Skip to main content

Malwarebytes

Overview#


Scan and Remediate threats on endpoints in the Malwarebytes cloud | Nebula. This integration was integrated and tested with Malwarebytes cloud | Nebula.

Malwarebytes Playbook#


  1. Malwarebytes - Scan & Remediate Endpoint
  2. Malwarebytes - Isolate Endpoint

Use Cases#


  1. Trigger Malwarebytes Scans and Remediation as part of Cortex XSOAR Playbook.
  2. Trigger Malwarebytes EDR Advanced Capabilities as part of a Cortex XSOAR Playbook.
  3. Create Cortex XSOAR incidents based on threats detected by Malwarebytes.

Configure Malwarebytes on Cortex XSOAR#


This integration collects your E-mail and Company Name for usage analytics of Malwarebytes, if provided in the config.

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Malwarebytes.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Account ID
    • Client ID
    • Client Secret
    • Fetch incidents
    • Incident type
    • Fetch Event List
    • RTP Detections Threat Category
    • Suspicious Activity Severity
    • Trust any certificate (not secure)
    • Use system proxy settings
    • E-Mail
    • Company Name
  4. Click Test to validate the URLs, token, and connection.

Fetched Incidents Data#


The fetch incidents command is the function that Cortex XSOAR calls every minute to import new incidents and is triggered by the "Fetches incidents" parameter in the integration configuration.

What kind of objects/entities the integration should fetch (events/alerts/incidents/cases/tickets/etc)?

  1. Create a Cortex XSOAR incident upon a Malwarebytes Real-time protection detections.
  2. Create a Cortex XSOAR incident upon a Malwarebytes Suspicious Activity detections.

Are there any filters available to allow users to filter those incidents (e.g. type, status, etc) ?

Filters like Severity, Malware Category will be provided on the integration config.

Commands#


You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

  1. malwarebytes-scan-and-remediate
  2. malwarebytes-scan-and-report
  3. malwarebytes-isolate-endpoint
  4. malwarebytes-isolate-process
  5. malwarebytes-isolate-desktop
  6. malwarebytes-isolate-network
  7. malwarebytes-deisolate-endpoint
  8. malwarebytes-list-endpoints
  9. malwarebytes-list-endpoint-info
  10. malwarebytes-get-scan-detections
  11. malwarebytes-get-job-status
  12. malwarebytes-open-sa-incident
  13. malwarebytes-remediate-sa-incident
  14. malwarebytes-close-sa-incident
  15. malwarebytes-get-sa-activities

1. malwarebytes-scan-and-remediate#


Initiate Scan and Remediate action on an endpoint based on IP or Hostname.

Base Command#

malwarebytes-scan-and-remediate

Input#
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output#
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example#

!malwarebytes-scan-and-remediate hostname=DESKTOP-LI4MQ7B

Context Example#
{
"Malwarebytes.Scan": {
"Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c",
"Job_ID": "964776a3-9cd8-45a2-9c56-59f692f42cc6"
}
}
Human Readable Output#

Scan and Remediate action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 964776a3-9cd8-45a2-9c56-59f692f42cc6. Use job_id in malwarebytes-get-job-status command to check status and malwarebytes-get-scan-detections command to view results

2. malwarebytes-scan-and-report#


Initiate Scan and report action on an endpoint based on IP or Hostname.

Base Command#

malwarebytes-scan-and-report

Input#
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output#
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example#

!malwarebytes-scan-and-report hostname=TA-AZ-CLT1

Context Example#
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "88c6de27-d7d2-45da-a0b9-239a774afe50"
}
}
Human Readable Output#

Scan and Report action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 88c6de27-d7d2-45da-a0b9-239a774afe50. Use job_id in malwarebytes-get-job-status command to check status and malwarebytes-get-scan-detections command to view results

3. malwarebytes-isolate-endpoint#


Initiate Isolation action on an endpoint based on IP or Hostname. This action isolate an endpoint by Process, Network and Desktop.

Base Command#

malwarebytes-isolate-endpoint

Input#
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output#
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example#

!malwarebytes-isolate-endpoint hostname=DESKTOP-LI4MQ7B

Context Example#
{
"Malwarebytes.Scan": {
"Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c",
"Job_ID": "c133caaf-2c1c-4c54-86b5-b45354608e4d"
}
}
Human Readable Output#

Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: c133caaf-2c1c-4c54-86b5-b45354608e4d. Use job_id in malwarebytes-get-job-status command to view results

4. malwarebytes-isolate-process#


Initiate Process Isolation action on an endpoint based on IP or Hostname.

Base Command#

malwarebytes-isolate-process

Input#
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output#
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example#

!malwarebytes-isolate-process hostname=DESKTOP-LI4MQ7B

Context Example#
{
"Malwarebytes.Scan": {
"Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c",
"Job_ID": "72708102-465f-4a3e-8be5-de93cdae6cad"
}
}
Human Readable Output#

Process Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 72708102-465f-4a3e-8be5-de93cdae6cad. Use job_id in malwarebytes-get-job-status command to view results

5. malwarebytes-isolate-desktop#


Initiate Desktop Isolation action on an endpoint based on IP or Hostname.

Base Command#

malwarebytes-isolate-desktop

Input#
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output#
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example#

!malwarebytes-isolate-desktop hostname=TA-AZ-CLT1

Context Example#
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "6b0d17b7-bb5b-4314-a841-f25ae93c6a8e"
}
}
Human Readable Output#

Desktop Isolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 6b0d17b7-bb5b-4314-a841-f25ae93c6a8e. Use job_id in malwarebytes-get-job-status command to view results

6. malwarebytes-isolate-network#


Initiate Network Isolation action on an endpoint based on IP or Hostname.

Base Command#

malwarebytes-isolate-network

Input#
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output#
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example#

!malwarebytes-isolate-network hostname=TA-AZ-CLT1

Context Example#
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "cc92a1f4-7253-415d-a743-64f0ea7afb65"
}
}
Human Readable Output#

Network Isolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: cc92a1f4-7253-415d-a743-64f0ea7afb65. Use job_id in malwarebytes-get-job-status command to view results

7. malwarebytes-deisolate-endpoint#


Initiate Deisolation action on an endpoint based on IP or Hostname. This action deisolate an endpoint by Process, Network and Desktop.

Base Command#

malwarebytes-deisolate-endpoint

Input#
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output#
PathTypeDescription
Malwarebytes.Scan.Machine_IDstringEndpoint ID of the host
Malwarebytes.Scan.Job_IDstringJob ID of the scanned host
Command Example#

!malwarebytes-deisolate-endpoint hostname=TA-AZ-CLT1

Context Example#
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "8dab60e1-e6d8-47c3-b321-0a74de329d20"
}
}
Human Readable Output#

Deisolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 8dab60e1-e6d8-47c3-b321-0a74de329d20. Use job_id in malwarebytes-get-job-status command to view results

8. malwarebytes-list-endpoints#


List all/online/offline endpoints available in the Malwarebytes Cloud.

Base Command#

malwarebytes-list-endpoints

Input#
Argument NameDescriptionRequired
endpointsEnter value 'all' to get all endpoints and value 'online' or 'offline' to get online/offline endpoints.Optional
Context Output#
PathTypeDescription
Malwarebytes.Endpoint.total_countinttotal count of all/online/offline endpoints.
Command Example#

!malwarebytes-list-endpoints endpoints=all

Context Example#
{
"Malwarebytes.Endpoint": {
"total_count": 5
}
}
Human Readable Output#

Found all 5 Endpoints from Malwarebytes Cloud:#

created_atidlast_seen_atnameonlineos_architectureos_platformos_release_name
2020-02-05T10:12:55.187467Z017febb6-ae68-4c15-9918-d911c72d062a2020-04-16T14:05:41.668409ZTA-AZ-CLT1falseAMD64WINDOWSMicrosoft Windows 10 Pro
2020-03-31T08:42:14.319976Z1d711cdc-6c6c-4457-927f-2528ecc857a02020-04-15T08:50:42.737922ZEC2AMAZ-KK7M02PfalseAMD64WINDOWSMicrosoft Windows Server 2019 Datacenter
2020-02-05T09:50:02.194556Z211d8c3e-142c-4849-b1f0-1680b4bd239c2020-04-22T09:07:41.206037ZDESKTOP-LI4MQ7BtrueAMD64WINDOWSMicrosoft Windows 10 Enterprise
2019-11-25T19:47:15.833008Zb5740188-00a2-434b-a180-5b0fa85cb10b2020-04-21T18:17:43.064707ZDESKTOP-91UJNA1falseAMD64WINDOWSMicrosoft Windows 10 Pro
2019-10-18T09:26:26.993555Z5074ade3-5716-44d8-83c7-5985379c03992020-04-22T09:32:25.813131ZDESKTOP-664HFM6trueAMD64WINDOWSMicrosoft Windows 10 Pro

9. malwarebytes-list-endpoint-info#


Lists more granular information about an endpoint.

Base Command#

malwarebytes-list-endpoint-info

Input#
Argument NameDescriptionRequired
hostnameHostname of an endpoint in Malwarebytes Cloud.Optional
ipIP of an endpoint in Malwarebytes Cloud.Optional
Context Output#
PathTypeDescription
Malwarebytes.Endpoint.AssetsstringAsset information of the endpoint.
Malwarebytes.Endpoint.HostnamestringThe hostname that is mapped to this endpoint.
Malwarebytes.Endpoint.IPAddressstringThe IP address of the endpoint.
Malwarebytes.Endpoint.DomainstringThe domain of the endpoint.
Malwarebytes.Endpoint.MACAddressstringThe MAC address of the endpoint.
Malwarebytes.Endpoint.OSstringEndpoint OS.
Malwarebytes.Endpoint.OSVersionstringOS version.
Malwarebytes.Endpoint.ModelstringThe model of the machine or device.
Malwarebytes.Endpoint.MemoryintMemory on this endpoint.
Endpoint.HostnamestringThe hostname that is mapped to this endpoint.
Endpoint.IPAddressstringThe IP address of the endpoint.
Endpoint.DomainstringThe domain of the endpoint.
Endpoint.MACAddressstringThe MAC address of the endpoint.
Endpoint.OSstringEndpoint OS.
Endpoint.OSVersionstringOS version.
Endpoint.ModelstringThe model of the machine or device.
Endpoint.MemoryintMemory on this endpoint.
Command Example#

!malwarebytes-list-endpoint-info hostname=TA-AZ-CLT1

Context Example#
{
"Malwarebytes.Endpoint": {
"MACAddress": "000D3A0AFEC2",
"Domain": "",
"Assets": {
"computer_info": {
"model": "Virtual Machine",
"manufacturer": "Microsoft Corporation"
},
"plugin_version": "1.2.0.330",
"object_sid": "",
"updates_installed": [],
"dhcp_scope_name": "",
"object_guid": "",
"drives": [
{
"name": "C:\\",
"total_size": 135838822400,
"freespace_available": 124591616000,
"freespace_total": 124591616000,
"volume_label": "Windows",
"drive_format": "NTFS"
},
{
"name": "D:\\",
"total_size": 8588816384,
"freespace_available": 7477661696,
"freespace_total": 7477661696,
"volume_label": "Temporary Storage",
"drive_format": "NTFS"
}
],
"domain_name": "",
"culture": "en-US",
"nics": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
],
"host_name": "TA-AZ-CLT1",
"software_installed": [
{
"product": "Google Chrome",
"version": "80.0.3987.87",
"vendor": "Google LLC",
"installed_date": "2020-02-05T00:00:00Z"
},
{
"product": "Malwarebytes Endpoint Agent",
"version": "1.2.0.0",
"vendor": "Malwarebytes",
"installed_date": "2020-02-05T00:00:00Z"
}
],
"memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"time_zone": "Etc/GMT",
"startups": [
{
"value": "explorer.exe",
"name": "Shell",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "",
"name": "System",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "",
"name": "Taskman",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "C:\\windows\\system32\\userinit.exe,",
"name": "Userinit",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "C:\\windows\\system32\\SecurityHealthSystray.exe",
"name": "SecurityHealth",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
},
{
"value": "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}",
"name": "WebCheck",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad"
},
{
"name": "Authentication Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"name": "Notification Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"name": "Security Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"value": "credssp.dll",
"name": "SecurityProviders",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders"
}
],
"fully_qualified_host_name": "TA-AZ-CLT1",
"os_info": {
"os_release_name": "Microsoft Windows 10 Pro",
"os_type": "Workstation",
"os_architecture": "Amd64",
"os_platform": "Windows",
"os_version": "10.0.17763"
}
},
"OS": "Windows",
"Hostname": "TA-AZ-CLT1",
"Memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"Model": "Virtual Machine",
"OSVersion": "10.0.17763",
"IPAddress": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
]
},
"Endpoint": {
"MACAddress": "000D3A0AFEC2",
"Domain": "",
"OS": "Windows",
"Hostname": "TA-AZ-CLT1",
"Memory": 5368094720,
"Model": "Virtual Machine",
"OSVersion": "10.0.17763",
"IPAddress": "10.0.0.11"
}
}
Human Readable Output#

Endpoint Information for the Hostname: TA-AZ-CLT1#

computer_infoculturedhcp_scope_namedomain_namedrivesfully_qualified_host_namehost_namememorynicsobject_guidobject_sidos_infoplugin_versionsoftware_installedstartupstime_zoneupdates_installed
manufacturer: Microsoft Corporation
model: Virtual Machine
en-US{'freespace_available': 124591616000, 'volume_label': 'Windows', 'drive_format': 'NTFS', 'freespace_total': 124591616000, 'name': 'C:\', 'total_size': 135838822400},
{'freespace_available': 7477661696, 'volume_label': 'Temporary Storage', 'drive_format': 'NTFS', 'freespace_total': 7477661696, 'name': 'D:\', 'total_size': 8588816384}
TA-AZ-CLT1TA-AZ-CLT1total_virtual: 5368094720
free_virtual: 2920792064
total_physical: 4294967296
free_physical: 1683750912
{'mac_address': '000D3A0AFEC2', 'description': 'Microsoft Hyper-V Network Adapter', 'ips': ['10.0.0.11']}os_platform: Windows
os_architecture: Amd64
os_version: 10.0.17763
os_release_name: Microsoft Windows 10 Pro
os_type: Workstation
1.2.0.330{'vendor': 'Google LLC', 'product': 'Google Chrome', 'installed_date': '2020-02-05T00:00:00Z', 'version': '80.0.3987.87'},
{'vendor': 'Malwarebytes', 'product': 'Malwarebytes Endpoint Agent', 'installed_date': '2020-02-05T00:00:00Z', 'version': '1.2.0.0'}
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Shell', 'value': 'explorer.exe'},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'System', 'value': ''},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Taskman', 'value': ''},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Userinit', 'value': 'C:\windows\system32\userinit.exe,'},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', 'name': 'SecurityHealth', 'value': 'C:\windows\system32\SecurityHealthSystray.exe'},
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad', 'name': 'WebCheck', 'value': '{E6FB5E20-DE35-11CF-9C87-00AA005127ED}'},
{'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Authentication Packages'},
{'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Notification Packages'},
{'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Security Packages'},
{'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders', 'name': 'SecurityProviders', 'value': 'credssp.dll'}
Etc/GMT

10. malwarebytes-get-scan-detections#


Lists detections from an endpoint for the scans initiated from Cortex XSOAR.

Base Command#

malwarebytes-get-scan-detections

Input#
Argument NameDescriptionRequired
job_idJob ID of the initiated Scan actions only.Required
Context Output#
PathTypeDescription
Malwarebytes.Scan.Job_IDstringJob_Id of the initiated Scan/Isolation/Deisolation actions.
Malwarebytes.Scan.StatusstringScan Status for the host
Malwarebytes.Scan.DetectionsstringScan detections for the host
Command Example#

!malwarebytes-get-scan-detections job_id=931f63ca-e14f-43ad-85d2-3eb8236f1bdd

Context Example#
{
"Malwarebytes.Scan": {
"Status": "COMPLETED",
"Detections": [
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\MHTQR4AW1913.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\EKATI3479.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\5WRQN2VY9117.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AMDSCQBK\\EKATI3234.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RKSUGKK2\\EKATI1111.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RKSUGKK2\\5IPWAWNR7377.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\UWAEL22C6434.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\GJL0GTPS2496.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\EKATI5786.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\AAWK4JEC6577.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R5QH05OL\\EKATI5120.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QJTCQTO5\\EKATI3976.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QGZQD505\\EKATI6903.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QDI3PGI1\\EKATI8011.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PHVALVXM\\EKATI5172.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PCHQV24F\\EKATI8221.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PCHQV24F\\0LI1UX235485.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\OX4R0SZA\\EKATI6865.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\K2LXHNO1\\EKATI6770.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\K1UQJ5KL\\EKATI1034.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\JI4PZP0K\\EKATI5574.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ICOWWYNX\\EKATI7940.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\HUOBVYD0\\EKATI8486.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\H0LKYXKH\\EKATI6183.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZWIZHTVD\\EKATI6050.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZAAN0543\\EKATI4385.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\YWDLSBOE\\EKATI7806.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\Y2YWHFY47970.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\HVAVEBY58253.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\EKATI6877.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XDFR4BMU\\EKATI1611.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X5IN24J2\\EKATI2562.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X3DL34QB\\EKATI4718.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\WAWZXFJU\\EKATI3613.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\VAIVLV51\\EKATI2378.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\NKWWQ5337273.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\KQDYZ5DZ2805.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\EKATI8812.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FNKI23QO\\EKATI9379.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FMULGDCG\\EKATI5361.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\EZ3VSVR0\\EKATI3626.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DYEBLIJJ\\EKATI2757.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DVM05IV0\\EKATI4168.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DKI4HFKX\\EKATI2083.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TXS354JE\\EKATI7864.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TFDVXDEW\\EKATI3594.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TCERNEHR\\EKATI3060.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SSODDPVL\\EKATI3273.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SK4GT55H\\NSMDWPVW1226.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SK4GT55H\\EKATI6166.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SJRCS2D5\\EKATI3838.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\S0RPYHDI\\EKATI1244.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MDX3HHPZ\\EKATI7764.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\HURT2A3R4366.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\GVXQMXK04108.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\EKATI5862.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LTMZR34O\\EKATI8397.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\5KE1T1MN\\EKATI3121.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\40ASYTIK\\EKATI2489.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\2VR0DR23\\EKATI9180.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\22PMRE41\\EKATI2935.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\1U0KTXL4\\EKATI4859.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.FileLocker",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\0TNNQOPO\\EKATI4374.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "arw",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Ransom.Ekati",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\0TNNQOPO\\CHLGY5ZD1037.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "Malware",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Generic.Malware/Suspicious",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\BIN3333.RAR",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "Malware",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "DDoSTool.Nitol",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCTV.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "PUP",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "PUP.Optional.Solimba",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MICROSOFT OFFICE 2007 SERVICE PACK 2.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "Malware",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Trojan.ServStart",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FCK_RSC.DUMP",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
},
{
"category": "Malware",
"status": "found",
"machine_name": "DESKTOP-664HFM6",
"reported_at": "2020-03-03T13:28:57.393772Z",
"threat_name": "Generic.Malware/Suspicious",
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\2211.RAR",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399",
"type": [
"file"
]
}
],
"Job_ID": "931f63ca-e14f-43ad-85d2-3eb8236f1bdd"
}
}
Human Readable Output#

Scan Detections Report for the Job_Id: 931f63ca-e14f-43ad-85d2-3eb8236f1bdd#

categorymachine_idmachine_namepathreported_atstatusthreat_nametype
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\MHTQR4AW1913.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\EKATI3479.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\5WRQN2VY9117.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AMDSCQBK\EKATI3234.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RKSUGKK2\EKATI1111.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RKSUGKK2\5IPWAWNR7377.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\UWAEL22C6434.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\GJL0GTPS2496.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\EKATI5786.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\AAWK4JEC6577.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R5QH05OL\EKATI5120.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QJTCQTO5\EKATI3976.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QGZQD505\EKATI6903.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QDI3PGI1\EKATI8011.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PHVALVXM\EKATI5172.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PCHQV24F\EKATI8221.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PCHQV24F\0LI1UX235485.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\OX4R0SZA\EKATI6865.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\K2LXHNO1\EKATI6770.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\K1UQJ5KL\EKATI1034.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\JI4PZP0K\EKATI5574.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ICOWWYNX\EKATI7940.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\HUOBVYD0\EKATI8486.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\H0LKYXKH\EKATI6183.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZWIZHTVD\EKATI6050.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZAAN0543\EKATI4385.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\YWDLSBOE\EKATI7806.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\Y2YWHFY47970.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\HVAVEBY58253.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\EKATI6877.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XDFR4BMU\EKATI1611.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X5IN24J2\EKATI2562.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X3DL34QB\EKATI4718.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\WAWZXFJU\EKATI3613.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\VAIVLV51\EKATI2378.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\NKWWQ5337273.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\KQDYZ5DZ2805.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\EKATI8812.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FNKI23QO\EKATI9379.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FMULGDCG\EKATI5361.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\EZ3VSVR0\EKATI3626.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DYEBLIJJ\EKATI2757.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DVM05IV0\EKATI4168.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DKI4HFKX\EKATI2083.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TXS354JE\EKATI7864.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TFDVXDEW\EKATI3594.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TCERNEHR\EKATI3060.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SSODDPVL\EKATI3273.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SK4GT55H\NSMDWPVW1226.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SK4GT55H\EKATI6166.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SJRCS2D5\EKATI3838.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\S0RPYHDI\EKATI1244.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MDX3HHPZ\EKATI7764.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\HURT2A3R4366.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\GVXQMXK04108.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\EKATI5862.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LTMZR34O\EKATI8397.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\5KE1T1MN\EKATI3121.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\40ASYTIK\EKATI2489.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\2VR0DR23\EKATI9180.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\22PMRE41\EKATI2935.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\1U0KTXL4\EKATI4859.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\0TNNQOPO\EKATI4374.EXE2020-03-03T13:28:57.393772ZfoundRansom.FileLockerfile
arw5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\0TNNQOPO\CHLGY5ZD1037.EXE2020-03-03T13:28:57.393772ZfoundRansom.Ekatifile
Malware5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\BIN3333.RAR2020-03-03T13:28:57.393772ZfoundGeneric.Malware/Suspiciousfile
Malware5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCTV.EXE2020-03-03T13:28:57.393772ZfoundDDoSTool.Nitolfile
PUP5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MICROSOFT OFFICE 2007 SERVICE PACK 2.EXE2020-03-03T13:28:57.393772ZfoundPUP.Optional.Solimbafile
Malware5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FCK_RSC.DUMP2020-03-03T13:28:57.393772ZfoundTrojan.ServStartfile
Malware5074ade3-5716-44d8-83c7-5985379c0399DESKTOP-664HFM6C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\2211.RAR2020-03-03T13:28:57.393772ZfoundGeneric.Malware/Suspiciousfile

11. malwarebytes-get-job-status#


Lists scan/isolation/deisolation status of the endpoint for the scan/isolation/deisolation initated from Cortex XSOAR.

Base Command#

malwarebytes-get-job-status

Input#
Argument NameDescriptionRequired
job_idJob_Id of the initiated Scan/Isolation/Deisolation actions.Required
Context Output#
PathTypeDescription
Malwarebytes.Scan.Job_IDstringJob_Id of the initiated Scan/Isolation/Deisolation actions.
Malwarebytes.Scan.StatusstringScan Status for the host
Command Example#

!malwarebytes-get-job-status job_id=831afff7-7511-40be-a1ce-eace622e1e3e

Context Example#
{
"Malwarebytes.Scan": {
"Status": "EXPIRED",
"Job_ID": "831afff7-7511-40be-a1ce-eace622e1e3e"
}
}
Human Readable Output#

Scan Status for the job_id 831afff7-7511-40be-a1ce-eace622e1e3e is EXPIRED

12. malwarebytes-open-sa-incident#


Open Suspicious Activity for investigation in Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command#

malwarebytes-open-sa-incident

Input#
Argument NameDescriptionRequired
machine_idMachine ID of an endpoint where Suspicious Activity is found.Required
detection_idDetection ID of the Suspicious Activity.Required
Context Output#
PathTypeDescription
Malwarebytes.SA.Machine_IDstringMachine ID of the Suspicious host
Command Example#

!malwarebytes-open-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306685

Context Example#
{
"Malwarebytes.SA": {
"Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
}
}
Human Readable Output#

Open SA Incident action is initiated Successfully for the detection id: 69306685

13. malwarebytes-remediate-sa-incident#


Remediate Suspicious Activity from Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command#

malwarebytes-remediate-sa-incident

Input#
Argument NameDescriptionRequired
machine_idMachine ID of an endpoint in Malwarebytes Cloud where Suspicious Activity is found.Required
detection_idDetection ID of the Suspicious ActivityRequired
Context Output#
PathTypeDescription
Malwarebytes.SA.Machine_IDstringMachine ID of the Suspicious host
Command Example#

!malwarebytes-remediate-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306697

Context Example#
{
"Malwarebytes.SA": {
"Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
}
}
Human Readable Output#

Remediate SA Incident action is initiated Successfully for the detection id: 69306697

14. malwarebytes-close-sa-incident#


Close Suspicious Activity Incident in Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command#

malwarebytes-close-sa-incident

Input#
Argument NameDescriptionRequired
machine_idMachine ID of an endpoint in Malwarebytes Cloud where Suspicious Activity is found.Required
detection_idDetection ID of the Suspicious Activity.Required
Context Output#
PathTypeDescription
Malwarebytes.SA.Machine_IDstringMachine ID of the Suspicious host
Command Example#

!malwarebytes-close-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306685

Context Example#
{
"Malwarebytes.SA": {
"Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
}
}
Human Readable Output#

Close SA Incident action is initiated Successfully for the detection id: 69306685

15. malwarebytes-get-sa-activities#


Lists all suspicious activities from hostname value and list all the hostnames from path of file.

Base Command#

malwarebytes-get-sa-activities

Input#
Argument NameDescriptionRequired
hostnameHostname of the endpoint.Optional
pathPath of the file to be searched in suspicious activities.Optional
Context Output#
PathTypeDescription
Malwarebytes.Endpoint.Suspicious_ActivitiesstringSuspicious Activities for the host
Command Example#

!malwarebytes-get-sa-activities hostname=DESKTOP-664HFM6

Context Example#
{
"Malwarebytes.Endpoint": {
"Suspicious_Activities": [
{
"status": "closed",
"detection_id_list": [
69306685
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-22T00:22:03.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\51I24R0R\\4S4USN157912.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "processing",
"detection_id_list": [
69306697
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-22T00:22:03.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\51I24R0R\\EKATI3419.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69298563
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-22T00:03:17.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZRPQZLD0\\EKATI4166.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69297395
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-22T00:00:18.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ULHYC0ZK\\EKATI7387.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69293149
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T23:51:31.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SXM2TCFT\\EKATI7194.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69224002
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T21:26:21.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Y20DB3LK\\EKATI3988.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69216054
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T21:14:39.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\1VG2J1ZZ\\EKATI9823.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69216153
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T21:13:28.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CJGQRXFS\\WR1LKLFO5074.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69216169
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T21:13:27.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CJGQRXFS\\EKATI7396.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69205108
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T20:53:33.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\WGKUJRGM\\EKATI7827.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69199010
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:41:41.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\NURKWB4B\\MIYO4ZBX5817.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69199008
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:41:40.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\NURKWB4B\\EKATI1485.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69196909
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T20:41:15.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Z2QEP4IQ\\EKATI1206.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69183153
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:18:19.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R0TZHA1D\\QTVKKU0O3864.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69183344
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:18:18.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R0TZHA1D\\EKATI3336.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69182161
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T20:16:25.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Y5B35RXH\\EKATI4787.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
69182258
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T20:16:06.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QI2K3DLV\\EKATI8446.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
68915780
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T13:35:33.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LERQ0DSN\\PFNLX1ZC2666.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
68915910
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-21T13:35:28.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LERQ0DSN\\EKATI1279.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
68917631
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T13:35:21.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\KGSXOYUY\\1DM4MJK56911.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
68917642
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-21T13:35:21.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\KGSXOYUY\\EKATI5694.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932985
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:46:20.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TLX3EVTX\\EKATI4102.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932021
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:38.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LYFB0FPR\\EKATI8717.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932009
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:35.000Z",
"detected_by_count": 8,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X0BDZ1FX\\EKATI5156.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932084
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:32.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZAX2TN0U\\EKATI3331.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932008
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:08.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\V1YOTCGH\\EKATI1530.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932145
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:02.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\E55QEANT8731.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932186
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:02.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\EKATI7353.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "closed",
"detection_id_list": [
67931295
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:34.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IMPDUHIQ\\EKATI3476.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "processing",
"detection_id_list": [
67931302
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:31.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\4KQQJWG5\\EKATI4354.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "processing",
"detection_id_list": [
67931496
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:43:24.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\CSF2FQEI8635.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67931509
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:43:24.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\EKATI2270.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67931294
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:16.000Z",
"detected_by_count": 11,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RGCNKCKH\\EKATI1130.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
}
]
}
}
Human Readable Output#

Suspicious Activites found for the host: DESKTOP-664HFM6#

account_iddetected_by_countdetection_id_listlevelmachine_idpathpc_hostnamestatustimestamp
2020bd17-a809-4102-b744-94fe8ad1c59116930668525074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\51I24R0R\4S4USN157912.EXEDESKTOP-664HFM6closed2020-04-22T00:22:03.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126930669725074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\51I24R0R\EKATI3419.EXEDESKTOP-664HFM6processing2020-04-22T00:22:03.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106929856335074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZRPQZLD0\EKATI4166.EXEDESKTOP-664HFM6detected2020-04-22T00:03:17.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136929739525074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ULHYC0ZK\EKATI7387.EXEDESKTOP-664HFM6detected2020-04-22T00:00:18.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106929314935074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SXM2TCFT\EKATI7194.EXEDESKTOP-664HFM6detected2020-04-21T23:51:31.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136922400225074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Y20DB3LK\EKATI3988.EXEDESKTOP-664HFM6detected2020-04-21T21:26:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106921605435074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\1VG2J1ZZ\EKATI9823.EXEDESKTOP-664HFM6detected2020-04-21T21:14:39.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116921615325074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CJGQRXFS\WR1LKLFO5074.EXEDESKTOP-664HFM6detected2020-04-21T21:13:28.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126921616925074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CJGQRXFS\EKATI7396.EXEDESKTOP-664HFM6detected2020-04-21T21:13:27.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106920510835074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\WGKUJRGM\EKATI7827.EXEDESKTOP-664HFM6detected2020-04-21T20:53:33.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116919901025074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\NURKWB4B\MIYO4ZBX5817.EXEDESKTOP-664HFM6detected2020-04-21T20:41:41.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126919900825074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\NURKWB4B\EKATI1485.EXEDESKTOP-664HFM6detected2020-04-21T20:41:40.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106919690935074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Z2QEP4IQ\EKATI1206.EXEDESKTOP-664HFM6detected2020-04-21T20:41:15.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116918315325074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R0TZHA1D\QTVKKU0O3864.EXEDESKTOP-664HFM6detected2020-04-21T20:18:19.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126918334425074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R0TZHA1D\EKATI3336.EXEDESKTOP-664HFM6detected2020-04-21T20:18:18.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106918216135074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Y5B35RXH\EKATI4787.EXEDESKTOP-664HFM6detected2020-04-21T20:16:25.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126918225825074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QI2K3DLV\EKATI8446.EXEDESKTOP-664HFM6detected2020-04-21T20:16:06.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116891578035074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LERQ0DSN\PFNLX1ZC2666.EXEDESKTOP-664HFM6detected2020-04-21T13:35:33.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106891591035074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LERQ0DSN\EKATI1279.EXEDESKTOP-664HFM6detected2020-04-21T13:35:28.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116891763125074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\KGSXOYUY\1DM4MJK56911.EXEDESKTOP-664HFM6detected2020-04-21T13:35:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136891764225074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\KGSXOYUY\EKATI5694.EXEDESKTOP-664HFM6detected2020-04-21T13:35:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106793298535074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TLX3EVTX\EKATI4102.EXEDESKTOP-664HFM6detected2020-04-20T08:46:20.000Z
2020bd17-a809-4102-b744-94fe8ad1c59196793202135074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LYFB0FPR\EKATI8717.EXEDESKTOP-664HFM6detected2020-04-20T08:45:38.000Z
2020bd17-a809-4102-b744-94fe8ad1c59186793200935074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X0BDZ1FX\EKATI5156.EXEDESKTOP-664HFM6detected2020-04-20T08:45:35.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136793208425074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZAX2TN0U\EKATI3331.EXEDESKTOP-664HFM6detected2020-04-20T08:45:32.000Z
2020bd17-a809-4102-b744-94fe8ad1c591106793200835074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\V1YOTCGH\EKATI1530.EXEDESKTOP-664HFM6detected2020-04-20T08:45:08.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116793214525074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IJJZUABZ\E55QEANT8731.EXEDESKTOP-664HFM6detected2020-04-20T08:45:02.000Z
2020bd17-a809-4102-b744-94fe8ad1c59126793218625074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IJJZUABZ\EKATI7353.EXEDESKTOP-664HFM6detected2020-04-20T08:45:02.000Z
2020bd17-a809-4102-b744-94fe8ad1c59196793129535074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IMPDUHIQ\EKATI3476.EXEDESKTOP-664HFM6closed2020-04-20T08:43:34.000Z
2020bd17-a809-4102-b744-94fe8ad1c59196793130235074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\4KQQJWG5\EKATI4354.EXEDESKTOP-664HFM6processing2020-04-20T08:43:31.000Z
2020bd17-a809-4102-b744-94fe8ad1c59116793149625074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AVQCVSEN\CSF2FQEI8635.EXEDESKTOP-664HFM6processing2020-04-20T08:43:24.000Z
2020bd17-a809-4102-b744-94fe8ad1c59136793150925074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AVQCVSEN\EKATI2270.EXEDESKTOP-664HFM6detected2020-04-20T08:43:24.000Z
2020bd17-a809-4102-b744-94fe8ad1c591116793129435074ade3-5716-44d8-83c7-5985379c0399C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RGCNKCKH\EKATI1130.EXEDESKTOP-664HFM6detected2020-04-20T08:43:16.000Z