Malwarebytes
Overview
Scan and Remediate threats on endpoints in the Malwarebytes cloud | Nebula. This integration was integrated and tested with Malwarebytes cloud | Nebula.
Malwarebytes Playbook
- Malwarebytes - Scan & Remediate Endpoint
- Malwarebytes - Isolate Endpoint
Use Cases
- Trigger Malwarebytes Scans and Remediation as part of Demisto Playbook.
- Trigger Malwarebytes EDR Advanced Capabilities as part of a Demisto Playbook.
- Create Demisto incidents based on threats detected by Malwarebytes.
Configure Malwarebytes on Demisto
This integration collects your E-mail and Company Name for usage analytics of Malwarebytes, if provided in the config.
- Navigate to Settings > Integrations > Servers & Services.
- Search for Malwarebytes.
- Click Add instance to create and configure a new integration instance.
- Name: a textual name for the integration instance.
- Account ID
- Client ID
- Client Secret
- Fetch incidents
- Incident type
- Fetch Event List
- RTP Detections Threat Category
- Suspicious Activity Severity
- Trust any certificate (not secure)
- Use system proxy settings
- Company Name
- Click Test to validate the URLs, token, and connection.
Fetched Incidents Data
The fetch incidents command is the function that Demisto calls every minute to import new incidents and is triggered by the "Fetches incidents" parameter in the integration configuration.
What kind of objects/entities the integration should fetch (events/alerts/incidents/cases/tickets/etc)?
- Create a Demisto incident upon a Malwarebytes Real-time protection detections.
- Create a Demisto incident upon Malwarebytes Suspicious Acitivty detections.
Are there any filters available to allow users to filter those incidents (e.g. type, status, etc) ?
Filters like Severity, Malware Category will be provided on the integration config.
Commands
You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
- malwarebytes-scan-and-remediate
- malwarebytes-scan-and-report
- malwarebytes-isolate-endpoint
- malwarebytes-isolate-process
- malwarebytes-isolate-desktop
- malwarebytes-isolate-network
- malwarebytes-deisolate-endpoint
- malwarebytes-list-endpoints
- malwarebytes-list-endpoint-info
- malwarebytes-get-scan-detections
- malwarebytes-get-job-status
- malwarebytes-open-sa-incident
- malwarebytes-remediate-sa-incident
- malwarebytes-close-sa-incident
- malwarebytes-get-sa-activities
1. malwarebytes-scan-and-remediate
Initiate Scan and Remediate action on an endpoint based on IP or Hostname.
Base Command
malwarebytes-scan-and-remediate
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of an endpoint in Malwarebytes Cloud. | Optional |
ip | IP of an endpoint in Malwarebytes Cloud. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Machine_ID | string | Endpoint ID of the host |
Malwarebytes.Scan.Job_ID | string | Job ID of the scanned host |
Command Example
!malwarebytes-scan-and-remediate hostname=DESKTOP-LI4MQ7B
Context Example
Human Readable Output
Scan and Remediate action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 964776a3-9cd8-45a2-9c56-59f692f42cc6. Use job_id in malwarebytes-get-job-status command to check status and malwarebytes-get-scan-detections command to view results
2. malwarebytes-scan-and-report
Initiate Scan and report action on an endpoint based on IP or Hostname.
Base Command
malwarebytes-scan-and-report
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of an endpoint in Malwarebytes Cloud. | Optional |
ip | IP of an endpoint in Malwarebytes Cloud. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Machine_ID | string | Endpoint ID of the host |
Malwarebytes.Scan.Job_ID | string | Job ID of the scanned host |
Command Example
!malwarebytes-scan-and-report hostname=TA-AZ-CLT1
Context Example
Human Readable Output
Scan and Report action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 88c6de27-d7d2-45da-a0b9-239a774afe50. Use job_id in malwarebytes-get-job-status command to check status and malwarebytes-get-scan-detections command to view results
3. malwarebytes-isolate-endpoint
Initiate Isolation action on an endpoint based on IP or Hostname. This action isolate an endpoint by Process, Network and Desktop.
Base Command
malwarebytes-isolate-endpoint
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of an endpoint in Malwarebytes Cloud. | Optional |
ip | IP of an endpoint in Malwarebytes Cloud. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Machine_ID | string | Endpoint ID of the host |
Malwarebytes.Scan.Job_ID | string | Job ID of the scanned host |
Command Example
!malwarebytes-isolate-endpoint hostname=DESKTOP-LI4MQ7B
Context Example
Human Readable Output
Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: c133caaf-2c1c-4c54-86b5-b45354608e4d. Use job_id in malwarebytes-get-job-status command to view results
4. malwarebytes-isolate-process
Initiate Process Isolation action on an endpoint based on IP or Hostname.
Base Command
malwarebytes-isolate-process
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of an endpoint in Malwarebytes Cloud. | Optional |
ip | IP of an endpoint in Malwarebytes Cloud. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Machine_ID | string | Endpoint ID of the host |
Malwarebytes.Scan.Job_ID | string | Job ID of the scanned host |
Command Example
!malwarebytes-isolate-process hostname=DESKTOP-LI4MQ7B
Context Example
Human Readable Output
Process Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 72708102-465f-4a3e-8be5-de93cdae6cad. Use job_id in malwarebytes-get-job-status command to view results
5. malwarebytes-isolate-desktop
Initiate Desktop Isolation action on an endpoint based on IP or Hostname.
Base Command
malwarebytes-isolate-desktop
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of an endpoint in Malwarebytes Cloud. | Optional |
ip | IP of an endpoint in Malwarebytes Cloud. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Machine_ID | string | Endpoint ID of the host |
Malwarebytes.Scan.Job_ID | string | Job ID of the scanned host |
Command Example
!malwarebytes-isolate-desktop hostname=TA-AZ-CLT1
Context Example
Human Readable Output
Desktop Isolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 6b0d17b7-bb5b-4314-a841-f25ae93c6a8e. Use job_id in malwarebytes-get-job-status command to view results
6. malwarebytes-isolate-network
Initiate Network Isolation action on an endpoint based on IP or Hostname.
Base Command
malwarebytes-isolate-network
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of an endpoint in Malwarebytes Cloud. | Optional |
ip | IP of an endpoint in Malwarebytes Cloud. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Machine_ID | string | Endpoint ID of the host |
Malwarebytes.Scan.Job_ID | string | Job ID of the scanned host |
Command Example
!malwarebytes-isolate-network hostname=TA-AZ-CLT1
Context Example
Human Readable Output
Network Isolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: cc92a1f4-7253-415d-a743-64f0ea7afb65. Use job_id in malwarebytes-get-job-status command to view results
7. malwarebytes-deisolate-endpoint
Initiate Deisolation action on an endpoint based on IP or Hostname. This action deisolate an endpoint by Process, Network and Desktop.
Base Command
malwarebytes-deisolate-endpoint
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of an endpoint in Malwarebytes Cloud. | Optional |
ip | IP of an endpoint in Malwarebytes Cloud. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Machine_ID | string | Endpoint ID of the host |
Malwarebytes.Scan.Job_ID | string | Job ID of the scanned host |
Command Example
!malwarebytes-deisolate-endpoint hostname=TA-AZ-CLT1
Context Example
Human Readable Output
Deisolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 8dab60e1-e6d8-47c3-b321-0a74de329d20. Use job_id in malwarebytes-get-job-status command to view results
8. malwarebytes-list-endpoints
List all/online/offline endpoints available in the Malwarebytes Cloud.
Base Command
malwarebytes-list-endpoints
Input
Argument Name | Description | Required |
---|---|---|
endpoints | Enter value 'all' to get all endpoints and value 'online' or 'offline' to get online/offline endpoints. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Endpoint.total_count | int | total count of all/online/offline endpoints. |
Command Example
!malwarebytes-list-endpoints endpoints=all
Context Example
Human Readable Output
Found all 5 Endpoints from Malwarebytes Cloud:
created_at | id | last_seen_at | name | online | os_architecture | os_platform | os_release_name |
---|---|---|---|---|---|---|---|
2020-02-05T10:12:55.187467Z | 017febb6-ae68-4c15-9918-d911c72d062a | 2020-04-16T14:05:41.668409Z | TA-AZ-CLT1 | false | AMD64 | WINDOWS | Microsoft Windows 10 Pro |
2020-03-31T08:42:14.319976Z | 1d711cdc-6c6c-4457-927f-2528ecc857a0 | 2020-04-15T08:50:42.737922Z | EC2AMAZ-KK7M02P | false | AMD64 | WINDOWS | Microsoft Windows Server 2019 Datacenter |
2020-02-05T09:50:02.194556Z | 211d8c3e-142c-4849-b1f0-1680b4bd239c | 2020-04-22T09:07:41.206037Z | DESKTOP-LI4MQ7B | true | AMD64 | WINDOWS | Microsoft Windows 10 Enterprise |
2019-11-25T19:47:15.833008Z | b5740188-00a2-434b-a180-5b0fa85cb10b | 2020-04-21T18:17:43.064707Z | DESKTOP-91UJNA1 | false | AMD64 | WINDOWS | Microsoft Windows 10 Pro |
2019-10-18T09:26:26.993555Z | 5074ade3-5716-44d8-83c7-5985379c0399 | 2020-04-22T09:32:25.813131Z | DESKTOP-664HFM6 | true | AMD64 | WINDOWS | Microsoft Windows 10 Pro |
9. malwarebytes-list-endpoint-info
Lists more granular information about an endpoint.
Base Command
malwarebytes-list-endpoint-info
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of an endpoint in Malwarebytes Cloud. | Optional |
ip | IP of an endpoint in Malwarebytes Cloud. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Endpoint.Assets | string | Asset information of the endpoint. |
Malwarebytes.Endpoint.Hostname | string | The hostname that is mapped to this endpoint. |
Malwarebytes.Endpoint.IPAddress | string | The IP address of the endpoint. |
Malwarebytes.Endpoint.Domain | string | The domain of the endpoint. |
Malwarebytes.Endpoint.MACAddress | string | The MAC address of the endpoint. |
Malwarebytes.Endpoint.OS | string | Endpoint OS. |
Malwarebytes.Endpoint.OSVersion | string | OS version. |
Malwarebytes.Endpoint.Model | string | The model of the machine or device. |
Malwarebytes.Endpoint.Memory | int | Memory on this endpoint. |
Endpoint.Hostname | string | The hostname that is mapped to this endpoint. |
Endpoint.IPAddress | string | The IP address of the endpoint. |
Endpoint.Domain | string | The domain of the endpoint. |
Endpoint.MACAddress | string | The MAC address of the endpoint. |
Endpoint.OS | string | Endpoint OS. |
Endpoint.OSVersion | string | OS version. |
Endpoint.Model | string | The model of the machine or device. |
Endpoint.Memory | int | Memory on this endpoint. |
Command Example
!malwarebytes-list-endpoint-info hostname=TA-AZ-CLT1
Context Example
Human Readable Output
Endpoint Information for the Hostname: TA-AZ-CLT1
computer_info | culture | dhcp_scope_name | domain_name | drives | fully_qualified_host_name | host_name | memory | nics | object_guid | object_sid | os_info | plugin_version | software_installed | startups | time_zone | updates_installed |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
manufacturer: Microsoft Corporation model: Virtual Machine | en-US | {'freespace_available': 124591616000, 'volume_label': 'Windows', 'drive_format': 'NTFS', 'freespace_total': 124591616000, 'name': 'C:\', 'total_size': 135838822400}, {'freespace_available': 7477661696, 'volume_label': 'Temporary Storage', 'drive_format': 'NTFS', 'freespace_total': 7477661696, 'name': 'D:\', 'total_size': 8588816384} | TA-AZ-CLT1 | TA-AZ-CLT1 | total_virtual: 5368094720 free_virtual: 2920792064 total_physical: 4294967296 free_physical: 1683750912 | {'mac_address': '000D3A0AFEC2', 'description': 'Microsoft Hyper-V Network Adapter', 'ips': ['10.0.0.11']} | os_platform: Windows os_architecture: Amd64 os_version: 10.0.17763 os_release_name: Microsoft Windows 10 Pro os_type: Workstation | 1.2.0.330 | {'vendor': 'Google LLC', 'product': 'Google Chrome', 'installed_date': '2020-02-05T00:00:00Z', 'version': '80.0.3987.87'}, {'vendor': 'Malwarebytes', 'product': 'Malwarebytes Endpoint Agent', 'installed_date': '2020-02-05T00:00:00Z', 'version': '1.2.0.0'} | {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Shell', 'value': 'explorer.exe'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'System', 'value': ''}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Taskman', 'value': ''}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Userinit', 'value': 'C:\windows\system32\userinit.exe,'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', 'name': 'SecurityHealth', 'value': 'C:\windows\system32\SecurityHealthSystray.exe'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad', 'name': 'WebCheck', 'value': '{E6FB5E20-DE35-11CF-9C87-00AA005127ED}'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Authentication Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Notification Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Security Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders', 'name': 'SecurityProviders', 'value': 'credssp.dll'} | Etc/GMT |
10. malwarebytes-get-scan-detections
Lists detections from an endpoint for the scans initiated from Demisto.
Base Command
malwarebytes-get-scan-detections
Input
Argument Name | Description | Required |
---|---|---|
job_id | Job ID of the initiated Scan actions only. | Required |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Job_ID | string | Job_Id of the initiated Scan/Isolation/Deisolation actions. |
Malwarebytes.Scan.Status | string | Scan Status for the host |
Malwarebytes.Scan.Detections | string | Scan detections for the host |
Command Example
!malwarebytes-get-scan-detections job_id=931f63ca-e14f-43ad-85d2-3eb8236f1bdd
Context Example
Human Readable Output
Scan Detections Report for the Job_Id: 931f63ca-e14f-43ad-85d2-3eb8236f1bdd
category | machine_id | machine_name | path | reported_at | status | threat_name | type |
---|---|---|---|---|---|---|---|
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\MHTQR4AW1913.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\EKATI3479.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\5WRQN2VY9117.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AMDSCQBK\EKATI3234.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RKSUGKK2\EKATI1111.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RKSUGKK2\5IPWAWNR7377.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\UWAEL22C6434.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\GJL0GTPS2496.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\EKATI5786.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\AAWK4JEC6577.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R5QH05OL\EKATI5120.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QJTCQTO5\EKATI3976.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QGZQD505\EKATI6903.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QDI3PGI1\EKATI8011.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PHVALVXM\EKATI5172.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PCHQV24F\EKATI8221.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PCHQV24F\0LI1UX235485.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\OX4R0SZA\EKATI6865.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\K2LXHNO1\EKATI6770.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\K1UQJ5KL\EKATI1034.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\JI4PZP0K\EKATI5574.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ICOWWYNX\EKATI7940.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\HUOBVYD0\EKATI8486.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\H0LKYXKH\EKATI6183.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZWIZHTVD\EKATI6050.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZAAN0543\EKATI4385.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\YWDLSBOE\EKATI7806.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\Y2YWHFY47970.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\HVAVEBY58253.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\EKATI6877.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XDFR4BMU\EKATI1611.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X5IN24J2\EKATI2562.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X3DL34QB\EKATI4718.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\WAWZXFJU\EKATI3613.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\VAIVLV51\EKATI2378.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\NKWWQ5337273.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\KQDYZ5DZ2805.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\EKATI8812.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FNKI23QO\EKATI9379.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FMULGDCG\EKATI5361.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\EZ3VSVR0\EKATI3626.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DYEBLIJJ\EKATI2757.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DVM05IV0\EKATI4168.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DKI4HFKX\EKATI2083.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TXS354JE\EKATI7864.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TFDVXDEW\EKATI3594.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TCERNEHR\EKATI3060.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SSODDPVL\EKATI3273.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SK4GT55H\NSMDWPVW1226.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SK4GT55H\EKATI6166.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SJRCS2D5\EKATI3838.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\S0RPYHDI\EKATI1244.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MDX3HHPZ\EKATI7764.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\HURT2A3R4366.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\GVXQMXK04108.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\EKATI5862.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LTMZR34O\EKATI8397.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\5KE1T1MN\EKATI3121.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\40ASYTIK\EKATI2489.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\2VR0DR23\EKATI9180.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\22PMRE41\EKATI2935.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\1U0KTXL4\EKATI4859.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\0TNNQOPO\EKATI4374.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.FileLocker | file |
arw | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\0TNNQOPO\CHLGY5ZD1037.EXE | 2020-03-03T13:28:57.393772Z | found | Ransom.Ekati | file |
Malware | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\BIN3333.RAR | 2020-03-03T13:28:57.393772Z | found | Generic.Malware/Suspicious | file |
Malware | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCTV.EXE | 2020-03-03T13:28:57.393772Z | found | DDoSTool.Nitol | file |
PUP | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MICROSOFT OFFICE 2007 SERVICE PACK 2.EXE | 2020-03-03T13:28:57.393772Z | found | PUP.Optional.Solimba | file |
Malware | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FCK_RSC.DUMP | 2020-03-03T13:28:57.393772Z | found | Trojan.ServStart | file |
Malware | 5074ade3-5716-44d8-83c7-5985379c0399 | DESKTOP-664HFM6 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\2211.RAR | 2020-03-03T13:28:57.393772Z | found | Generic.Malware/Suspicious | file |
11. malwarebytes-get-job-status
Lists scan/isolation/deisolation status of the endpoint for the scan/isolation/deisolation initated from Demisto.
Base Command
malwarebytes-get-job-status
Input
Argument Name | Description | Required |
---|---|---|
job_id | Job_Id of the initiated Scan/Isolation/Deisolation actions. | Required |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Scan.Job_ID | string | Job_Id of the initiated Scan/Isolation/Deisolation actions. |
Malwarebytes.Scan.Status | string | Scan Status for the host |
Command Example
!malwarebytes-get-job-status job_id=831afff7-7511-40be-a1ce-eace622e1e3e
Context Example
Human Readable Output
Scan Status for the job_id 831afff7-7511-40be-a1ce-eace622e1e3e is EXPIRED
12. malwarebytes-open-sa-incident
Open Suspicious Activity for investigation in Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.
Base Command
malwarebytes-open-sa-incident
Input
Argument Name | Description | Required |
---|---|---|
machine_id | Machine ID of an endpoint where Suspicious Activity is found. | Required |
detection_id | Detection ID of the Suspicious Activity. | Required |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.SA.Machine_ID | string | Machine ID of the Suspicious host |
Command Example
!malwarebytes-open-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306685
Context Example
Human Readable Output
Open SA Incident action is initiated Successfully for the detection id: 69306685
13. malwarebytes-remediate-sa-incident
Remediate Suspicious Activity from Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.
Base Command
malwarebytes-remediate-sa-incident
Input
Argument Name | Description | Required |
---|---|---|
machine_id | Machine ID of an endpoint in Malwarebytes Cloud where Suspicious Activity is found. | Required |
detection_id | Detection ID of the Suspicious Activity | Required |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.SA.Machine_ID | string | Machine ID of the Suspicious host |
Command Example
!malwarebytes-remediate-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306697
Context Example
Human Readable Output
Remediate SA Incident action is initiated Successfully for the detection id: 69306697
14. malwarebytes-close-sa-incident
Close Suspicious Activity Incident in Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.
Base Command
malwarebytes-close-sa-incident
Input
Argument Name | Description | Required |
---|---|---|
machine_id | Machine ID of an endpoint in Malwarebytes Cloud where Suspicious Activity is found. | Required |
detection_id | Detection ID of the Suspicious Activity. | Required |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.SA.Machine_ID | string | Machine ID of the Suspicious host |
Command Example
!malwarebytes-close-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306685
Context Example
Human Readable Output
Close SA Incident action is initiated Successfully for the detection id: 69306685
15. malwarebytes-get-sa-activities
Lists all suspicious activities from hostname value and list all the hostnames from path of file.
Base Command
malwarebytes-get-sa-activities
Input
Argument Name | Description | Required |
---|---|---|
hostname | Hostname of the endpoint. | Optional |
path | Path of the file to be searched in suspicious activities. | Optional |
Context Output
Path | Type | Description |
---|---|---|
Malwarebytes.Endpoint.Suspicious_Activities | string | Suspicious Activities for the host |
Command Example
!malwarebytes-get-sa-activities hostname=DESKTOP-664HFM6
Context Example
Human Readable Output
Suspicious Activites found for the host: DESKTOP-664HFM6
account_id | detected_by_count | detection_id_list | level | machine_id | path | pc_hostname | status | timestamp |
---|---|---|---|---|---|---|---|---|
2020bd17-a809-4102-b744-94fe8ad1c591 | 1 | 69306685 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\51I24R0R\4S4USN157912.EXE | DESKTOP-664HFM6 | closed | 2020-04-22T00:22:03.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 2 | 69306697 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\51I24R0R\EKATI3419.EXE | DESKTOP-664HFM6 | processing | 2020-04-22T00:22:03.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 69298563 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZRPQZLD0\EKATI4166.EXE | DESKTOP-664HFM6 | detected | 2020-04-22T00:03:17.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 3 | 69297395 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ULHYC0ZK\EKATI7387.EXE | DESKTOP-664HFM6 | detected | 2020-04-22T00:00:18.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 69293149 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SXM2TCFT\EKATI7194.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T23:51:31.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 3 | 69224002 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Y20DB3LK\EKATI3988.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T21:26:21.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 69216054 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\1VG2J1ZZ\EKATI9823.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T21:14:39.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 1 | 69216153 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CJGQRXFS\WR1LKLFO5074.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T21:13:28.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 2 | 69216169 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CJGQRXFS\EKATI7396.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T21:13:27.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 69205108 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\WGKUJRGM\EKATI7827.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T20:53:33.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 1 | 69199010 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\NURKWB4B\MIYO4ZBX5817.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T20:41:41.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 2 | 69199008 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\NURKWB4B\EKATI1485.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T20:41:40.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 69196909 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Z2QEP4IQ\EKATI1206.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T20:41:15.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 1 | 69183153 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R0TZHA1D\QTVKKU0O3864.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T20:18:19.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 2 | 69183344 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R0TZHA1D\EKATI3336.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T20:18:18.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 69182161 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Y5B35RXH\EKATI4787.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T20:16:25.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 2 | 69182258 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QI2K3DLV\EKATI8446.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T20:16:06.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 1 | 68915780 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LERQ0DSN\PFNLX1ZC2666.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T13:35:33.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 68915910 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LERQ0DSN\EKATI1279.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T13:35:28.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 1 | 68917631 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\KGSXOYUY\1DM4MJK56911.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T13:35:21.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 3 | 68917642 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\KGSXOYUY\EKATI5694.EXE | DESKTOP-664HFM6 | detected | 2020-04-21T13:35:21.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 67932985 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TLX3EVTX\EKATI4102.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:46:20.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 9 | 67932021 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LYFB0FPR\EKATI8717.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:45:38.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 8 | 67932009 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X0BDZ1FX\EKATI5156.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:45:35.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 3 | 67932084 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZAX2TN0U\EKATI3331.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:45:32.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 10 | 67932008 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\V1YOTCGH\EKATI1530.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:45:08.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 1 | 67932145 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IJJZUABZ\E55QEANT8731.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:45:02.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 2 | 67932186 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IJJZUABZ\EKATI7353.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:45:02.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 9 | 67931295 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IMPDUHIQ\EKATI3476.EXE | DESKTOP-664HFM6 | closed | 2020-04-20T08:43:34.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 9 | 67931302 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\4KQQJWG5\EKATI4354.EXE | DESKTOP-664HFM6 | processing | 2020-04-20T08:43:31.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 1 | 67931496 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AVQCVSEN\CSF2FQEI8635.EXE | DESKTOP-664HFM6 | processing | 2020-04-20T08:43:24.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 3 | 67931509 | 2 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AVQCVSEN\EKATI2270.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:43:24.000Z |
2020bd17-a809-4102-b744-94fe8ad1c591 | 11 | 67931294 | 3 | 5074ade3-5716-44d8-83c7-5985379c0399 | C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RGCNKCKH\EKATI1130.EXE | DESKTOP-664HFM6 | detected | 2020-04-20T08:43:16.000Z |