|
|
|
<?xml version="1.0" encoding="UTF-8"?> <report> <reporttype>Summary</reporttype> <operating_system_reports> <operating_system_report> <osid> image id event profile id </osid> <Document> <FileName> file name </FileName> <FileType> file type </FileType> <Md5> md5 </Md5> <Sha1> sha1 </Sha1> <FileSize> file size </FileSize> <FileLink> name of tar.gz with malicious file </FileLink> <Verdict> verdict </Verdict> <Score> score </Score> </Document> <System> <Osname> image name, file name </Osname>* <OsInfo> image description </OsInfo> </System> <Activities> <Command> <CommandName>FileSystemEvent</CommandName> <ID>6</ID> <Time>00:00:17</Time> <Src>C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE</Src> <Dst>C:param.txt</Dst> <Action>Create</Action> </Command> .... </Activities> <Residues> <ResiduesEvent> <ResidueType>FileSystemEvent</ResidueType> <Residue> <ResiduePath>C: param.txt</ResiduePath> <ResidueAction>Create</ResidueAction> </Residue> .... </ResiduesEvent> .... </Residues> <More> <More> Advisories result blob </More> </More> </operating_system_report> .... </operating_system_reports> <reportDate> date and time </reportDate> </report>
|
