{% if source_url %} {% endif %} {% if file.cape_type %} {% endif %} {% if file.type %} {% endif %} {% if file.guest_paths and tab_name == "dropped" %} {% endif %} {% if file.module_path and file.process_path != file.module_path %} {% endif %} {% if file.cape_type_code == 8 or file.cape_type_code == 9 %} {% endif %} {% if file.cape_type_code == 5 %} {% endif %} {% if file.cape_type_code == 3 or file.cape_type_code == 4 %} {% else %} {% if file.process_name %} {% endif %} {% if file.pid %} {% endif %} {% if file.process_path %} {% endif %} {% endif %} {% if file.timestamp %} {% endif %} {% if file.sha3_384 %} {% endif %} {% if file.rh_hash %} {% endif %} {% if file.tlsh %} {% endif %} {% if file.clamav %} {% endif %} {% if file.yara %} {% endif %} {% if file.cape_yara %} {% endif %} {% if file.trid %} {% endif %} {% if file.die %} {% endif %} {% if file.dropdir %} {% else %} {% endif %}

File downloaded from	{{source_url\|escape}}
Type	{{file.cape_type}}
File Name	{% for name in file.name\|str2list %} {{name\|safe}} {% endfor %}
File Type	{{file.type}}
Associated Filenames	{% for path in file.guest_paths\|str2list %} {{path}} {% endfor %}
File Size	{{file.size}} bytes
Module Path	{{file.module_path}}
Virtual Address	{{file.virtual_address}}
Section Handle	{{file.section_handle}}
Target Process	{{file.target_process}}
Target PID	{{file.target_pid}}
Target Path	{{file.target_path}}
Injecting Process	{{file.process_name}}
Injecting PID	{{file.pid}}
Path	{{file.process_path}}
Process	{{file.process_name}}
PID	{{file.pid}}
Path	{{file.process_path}}
PE timestamp	{{file.timestamp}}
MD5	{{file.md5}}
SHA1	{{file.sha1}}
SHA256	{{file.sha256}} [VT] [MWDB] [Bazaar]
SHA3-384	{{file.sha3_384}}
RichHeader Hash	{{file.rh_hash}}
CRC32	{{file.crc32}}
TLSH	{{file.tlsh}}
Ssdeep	{{file.ssdeep}}
ClamAV	{% for sign in file.clamav %} {{sign}} {% endfor %}
{% if config.yara_detail %} Yara {% else %} Yara {% endif %}	{% for sign in file.yara %} {{sign.name}} - {{sign.meta.description}} {% if sign.meta.author %} - Author: {{sign.meta.author}} {% endif %} {% endfor %}
{% if config.yara_detail %} CAPE Yara {% else %} CAPE Yara {% endif %}	{% for sign in file.cape_yara %} {{sign.name}} {% if sign.meta.cape_type %} - {{sign.meta.cape_type}} {% elif sign.meta.description %} - {{sign.meta.description}} {% endif %} {% if sign.meta.author %} - Author: {{sign.meta.author}}{% endif %} {% endfor %}
TriD	{% for str in file.trid %} {{str}} {% endfor %}
Detect It Easy	{% for str in file.die %} {{str}} {% endfor %}
	Download
{% if file.pe %} PE{% endif %} {% if file.dotnet %} DotNET{% endif %} {% if file.pdf %} PDF{% endif %} {% if file.lnk %} LNK{% endif %} {% if file.rdp %} RDP{% endif %} {% if file.java %} Java{% endif %} {% if file.office %} Office{% endif %} {% if file.office.XLMMacroDeobfuscator %} XLM Macro{% endif %}	{% if not config.zipped_download %} {% endif %} File {% if config.flare_capa %} {% if not file.flare_capa and on_demand.flare_capa %} CAPA {% elif file.flare_capa %} FLARE CAPA {% endif %} {% endif %} {% if config.strings %} {% if "strings" not in file %} Strings {% elif file.strings %} Strings {% endif %} {% endif %} {% if file.dotnet_strings %} DotNet Strings {% endif %} {% if config.floss %} {% if not file.floss %} Floss {% else %} Floss {% endif %} {% endif %} {% if config.bingraph %} {% if not graphs.bingraph.content\|getkey:file.sha256 and on_demand.bingraph %} BinGraph {% else %} BinGraph {% endif %} {% endif %} {% if graphs.vba2graph.enabled %} {% if not graphs.vba2graph.content\|getkey:file.sha256 and on_demand.vba2graph %} Vba2Graph {% elif graphs.vba2graph.content\|getkey:file.sha256 %} Vba2Graph {% endif %} {% endif %} {% if config.virustotal and not file.virustotal and on_demand.virustotal %} VirusTotal {% endif %} {% if file.office and config.xlsdeobf and not file.office.XLMMacroDeobfuscator and on_demand.xlsdeobf %} XLMMacros {% endif %} {% if config.vtupload and analysis.info.tlp != "Red" %} VirusTotal {% endif %} {% if file.data %} Text {% endif %} {% if file.decoded_files %} {{file.decoded_files_tool}} {% endif %} {% if file.selfextract %} {% for name, details in file.selfextract.items %} {{name}} ({{details.extracted_files_time\|floatformat:2}}) {% endfor %} {% endif %}

{% if file.flare_capa %}

{% if file.flare_capa.CAPABILITY %} {{file.flare_capa|flare_capa_capability}} {% endif %} {% if file.flare_capa.ATTCK %} {{file.flare_capa|flare_capa_attck}} {% endif %} {% if file.flare_capa.MBC %} {{file.flare_capa|flare_capa_mbc}} {% endif %}

{% endif %} {% if graphs.vba2graph.enabled and graphs.vba2graph.content|getkey:file.sha256 %} {{ graphs.vba2graph.content|getkey:file.sha256|safe }} {% endif %} {% if file.virustotal %} {% include "analysis/generic/_virustotal.html" %} {% endif %}
{% if file.misp.event_link %} {% include "analysis/generic/_misp.html" %} {% endif %} {% if file.strings %}

{% for string in file.strings %}

{% endfor %}

{% endif %} {% if file.dotnet_strings %}

{% for string in file.dotnet_strings %}

{% endfor %}

{% endif %} {% if file.data %}

{{file.data|escape}}

{% endif %} {% if file.decoded_files %}

{% endif %} {% if file.selfextract %} {% for name, details in file.selfextract.items %}

{% if details.password %} Archive password: {{details.password}} {% endif %} {% for sub_file in details.extracted_files %} {% include "analysis/generic/_subfile_info.html" %} {% endfor %}

{% endfor %}
{% endif %} {% if config.yara_detail and file.yara %}

{% include "analysis/generic/_yara.html" %}

{% endif %} {% if config.yara_detail and file.cape_yara %}

{% include "analysis/generic/_capeyara.html" %}

{% endif %} {% if file.pe %}

{% include "analysis/generic/_pe.html" %}

{% endif %} {% if file.dotnet %}

{% include "analysis/generic/_dotnet.html" %}

{% endif %} {% if file.pdf %}

{% include "analysis/generic/_pdf.html" %}

{% endif %} {% if file.lnk %}

{% include "analysis/generic/_lnk.html" %}

{% endif %} {% if file.rdp %}

{% include "analysis/generic/_rdp.html" %}

{% endif %} {% if file.java %}

{% include "analysis/generic/_java.html" %}

{% endif %} {% if file.office %}

{% include "analysis/generic/_office.html" %}

{% endif %} {% if file.office.XLMMacroDeobfuscator %}

{% include "analysis/generic/_xlmmacro.html" %}

{% endif %} {% if file.floss %}

{% include "analysis/generic/_floss.html" %}

{% endif %} {% if graphs.bingraph.enabled and graphs.bingraph.content|getkey:file.sha256 %}{{ graphs.bingraph.content|getkey:file.sha256|safe }}
{% endif %}