Malwarebytes

Overview


Scan and Remediate threats on endpoints in the Malwarebytes cloud | Nebula. This integration was integrated and tested with Malwarebytes cloud | Nebula.

Malwarebytes Playbook


  1. Malwarebytes - Scan & Remediate Endpoint
  2. Malwarebytes - Isolate Endpoint

Use Cases


  1. Trigger Malwarebytes Scans and Remediation as part of Demisto Playbook.
  2. Trigger Malwarebytes EDR Advanced Capabilities as part of a Demisto Playbook.
  3. Create Demisto incidents based on threats detected by Malwarebytes.

Configure Malwarebytes on Demisto


This integration collects your E-mail and Company Name for usage analytics of Malwarebytes, if provided in the config.

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Malwarebytes.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Account ID
    • Client ID
    • Client Secret
    • Fetch incidents
    • Incident type
    • Fetch Event List
    • RTP Detections Threat Category
    • Suspicious Activity Severity
    • Trust any certificate (not secure)
    • Use system proxy settings
    • E-Mail
    • Company Name
  4. Click Test to validate the URLs, token, and connection.

Fetched Incidents Data


The fetch incidents command is the function that Demisto calls every minute to import new incidents and is triggered by the "Fetches incidents" parameter in the integration configuration.

What kind of objects/entities the integration should fetch (events/alerts/incidents/cases/tickets/etc)?

  1. Create a Demisto incident upon a Malwarebytes Real-time protection detections.
  2. Create a Demisto incident upon Malwarebytes Suspicious Acitivty detections.

Are there any filters available to allow users to filter those incidents (e.g. type, status, etc) ?

Filters like Severity, Malware Category will be provided on the integration config.

Commands


You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. malwarebytes-scan-and-remediate
  2. malwarebytes-scan-and-report
  3. malwarebytes-isolate-endpoint
  4. malwarebytes-isolate-process
  5. malwarebytes-isolate-desktop
  6. malwarebytes-isolate-network
  7. malwarebytes-deisolate-endpoint
  8. malwarebytes-list-endpoints
  9. malwarebytes-list-endpoint-info
  10. malwarebytes-get-scan-detections
  11. malwarebytes-get-job-status
  12. malwarebytes-open-sa-incident
  13. malwarebytes-remediate-sa-incident
  14. malwarebytes-close-sa-incident
  15. malwarebytes-get-sa-activities

1. malwarebytes-scan-and-remediate


Initiate Scan and Remediate action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-scan-and-remediate

Input
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example

!malwarebytes-scan-and-remediate hostname=DESKTOP-LI4MQ7B

Context Example
{
"Malwarebytes.Scan": {
"Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c",
"Job_ID": "964776a3-9cd8-45a2-9c56-59f692f42cc6"
}
}
Human Readable Output

Scan and Remediate action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 964776a3-9cd8-45a2-9c56-59f692f42cc6. Use job_id in malwarebytes-get-job-status command to check status and malwarebytes-get-scan-detections command to view results

2. malwarebytes-scan-and-report


Initiate Scan and report action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-scan-and-report

Input
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example

!malwarebytes-scan-and-report hostname=TA-AZ-CLT1

Context Example
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "88c6de27-d7d2-45da-a0b9-239a774afe50"
}
}
Human Readable Output

Scan and Report action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 88c6de27-d7d2-45da-a0b9-239a774afe50. Use job_id in malwarebytes-get-job-status command to check status and malwarebytes-get-scan-detections command to view results

3. malwarebytes-isolate-endpoint


Initiate Isolation action on an endpoint based on IP or Hostname. This action isolate an endpoint by Process, Network and Desktop.

Base Command

malwarebytes-isolate-endpoint

Input
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example

!malwarebytes-isolate-endpoint hostname=DESKTOP-LI4MQ7B

Context Example
{
"Malwarebytes.Scan": {
"Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c",
"Job_ID": "c133caaf-2c1c-4c54-86b5-b45354608e4d"
}
}
Human Readable Output

Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: c133caaf-2c1c-4c54-86b5-b45354608e4d. Use job_id in malwarebytes-get-job-status command to view results

4. malwarebytes-isolate-process


Initiate Process Isolation action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-isolate-process

Input
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example

!malwarebytes-isolate-process hostname=DESKTOP-LI4MQ7B

Context Example
{
"Malwarebytes.Scan": {
"Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c",
"Job_ID": "72708102-465f-4a3e-8be5-de93cdae6cad"
}
}
Human Readable Output

Process Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 72708102-465f-4a3e-8be5-de93cdae6cad. Use job_id in malwarebytes-get-job-status command to view results

5. malwarebytes-isolate-desktop


Initiate Desktop Isolation action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-isolate-desktop

Input
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example

!malwarebytes-isolate-desktop hostname=TA-AZ-CLT1

Context Example
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "6b0d17b7-bb5b-4314-a841-f25ae93c6a8e"
}
}
Human Readable Output

Desktop Isolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 6b0d17b7-bb5b-4314-a841-f25ae93c6a8e. Use job_id in malwarebytes-get-job-status command to view results

6. malwarebytes-isolate-network


Initiate Network Isolation action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-isolate-network

Input
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example

!malwarebytes-isolate-network hostname=TA-AZ-CLT1

Context Example
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "cc92a1f4-7253-415d-a743-64f0ea7afb65"
}
}
Human Readable Output

Network Isolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: cc92a1f4-7253-415d-a743-64f0ea7afb65. Use job_id in malwarebytes-get-job-status command to view results

7. malwarebytes-deisolate-endpoint


Initiate Deisolation action on an endpoint based on IP or Hostname. This action deisolate an endpoint by Process, Network and Desktop.

Base Command

malwarebytes-deisolate-endpoint

Input
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example

!malwarebytes-deisolate-endpoint hostname=TA-AZ-CLT1

Context Example
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "8dab60e1-e6d8-47c3-b321-0a74de329d20"
}
}
Human Readable Output

Deisolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 8dab60e1-e6d8-47c3-b321-0a74de329d20. Use job_id in malwarebytes-get-job-status command to view results

8. malwarebytes-list-endpoints


List all/online/offline endpoints available in the Malwarebytes Cloud.

Base Command

malwarebytes-list-endpoints

Input
Argument NameDescriptionRequired
endpointsEnter value 'all' to get all endpoints and value 'online' or 'offline' to get online/offline endpoints.Optional
Context Output
PathTypeDescription
Malwarebytes.Endpoint.total_countinttotal count of all/online/offline endpoints.
Command Example

!malwarebytes-list-endpoints endpoints=all

Context Example
{
"Malwarebytes.Endpoint": {
"total_count": 5
}
}
Human Readable Output

Found all 5 Endpoints from Malwarebytes Cloud:

created_atidlast_seen_atnameonlineos_architectureos_platformos_release_name
2020-02-05T10:12:55.187467Z017febb6-ae68-4c15-9918-d911c72d062a2020-04-16T14:05:41.668409ZTA-AZ-CLT1falseAMD64WINDOWSMicrosoft Windows 10 Pro
2020-03-31T08:42:14.319976Z1d711cdc-6c6c-4457-927f-2528ecc857a02020-04-15T08:50:42.737922ZEC2AMAZ-KK7M02PfalseAMD64WINDOWSMicrosoft Windows Server 2019 Datacenter
2020-02-05T09:50:02.194556Z211d8c3e-142c-4849-b1f0-1680b4bd239c2020-04-22T09:07:41.206037ZDESKTOP-LI4MQ7BtrueAMD64WINDOWSMicrosoft Windows 10 Enterprise
2019-11-25T19:47:15.833008Zb5740188-00a2-434b-a180-5b0fa85cb10b2020-04-21T18:17:43.064707ZDESKTOP-91UJNA1falseAMD64WINDOWSMicrosoft Windows 10 Pro
2019-10-18T09:26:26.993555Z5074ade3-5716-44d8-83c7-5985379c03992020-04-22T09:32:25.813131ZDESKTOP-664HFM6trueAMD64WINDOWSMicrosoft Windows 10 Pro

9. malwarebytes-list-endpoint-info


Lists more granular information about an endpoint.

Base Command

malwarebytes-list-endpoint-info

Input
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output
PathTypeDescription
Malwarebytes.Endpoint.AssetsstringAsset information of the endpoint.
Malwarebytes.Endpoint.HostnamestringThe hostname that is mapped to this endpoint.
Malwarebytes.Endpoint.IPAddressstringThe IP address of the endpoint.
Malwarebytes.Endpoint.DomainstringThe domain of the endpoint.
Malwarebytes.Endpoint.MACAddressstringThe MAC address of the endpoint.
Malwarebytes.Endpoint.OSstringEndpoint OS.
Malwarebytes.Endpoint.OSVersionstringOS version.
Malwarebytes.Endpoint.ModelstringThe model of the machine or device.
Malwarebytes.Endpoint.MemoryintMemory on this endpoint.
Endpoint.HostnamestringThe hostname that is mapped to this endpoint.
Endpoint.IPAddressstringThe IP address of the endpoint.
Endpoint.DomainstringThe domain of the endpoint.
Endpoint.MACAddressstringThe MAC address of the endpoint.
Endpoint.OSstringEndpoint OS.
Endpoint.OSVersionstringOS version.
Endpoint.ModelstringThe model of the machine or device.
Endpoint.MemoryintMemory on this endpoint.
Command Example

!malwarebytes-list-endpoint-info hostname=TA-AZ-CLT1

Context Example
{
"Malwarebytes.Endpoint": {
"MACAddress": "000D3A0AFEC2",
"Domain": "",
"Assets": {
"computer_info": {
"model": "Virtual Machine",
"manufacturer": "Microsoft Corporation"
},
"plugin_version": "1.2.0.330",
"object_sid": "",
"updates_installed": [],
"dhcp_scope_name": "",
"object_guid": "",
"drives": [
{
"name": "C:\\",
"total_size": 135838822400,
"freespace_available": 124591616000,
"freespace_total": 124591616000,
"volume_label": "Windows",
"drive_format": "NTFS"
},
{
"name": "D:\\",
"total_size": 8588816384,
"freespace_available": 7477661696,
"freespace_total": 7477661696,
"volume_label": "Temporary Storage",
"drive_format": "NTFS"
}
],
"domain_name": "",
"culture": "en-US",
"nics": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
],
"host_name": "TA-AZ-CLT1",
"software_installed": [
{
"product": "Google Chrome",
"version": "80.0.3987.87",
"vendor": "Google LLC",
"installed_date": "2020-02-05T00:00:00Z"
},
{
"product": "Malwarebytes Endpoint Agent",
"version": "1.2.0.0",
"vendor": "Malwarebytes",
"installed_date": "2020-02-05T00:00:00Z"
}
],
"memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"time_zone": "Etc/GMT",
"startups": [
{
"value": "explorer.exe",
"name": "Shell",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "",
"name": "System",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "",
"name": "Taskman",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "C:\\windows\\system32\\userinit.exe,",
"name": "Userinit",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "C:\\windows\\system32\\SecurityHealthSystray.exe",
"name": "SecurityHealth",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
},
{
"value": "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}",
"name": "WebCheck",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad"
},
{
"name": "Authentication Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"name": "Notification Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"name": "Security Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"value": "credssp.dll",
"name": "SecurityProviders",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders"
}
],
"fully_qualified_host_name": "TA-AZ-CLT1",
"os_info": {
"os_release_name": "Microsoft Windows 10 Pro",
"os_type": "Workstation",
"os_architecture": "Amd64",
"os_platform": "Windows",
"os_version": "10.0.17763"
}
},
"OS": "Windows",
"Hostname": "TA-AZ-CLT1",
"Memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"Model": "Virtual Machine",
"OSVersion": "10.0.17763",
"IPAddress": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
]
},
"Endpoint": {
"MACAddress": "000D3A0AFEC2",
"Domain": "",
"OS": "Windows",
"Hostname": "TA-AZ-CLT1",
"Memory": 5368094720,
"Model": "Virtual Machine",
"OSVersion": "10.0.17763",
"IPAddress": "10.0.0.11"
}
}
Human Readable Output

Endpoint Information for the Hostname: TA-AZ-CLT1

computer_infoculturedhcp_scope_namedomain_namedrivesfully_qualified_host_namehost_namememorynicsobject_guidobject_sidos_infoplugin_versionsoftware_installedstartupstime_zoneupdates_installed
manufacturer: Microsoft Corporation
model: Virtual Machine
en-US{'freespace_available': 124591616000, 'volume_label': 'Windows', 'drive_format': 'NTFS', 'freespace_total': 124591616000, 'name': 'C:\', 'total_size': 135838822400},
{'freespace_available': 7477661696, 'volume_label': 'Temporary Storage', 'drive_format': 'NTFS', 'freespace_total': 7477661696, 'name': 'D:\', 'total_size': 8588816384}
TA-AZ-CLT1TA-AZ-CLT1total_virtual: 5368094720
free_virtual: 2920792064
total_physical: 4294967296
free_physical: 1683750912
{'mac_address': '000D3A0AFEC2', 'description': 'Microsoft Hyper-V Network Adapter', 'ips': ['10.0.0.11']}os_platform: Windows
os_architecture: Amd64
os_version: 10.0.17763
os_release_name: Microsoft Windows 10 Pro
os_type: Workstation
1.2.0.330{'vendor': 'Google LLC', 'product': 'Google Chrome', 'installed_date': '2020-02-05T00:00:00Z', 'version': '80.0.3987.87'},
{'vendor': 'Malwarebytes', 'product': 'Malwarebytes Endpoint Agent', 'installed_date': '2020-02-05T00:00:00Z', 'version': '1.2.0.0'}
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Shell', 'value': 'explorer.exe'},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'System', 'value': ''},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Taskman', 'value': ''},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Userinit', 'value': 'C:\windows\system32\userinit.exe,'},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', 'name': 'SecurityHealth', 'value': 'C:\windows\system32\SecurityHealthSystray.exe'},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad', 'name': 'WebCheck', 'value': '{E6FB5E20-DE35-11CF-9C87-00AA005127ED}'},
{'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Authentication Packages'},
{'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Notification Packages'},
{'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Security Packages'},
{'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders', 'name': 'SecurityProviders', 'value': 'credssp.dll'}
Etc/GMT

10. malwarebytes-get-scan-detections


Lists detections from an endpoint for the scans initiated from Demisto.

Base Command

malwarebytes-get-scan-detections

Input
Argument NameDescriptionRequired
job_idJob ID of the initiated Scan actions only.Required
Context Output
PathTypeDescription
Malwarebytes.Scan.Job_IDstringJob_Id of the initiated Scan/Isolation/Deisolation actions.
Malwarebytes.Scan.StatusstringScan Status for the host
Malwarebytes.Scan.DetectionsstringScan detections for the host
Command Example

!malwarebytes-get-scan-detections job_id=931f63ca-e14f-43ad-85d2-3eb8236f1bdd

Context Example
{
"Malwarebytes.Scan": {
"Status": "COMPLETED",
"Detections": [
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\MHTQR4AW1913.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\EKATI3479.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\5WRQN2VY9117.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AMDSCQBK\\EKATI3234.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RKSUGKK2\\EKATI1111.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RKSUGKK2\\5IPWAWNR7377.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\UWAEL22C6434.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\GJL0GTPS2496.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\EKATI5786.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\AAWK4JEC6577.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R5QH05OL\\EKATI5120.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QJTCQTO5\\EKATI3976.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QGZQD505\\EKATI6903.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QDI3PGI1\\EKATI8011.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PHVALVXM\\EKATI5172.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PCHQV24F\\EKATI8221.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PCHQV24F\\0LI1UX235485.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\OX4R0SZA\\EKATI6865.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\K2LXHNO1\\EKATI6770.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\K1UQJ5KL\\EKATI1034.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\JI4PZP0K\\EKATI5574.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ICOWWYNX\\EKATI7940.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\HUOBVYD0\\EKATI8486.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\H0LKYXKH\\EKATI6183.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZWIZHTVD\\EKATI6050.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZAAN0543\\EKATI4385.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\YWDLSBOE\\EKATI7806.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\Y2YWHFY47970.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\HVAVEBY58253.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\EKATI6877.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XDFR4BMU\\EKATI1611.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X5IN24J2\\EKATI2562.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X3DL34QB\\EKATI4718.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\WAWZXFJU\\EKATI3613.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\VAIVLV51\\EKATI2378.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\NKWWQ5337273.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\KQDYZ5DZ2805.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\EKATI8812.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FNKI23QO\\EKATI9379.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FMULGDCG\\EKATI5361.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\EZ3VSVR0\\EKATI3626.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DYEBLIJJ\\EKATI2757.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DVM05IV0\\EKATI4168.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DKI4HFKX\\EKATI2083.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TXS354JE\\EKATI7864.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TFDVXDEW\\EKATI3594.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TCERNEHR\\EKATI3060.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SSODDPVL\\EKATI3273.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SK4GT55H\\NSMDWPVW1226.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SK4GT55H\\EKATI6166.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SJRCS2D5\\EKATI3838.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\S0RPYHDI\\EKATI1244.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MDX3HHPZ\\EKATI7764.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\HURT2A3R4366.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\GVXQMXK04108.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\EKATI5862.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LTMZR34O\\EKATI8397.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\5KE1T1MN\\EKATI3121.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\40ASYTIK\\EKATI2489.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\2VR0DR23\\EKATI9180.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\22PMRE41\\EKATI2935.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\1U0KTXL4\\EKATI4859.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\0TNNQOPO\\EKATI4374.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\0TNNQOPO\\CHLGY5ZD1037.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "Malware",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Generic.Malware/Suspicious",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\BIN3333.RAR",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "Malware",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "DDoSTool.Nitol",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCTV.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "PUP",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "PUP.Optional.Solimba",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MICROSOFT OFFICE 2007 SERVICE PACK 2.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "Malware",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Trojan.ServStart",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FCK_RSC.DUMP",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "Malware",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Generic.Malware/Suspicious",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\2211.RAR",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
}
],
"Job_ID": "931f63ca-e14f-43ad-85d2-3eb8236f1bdd"
}
}
Human Readable Output

Scan Detections Report for the Job_Id: 931f63ca-e14f-43ad-85d2-3eb8236f1bdd

categorymachine_idmachine_namepathreported_atstatusthreat_nametype
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\MHTQR4AW1913.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\EKATI3479.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\5WRQN2VY9117.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AMDSCQBK\EKATI3234.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RKSUGKK2\EKATI1111.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RKSUGKK2\5IPWAWNR7377.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\UWAEL22C6434.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\GJL0GTPS2496.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\EKATI5786.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\AAWK4JEC6577.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R5QH05OL\EKATI5120.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QJTCQTO5\EKATI3976.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QGZQD505\EKATI6903.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QDI3PGI1\EKATI8011.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PHVALVXM\EKATI5172.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PCHQV24F\EKATI8221.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PCHQV24F\0LI1UX235485.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\OX4R0SZA\EKATI6865.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\K2LXHNO1\EKATI6770.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\K1UQJ5KL\EKATI1034.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\JI4PZP0K\EKATI5574.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ICOWWYNX\EKATI7940.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\HUOBVYD0\EKATI8486.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\H0LKYXKH\EKATI6183.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZWIZHTVD\EKATI6050.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZAAN0543\EKATI4385.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\YWDLSBOE\EKATI7806.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\Y2YWHFY47970.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\HVAVEBY58253.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\EKATI6877.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XDFR4BMU\EKATI1611.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X5IN24J2\EKATI2562.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X3DL34QB\EKATI4718.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\WAWZXFJU\EKATI3613.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\VAIVLV51\EKATI2378.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\NKWWQ5337273.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\KQDYZ5DZ2805.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\EKATI8812.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FNKI23QO\EKATI9379.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FMULGDCG\EKATI5361.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\EZ3VSVR0\EKATI3626.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DYEBLIJJ\EKATI2757.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DVM05IV0\EKATI4168.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DKI4HFKX\EKATI2083.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TXS354JE\EKATI7864.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TFDVXDEW\EKATI3594.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TCERNEHR\EKATI3060.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SSODDPVL\EKATI3273.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SK4GT55H\NSMDWPVW1226.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SK4GT55H\EKATI6166.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SJRCS2D5\EKATI3838.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\S0RPYHDI\EKATI1244.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MDX3HHPZ\EKATI7764.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\HURT2A3R4366.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\GVXQMXK04108.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\EKATI5862.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LTMZR34O\EKATI8397.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\5KE1T1MN\EKATI3121.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\40ASYTIK\EKATI2489.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\2VR0DR23\EKATI9180.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\22PMRE41\EKATI2935.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\1U0KTXL4\EKATI4859.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\0TNNQOPO\EKATI4374.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\0TNNQOPO\CHLGY5ZD1037.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
Malware5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\BIN3333.RAR2020-03-03T13:28:57.393772ZfoundGeneric.Malware/Suspiciousfile
Malware5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCTV.EXE2020-03-03T13:28:57.393772ZfoundDDoSTool.Nitolfile
PUP5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MICROSOFT OFFICE 2007 SERVICE PACK 2.EXE2020-03-03T13:28:57.393772ZfoundPUP.Optional.Solimbafile
Malware5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FCK_RSC.DUMP2020-03-03T13:28:57.393772ZfoundTrojan.ServStartfile
Malware5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\2211.RAR2020-03-03T13:28:57.393772ZfoundGeneric.Malware/Suspiciousfile

11. malwarebytes-get-job-status


Lists scan/isolation/deisolation status of the endpoint for the scan/isolation/deisolation initated from Demisto.

Base Command

malwarebytes-get-job-status

Input
Argument NameDescriptionRequired
job_idJob_Id of the initiated Scan/Isolation/Deisolation actions.Required
Context Output
PathTypeDescription
Malwarebytes.Scan.Job_IDstringJob_Id of the initiated Scan/Isolation/Deisolation actions.
Malwarebytes.Scan.StatusstringScan Status for the host
Command Example

!malwarebytes-get-job-status job_id=831afff7-7511-40be-a1ce-eace622e1e3e

Context Example
{
"Malwarebytes.Scan": {
"Status": "EXPIRED",
"Job_ID": "831afff7-7511-40be-a1ce-eace622e1e3e"
}
}
Human Readable Output

Scan Status for the job_id 831afff7-7511-40be-a1ce-eace622e1e3e is EXPIRED

12. malwarebytes-open-sa-incident


Open Suspicious Activity for investigation in Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command

malwarebytes-open-sa-incident

Input
Argument NameDescriptionRequired
machine_idMachine ID of an endpoint where Suspicious Activity is found.Required
detection_idDetection ID of the Suspicious Activity.Required
Context Output
PathTypeDescription
Malwarebytes.SA.Machine_IDstringMachine ID of the Suspicious host
Command Example

!malwarebytes-open-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306685

Context Example
{
"Malwarebytes.SA": {
"Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
}
}
Human Readable Output

Open SA Incident action is initiated Successfully for the detection id: 69306685

13. malwarebytes-remediate-sa-incident


Remediate Suspicious Activity from Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command

malwarebytes-remediate-sa-incident

Input
Argument NameDescriptionRequired
machine_idMachine ID of an endpoint in Malwarebytes Cloud where Suspicious Activity is found.Required
detection_idDetection ID of the Suspicious ActivityRequired
Context Output
PathTypeDescription
Malwarebytes.SA.Machine_IDstringMachine ID of the Suspicious host
Command Example

!malwarebytes-remediate-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306697

Context Example
{
"Malwarebytes.SA": {
"Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
}
}
Human Readable Output

Remediate SA Incident action is initiated Successfully for the detection id: 69306697

14. malwarebytes-close-sa-incident


Close Suspicious Activity Incident in Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command

malwarebytes-close-sa-incident

Input
Argument NameDescriptionRequired
machine_idMachine ID of an endpoint in Malwarebytes Cloud where Suspicious Activity is found.Required
detection_idDetection ID of the Suspicious Activity.Required
Context Output
PathTypeDescription
Malwarebytes.SA.Machine_IDstringMachine ID of the Suspicious host
Command Example

!malwarebytes-close-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306685

Context Example
{
"Malwarebytes.SA": {
"Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
}
}
Human Readable Output

Close SA Incident action is initiated Successfully for the detection id: 69306685

15. malwarebytes-get-sa-activities


Lists all suspicious activities from hostname value and list all the hostnames from path of file.

Base Command

malwarebytes-get-sa-activities

Input
Argument NameDescriptionRequired
hostnameHostname of the endpoint.Optional
pathPath of the file to be searched in suspicious activities.Optional
Context Output
PathTypeDescription
Malwarebytes.Endpoint.Suspicious_ActivitiesstringSuspicious Activities for the host
Command Example

!malwarebytes-get-sa-activities hostname=DESKTOP-664HFM6

Context Example
{
"Malwarebytes.Endpoint": {
"Suspicious_Activities": [
{
"status": "closed",
"detection_id_list": [
69306685
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-22T00:22:03.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\51I24R0R\\4S4USN157912.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "processing",
"detection_id_list": [
69306697
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-22T00:22:03.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\51I24R0R\\EKATI3419.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69298563
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-22T00:03:17.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZRPQZLD0\\EKATI4166.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69297395
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-22T00:00:18.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ULHYC0ZK\\EKATI7387.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69293149
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T23:51:31.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SXM2TCFT\\EKATI7194.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69224002
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T21:26:21.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Y20DB3LK\\EKATI3988.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69216054
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T21:14:39.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\1VG2J1ZZ\\EKATI9823.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69216153
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T21:13:28.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CJGQRXFS\\WR1LKLFO5074.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69216169
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T21:13:27.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CJGQRXFS\\EKATI7396.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69205108
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T20:53:33.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\WGKUJRGM\\EKATI7827.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69199010
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:41:41.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\NURKWB4B\\MIYO4ZBX5817.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69199008
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:41:40.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\NURKWB4B\\EKATI1485.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69196909
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T20:41:15.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Z2QEP4IQ\\EKATI1206.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69183153
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:18:19.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R0TZHA1D\\QTVKKU0O3864.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69183344
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:18:18.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R0TZHA1D\\EKATI3336.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69182161
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T20:16:25.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Y5B35RXH\\EKATI4787.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69182258
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:16:06.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QI2K3DLV\\EKATI8446.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
68915780
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T13:35:33.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LERQ0DSN\\PFNLX1ZC2666.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
68915910
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T13:35:28.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LERQ0DSN\\EKATI1279.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
68917631
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T13:35:21.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\KGSXOYUY\\1DM4MJK56911.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
68917642
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T13:35:21.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\KGSXOYUY\\EKATI5694.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932985
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:46:20.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TLX3EVTX\\EKATI4102.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932021
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:38.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LYFB0FPR\\EKATI8717.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932009
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:35.000Z",
"detected_by_count": 8,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X0BDZ1FX\\EKATI5156.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932084
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:32.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZAX2TN0U\\EKATI3331.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932008
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:08.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\V1YOTCGH\\EKATI1530.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932145
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:02.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\E55QEANT8731.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932186
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:02.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\EKATI7353.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "closed",
"detection_id_list": [
67931295
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:34.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IMPDUHIQ\\EKATI3476.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "processing",
"detection_id_list": [
67931302
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:31.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\4KQQJWG5\\EKATI4354.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "processing",
"detection_id_list": [
67931496
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:43:24.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\CSF2FQEI8635.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67931509
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:43:24.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\EKATI2270.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67931294
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:16.000Z",
"detected_by_count": 11,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RGCNKCKH\\EKATI1130.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
}
]
}
}
Human Readable Output

Suspicious Activites found for the host: DESKTOP-664HFM6

account_iddetected_by_countdetection_id_listlevelmachine_idpathpc_hostnamestatustimestamp
2020bd17-a809-4102-b744-94fe8ad1c59116930668525074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\51I24R0R\4S4USN157912.EXEDESKTOP-664HFM6closed2020-04-22T00:22:03.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126930669725074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\51I24R0R\EKATI3419.EXEDESKTOP-664HFM6processing2020-04-22T00:22:03.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106929856335074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZRPQZLD0\EKATI4166.EXEDESKTOP-664HFM6detected2020-04-22T00:03:17.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136929739525074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ULHYC0ZK\EKATI7387.EXEDESKTOP-664HFM6detected2020-04-22T00:00:18.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106929314935074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SXM2TCFT\EKATI7194.EXEDESKTOP-664HFM6detected2020-04-21T23:51:31.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136922400225074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Y20DB3LK\EKATI3988.EXEDESKTOP-664HFM6detected2020-04-21T21:26:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106921605435074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\1VG2J1ZZ\EKATI9823.EXEDESKTOP-664HFM6detected2020-04-21T21:14:39.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116921615325074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CJGQRXFS\WR1LKLFO5074.EXEDESKTOP-664HFM6detected2020-04-21T21:13:28.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126921616925074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CJGQRXFS\EKATI7396.EXEDESKTOP-664HFM6detected2020-04-21T21:13:27.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106920510835074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\WGKUJRGM\EKATI7827.EXEDESKTOP-664HFM6detected2020-04-21T20:53:33.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116919901025074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\NURKWB4B\MIYO4ZBX5817.EXEDESKTOP-664HFM6detected2020-04-21T20:41:41.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126919900825074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\NURKWB4B\EKATI1485.EXEDESKTOP-664HFM6detected2020-04-21T20:41:40.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106919690935074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Z2QEP4IQ\EKATI1206.EXEDESKTOP-664HFM6detected2020-04-21T20:41:15.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116918315325074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R0TZHA1D\QTVKKU0O3864.EXEDESKTOP-664HFM6detected2020-04-21T20:18:19.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126918334425074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R0TZHA1D\EKATI3336.EXEDESKTOP-664HFM6detected2020-04-21T20:18:18.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106918216135074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Y5B35RXH\EKATI4787.EXEDESKTOP-664HFM6detected2020-04-21T20:16:25.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126918225825074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QI2K3DLV\EKATI8446.EXEDESKTOP-664HFM6detected2020-04-21T20:16:06.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116891578035074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LERQ0DSN\PFNLX1ZC2666.EXEDESKTOP-664HFM6detected2020-04-21T13:35:33.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106891591035074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LERQ0DSN\EKATI1279.EXEDESKTOP-664HFM6detected2020-04-21T13:35:28.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116891763125074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\KGSXOYUY\1DM4MJK56911.EXEDESKTOP-664HFM6detected2020-04-21T13:35:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136891764225074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\KGSXOYUY\EKATI5694.EXEDESKTOP-664HFM6detected2020-04-21T13:35:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106793298535074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TLX3EVTX\EKATI4102.EXEDESKTOP-664HFM6detected2020-04-20T08:46:20.000Z
2020bd17-a809-4102-b744-94fe8ad1c59196793202135074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LYFB0FPR\EKATI8717.EXEDESKTOP-664HFM6detected2020-04-20T08:45:38.000Z
2020bd17-a809-4102-b744-94fe8ad1c59186793200935074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X0BDZ1FX\EKATI5156.EXEDESKTOP-664HFM6detected2020-04-20T08:45:35.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136793208425074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZAX2TN0U\EKATI3331.EXEDESKTOP-664HFM6detected2020-04-20T08:45:32.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106793200835074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\V1YOTCGH\EKATI1530.EXEDESKTOP-664HFM6detected2020-04-20T08:45:08.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116793214525074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IJJZUABZ\E55QEANT8731.EXEDESKTOP-664HFM6detected2020-04-20T08:45:02.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126793218625074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IJJZUABZ\EKATI7353.EXEDESKTOP-664HFM6detected2020-04-20T08:45:02.000Z
2020bd17-a809-4102-b744-94fe8ad1c59196793129535074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IMPDUHIQ\EKATI3476.EXEDESKTOP-664HFM6closed2020-04-20T08:43:34.000Z
2020bd17-a809-4102-b744-94fe8ad1c59196793130235074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\4KQQJWG5\EKATI4354.EXEDESKTOP-664HFM6processing2020-04-20T08:43:31.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116793149625074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AVQCVSEN\CSF2FQEI8635.EXEDESKTOP-664HFM6processing2020-04-20T08:43:24.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136793150925074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AVQCVSEN\EKATI2270.EXEDESKTOP-664HFM6detected2020-04-20T08:43:24.000Z
2020bd17-a809-4102-b744-94fe8ad1c591116793129435074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RGCNKCKH\EKATI1130.EXEDESKTOP-664HFM6detected2020-04-20T08:43:16.000Z