Malwarebytes

Overview

---

Scan and Remediate threats on endpoints in the Malwarebytes cloud | Nebula. This integration was integrated and tested with Malwarebytes cloud | Nebula.

Malwarebytes Playbook

---

1. Malwarebytes - Scan & Remediate Endpoint
2. Malwarebytes - Isolate Endpoint

Use Cases

---

1. Trigger Malwarebytes Scans and Remediation as part of Demisto Playbook.
2. Trigger Malwarebytes EDR Advanced Capabilities as part of a Demisto Playbook.
3. Create Demisto incidents based on threats detected by Malwarebytes.

Configure Malwarebytes on Demisto

---

1. Navigate to Settings > Integrations > Servers & Services.
2. Search for Malwarebytes.
3. Click Add instance to create and configure a new integration instance.
   • Name: a textual name for the integration instance.
   • Account ID
   • Client ID
   • Client Secret
   • Fetch incidents
   • Incident type
   • Fetch Event List
   • RTP Detections Threat Category
   • Suspicious Activity Severity
   • Trust any certificate (not secure)
   • Use system proxy settings
4. Click Test to validate the URLs, token, and connection.

Fetched Incidents Data

---

The fetch incidents command is the function that Demisto calls every minute to import new incidents and is triggered by the "Fetches incidents" parameter in the integration configuration.

What kind of objects/entities the integration should fetch (events/alerts/incidents/cases/tickets/etc)?

1. Create a Demisto incident upon a Malwarebytes Real-time protection detections.
2. Create a Demisto incident upon Malwarebytes Suspicious Acitivty detections.

Are there any filters available to allow users to filter those incidents (e.g. type, status, etc) ?

Filters like Severity, Malware Category will be provided on the integration config.

Commands

---

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details. 1. malwarebytes-scan-and-remediate 2. malwarebytes-scan-and-report 3. malwarebytes-isolate-endpoint 4. malwarebytes-isolate-process 5. malwarebytes-isolate-desktop 6. malwarebytes-isolate-network 7. malwarebytes-deisolate-endpoint 8. malwarebytes-list-endpoints 9. malwarebytes-list-endpoint-info 10. malwarebytes-get-scan-detections 11. malwarebytes-get-job-status 12. malwarebytes-open-sa-incident 13. malwarebytes-remediate-sa-incident 14. malwarebytes-close-sa-incident 15. malwarebytes-get-sa-activities

1. malwarebytes-scan-and-remediate

---

Initiate Scan and Remediate action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-scan-and-remediate

Input

Argument Name	Description	Required
hostname	Hostname of an endpoint in Malwarebytes Cloud.	Optional
ip	IP of an endpoint in Malwarebytes Cloud.	Optional

Context Output

Path	Type	Description
Malwarebytes.Scan.Machine_ID	string	Endpoint ID of the host
Malwarebytes.Scan.Job_ID	string	Job ID of the scanned host

Command Example

!malwarebytes-scan-and-remediate hostname=DESKTOP-LI4MQ7B

Context Example

{
    "Malwarebytes.Scan": {
        "Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c", 
        "Job_ID": "964776a3-9cd8-45a2-9c56-59f692f42cc6"
    }
}

Human Readable Output

Scan and Remediate action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 964776a3-9cd8-45a2-9c56-59f692f42cc6. Use job_id in malwarebytes-get-job-status command to check status and malwarebytes-get-scan-detections command to view results

2. malwarebytes-scan-and-report

---

Initiate Scan and report action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-scan-and-report

Input

Argument Name	Description	Required
hostname	Hostname of an endpoint in Malwarebytes Cloud.	Optional
ip	IP of an endpoint in Malwarebytes Cloud.	Optional

Context Output

Path	Type	Description
Malwarebytes.Scan.Machine_ID	string	Endpoint ID of the host
Malwarebytes.Scan.Job_ID	string	Job ID of the scanned host

Command Example

!malwarebytes-scan-and-report hostname=TA-AZ-CLT1

Context Example

{
    "Malwarebytes.Scan": {
        "Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a", 
        "Job_ID": "88c6de27-d7d2-45da-a0b9-239a774afe50"
    }
}

Human Readable Output

Scan and Report action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 88c6de27-d7d2-45da-a0b9-239a774afe50. Use job_id in malwarebytes-get-job-status command to check status and malwarebytes-get-scan-detections command to view results

3. malwarebytes-isolate-endpoint

---

Initiate Isolation action on an endpoint based on IP or Hostname. This action isolate an endpoint by Process, Network and Desktop.

Base Command

malwarebytes-isolate-endpoint

Input

Argument Name	Description	Required
hostname	Hostname of an endpoint in Malwarebytes Cloud.	Optional
ip	IP of an endpoint in Malwarebytes Cloud.	Optional

Context Output

Path	Type	Description
Malwarebytes.Scan.Machine_ID	string	Endpoint ID of the host
Malwarebytes.Scan.Job_ID	string	Job ID of the scanned host

Command Example

!malwarebytes-isolate-endpoint hostname=DESKTOP-LI4MQ7B

Context Example

{
    "Malwarebytes.Scan": {
        "Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c", 
        "Job_ID": "c133caaf-2c1c-4c54-86b5-b45354608e4d"
    }
}

Human Readable Output

Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: c133caaf-2c1c-4c54-86b5-b45354608e4d. Use job_id in malwarebytes-get-job-status command to view results

4. malwarebytes-isolate-process

---

Initiate Process Isolation action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-isolate-process

Input

Argument Name	Description	Required
hostname	Hostname of an endpoint in Malwarebytes Cloud.	Optional
ip	IP of an endpoint in Malwarebytes Cloud.	Optional

Context Output

Path	Type	Description
Malwarebytes.Scan.Machine_ID	string	Endpoint ID of the host
Malwarebytes.Scan.Job_ID	string	Job ID of the scanned host

Command Example

!malwarebytes-isolate-process hostname=DESKTOP-LI4MQ7B

Context Example

{
    "Malwarebytes.Scan": {
        "Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c", 
        "Job_ID": "72708102-465f-4a3e-8be5-de93cdae6cad"
    }
}

Human Readable Output

Process Isolation action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: 72708102-465f-4a3e-8be5-de93cdae6cad. Use job_id in malwarebytes-get-job-status command to view results

5. malwarebytes-isolate-desktop

---

Initiate Desktop Isolation action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-isolate-desktop

Input

Argument Name	Description	Required
hostname	Hostname of an endpoint in Malwarebytes Cloud.	Optional
ip	IP of an endpoint in Malwarebytes Cloud.	Optional

Context Output

Path	Type	Description
Malwarebytes.Scan.Machine_ID	string	Endpoint ID of the host
Malwarebytes.Scan.Job_ID	string	Job ID of the scanned host

Command Example

!malwarebytes-isolate-desktop hostname=TA-AZ-CLT1

Context Example

{
    "Malwarebytes.Scan": {
        "Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a", 
        "Job_ID": "6b0d17b7-bb5b-4314-a841-f25ae93c6a8e"
    }
}

Human Readable Output

Desktop Isolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 6b0d17b7-bb5b-4314-a841-f25ae93c6a8e. Use job_id in malwarebytes-get-job-status command to view results

6. malwarebytes-isolate-network

---

Initiate Network Isolation action on an endpoint based on IP or Hostname.

Base Command

malwarebytes-isolate-network

Input

Argument Name	Description	Required
hostname	Hostname of an endpoint in Malwarebytes Cloud.	Optional
ip	IP of an endpoint in Malwarebytes Cloud.	Optional

Context Output

Path	Type	Description
Malwarebytes.Scan.Machine_ID	string	Endpoint ID of the host
Malwarebytes.Scan.Job_ID	string	Job ID of the scanned host

Command Example

!malwarebytes-isolate-network hostname=TA-AZ-CLT1

Context Example

{
    "Malwarebytes.Scan": {
        "Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a", 
        "Job_ID": "cc92a1f4-7253-415d-a743-64f0ea7afb65"
    }
}

Human Readable Output

Network Isolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: cc92a1f4-7253-415d-a743-64f0ea7afb65. Use job_id in malwarebytes-get-job-status command to view results

7. malwarebytes-deisolate-endpoint

---

Initiate Deisolation action on an endpoint based on IP or Hostname. This action deisolate an endpoint by Process, Network and Desktop.

Base Command

malwarebytes-deisolate-endpoint

Input

Argument Name	Description	Required
hostname	Hostname of an endpoint in Malwarebytes Cloud.	Optional
ip	IP of an endpoint in Malwarebytes Cloud.	Optional

Context Output

Path	Type	Description
Malwarebytes.Scan.Machine_ID	string	Endpoint ID of the host
Malwarebytes.Scan.Job_ID	string	Job ID of the scanned host

Command Example

!malwarebytes-deisolate-endpoint hostname=TA-AZ-CLT1

Context Example

{
    "Malwarebytes.Scan": {
        "Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a", 
        "Job_ID": "8dab60e1-e6d8-47c3-b321-0a74de329d20"
    }
}

Human Readable Output

Deisolation action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 8dab60e1-e6d8-47c3-b321-0a74de329d20. Use job_id in malwarebytes-get-job-status command to view results

8. malwarebytes-list-endpoints

---

List all/online/offline endpoints available in the Malwarebytes Cloud.

Base Command

malwarebytes-list-endpoints

Input

Argument Name	Description	Required
endpoints	Enter value 'all' to get all endpoints and value 'online' or 'offline' to get online/offline endpoints.	Optional

Context Output

Path	Type	Description
Malwarebytes.Endpoint.total_count	int	total count of all/online/offline endpoints.

Command Example

!malwarebytes-list-endpoints endpoints=all

Context Example

{
    "Malwarebytes.Endpoint": {
        "total_count": 5
    }
}

Human Readable Output

Found all 5 Endpoints from Malwarebytes Cloud:

created_at	id	last_seen_at	name	online	os_architecture	os_platform	os_release_name
2020-02-05T10:12:55.187467Z	017febb6-ae68-4c15-9918-d911c72d062a	2020-04-16T14:05:41.668409Z	TA-AZ-CLT1	false	AMD64	WINDOWS	Microsoft Windows 10 Pro
2020-03-31T08:42:14.319976Z	1d711cdc-6c6c-4457-927f-2528ecc857a0	2020-04-15T08:50:42.737922Z	EC2AMAZ-KK7M02P	false	AMD64	WINDOWS	Microsoft Windows Server 2019 Datacenter
2020-02-05T09:50:02.194556Z	211d8c3e-142c-4849-b1f0-1680b4bd239c	2020-04-22T09:07:41.206037Z	DESKTOP-LI4MQ7B	true	AMD64	WINDOWS	Microsoft Windows 10 Enterprise
2019-11-25T19:47:15.833008Z	b5740188-00a2-434b-a180-5b0fa85cb10b	2020-04-21T18:17:43.064707Z	DESKTOP-91UJNA1	false	AMD64	WINDOWS	Microsoft Windows 10 Pro
2019-10-18T09:26:26.993555Z	5074ade3-5716-44d8-83c7-5985379c0399	2020-04-22T09:32:25.813131Z	DESKTOP-664HFM6	true	AMD64	WINDOWS	Microsoft Windows 10 Pro

9. malwarebytes-list-endpoint-info

---

Lists more granular information about an endpoint.

Base Command

malwarebytes-list-endpoint-info

Input

Argument Name	Description	Required
hostname	Hostname of an endpoint in Malwarebytes Cloud.	Optional
ip	IP of an endpoint in Malwarebytes Cloud.	Optional

Context Output

Path	Type	Description
Malwarebytes.Endpoint.Assets	string	Asset information of the endpoint.
Malwarebytes.Endpoint.Hostname	string	The hostname that is mapped to this endpoint.
Malwarebytes.Endpoint.IPAddress	string	The IP address of the endpoint.
Malwarebytes.Endpoint.Domain	string	The domain of the endpoint.
Malwarebytes.Endpoint.MACAddress	string	The MAC address of the endpoint.
Malwarebytes.Endpoint.OS	string	Endpoint OS.
Malwarebytes.Endpoint.OSVersion	string	OS version.
Malwarebytes.Endpoint.Model	string	The model of the machine or device.
Malwarebytes.Endpoint.Memory	int	Memory on this endpoint.
Endpoint.Hostname	string	The hostname that is mapped to this endpoint.
Endpoint.IPAddress	string	The IP address of the endpoint.
Endpoint.Domain	string	The domain of the endpoint.
Endpoint.MACAddress	string	The MAC address of the endpoint.
Endpoint.OS	string	Endpoint OS.
Endpoint.OSVersion	string	OS version.
Endpoint.Model	string	The model of the machine or device.
Endpoint.Memory	int	Memory on this endpoint.

Command Example

!malwarebytes-list-endpoint-info hostname=TA-AZ-CLT1

Context Example

{
    "Malwarebytes.Endpoint": {
        "MACAddress": "000D3A0AFEC2", 
        "Domain": "", 
        "Assets": {
            "computer_info": {
                "model": "Virtual Machine", 
                "manufacturer": "Microsoft Corporation"
            }, 
            "plugin_version": "1.2.0.330", 
            "object_sid": "", 
            "updates_installed": [], 
            "dhcp_scope_name": "", 
            "object_guid": "", 
            "drives": [
                {
                    "name": "C:\\", 
                    "total_size": 135838822400, 
                    "freespace_available": 124591616000, 
                    "freespace_total": 124591616000, 
                    "volume_label": "Windows", 
                    "drive_format": "NTFS"
                }, 
                {
                    "name": "D:\\", 
                    "total_size": 8588816384, 
                    "freespace_available": 7477661696, 
                    "freespace_total": 7477661696, 
                    "volume_label": "Temporary Storage", 
                    "drive_format": "NTFS"
                }
            ], 
            "domain_name": "", 
            "culture": "en-US", 
            "nics": [
                {
                    "ips": [
                        "10.0.0.11"
                    ], 
                    "description": "Microsoft Hyper-V Network Adapter", 
                    "mac_address": "000D3A0AFEC2"
                }
            ], 
            "host_name": "TA-AZ-CLT1", 
            "software_installed": [
                {
                    "product": "Google Chrome", 
                    "version": "80.0.3987.87", 
                    "vendor": "Google LLC", 
                    "installed_date": "2020-02-05T00:00:00Z"
                }, 
                {
                    "product": "Malwarebytes Endpoint Agent", 
                    "version": "1.2.0.0", 
                    "vendor": "Malwarebytes", 
                    "installed_date": "2020-02-05T00:00:00Z"
                }
            ], 
            "memory": {
                "total_physical": 4294967296, 
                "total_virtual": 5368094720, 
                "free_virtual": 2920792064, 
                "free_physical": 1683750912
            }, 
            "time_zone": "Etc/GMT", 
            "startups": [
                {
                    "value": "explorer.exe", 
                    "name": "Shell", 
                    "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
                }, 
                {
                    "value": "", 
                    "name": "System", 
                    "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
                }, 
                {
                    "value": "", 
                    "name": "Taskman", 
                    "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
                }, 
                {
                    "value": "C:\\windows\\system32\\userinit.exe,", 
                    "name": "Userinit", 
                    "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
                }, 
                {
                    "value": "C:\\windows\\system32\\SecurityHealthSystray.exe", 
                    "name": "SecurityHealth", 
                    "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
                }, 
                {
                    "value": "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}", 
                    "name": "WebCheck", 
                    "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad"
                }, 
                {
                    "name": "Authentication Packages", 
                    "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
                }, 
                {
                    "name": "Notification Packages", 
                    "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
                }, 
                {
                    "name": "Security Packages", 
                    "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
                }, 
                {
                    "value": "credssp.dll", 
                    "name": "SecurityProviders", 
                    "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders"
                }
            ], 
            "fully_qualified_host_name": "TA-AZ-CLT1", 
            "os_info": {
                "os_release_name": "Microsoft Windows 10 Pro", 
                "os_type": "Workstation", 
                "os_architecture": "Amd64", 
                "os_platform": "Windows", 
                "os_version": "10.0.17763"
            }
        }, 
        "OS": "Windows", 
        "Hostname": "TA-AZ-CLT1", 
        "Memory": {
            "total_physical": 4294967296, 
            "total_virtual": 5368094720, 
            "free_virtual": 2920792064, 
            "free_physical": 1683750912
        }, 
        "Model": "Virtual Machine", 
        "OSVersion": "10.0.17763", 
        "IPAddress": [
            {
                "ips": [
                    "10.0.0.11"
                ], 
                "description": "Microsoft Hyper-V Network Adapter", 
                "mac_address": "000D3A0AFEC2"
            }
        ]
    }, 
    "Endpoint": {
        "MACAddress": "000D3A0AFEC2", 
        "Domain": "", 
        "OS": "Windows", 
        "Hostname": "TA-AZ-CLT1", 
        "Memory": 5368094720, 
        "Model": "Virtual Machine", 
        "OSVersion": "10.0.17763", 
        "IPAddress": "10.0.0.11"
    }
}

Human Readable Output

Endpoint Information for the Hostname: TA-AZ-CLT1

computer_info	culture	dhcp_scope_name	domain_name	drives	fully_qualified_host_name	host_name	memory	nics	object_guid	object_sid	os_info	plugin_version	software_installed	startups	time_zone	updates_installed
manufacturer: Microsoft Corporation model: Virtual Machine	en-US			{'freespace_available': 124591616000, 'volume_label': 'Windows', 'drive_format': 'NTFS', 'freespace_total': 124591616000, 'name': 'C:\', 'total_size': 135838822400}, {'freespace_available': 7477661696, 'volume_label': 'Temporary Storage', 'drive_format': 'NTFS', 'freespace_total': 7477661696, 'name': 'D:\', 'total_size': 8588816384}	TA-AZ-CLT1	TA-AZ-CLT1	total_virtual: 5368094720 free_virtual: 2920792064 total_physical: 4294967296 free_physical: 1683750912	{'mac_address': '000D3A0AFEC2', 'description': 'Microsoft Hyper-V Network Adapter', 'ips': ['10.0.0.11']}			os_platform: Windows os_architecture: Amd64 os_version: 10.0.17763 os_release_name: Microsoft Windows 10 Pro os_type: Workstation	1.2.0.330	{'vendor': 'Google LLC', 'product': 'Google Chrome', 'installed_date': '2020-02-05T00:00:00Z', 'version': '80.0.3987.87'}, {'vendor': 'Malwarebytes', 'product': 'Malwarebytes Endpoint Agent', 'installed_date': '2020-02-05T00:00:00Z', 'version': '1.2.0.0'}	{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Shell', 'value': 'explorer.exe'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'System', 'value': ''}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Taskman', 'value': ''}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Userinit', 'value': 'C:\windows\system32\userinit.exe,'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', 'name': 'SecurityHealth', 'value': 'C:\windows\system32\SecurityHealthSystray.exe'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad', 'name': 'WebCheck', 'value': '{E6FB5E20-DE35-11CF-9C87-00AA005127ED}'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Authentication Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Notification Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Security Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders', 'name': 'SecurityProviders', 'value': 'credssp.dll'}	Etc/GMT

10. malwarebytes-get-scan-detections

---

Lists detections from an endpoint for the scans initiated from Demisto.

Base Command

malwarebytes-get-scan-detections

Input

Argument Name	Description	Required
job_id	Job ID of the initiated Scan actions only.	Required

Context Output

Path	Type	Description
Malwarebytes.Scan.Job_ID	string	Job_Id of the initiated Scan/Isolation/Deisolation actions.
Malwarebytes.Scan.Status	string	Scan Status for the host
Malwarebytes.Scan.Detections	string	Scan detections for the host

Command Example

!malwarebytes-get-scan-detections job_id=931f63ca-e14f-43ad-85d2-3eb8236f1bdd

Context Example

{
    "Malwarebytes.Scan": {
        "Status": "COMPLETED", 
        "Detections": [
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\MHTQR4AW1913.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\EKATI3479.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCOKDBVT\\5WRQN2VY9117.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AMDSCQBK\\EKATI3234.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RKSUGKK2\\EKATI1111.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RKSUGKK2\\5IPWAWNR7377.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\UWAEL22C6434.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\GJL0GTPS2496.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\EKATI5786.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\REAQNH4P\\AAWK4JEC6577.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R5QH05OL\\EKATI5120.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QJTCQTO5\\EKATI3976.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QGZQD505\\EKATI6903.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QDI3PGI1\\EKATI8011.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PHVALVXM\\EKATI5172.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PCHQV24F\\EKATI8221.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\PCHQV24F\\0LI1UX235485.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\OX4R0SZA\\EKATI6865.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\K2LXHNO1\\EKATI6770.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\K1UQJ5KL\\EKATI1034.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\JI4PZP0K\\EKATI5574.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ICOWWYNX\\EKATI7940.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\HUOBVYD0\\EKATI8486.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\H0LKYXKH\\EKATI6183.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZWIZHTVD\\EKATI6050.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZAAN0543\\EKATI4385.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\YWDLSBOE\\EKATI7806.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\Y2YWHFY47970.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\HVAVEBY58253.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XXQBCKEL\\EKATI6877.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\XDFR4BMU\\EKATI1611.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X5IN24J2\\EKATI2562.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X3DL34QB\\EKATI4718.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\WAWZXFJU\\EKATI3613.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\VAIVLV51\\EKATI2378.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\NKWWQ5337273.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\KQDYZ5DZ2805.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FW3M1KTG\\EKATI8812.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FNKI23QO\\EKATI9379.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FMULGDCG\\EKATI5361.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\EZ3VSVR0\\EKATI3626.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DYEBLIJJ\\EKATI2757.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DVM05IV0\\EKATI4168.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\DKI4HFKX\\EKATI2083.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TXS354JE\\EKATI7864.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TFDVXDEW\\EKATI3594.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TCERNEHR\\EKATI3060.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SSODDPVL\\EKATI3273.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SK4GT55H\\NSMDWPVW1226.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SK4GT55H\\EKATI6166.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SJRCS2D5\\EKATI3838.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\S0RPYHDI\\EKATI1244.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MDX3HHPZ\\EKATI7764.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\HURT2A3R4366.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\GVXQMXK04108.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MA2EZOX5\\EKATI5862.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LTMZR34O\\EKATI8397.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\5KE1T1MN\\EKATI3121.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\40ASYTIK\\EKATI2489.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\2VR0DR23\\EKATI9180.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\22PMRE41\\EKATI2935.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\1U0KTXL4\\EKATI4859.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.FileLocker", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\0TNNQOPO\\EKATI4374.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "arw", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Ransom.Ekati", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\0TNNQOPO\\CHLGY5ZD1037.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "Malware", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Generic.Malware/Suspicious", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\BIN3333.RAR", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "Malware", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "DDoSTool.Nitol", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CCTV.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "PUP", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "PUP.Optional.Solimba", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\MICROSOFT OFFICE 2007 SERVICE PACK 2.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "Malware", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Trojan.ServStart", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\FCK_RSC.DUMP", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }, 
            {
                "category": "Malware", 
                "status": "found", 
                "machine_name": "DESKTOP-664HFM6", 
                "reported_at": "2020-03-03T13:28:57.393772Z", 
                "threat_name": "Generic.Malware/Suspicious", 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\2211.RAR", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399", 
                "type": [
                    "file"
                ]
            }
        ], 
        "Job_ID": "931f63ca-e14f-43ad-85d2-3eb8236f1bdd"
    }
}

Human Readable Output

Scan Detections Report for the Job_Id: 931f63ca-e14f-43ad-85d2-3eb8236f1bdd

category	machine_id	machine_name	path	reported_at	status	threat_name	type
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\MHTQR4AW1913.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\EKATI3479.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCOKDBVT\5WRQN2VY9117.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AMDSCQBK\EKATI3234.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RKSUGKK2\EKATI1111.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RKSUGKK2\5IPWAWNR7377.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\UWAEL22C6434.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\GJL0GTPS2496.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\EKATI5786.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\REAQNH4P\AAWK4JEC6577.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R5QH05OL\EKATI5120.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QJTCQTO5\EKATI3976.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QGZQD505\EKATI6903.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QDI3PGI1\EKATI8011.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PHVALVXM\EKATI5172.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PCHQV24F\EKATI8221.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\PCHQV24F\0LI1UX235485.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\OX4R0SZA\EKATI6865.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\K2LXHNO1\EKATI6770.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\K1UQJ5KL\EKATI1034.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\JI4PZP0K\EKATI5574.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ICOWWYNX\EKATI7940.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\HUOBVYD0\EKATI8486.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\H0LKYXKH\EKATI6183.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZWIZHTVD\EKATI6050.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZAAN0543\EKATI4385.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\YWDLSBOE\EKATI7806.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\Y2YWHFY47970.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\HVAVEBY58253.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XXQBCKEL\EKATI6877.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\XDFR4BMU\EKATI1611.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X5IN24J2\EKATI2562.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X3DL34QB\EKATI4718.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\WAWZXFJU\EKATI3613.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\VAIVLV51\EKATI2378.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\NKWWQ5337273.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\KQDYZ5DZ2805.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FW3M1KTG\EKATI8812.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FNKI23QO\EKATI9379.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FMULGDCG\EKATI5361.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\EZ3VSVR0\EKATI3626.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DYEBLIJJ\EKATI2757.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DVM05IV0\EKATI4168.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\DKI4HFKX\EKATI2083.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TXS354JE\EKATI7864.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TFDVXDEW\EKATI3594.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TCERNEHR\EKATI3060.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SSODDPVL\EKATI3273.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SK4GT55H\NSMDWPVW1226.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SK4GT55H\EKATI6166.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SJRCS2D5\EKATI3838.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\S0RPYHDI\EKATI1244.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MDX3HHPZ\EKATI7764.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\HURT2A3R4366.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\GVXQMXK04108.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MA2EZOX5\EKATI5862.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LTMZR34O\EKATI8397.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\5KE1T1MN\EKATI3121.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\40ASYTIK\EKATI2489.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\2VR0DR23\EKATI9180.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\22PMRE41\EKATI2935.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\1U0KTXL4\EKATI4859.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\0TNNQOPO\EKATI4374.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.FileLocker	file
arw	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\0TNNQOPO\CHLGY5ZD1037.EXE	2020-03-03T13:28:57.393772Z	found	Ransom.Ekati	file
Malware	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\BIN3333.RAR	2020-03-03T13:28:57.393772Z	found	Generic.Malware/Suspicious	file
Malware	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CCTV.EXE	2020-03-03T13:28:57.393772Z	found	DDoSTool.Nitol	file
PUP	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\MICROSOFT OFFICE 2007 SERVICE PACK 2.EXE	2020-03-03T13:28:57.393772Z	found	PUP.Optional.Solimba	file
Malware	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\FCK_RSC.DUMP	2020-03-03T13:28:57.393772Z	found	Trojan.ServStart	file
Malware	5074ade3-5716-44d8-83c7-5985379c0399	DESKTOP-664HFM6	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\2211.RAR	2020-03-03T13:28:57.393772Z	found	Generic.Malware/Suspicious	file

11. malwarebytes-get-job-status

---

Lists scan/isolation/deisolation status of the endpoint for the scan/isolation/deisolation initated from Demisto.

Base Command

malwarebytes-get-job-status

Input

Argument Name	Description	Required
job_id	Job_Id of the initiated Scan/Isolation/Deisolation actions.	Required

Context Output

Path	Type	Description
Malwarebytes.Scan.Job_ID	string	Job_Id of the initiated Scan/Isolation/Deisolation actions.
Malwarebytes.Scan.Status	string	Scan Status for the host

Command Example

!malwarebytes-get-job-status job_id=831afff7-7511-40be-a1ce-eace622e1e3e

Context Example

{
    "Malwarebytes.Scan": {
        "Status": "EXPIRED", 
        "Job_ID": "831afff7-7511-40be-a1ce-eace622e1e3e"
    }
}

Human Readable Output

Scan Status for the job_id 831afff7-7511-40be-a1ce-eace622e1e3e is EXPIRED

12. malwarebytes-open-sa-incident

---

Open Suspicious Activity for investigation in Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command

malwarebytes-open-sa-incident

Input

Argument Name	Description	Required
machine_id	Machine ID of an endpoint where Suspicious Activity is found.	Required
detection_id	Detection ID of the Suspicious Activity.	Required

Context Output

Path	Type	Description
Malwarebytes.SA.Machine_ID	string	Machine ID of the Suspicious host

Command Example

!malwarebytes-open-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306685

Context Example

{
    "Malwarebytes.SA": {
        "Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
    }
}

Human Readable Output

Open SA Incident action is initiated Successfully for the detection id: 69306685

13. malwarebytes-remediate-sa-incident

---

Remediate Suspicious Activity from Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command

malwarebytes-remediate-sa-incident

Input

Argument Name	Description	Required
machine_id	Machine ID of an endpoint in Malwarebytes Cloud where Suspicious Activity is found.	Required
detection_id	Detection ID of the Suspicious Activity	Required

Context Output

Path	Type	Description
Malwarebytes.SA.Machine_ID	string	Machine ID of the Suspicious host

Command Example

!malwarebytes-remediate-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306697

Context Example

{
    "Malwarebytes.SA": {
        "Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
    }
}

Human Readable Output

Remediate SA Incident action is initiated Successfully for the detection id: 69306697

14. malwarebytes-close-sa-incident

---

Close Suspicious Activity Incident in Malwarebytes Cloud. Use malwarebytes-get-sa-activities command to get machine and detection ID.

Base Command

malwarebytes-close-sa-incident

Input

Argument Name	Description	Required
machine_id	Machine ID of an endpoint in Malwarebytes Cloud where Suspicious Activity is found.	Required
detection_id	Detection ID of the Suspicious Activity.	Required

Context Output

Path	Type	Description
Malwarebytes.SA.Machine_ID	string	Machine ID of the Suspicious host

Command Example

!malwarebytes-close-sa-incident machine_id=5074ade3-5716-44d8-83c7-5985379c0399 detection_id=69306685

Context Example

{
    "Malwarebytes.SA": {
        "Machine_ID": "5074ade3-5716-44d8-83c7-5985379c0399"
    }
}

Human Readable Output

Close SA Incident action is initiated Successfully for the detection id: 69306685

15. malwarebytes-get-sa-activities

---

Lists all suspicious activities from hostname value and list all the hostnames from path of file.

Base Command

malwarebytes-get-sa-activities

Input

Argument Name	Description	Required
hostname	Hostname of the endpoint.	Optional
path	Path of the file to be searched in suspicious activities.	Optional

Context Output

Path	Type	Description
Malwarebytes.Endpoint.Suspicious_Activities	string	Suspicious Activities for the host

Command Example

!malwarebytes-get-sa-activities hostname=DESKTOP-664HFM6

Context Example

{
    "Malwarebytes.Endpoint": {
        "Suspicious_Activities": [
            {
                "status": "closed", 
                "detection_id_list": [
                    69306685
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-22T00:22:03.000Z", 
                "detected_by_count": 1, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\51I24R0R\\4S4USN157912.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "processing", 
                "detection_id_list": [
                    69306697
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-22T00:22:03.000Z", 
                "detected_by_count": 2, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\51I24R0R\\EKATI3419.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69298563
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-22T00:03:17.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZRPQZLD0\\EKATI4166.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69297395
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-22T00:00:18.000Z", 
                "detected_by_count": 3, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ULHYC0ZK\\EKATI7387.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69293149
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-21T23:51:31.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\SXM2TCFT\\EKATI7194.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69224002
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T21:26:21.000Z", 
                "detected_by_count": 3, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Y20DB3LK\\EKATI3988.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69216054
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-21T21:14:39.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\1VG2J1ZZ\\EKATI9823.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69216153
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T21:13:28.000Z", 
                "detected_by_count": 1, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CJGQRXFS\\WR1LKLFO5074.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69216169
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T21:13:27.000Z", 
                "detected_by_count": 2, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\CJGQRXFS\\EKATI7396.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69205108
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-21T20:53:33.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\WGKUJRGM\\EKATI7827.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69199010
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T20:41:41.000Z", 
                "detected_by_count": 1, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\NURKWB4B\\MIYO4ZBX5817.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69199008
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T20:41:40.000Z", 
                "detected_by_count": 2, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\NURKWB4B\\EKATI1485.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69196909
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-21T20:41:15.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Z2QEP4IQ\\EKATI1206.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69183153
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T20:18:19.000Z", 
                "detected_by_count": 1, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R0TZHA1D\\QTVKKU0O3864.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69183344
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T20:18:18.000Z", 
                "detected_by_count": 2, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\R0TZHA1D\\EKATI3336.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69182161
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-21T20:16:25.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\Y5B35RXH\\EKATI4787.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    69182258
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T20:16:06.000Z", 
                "detected_by_count": 2, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\QI2K3DLV\\EKATI8446.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    68915780
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-21T13:35:33.000Z", 
                "detected_by_count": 1, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LERQ0DSN\\PFNLX1ZC2666.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    68915910
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-21T13:35:28.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LERQ0DSN\\EKATI1279.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    68917631
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T13:35:21.000Z", 
                "detected_by_count": 1, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\KGSXOYUY\\1DM4MJK56911.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    68917642
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-21T13:35:21.000Z", 
                "detected_by_count": 3, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\KGSXOYUY\\EKATI5694.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67932985
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-20T08:46:20.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TLX3EVTX\\EKATI4102.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67932021
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-20T08:45:38.000Z", 
                "detected_by_count": 9, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LYFB0FPR\\EKATI8717.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67932009
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-20T08:45:35.000Z", 
                "detected_by_count": 8, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X0BDZ1FX\\EKATI5156.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67932084
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-20T08:45:32.000Z", 
                "detected_by_count": 3, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZAX2TN0U\\EKATI3331.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67932008
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-20T08:45:08.000Z", 
                "detected_by_count": 10, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\V1YOTCGH\\EKATI1530.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67932145
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-20T08:45:02.000Z", 
                "detected_by_count": 1, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\E55QEANT8731.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67932186
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-20T08:45:02.000Z", 
                "detected_by_count": 2, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\EKATI7353.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "closed", 
                "detection_id_list": [
                    67931295
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-20T08:43:34.000Z", 
                "detected_by_count": 9, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IMPDUHIQ\\EKATI3476.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "processing", 
                "detection_id_list": [
                    67931302
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-20T08:43:31.000Z", 
                "detected_by_count": 9, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\4KQQJWG5\\EKATI4354.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "processing", 
                "detection_id_list": [
                    67931496
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-20T08:43:24.000Z", 
                "detected_by_count": 1, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\CSF2FQEI8635.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67931509
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 2, 
                "timestamp": "2020-04-20T08:43:24.000Z", 
                "detected_by_count": 3, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\EKATI2270.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }, 
            {
                "status": "detected", 
                "detection_id_list": [
                    67931294
                ], 
                "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", 
                "pc_hostname": "DESKTOP-664HFM6", 
                "level": 3, 
                "timestamp": "2020-04-20T08:43:16.000Z", 
                "detected_by_count": 11, 
                "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RGCNKCKH\\EKATI1130.EXE", 
                "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
            }
        ]
    }
}

Human Readable Output

Suspicious Activites found for the host: DESKTOP-664HFM6

account_id	detected_by_count	detection_id_list	level	machine_id	path	pc_hostname	status	timestamp
2020bd17-a809-4102-b744-94fe8ad1c591	1	69306685	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\51I24R0R\4S4USN157912.EXE	DESKTOP-664HFM6	closed	2020-04-22T00:22:03.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	2	69306697	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\51I24R0R\EKATI3419.EXE	DESKTOP-664HFM6	processing	2020-04-22T00:22:03.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	69298563	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZRPQZLD0\EKATI4166.EXE	DESKTOP-664HFM6	detected	2020-04-22T00:03:17.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	3	69297395	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ULHYC0ZK\EKATI7387.EXE	DESKTOP-664HFM6	detected	2020-04-22T00:00:18.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	69293149	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\SXM2TCFT\EKATI7194.EXE	DESKTOP-664HFM6	detected	2020-04-21T23:51:31.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	3	69224002	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Y20DB3LK\EKATI3988.EXE	DESKTOP-664HFM6	detected	2020-04-21T21:26:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	69216054	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\1VG2J1ZZ\EKATI9823.EXE	DESKTOP-664HFM6	detected	2020-04-21T21:14:39.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	1	69216153	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CJGQRXFS\WR1LKLFO5074.EXE	DESKTOP-664HFM6	detected	2020-04-21T21:13:28.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	2	69216169	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\CJGQRXFS\EKATI7396.EXE	DESKTOP-664HFM6	detected	2020-04-21T21:13:27.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	69205108	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\WGKUJRGM\EKATI7827.EXE	DESKTOP-664HFM6	detected	2020-04-21T20:53:33.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	1	69199010	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\NURKWB4B\MIYO4ZBX5817.EXE	DESKTOP-664HFM6	detected	2020-04-21T20:41:41.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	2	69199008	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\NURKWB4B\EKATI1485.EXE	DESKTOP-664HFM6	detected	2020-04-21T20:41:40.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	69196909	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Z2QEP4IQ\EKATI1206.EXE	DESKTOP-664HFM6	detected	2020-04-21T20:41:15.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	1	69183153	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R0TZHA1D\QTVKKU0O3864.EXE	DESKTOP-664HFM6	detected	2020-04-21T20:18:19.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	2	69183344	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\R0TZHA1D\EKATI3336.EXE	DESKTOP-664HFM6	detected	2020-04-21T20:18:18.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	69182161	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\Y5B35RXH\EKATI4787.EXE	DESKTOP-664HFM6	detected	2020-04-21T20:16:25.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	2	69182258	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\QI2K3DLV\EKATI8446.EXE	DESKTOP-664HFM6	detected	2020-04-21T20:16:06.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	1	68915780	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LERQ0DSN\PFNLX1ZC2666.EXE	DESKTOP-664HFM6	detected	2020-04-21T13:35:33.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	68915910	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LERQ0DSN\EKATI1279.EXE	DESKTOP-664HFM6	detected	2020-04-21T13:35:28.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	1	68917631	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\KGSXOYUY\1DM4MJK56911.EXE	DESKTOP-664HFM6	detected	2020-04-21T13:35:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	3	68917642	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\KGSXOYUY\EKATI5694.EXE	DESKTOP-664HFM6	detected	2020-04-21T13:35:21.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	67932985	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\TLX3EVTX\EKATI4102.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:46:20.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	9	67932021	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\LYFB0FPR\EKATI8717.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:45:38.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	8	67932009	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\X0BDZ1FX\EKATI5156.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:45:35.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	3	67932084	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\ZAX2TN0U\EKATI3331.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:45:32.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	10	67932008	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\V1YOTCGH\EKATI1530.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:45:08.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	1	67932145	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IJJZUABZ\E55QEANT8731.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:45:02.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	2	67932186	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IJJZUABZ\EKATI7353.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:45:02.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	9	67931295	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\IMPDUHIQ\EKATI3476.EXE	DESKTOP-664HFM6	closed	2020-04-20T08:43:34.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	9	67931302	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\4KQQJWG5\EKATI4354.EXE	DESKTOP-664HFM6	processing	2020-04-20T08:43:31.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	1	67931496	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AVQCVSEN\CSF2FQEI8635.EXE	DESKTOP-664HFM6	processing	2020-04-20T08:43:24.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	3	67931509	2	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\AVQCVSEN\EKATI2270.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:43:24.000Z
2020bd17-a809-4102-b744-94fe8ad1c591	11	67931294	3	5074ade3-5716-44d8-83c7-5985379c0399	C:\USERS\ROHIN SAMBATH KUMAR\DESKTOP\RGCNKCKH\EKATI1130.EXE	DESKTOP-664HFM6	detected	2020-04-20T08:43:16.000Z