From b3bfde54a9f68ea747907d0041648fce856a50d2 Mon Sep 17 00:00:00 2001 From: Varun Kohli <97222872+vakohl@users.noreply.github.com> Date: Tue, 26 Nov 2024 22:56:13 +0530 Subject: [PATCH] Adding Sample Data --- ...entinelOne_ASimAlertEvent_IngestedLogs.csv | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 Sample Data/ASIM/SentinelOne_ASimAlertEvent_IngestedLogs.csv diff --git a/Sample Data/ASIM/SentinelOne_ASimAlertEvent_IngestedLogs.csv b/Sample Data/ASIM/SentinelOne_ASimAlertEvent_IngestedLogs.csv new file mode 100644 index 00000000000..29ca1ef3e13 --- /dev/null +++ b/Sample Data/ASIM/SentinelOne_ASimAlertEvent_IngestedLogs.csv @@ -0,0 +1,21 @@ +activityType_d,TimeGenerated [UTC],TenantId,SourceSystem,MG,ManagementGroupName,Computer,RawData,alertInfo_indicatorDescription_s,alertInfo_indicatorName_s,targetProcessInfo_tgtFileOldPath_s,alertInfo_indicatorCategory_s,alertInfo_registryOldValue_g,alertInfo_dstIp_s,alertInfo_dstPort_s,alertInfo_netEventDirection_s,alertInfo_srcIp_s,alertInfo_srcPort_s,containerInfo_id_s,targetProcessInfo_tgtFileId_g,alertInfo_registryOldValue_s,alertInfo_registryOldValueType_s,alertInfo_dnsRequest_s,alertInfo_dnsResponse_s,alertInfo_registryKeyPath_s,alertInfo_registryPath_s,alertInfo_registryValue_g,ruleInfo_description_s,alertInfo_registryValue_s,alertInfo_loginAccountDomain_s,alertInfo_loginAccountSid_s,alertInfo_loginIsAdministratorEquivalent_s,alertInfo_loginIsSuccessful_s,alertInfo_loginType_s,alertInfo_loginsUserName_s,alertInfo_srcMachineIp_s,targetProcessInfo_tgtProcCmdLine_s,targetProcessInfo_tgtProcImagePath_s,targetProcessInfo_tgtProcName_s,targetProcessInfo_tgtProcPid_s,targetProcessInfo_tgtProcSignedStatus_s,targetProcessInfo_tgtProcStorylineId_s,targetProcessInfo_tgtProcUid_s,sourceParentProcessInfo_storyline_g,sourceParentProcessInfo_uniqueId_g,sourceProcessInfo_storyline_g,sourceProcessInfo_uniqueId_g,targetProcessInfo_tgtProcStorylineId_g,targetProcessInfo_tgtProcUid_g,agentDetectionInfo_machineType_s,agentDetectionInfo_name_s,agentDetectionInfo_osFamily_s,agentDetectionInfo_osName_s,agentDetectionInfo_osRevision_s,agentDetectionInfo_uuid_g,agentDetectionInfo_version_s,agentRealtimeInfo_id_s,agentRealtimeInfo_infected_b,agentRealtimeInfo_isActive_b,agentRealtimeInfo_isDecommissioned_b,agentRealtimeInfo_machineType_s,agentRealtimeInfo_name_s,agentRealtimeInfo_os_s,agentRealtimeInfo_uuid_g,alertInfo_alertId_s,alertInfo_analystVerdict_s,alertInfo_createdAt_t [UTC],alertInfo_dvEventId_s,alertInfo_eventType_s,alertInfo_hitType_s,alertInfo_incidentStatus_s,alertInfo_isEdr_b,alertInfo_reportedAt_t [UTC],alertInfo_source_s,alertInfo_updatedAt_t [UTC],ruleInfo_id_s,ruleInfo_name_s,ruleInfo_queryLang_s,ruleInfo_queryType_s,ruleInfo_s1ql_s,ruleInfo_scopeLevel_s,ruleInfo_severity_s,ruleInfo_treatAsThreat_s,sourceParentProcessInfo_commandline_s,sourceParentProcessInfo_fileHashMd5_g,sourceParentProcessInfo_fileHashSha1_s,sourceParentProcessInfo_fileHashSha256_s,sourceParentProcessInfo_filePath_s,sourceParentProcessInfo_fileSignerIdentity_s,sourceParentProcessInfo_integrityLevel_s,sourceParentProcessInfo_name_s,sourceParentProcessInfo_pid_s,sourceParentProcessInfo_pidStarttime_t [UTC],sourceParentProcessInfo_storyline_s,sourceParentProcessInfo_subsystem_s,sourceParentProcessInfo_uniqueId_s,sourceParentProcessInfo_user_s,sourceProcessInfo_commandline_s,sourceProcessInfo_fileHashMd5_g,sourceProcessInfo_fileHashSha1_s,sourceProcessInfo_fileHashSha256_s,sourceProcessInfo_filePath_s,sourceProcessInfo_fileSignerIdentity_s,sourceProcessInfo_integrityLevel_s,sourceProcessInfo_name_s,sourceProcessInfo_pid_s,sourceProcessInfo_pidStarttime_t [UTC],sourceProcessInfo_storyline_s,sourceProcessInfo_subsystem_s,sourceProcessInfo_uniqueId_s,sourceProcessInfo_user_s,targetProcessInfo_tgtFileCreatedAt_t [UTC],targetProcessInfo_tgtFileHashSha1_s,targetProcessInfo_tgtFileHashSha256_s,targetProcessInfo_tgtFileId_s,targetProcessInfo_tgtFileIsSigned_s,targetProcessInfo_tgtFileModifiedAt_t [UTC],targetProcessInfo_tgtFilePath_s,targetProcessInfo_tgtProcIntegrityLevel_s,targetProcessInfo_tgtProcessStartTime_t [UTC],agentUpdatedVersion_s,agentId_s,hash_s,osFamily_s,threatId_s,creator_s,creatorId_s,inherits_b,isDefault_b,name_s,registrationToken_s,totalAgents_d,type_s,agentDetectionInfo_accountId_s,agentDetectionInfo_accountName_s,agentDetectionInfo_agentDetectionState_s,agentDetectionInfo_agentDomain_s,agentDetectionInfo_agentIpV4_s,agentDetectionInfo_agentIpV6_s,agentDetectionInfo_agentLastLoggedInUserName_s,agentDetectionInfo_agentMitigationMode_s,agentDetectionInfo_agentOsName_s,agentDetectionInfo_agentOsRevision_s,agentDetectionInfo_agentRegisteredAt_t [UTC],agentDetectionInfo_agentUuid_g,agentDetectionInfo_agentVersion_s,agentDetectionInfo_externalIp_s,agentDetectionInfo_groupId_s,agentDetectionInfo_groupName_s,agentDetectionInfo_siteId_s,agentDetectionInfo_siteName_s,agentRealtimeInfo_accountId_s,agentRealtimeInfo_accountName_s,agentRealtimeInfo_activeThreats_d,agentRealtimeInfo_agentComputerName_s,agentRealtimeInfo_agentDomain_s,agentRealtimeInfo_agentId_s,agentRealtimeInfo_agentInfected_b,agentRealtimeInfo_agentIsActive_b,agentRealtimeInfo_agentIsDecommissioned_b,agentRealtimeInfo_agentMachineType_s,agentRealtimeInfo_agentMitigationMode_s,agentRealtimeInfo_agentNetworkStatus_s,agentRealtimeInfo_agentOsName_s,agentRealtimeInfo_agentOsRevision_s,agentRealtimeInfo_agentOsType_s,agentRealtimeInfo_agentUuid_g,agentRealtimeInfo_agentVersion_s,agentRealtimeInfo_groupId_s,agentRealtimeInfo_groupName_s,agentRealtimeInfo_networkInterfaces_s,agentRealtimeInfo_operationalState_s,agentRealtimeInfo_rebootRequired_b,agentRealtimeInfo_scanFinishedAt_t [UTC],agentRealtimeInfo_scanStartedAt_t [UTC],agentRealtimeInfo_scanStatus_s,agentRealtimeInfo_siteId_s,agentRealtimeInfo_siteName_s,agentRealtimeInfo_userActionsNeeded_s,indicators_s,mitigationStatus_s,threatInfo_analystVerdict_s,threatInfo_analystVerdictDescription_s,threatInfo_automaticallyResolved_b,threatInfo_certificateId_s,threatInfo_classification_s,threatInfo_classificationSource_s,threatInfo_cloudFilesHashVerdict_s,threatInfo_collectionId_s,threatInfo_confidenceLevel_s,threatInfo_createdAt_t [UTC],threatInfo_detectionEngines_s,threatInfo_detectionType_s,threatInfo_engines_s,threatInfo_externalTicketExists_b,threatInfo_failedActions_b,threatInfo_fileExtension_s,threatInfo_fileExtensionType_s,threatInfo_filePath_s,threatInfo_fileSize_d,threatInfo_fileVerificationType_s,threatInfo_identifiedAt_t [UTC],threatInfo_incidentStatus_s,threatInfo_incidentStatusDescription_s,threatInfo_initiatedBy_s,threatInfo_initiatedByDescription_s,threatInfo_isFileless_b,threatInfo_isValidCertificate_b,threatInfo_mitigatedPreemptively_b,threatInfo_mitigationStatus_s,threatInfo_mitigationStatusDescription_s,threatInfo_originatorProcess_s,threatInfo_pendingActions_b,threatInfo_processUser_s,threatInfo_publisherName_s,threatInfo_reachedEventsLimit_b,threatInfo_rebootRequired_b,threatInfo_sha1_s,threatInfo_storyline_s,threatInfo_threatId_s,threatInfo_threatName_s,threatInfo_updatedAt_t [UTC],whiteningOptions_s,threatInfo_maliciousProcessArguments_s,threatInfo_fileExtension_g,threatInfo_threatName_g,threatInfo_storyline_g,accountId_s,accountName_s,activityUuid_g,createdAt_t [UTC],id_s,primaryDescription_s,secondaryDescription_s,siteId_s,siteName_s,updatedAt_t [UTC],userId_s,event_name_s,DataFields_s,description_s,comments_s,activeDirectory_computerMemberOf_s,activeDirectory_lastUserMemberOf_s,activeThreats_d,agentVersion_s,allowRemoteShell_b,appsVulnerabilityStatus_s,computerName_s,consoleMigrationStatus_s,coreCount_d,cpuCount_d,cpuId_s,detectionState_s,domain_s,encryptedApplications_b,externalId_s,externalIp_s,firewallEnabled_b,firstFullModeTime_t [UTC],fullDiskScanLastUpdatedAt_t [UTC],groupId_s,groupIp_s,groupName_s,inRemoteShellSession_b,infected_b,installerType_s,isActive_b,isDecommissioned_b,isPendingUninstall_b,isUninstalled_b,isUpToDate_b,lastActiveDate_t [UTC],lastIpToMgmt_s,lastLoggedInUserName_s,licenseKey_s,locationEnabled_b,locationType_s,locations_s,machineType_s,mitigationMode_s,mitigationModeSuspicious_s,modelName_s,networkInterfaces_s,networkQuarantineEnabled_b,networkStatus_s,operationalState_s,osArch_s,osName_s,osRevision_s,osStartTime_t [UTC],osType_s,rangerStatus_s,rangerVersion_s,registeredAt_t [UTC],remoteProfilingState_s,scanFinishedAt_t [UTC],scanStartedAt_t [UTC],scanStatus_s,serialNumber_s,showAlertIcon_b,tags_sentinelone_s,threatRebootRequired_b,totalMemory_d,userActionsNeeded_s,uuid_g,osUsername_s,scanAbortedAt_t [UTC],activeDirectory_computerDistinguishedName_s,activeDirectory_lastUserDistinguishedName_s,Type,_ResourceId +,"7/7/2023, 2:20:08.244 PM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350,2402:3a80:1b8c:a74a:307c:4946:7add:7a8b,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350"",""2402:3a80:1b8c:a74a:307c:4946:7add:7a8b"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":0,""pendingReboot"":0,""success"":1,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:32:02.982082Z"",""latestReport"":""/threats/mitigation-report/1723895207815032322"",""mitigationEndedAt"":""2023-07-07T12:33:02.202Z"",""mitigationStartedAt"":""2023-07-07T12:33:02.202Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:32:02.577709Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-07T12:32:02.562179Z"",""mitigationStartedAt"":""2023-07-07T12:32:02.562177Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Malware,Static,black,1.71E+18,malicious,"7/7/2023, 12:32:01.995 PM","[{""key"":""sentinelone_cloud"",""title"":""SentinelOne Cloud""}]",static,"[""SentinelOne Cloud""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Joke\CrazyNCS.exe,125440,NotSigned,"7/7/2023, 12:32:01.948 PM",in_progress,In progress,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,e9f177e1c57db0a15d1dc6b3e6c866d38d85b17c,403599C6A067F7A0,1.72E+18,CrazyNCS.exe,"7/7/2023, 2:03:54.681 PM","[""hash""]",,,,,,,,,1.72E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/7/2023, 2:20:08.244 PM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350,2402:3a80:1b8c:a74a:307c:4946:7add:7a8b,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350"",""2402:3a80:1b8c:a74a:307c:4946:7add:7a8b"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:36:50.660578Z"",""latestReport"":""/threats/mitigation-report/1723897621033309906"",""mitigationEndedAt"":""2023-07-07T12:37:50.147Z"",""mitigationStartedAt"":""2023-07-07T12:37:50.147Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:36:50.305926Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-07T12:36:50.284323Z"",""mitigationStartedAt"":""2023-07-07T12:36:50.284321Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Malware,Static,black,1.69E+18,malicious,"7/7/2023, 12:36:49.922 PM","[{""key"":""pre_execution"",""title"":""On-Write Static AI""}]",static,"[""On-Write DFI""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe,424448,NotSigned,"7/7/2023, 12:36:49.899 PM",in_progress,In progress,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,51c647e2b150e781bd1910cac4061a2cee1daf89,E43699C6A067F7A0,1.72E+18,$uckyLocker.exe,"7/7/2023, 2:03:51.675 PM","[""hash"",""path""]",,,,,,,,,1.72E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/7/2023, 2:20:08.244 PM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350,2402:3a80:1b8c:a74a:307c:4946:7add:7a8b,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350"",""2402:3a80:1b8c:a74a:307c:4946:7add:7a8b"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:37:00.833815Z"",""latestReport"":""/threats/mitigation-report/1723897706387408429"",""mitigationEndedAt"":""2023-07-07T12:38:00.21Z"",""mitigationStartedAt"":""2023-07-07T12:38:00.21Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:37:00.463065Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-07T12:37:00.443218Z"",""mitigationStartedAt"":""2023-07-07T12:37:00.443216Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Malware,Static,black,1.69E+18,malicious,"7/7/2023, 12:37:00.027 PM","[{""key"":""pre_execution"",""title"":""On-Write Static AI""}]",static,"[""On-Write DFI""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe,424448,NotSigned,"7/7/2023, 12:36:59.992 PM",in_progress,In progress,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,51c647e2b150e781bd1910cac4061a2cee1daf89,EA3699C6A067F7A0,1.72E+18,$uckyLocker.exe,"7/7/2023, 2:03:56.860 PM","[""hash"",""path""]",,,,,,,,,1.72E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/7/2023, 2:20:08.244 PM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350,2402:3a80:1b8c:a74a:307c:4946:7add:7a8b,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350"",""2402:3a80:1b8c:a74a:307c:4946:7add:7a8b"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":false,""groupNotFound"":false,""lastUpdate"":""2023-07-07T14:03:58.81496Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-07T14:03:58.814964Z"",""mitigationStartedAt"":""2023-07-07T14:03:58.814966Z"",""status"":""pending""},{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:37:13.367389Z"",""latestReport"":""/threats/mitigation-report/1723897811505068488"",""mitigationEndedAt"":""2023-07-07T12:38:06.25Z"",""mitigationStartedAt"":""2023-07-07T12:38:06.25Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Malware,Static,black,1.69E+18,malicious,"7/7/2023, 12:37:11.522 PM","[{""key"":""pre_execution"",""title"":""On-Write Static AI""}]",static,"[""On-Write DFI""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe,424448,NotSigned,"7/7/2023, 12:37:11.504 PM",in_progress,In progress,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,TRUE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,51c647e2b150e781bd1910cac4061a2cee1daf89,F43699C6A067F7A0,1.72E+18,$uckyLocker.exe,"7/7/2023, 2:03:54.736 PM","[""hash"",""path""]",,,,,,,,,1.72E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/7/2023, 2:20:08.244 PM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350,2402:3a80:1b8c:a74a:307c:4946:7add:7a8b,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350"",""2402:3a80:1b8c:a74a:307c:4946:7add:7a8b"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:37:19.082465Z"",""latestReport"":""/threats/mitigation-report/1723897859454358418"",""mitigationEndedAt"":""2023-07-07T12:38:15.317Z"",""mitigationStartedAt"":""2023-07-07T12:38:15.317Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:37:17.297316Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-07T12:37:17.266605Z"",""mitigationStartedAt"":""2023-07-07T12:37:17.266601Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Malware,Static,black,1.69E+18,malicious,"7/7/2023, 12:37:16.075 PM","[{""key"":""pre_execution"",""title"":""On-Write Static AI""}]",static,"[""On-Write DFI""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe,424448,NotSigned,"7/7/2023, 12:37:16.036 PM",in_progress,In progress,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,51c647e2b150e781bd1910cac4061a2cee1daf89,0D3799C6A067F7A0,1.72E+18,$uckyLocker.exe,"7/7/2023, 2:03:56.547 PM","[""hash"",""path""]",,,,,,,,,1.72E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/7/2023, 2:20:08.244 PM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350,2402:3a80:1b8c:a74a:307c:4946:7add:7a8b,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350"",""2402:3a80:1b8c:a74a:307c:4946:7add:7a8b"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:37:23.049017Z"",""latestReport"":""/threats/mitigation-report/1723897892723582042"",""mitigationEndedAt"":""2023-07-07T12:38:21.373Z"",""mitigationStartedAt"":""2023-07-07T12:38:21.373Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:37:22.478548Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-07T12:37:22.466684Z"",""mitigationStartedAt"":""2023-07-07T12:37:22.466682Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Malware,Static,black,1.69E+18,malicious,"7/7/2023, 12:37:21.736 PM","[{""key"":""pre_execution"",""title"":""On-Write Static AI""}]",static,"[""On-Write DFI""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe,424448,NotSigned,"7/7/2023, 12:37:21.721 PM",in_progress,In progress,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,51c647e2b150e781bd1910cac4061a2cee1daf89,183799C6A067F7A0,1.72E+18,$uckyLocker.exe,"7/7/2023, 2:03:55.332 PM","[""hash"",""path""]",,,,,,,,,1.72E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/7/2023, 2:20:08.244 PM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.72.27,"2402:8100:39af:9067:b83b:e603:db8e:5178,2402:8100:39af:9067:6465:1214:bcf0:9267,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,22.2.6.937,106.76.90.198,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350"",""2402:3a80:1b8c:a74a:307c:4946:7add:7a8b"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":0,""pendingReboot"":0,""success"":1,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:30:59.199271Z"",""latestReport"":""/threats/mitigation-report/1723894672764373663"",""mitigationEndedAt"":""2023-06-23T08:42:43.379Z"",""mitigationStartedAt"":""2023-06-23T08:42:43.379Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-06-23T09:35:17.117641Z"",""latestReport"":null,""mitigationEndedAt"":""2023-06-23T09:35:17.108333Z"",""mitigationStartedAt"":""2023-06-23T09:35:17.108331Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Malware,Engine,black,1.71E+18,malicious,"6/23/2023, 9:35:15.133 AM","[{""key"":""sentinelone_cloud"",""title"":""SentinelOne Cloud""}]",static,"[""SentinelOne Cloud""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Pikachu.exe,32768,NotSigned,"6/23/2023, 8:42:43.379 AM",in_progress,In progress,full_disk_scan,Full Disk Scan,FALSE,FALSE,FALSE,mitigated,Mitigated,WinRAR.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,52d118a34da7f5037cde04c31ff491eb25933b18,406797C6A067F7A0,1.71E+18,Pikachu.exe,"7/7/2023, 2:03:55.997 PM","[""hash""]",,,,,,,,,1.71E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/7/2023, 2:20:08.244 PM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350,2402:3a80:1b8c:a74a:307c:4946:7add:7a8b,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,22.2.6.937,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350"",""2402:3a80:1b8c:a74a:307c:4946:7add:7a8b"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":0,""pendingReboot"":0,""success"":1,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:28:02.142554Z"",""latestReport"":""/threats/mitigation-report/1723893187519203471"",""mitigationEndedAt"":""2023-06-23T08:43:06.662Z"",""mitigationStartedAt"":""2023-06-23T08:43:06.662Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T12:28:01.7728Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-07T12:28:01.763537Z"",""mitigationStartedAt"":""2023-07-07T12:28:01.763536Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Malware,Engine,black,1.72E+18,malicious,"7/7/2023, 12:28:01.456 PM","[{""key"":""sentinelone_cloud"",""title"":""SentinelOne Cloud""}]",static,"[""SentinelOne Cloud""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Email-Worm\Happy99.exe,10000,NotSigned,"6/23/2023, 8:43:06.655 AM",in_progress,In progress,full_disk_scan,Full Disk Scan,FALSE,FALSE,FALSE,mitigated,Mitigated,WinRAR.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,a4a945192cb730634168f79b6e4cd298dbe3d168,1F6797C6A067F7A0,1.72E+18,Happy99.exe,"7/7/2023, 2:03:55.767 PM","[""hash""]",,,,,,,,,1.72E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 6:40:03.459 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,TRUE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523"",""2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005"",""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:20:32.796838Z"",""latestReport"":""/threats/mitigation-report/1725882551384143611"",""mitigationEndedAt"":""2023-07-10T06:21:36.25Z"",""mitigationStartedAt"":""2023-07-10T06:21:36.25Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:20:32.176754Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-10T06:20:32.163853Z"",""mitigationStartedAt"":""2023-07-10T06:20:32.163851Z"",""status"":""success""}]",undefined,Undefined,FALSE,,Malware,Static,black,1.71E+18,malicious,"7/10/2023, 6:20:31.569 AM","[{""key"":""pre_execution_suspicious"",""title"":""On-Write Static AI - Suspicious""}]",static,"[""On-Write DFI - Suspicious""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp3_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Spark\Spark.exe,507392,NotSigned,"7/10/2023, 6:20:31.555 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,6707f3a0906ab6d201edc5b6389f9e66e345f174,881B9AC6A067F7A0,1.73E+18,Spark.exe,"7/10/2023, 6:23:36.604 AM","[""path"",""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 6:40:03.459 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523,2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005,2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,TRUE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523"",""2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005"",""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:23:40.639173Z"",""latestReport"":""/threats/mitigation-report/1725884127117216169"",""mitigationEndedAt"":""2023-07-10T06:24:39.753Z"",""mitigationStartedAt"":""2023-07-10T06:24:39.753Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:23:38.81517Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-10T06:23:38.806736Z"",""mitigationStartedAt"":""2023-07-10T06:23:38.806735Z"",""status"":""success""}]",undefined,Undefined,FALSE,,Malware,Static,black,1.71E+18,malicious,"7/10/2023, 6:23:36.463 AM","[{""key"":""pre_execution_suspicious"",""title"":""On-Write Static AI - Suspicious""}]",static,"[""On-Write DFI - Suspicious""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp3_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Spark\Spark.exe,507392,NotSigned,"7/10/2023, 6:23:36.451 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,6707f3a0906ab6d201edc5b6389f9e66e345f174,1A1C9AC6A067F7A0,1.73E+18,Spark.exe,"7/10/2023, 6:23:40.634 AM","[""path"",""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 6:40:03.459 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523,2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005,2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,TRUE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523"",""2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005"",""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:26:06.792261Z"",""latestReport"":""/threats/mitigation-report/1725885353137560674"",""mitigationEndedAt"":""2023-07-10T06:27:03.895Z"",""mitigationStartedAt"":""2023-07-10T06:27:03.895Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:26:04.307376Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-10T06:26:04.296692Z"",""mitigationStartedAt"":""2023-07-10T06:26:04.296691Z"",""status"":""success""}]",undefined,Undefined,FALSE,,Malware,Static,black,1.71E+18,malicious,"7/10/2023, 6:26:01.730 AM","[{""key"":""pre_execution_suspicious"",""title"":""On-Write Static AI - Suspicious""}]",static,"[""On-Write DFI - Suspicious""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp3_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Spark\Spark.exe,507392,NotSigned,"7/10/2023, 6:26:01.717 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,6707f3a0906ab6d201edc5b6389f9e66e345f174,601D9AC6A067F7A0,1.73E+18,Spark.exe,"7/10/2023, 6:26:06.786 AM","[""path"",""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 6:40:03.459 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523,2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005,2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,TRUE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523"",""2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005"",""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:27:40.890368Z"",""latestReport"":""/threats/mitigation-report/1725886142488882354"",""mitigationEndedAt"":""2023-07-10T06:28:34.589Z"",""mitigationStartedAt"":""2023-07-10T06:28:34.589Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:27:33.901763Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-10T06:27:33.890752Z"",""mitigationStartedAt"":""2023-07-10T06:27:33.890751Z"",""status"":""success""}]",undefined,Undefined,FALSE,,Malware,Static,black,1.71E+18,malicious,"7/10/2023, 6:27:31.003 AM","[{""key"":""pre_execution_suspicious"",""title"":""On-Write Static AI - Suspicious""}]",static,"[""On-Write DFI - Suspicious""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp3_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Spark\Spark.exe,507392,NotSigned,"7/10/2023, 6:27:30.989 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,6707f3a0906ab6d201edc5b6389f9e66e345f174,771D9AC6A067F7A0,1.73E+18,Spark.exe,"7/10/2023, 6:27:40.885 AM","[""path"",""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 6:30:02.666 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,TRUE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523"",""2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005"",""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":0,""pendingReboot"":0,""success"":1,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:18:52.021314Z"",""latestReport"":""/threats/mitigation-report/1725881706013694609"",""mitigationEndedAt"":""2023-07-10T06:19:55.612Z"",""mitigationStartedAt"":""2023-07-10T06:19:55.612Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:18:51.408723Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-10T06:18:51.396236Z"",""mitigationStartedAt"":""2023-07-10T06:18:51.396235Z"",""status"":""success""}]",undefined,Undefined,FALSE,,Malware,Engine,black,1.71E+18,malicious,"7/10/2023, 6:18:50.793 AM","[{""key"":""sentinelone_cloud"",""title"":""SentinelOne Cloud""}]",static,"[""SentinelOne Cloud""]",FALSE,FALSE,COM,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp3_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Walker.com,5078,NotSigned,"7/10/2023, 6:18:50.779 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,14c85fa8930f8bfbe1f9102a10f4b03d24a16d02,B71A9AC6A067F7A0,1.73E+18,Walker.com,"7/10/2023, 6:18:52.016 AM","[""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 6:30:02.666 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,TRUE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523"",""2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005"",""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":0,""pendingReboot"":0,""success"":1,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:19:18.20969Z"",""latestReport"":""/threats/mitigation-report/1725881925702974119"",""mitigationEndedAt"":""2023-07-10T06:20:21.813Z"",""mitigationStartedAt"":""2023-07-10T06:20:21.813Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T06:19:17.645966Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-10T06:19:17.635499Z"",""mitigationStartedAt"":""2023-07-10T06:19:17.635498Z"",""status"":""success""}]",undefined,Undefined,FALSE,,Malware,Engine,black,1.70E+18,malicious,"7/10/2023, 6:19:17.079 AM","[{""key"":""sentinelone_cloud"",""title"":""SentinelOne Cloud""}]",static,"[""SentinelOne Cloud""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp3_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\MadMan.exe,2671,NotSigned,"7/10/2023, 6:19:17.065 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,f4f433b3f56315e1d469148bdfd835469526262f,E01A9AC6A067F7A0,1.73E+18,MadMan.exe,"7/10/2023, 6:19:18.201 AM","[""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 7:00:32.571 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523,2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005,2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,2,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,TRUE,FALSE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523"",""2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005"",""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],[],undefined,Undefined,FALSE,,Malware,Engine,black,1.70E+18,malicious,"7/10/2023, 6:40:31.234 AM","[{""key"":""sentinelone_cloud"",""title"":""SentinelOne Cloud""}]",static,"[""SentinelOne Cloud""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp3_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\MadMan.exe,2671,NotSigned,"7/10/2023, 6:40:31.207 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,not_mitigated,Not mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,f4f433b3f56315e1d469148bdfd835469526262f,F11E9AC6A067F7A0,1.73E+18,MadMan.exe,"7/10/2023, 6:40:31.231 AM","[""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 7:00:32.571 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523,2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005,2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,2,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,TRUE,FALSE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8a:3f01:3d3d:cad2:37ff:7523"",""2402:3a80:1b8a:3f01:9d21:7cb0:a765:c005"",""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],[],undefined,Undefined,FALSE,,Malware,Engine,black,1.70E+18,malicious,"7/10/2023, 6:41:17.726 AM","[{""key"":""sentinelone_cloud"",""title"":""SentinelOne Cloud""}]",static,"[""SentinelOne Cloud""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp3_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\MadMan.exe,2671,NotSigned,"7/10/2023, 6:41:17.715 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,not_mitigated,Not mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,f4f433b3f56315e1d469148bdfd835469526262f,FA1E9AC6A067F7A0,1.73E+18,MadMan.exe,"7/10/2023, 6:41:17.723 AM","[""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 6:20:02.770 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.72.27,"2402:8100:39af:9067:34cd:e8a:adf1:44a,2402:8100:39af:9067:b83b:e603:db8e:5178,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,22.2.6.937,106.76.88.131,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,TRUE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],"[{""category"":""Abnormalities"",""description"":""The Entry point for this binary is an RWX section. It might contain self-modifying code"",""ids"":[32],""tactics"":[]},{""category"":""Abnormalities"",""description"":""This binary has an RWX section. It might contain self-modifying code"",""ids"":[33],""tactics"":[]}]","[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":0,""pendingReboot"":0,""success"":1,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-06-23T07:00:31.471896Z"",""latestReport"":""/threats/mitigation-report/1713581485491420378"",""mitigationEndedAt"":""2023-06-23T06:59:58.594Z"",""mitigationStartedAt"":""2023-06-23T06:59:58.594Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-06-23T07:00:28.713409Z"",""latestReport"":null,""mitigationEndedAt"":""2023-06-23T07:00:28.70309Z"",""mitigationStartedAt"":""2023-06-23T07:00:28.703089Z"",""status"":""success""}]",true_positive,True positive,FALSE,,Virus,Static,black,1.71E+18,malicious,"6/23/2023, 6:59:42.307 AM","[{""key"":""pre_execution_suspicious"",""title"":""On-Write Static AI - Suspicious""}]",static,"[""On-Write DFI - Suspicious""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\rogues\SpySheriff.exe,49664,NotSigned,"6/23/2023, 6:59:42.283 AM",in_progress,In progress,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,WinRAR.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,4177228a54c15ac42855e87854d4cd9a1722fe39,A36897C6A067F7A0,1.71E+18,SpySheriff.exe,"7/10/2023, 6:02:47.060 AM","[""path"",""hash""]",,,,,,,,,1.71E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/10/2023, 6:20:02.770 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8c:a74a:11c8:2558:8ee8:4350,2402:3a80:1b8c:a74a:307c:4946:7add:7a8b,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,FALSE,TRUE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1713568303589313235"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42"",""2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,FALSE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T13:21:26.333687Z"",""latestReport"":""/threats/mitigation-report/1723920066216866788"",""mitigationEndedAt"":""2023-07-07T13:22:25.798Z"",""mitigationStartedAt"":""2023-07-07T13:22:25.798Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-07T13:21:26.007383Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-07T13:21:25.988851Z"",""mitigationStartedAt"":""2023-07-07T13:21:25.98885Z"",""status"":""success""}]",true_positive,True positive,FALSE,,Virus,Static,black,1.71E+18,malicious,"7/7/2023, 1:21:25.598 PM","[{""key"":""pre_execution_suspicious"",""title"":""On-Write Static AI - Suspicious""}]",static,"[""On-Write DFI - Suspicious""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\rogues\SpySheriff.exe,49664,NotSigned,"7/7/2023, 1:21:25.557 PM",in_progress,In progress,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,4177228a54c15ac42855e87854d4cd9a1722fe39,0E3A99C6A067F7A0,1.72E+18,SpySheriff.exe,"7/10/2023, 6:02:47.066 AM","[""path"",""hash""]",,,,,,,,,1.72E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/20/2023, 6:20:02.866 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.131.27,"2402:3a80:1b8b:3723:65d3:97a7:bc90:5e42,2402:3a80:1b8b:3723:d4f0:476d:9a2a:34d7,fe80::1053:a5ad:2784:2af9",Crest,protect,Windows 11 Pro,22621,"6/22/2023, 12:31:08.244 PM",20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,42.106.37.207,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,24,DESKTOP-F1DPMEB,WORKGROUP,1.71E+18,TRUE,FALSE,FALSE,laptop,protect,connected,Windows 11 Pro,22621,windows,20ee9f81-027b-432f-b6c5-d549705f3419,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1726063713654319822"",""inet"":[""192.168.131.27""],""inet6"":[""2402:3a80:1b83:ffbf:9ca7:8619:d2ba:c35"",""2402:3a80:1b83:ffbf:e0d4:6664:44c4:6dd6"",""fe80::1053:a5ad:2784:2af9""],""name"":""Wi-Fi"",""physical"":""dc:21:48:5f:ec:8b""}]",na,TRUE,"6/23/2023, 8:45:05.631 AM","6/23/2023, 7:16:35.766 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T05:48:54.010143Z"",""latestReport"":""/threats/mitigation-report/1725866623202578212"",""mitigationEndedAt"":""2023-07-10T05:49:53.032Z"",""mitigationStartedAt"":""2023-07-10T05:49:53.032Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-10T05:48:51.154966Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-10T05:48:51.145474Z"",""mitigationStartedAt"":""2023-07-10T05:48:51.145473Z"",""status"":""success""}]",suspicious,Suspicious,FALSE,,Ransomware,Static,black,1.69E+18,malicious,"7/10/2023, 5:48:48.388 AM","[{""key"":""pre_execution_suspicious"",""title"":""On-Write Static AI - Suspicious""}]",static,"[""On-Write DFI - Suspicious""]",FALSE,FALSE,EXE,Executable,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp2_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Ransomware\InfinityCrypt.exe,216064,NotSigned,"7/10/2023, 5:48:48.369 AM",unresolved,Unresolved,agent_policy,Agent Policy,FALSE,FALSE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,DESKTOP-F1DPMEB\Crest,,FALSE,FALSE,7711cb4873e58b7adcf2a2b047b090e78d10c75b,FD5299C6A067F7A0,1.73E+18,InfinityCrypt.exe,"7/20/2023, 6:01:09.499 AM","[""hash"",""path""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL, +,"7/18/2023, 10:00:17.238 AM",1a0e2567-2e58-4989-ad18-206108185325,RestAPI,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1.71E+18,Crest Data Systems,full_mode,WORKGROUP,192.168.5.50,fe80::1f89:3f11:3ed0:59b6,Crest,protect,Windows 11 Pro,22621,"7/17/2023, 7:07:12.465 AM",f25c1ccd-5039-4dcf-812e-79a2aede6358,23.1.2.400,117.217.127.213,1.71E+18,Crest Data Systems,1.71E+18,Default site,1.71E+18,Crest Data Systems,0,CLW547-,WORKGROUP,1.73E+18,FALSE,FALSE,FALSE,laptop,protect,disconnected,Windows 11 Pro,22621,windows,f25c1ccd-5039-4dcf-812e-79a2aede6358,23.1.2.400,1.71E+18,Crest Data Systems,"[{""id"":""1731114147719981270"",""inet"":[""192.168.90.1""],""inet6"":[""2402:3a80:1b87:ce70:fcec:579d:fa9c:8588"",""2402:3a80:1b87:ce70:a49a:a220:4032:f568"",""fe80::1f89:3f11:3ed0:59b6""],""name"":""Wi-Fi"",""physical"":""a8:7e:ea:6d:68:1b""}]",na,FALSE,"7/17/2023, 11:50:19.170 AM","7/17/2023, 11:38:39.572 AM",finished,1.71E+18,Default site,[],[],"[{""action"":""quarantine"",""actionsCounters"":{""failed"":0,""notFound"":1,""pendingReboot"":0,""success"":0,""total"":1},""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-17T11:42:30.098383Z"",""latestReport"":""/threats/mitigation-report/1731118026763840121"",""mitigationEndedAt"":""2023-07-17T11:42:32.434Z"",""mitigationStartedAt"":""2023-07-17T11:42:32.434Z"",""status"":""success""},{""action"":""kill"",""actionsCounters"":null,""agentSupportsReport"":true,""groupNotFound"":false,""lastUpdate"":""2023-07-17T11:42:29.813465Z"",""latestReport"":null,""mitigationEndedAt"":""2023-07-17T11:42:29.794879Z"",""mitigationStartedAt"":""2023-07-17T11:42:29.794878Z"",""status"":""success""}]",undefined,Undefined,FALSE,"HUAI'AN QIANFENG NETWORK TECHNOLOGY CO., LTD.",PUA,Engine,black,1.73E+18,malicious,"7/17/2023, 11:42:29.506 AM","[{""key"":""pre_execution_suspicious"",""title"":""On-Write Static AI - Suspicious""}]",static,"[""On-Write DFI - Suspicious""]",FALSE,FALSE,,None,\Device\HarddiskVolume3\Users\Crest\AppData\Local\Temp\Temp1_c27ec12499b823e6648d2f472b118ad0ef54b269058c2032204ce6aa2787ea33.zip\c27ec12499b823e6648d2f472b118ad0ef54b269058c2032204ce6aa2787ea33,541784,SignedVerified,"7/17/2023, 11:42:29.490 AM",in_progress,In progress,agent_policy,Agent Policy,FALSE,TRUE,FALSE,mitigated,Mitigated,explorer.exe,FALSE,CLW547-\Crest,"HUAI'AN QIANFENG NETWORK TECHNOLOGY CO., LTD.",FALSE,FALSE,ee762b0bea1ad7bdb4b7120e4b063b08a5f79e4f,991310F580778F51,1.73E+18,c27ec12499b823e6648d2f472b118ad0ef54b269058c2032204ce6aa2787ea33,"7/18/2023, 9:42:50.446 AM","[""path"",""certificate"",""hash""]",,,,,,,,,1.73E+18,,,,,,,Threats.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,SentinelOne_CL,