYRUN.SandboxAnalysis.analysis.scores.specs.torUsed— Specs TOR used.ANYRUN.SandboxAnalysis.analysis.scores.specs.suspStruct— Specs susp structure.ANYRUN.SandboxAnalysis.analysis.scores.specs.stealing— Specs stealing.ANYRUN.SandboxAnalysis.analysis.scores.specs.staticDetections— Specs static detections.ANYRUN.SandboxAnalysis.analysis.scores.specs.spam— Specs spam.ANYRUN.SandboxAnalysis.analysis.scores.specs.serviceLauncher— Specs service launcher.ANYRUN.SandboxAnalysis.analysis.scores.specs.rebooted— Specs rebooted.ANYRUN.SandboxAnalysis.analysis.scores.specs.networkThreats— Specs network threats.ANYRUN.SandboxAnalysis.analysis.scores.specs.networkLoader— Specs network loader.ANYRUN.SandboxAnalysis.analysis.scores.specs.multiprocessing— Specs multiprocessing.ANYRUN.SandboxAnalysis.analysis.scores.specs.memOverrun— Specs memory overrun.ANYRUN.SandboxAnalysis.analysis.scores.specs.lowAccess— Specs low access.ANYRUN.SandboxAnalysis.analysis.scores.specs.exploitable— Specs exploitable.ANYRUN.SandboxAnalysis.analysis.scores.specs.executableDropped— Specs executable dropped.ANYRUN.SandboxAnalysis.analysis.scores.specs.debugOutput— Specs debug output.ANYRUN.SandboxAnalysis.analysis.scores.specs.crashedTask— Specs crashed task.ANYRUN.SandboxAnalysis.analysis.scores.specs.crashedApps— Specs crashed apps.ANYRUN.SandboxAnalysis.analysis.scores.specs.cpuOverrun— Specs CPU overrun.ANYRUN.SandboxAnalysis.analysis.scores.specs.autoStart— Specs suto start.ANYRUN.SandboxAnalysis.analysis.scores.specs.injects— Specs injects.ANYRUN.SandboxAnalysis.analysis.scores.verdict.threatLevelText— Verdict threat level text.ANYRUN.SandboxAnalysis.analysis.scores.verdict.threatLevel— Verdict threat level.ANYRUN.SandboxAnalysis.analysis.scores.verdict.score— Verdict score.ANYRUN.SandboxAnalysis.analysis.options.automatization.uac— Options automatization UAC.ANYRUN.SandboxAnalysis.analysis.options.privateSample— Options private sample.ANYRUN.SandboxAnalysis.analysis.options.privacy— Options privacy.ANYRUN.SandboxAnalysis.analysis.options.network— Options network.ANYRUN.SandboxAnalysis.analysis.options.hideSource— Options hide source.ANYRUN.SandboxAnalysis.analysis.options.video— Options video.ANYRUN.SandboxAnalysis.analysis.options.presentation— Options presentation.ANYRUN.SandboxAnalysis.analysis.options.tor.used— Options tor used.ANYRUN.SandboxAnalysis.analysis.options.mitm— Options MITM proxy.ANYRUN.SandboxAnalysis.analysis.options.heavyEvasion— Options kernel heavy evasion.ANYRUN.SandboxAnalysis.analysis.options.fakeNet— Options fake network.ANYRUN.SandboxAnalysis.analysis.options.additionalTime— Options additions time.ANYRUN.SandboxAnalysis.analysis.options.timeout— Options timeout.ANYRUN.SandboxAnalysis.analysis.tags— Analysis tags.ANYRUN.SandboxAnalysis.analysis.stopExecText— Analysis stopExecText.ANYRUN.SandboxAnalysis.analysis.stopExec— Analysis creation stopExec.ANYRUN.SandboxAnalysis.analysis.creationText— Analysis creation creation text.ANYRUN.SandboxAnalysis.analysis.creation— Analysis creation date.ANYRUN.SandboxAnalysis.analysis.duration— Analysis duration.ANYRUN.SandboxAnalysis.analysis.sandbox.plan.name— Analysis sandbox user plan name.ANYRUN.SandboxAnalysis.analysis.sandbox.name— Analysis sandbox name.ANYRUN.SandboxAnalysis.analysis.reports.graph— Analysis reports graph.ANYRUN.SandboxAnalysis.analysis.reports.STIX— Analysis STIX report url.ANYRUN.SandboxAnalysis.analysis.reports.HTML— Analysis HTML report url.ANYRUN.SandboxAnalysis.analysis.reports.MISP— Analysis MISP report url.ANYRUN.SandboxAnalysis.analysis.reports.IOC— Analysis IOC report url.ANYRUN.SandboxAnalysis.analysis.permanentUrl— Analysis permanent url.ANYRUN.SandboxAnalysis.analysis.uuid— Analysis uuid.ANYRUN.SandboxAnalysis.status— Analysis status.ANYRUN.SandboxAnalysisReportVerdict— The analysis verdict.ANYRUN_DetonateFileAndroid.TaskID— Task UUID.ANYRUN_DetonateFileLinux.TaskID— Task UUID.ANYRUN_DetonateFileWindows.TaskID— Task UUID.