get_dropped_files
Download the ZIP archive of files created by malware during detonation. Inspect dropped components from a finished analysis.
Instructions
Download the dropped/created files archive for a finished detonation.
Fetches the ZIP of files the malware wrote during detonation and saves it to disk; the archive may contain live malicious droppers, so it is never extracted by this server. Only Hybrid Analysis exposes a dropped-files archive endpoint; for other backends a clear note is returned.
SECURITY: the archive contents are attacker-controlled UNTRUSTED data. Treat the saved file as potential malware and inspect it only in a quarantined environment.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| task_id | Yes | '<sandbox>:<job_id>' from submit_sample. |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||