Re: Threat prevention api issue

Neville_Kuo · ‎2019-05-26

Hi everyone,

We're a distributor of Taiwan and so far we're helping our partner to do Threat Prevention web API test, the purpose is to upload a bunch of malicious sample and download those reports if emulation is ended, but what I see the result is totally different from test with CLI.

Of course we've done the configuration per sk113599 before web api test, and all the API command are based on CP_1.0_ThreatPreventionAPI_APIRefGuide.pdf.

Below are the screen shots and logs of web api test:

1.No emulator running after files are uploaded through web api:

2.But TED.elg has lots our outputs, with strange logs as below:

Handling new file "ce888bfac528f546529a6be35abc70bb", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{31AEDFDD-532C-1746-A1B4-7D42830F45EA}_remote, rule_number = -1, rule name = , investigation_path = PATH_TE

[TE_SM]: SchemaManager: get_profile_data failed - rule_number -1 not in map

What is rule number -1 anyway? We don't have such rule number.

3.If we run with te_add_files everything looks fine:

4.Smart console logs screenshot compare, you may see the same file but 2 different results, the left one is run with te_add_file and the right one is throught web API, the report counts are totally different.

We've disabled static analysis and clean TE cache each time, but still no luck, sample report counts we can also found it in $FWDIR/log/blobs folder.

Is there any parameter missing when doing web API test?

Neville_Kuo · ‎2019-05-26

Sorry, I don't know how to attach a log file, so I paste it.

The TED.elg of Web API:

=================================================================================

[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} Handling new file "ce888bfac528f546529a6be35abc70bb", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{87FE4989-6A72-204C-B0E1-46F9A10135A8}_remote, rule_number = -1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} Local Partial response is enabled
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} Remote Partial response is enabled
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} Cloud Partial response is enabled
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {08F31326-5E5D-4149-8AE8-972FB72A5484} adding image '5e5de275-a103-4f67-b55b-47532918fa59' for emulation
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {08F31326-5E5D-4149-8AE8-972FB72A5484} adding image 'e50e99f3-5963-4573-af9e-e3f4750b55e2' for emulation
[22389 4117399456][23 May 17:30:50] [TE (TD::Surprise)] te::SummaryReportsTable::CreateImagesBitMap: Failed to get index if image with uid 5e5de275-a103-4f67-b55b-47532918fa59 and revision 0
[22389 4117399456][23 May 17:30:50] [TE (TD::Surprise)] te::SummaryReportsTable::RetrieveReportUIDIfExists: Failed to create images bit-map. Can't retrieve report from database
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} File is executable - type is: exe
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} adding image '5e5de275-a103-4f67-b55b-47532918fa59' for emulation
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} adding image 'e50e99f3-5963-4573-af9e-e3f4750b55e2' for emulation
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} Hashes: md5=ce888bfac528f546529a6be35abc70bb, sha1=5c503e8d9e56d521b474ff76ea0e7f987999ae12
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} url is empty, don't check in white domains
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:30:50] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:30:50] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{018228E7-9D4C-D544-A746-13A3603D5C96}",
"referance_uid" : "{899B87D2-E58C-464F-9B4F-951464110F2F}"
}

[22389 4117399456][23 May 17:30:50] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{018228E7-9D4C-D544-A746-13A3603D5C96}",
"referance_uid" : "{899B87D2-E58C-464F-9B4F-951464110F2F}"
}

[22389 4117399456][23 May 17:30:50] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{018228E7-9D4C-D544-A746-13A3603D5C96}","last_update":"23.05.2019 15:10:53","referance_uid":"{899B87D2-E58C-464F-9B4F-951464110F2F}","status":3,"status_text":"INFECTED","threat_name":"Gen:Variant.Kazy.307568","threat_type":"VIRUS"}

[22389 4117399456][23 May 17:30:50] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:30:50] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{018228E7-9D4C-D544-A746-13A3603D5C96}","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{899B87D2-E58C-464F-9B4F-951464110F2F}","severity_level":"KDD_LOW","status":1,"status_text":"INFECTED","threat_name":"not-a-virus:Downloader.Win32.LMN.gen","threat_type":"KDT_RISKWARE"}

[22389 4117399456][23 May 17:30:51] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:30:54] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:30:57] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:31:00] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:31:03] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:31:07] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:31:07] [TE_TRACE]: Emulation verdict is not malicious but advisors verdict is malicious. setting verdict to malicious
[22389 4117399456][23 May 17:31:07] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} verdict 'Benign' set for image: '5e5de275-a103-4f67-b55b-47532918fa59' (Win7,Office 2013,Adobe 11) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:31:07] [TE_TRACE]: Emulation verdict is not malicious but advisors verdict is malicious. setting verdict to malicious
[22389 4117399456][23 May 17:31:07] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} verdict 'Benign' set for image: 'e50e99f3-5963-4573-af9e-e3f4750b55e2' (WinXP,Office 2003/7,Adobe 9) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:31:07] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:31:07] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:31:07] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:31:08] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:31:08] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:31:08] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:31:08] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:31:08] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:31:08] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:31:08] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:31:08] [TE_SM]: SchemaManager: get_profile_data failed - rule_number -1 not in map
[22389 4117399456][23 May 17:31:08] [TE_SM]: failed getting profile_data, returning action-none, by default
[22389 4117399456][23 May 17:31:09] [TE (TD::Surprise)] te::SummaryReportsTable::RetrieveReportUIDIfExists: Got no result for sha1 5c503e8d9e56d521b474ff76ea0e7f987999ae12 and image bit-map 0000000000000000000000000000000000000000000000000000000000000110
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:31:09] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:31:14] [TE_TRACE]: {899B87D2-E58C-464F-9B4F-951464110F2F} uploaded to te.checkpoint.com. (threat cloud sharing)

[22389 4117399456][23 May 17:33:56] [TE_TRACE]: {177100A7-AB73-D549-AF08-0A963253BF70} adding image '5e5de275-a103-4f67-b55b-47532918fa59' for emulation
[22389 4117399456][23 May 17:33:56] [TE_TRACE]: {177100A7-AB73-D549-AF08-0A963253BF70} adding image 'e50e99f3-5963-4573-af9e-e3f4750b55e2' for emulation
[22389 4117399456][23 May 17:33:56] [TE_TRACE]: {177100A7-AB73-D549-AF08-0A963253BF70} verdict 'Malicious' set for image: '5e5de275-a103-4f67-b55b-47532918fa59' (Win7,Office 2013,Adobe 11) by: 0, reason:
[22389 4117399456][23 May 17:33:56] [TE_TRACE]: {177100A7-AB73-D549-AF08-0A963253BF70} verdict 'Malicious' set for image: 'e50e99f3-5963-4573-af9e-e3f4750b55e2' (WinXP,Office 2003/7,Adobe 9) by: 0, reason:

=================================================================================

Neville_Kuo · ‎2019-05-26

And this is the TED.elg of te_add_file CLI:

================================================================================

[BEGIN] 2019/5/23 ¤U¤È 05:45:17
[22389 4117399456][23 May 17:45:51] [TE_IS_TRACE (TD::All)] te_is::SocketApiServer::HandleDataEvent: got on conn_id: 32 data:
(
:connection (
:src_ip (127.0.0.1)
:src_port ()
:dst_ip (127.0.0.1)
:dst_port (30580)
:protocol (6)
)
:meta_data (
:file_orig_name (ce22567b2a04c9200b55d88d56c03910)
:file_path ("/home/admin/test/ce22567b2a04c9200b55d88d56c03910")
:file_type ()
:file_len (0)
:protocol (http)
:rule_id (1)
:free_text ("(te_add_file)")
:should_track (1)
:malware_rule_id ()
:scope_ip ()
:conn_id ()
:session_id ()
:instance_id ()
:investigation_path (PATH_TE)
:cdir (2)
:forced_file_type ()
:sand_blast_forensics (0)
:internet_access (0)
:save_json_path ()
)
:http_data (
:url ()
)
:smtp_data (
:to ()
:from ()
:subject ()
:body_path ()
)
)

[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Handling new file "ce22567b2a04c9200b55d88d56c03910", Path: /home/admin/test/ce22567b2a04c9200b55d88d56c03910, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Local Partial response is enabled
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Remote Partial response is enabled
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Cloud Partial response is enabled
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} File is executable - type is: exe
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} adding image '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' for emulation
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} adding image '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' for emulation
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} adding image '7e6fe36e-889e-4c25-8704-56378f0830df' for emulation
[22389 4117399456][23 May 17:45:51] [TE (TD::Surprise)] te::PolicyInvestigator::DoWork: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Image Win7,Office 2013,Adobe 11 is not added to event profile, since this gateway has been limited to not include this image.
[22389 4117399456][23 May 17:45:51] [TE (TD::Surprise)] te::PolicyInvestigator::DoWork: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Image Win8.1 64b,Office 2013,Adobe 11 is not added to event profile, since this gateway has been limited to not include this image.
[22389 4117399456][23 May 17:45:51] [TE (TD::Surprise)] te::PolicyInvestigator::DoWork: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Image Win7,Office 2010,Adobe 9.4 is not added to event profile, since this gateway has been limited to not include this image.
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Hashes: md5=ce22567b2a04c9200b55d88d56c03910, sha1=0c57d97eaad122b9d14983cfab85b0d974e3d1f7
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} path in ep: in response data:
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Reporting back action: unknown; Confidence: 0; InvestigationPath: PATH_TE
[22389 4117399456][23 May 17:45:51] [TE_IS_TRACE (TD::All)] te_is::SocketApiServer::Transmit: transmit on conn_id: 32 data:
(
:event_id ("{4574D2A4-48D3-E547-B657-9D8EAD95C687}")
:action (unknown)
:confidence (none)
:done (0)
:file_path ("/home/admin/test/ce22567b2a04c9200b55d88d56c03910")
:md5_string (ce22567b2a04c9200b55d88d56c03910)
:investigation_path (PATH_TE)
:additional_data ()
:body_path ()
)

[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} url is empty, don't check in white domains
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:45:51] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:45:51] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/home/admin/test/ce22567b2a04c9200b55d88d56c03910",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}"
}

[22389 4117399456][23 May 17:45:51] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/home/admin/test/ce22567b2a04c9200b55d88d56c03910",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}"
}

[22389 4117399456][23 May 17:45:51] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/home/admin/test/ce22567b2a04c9200b55d88d56c03910","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}","status":3,"status_text":"INFECTED","threat_name":"Trojan.Generic.8628969","threat_type":"VIRUS"}

[22389 4117399456][23 May 17:45:51] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:45:51] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/home/admin/test/ce22567b2a04c9200b55d88d56c03910","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}","severity_level":"KDD_HIGH","status":1,"status_text":"INFECTED","threat_name":"Backdoor.Win32.Androm.muqp","threat_type":"KDT_TROJWARE"}

[22389 4117399456][23 May 17:45:52] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:45:56] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:45:59] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:46:02] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:46:05] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:46:08] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:46:08] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:46:08] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} path in ep: in response data:
[22389 4117399456][23 May 17:46:08] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Done with file; Reporting back action: drop; Confidence: 3; InvestigationPath: PATH_TE
[22389 4117399456][23 May 17:46:08] [TE_IS_TRACE (TD::All)] te_is::SocketApiServer::Transmit: transmit on conn_id: 32 data:
(
:event_id ("{4574D2A4-48D3-E547-B657-9D8EAD95C687}")
:action (drop)
:confidence (high)
:done (1)
:file_path ("/home/admin/test/ce22567b2a04c9200b55d88d56c03910")
:md5_string (ce22567b2a04c9200b55d88d56c03910)
:investigation_path (PATH_TE)
:additional_data ()
:body_path ()
)

[22389 4117399456][23 May 17:46:08] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'extractors' (phase: 'processing')
[22389 4117399456][23 May 17:46:08] [TE (TD::Surprise)] te::RPIInvocatorBase::CreateHardLinkToJail: Failed to create hardlink (status=-1): Invalid cross-device link, falling back to copy.
[22389 4117399456][23 May 17:46:10] [TE (TD::Surprise)] te::EnrichersInvocator::OnListenerCallback: Consumer request to cloud ended with error
[22389 4117399456][23 May 17:46:11] [TE (TD::Surprise)] te::EnrichersInvocator::OnListenerCallback: Consumer request to cloud ended with error
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'extractors' reporting back (status: done)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'domain threshold' (phase: 'processing')
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'domain threshold' reporting back (status: done)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'Web Emulation phase1' (phase: 'processing')
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'Web Emulation phase1' reporting back (status: done)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'Web Emulation phase2' (phase: 'processing')
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'Web Emulation phase2' reporting back (status: done)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'emulator' (phase: 'processing')
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Adding emulation request on Image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244', Run: 1, Priority: normal (0 requests in queue, 0 running emulation VMs)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Adding emulation request on Image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d', Run: 1, Priority: normal (1 requests in queue, 0 running emulation VMs)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Adding emulation request on Image: '7e6fe36e-889e-4c25-8704-56378f0830df', Run: 1, Priority: normal (2 requests in queue, 0 running emulation VMs)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 391 KeyPoint: creation. is_hps=0
[22389 4117399456][23 May 17:46:11] [TE_TRACE (TD::Important)] te::Emulation::VMloader::LoadVMprocess: Calling QEMU: /opt/CPsuite-R80.20/fw1/teCurrentPack/qemu_with_RAM.sh /opt/CPsuite-R80.20/fw1/teCurrentPack/run_64bit.sh /opt/CPsuite-R80.20/fw1/teCurrentPack/qemu_hps/bin/qemu-system-x86_64 /var/log/files_repository/images/3ff3ddae-e7fd-4969-818c-d5f1a2be336d/247/7_64.img --cpu phenom --enable-kvm -m 1024 -rtc clock=vm,base=2016-02-16T17:26:20 -k en-us -vnc 127.0.0.1:0 -usbdevice tablet -net nic,model=e1000 -monitor stdio -net tap,ifname=vm-if0,script=no,downscript=no,ssnat=172.16.0.2 -pidfile /opt/CPsuite-R80.20/fw1/tmp/vm_pid/vm_47.pid -smp 1 -snapshot -loadvm 7
[22389 4117399456][23 May 17:46:11] [TE_TRACE (TD::Important)] te::Emulation::EmulatingVM::AddFileForEmulation: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Adding file ce22567b2a04c9200b55d88d56c03910 (type: exe, emulation name: ce22567b2a04c9200b55d88d56c03910) to VM 391 (Creation In Process)(with forensics)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 391 KeyPoint: has been locked: emulating executable file
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 391 KeyPoint: has been locked: Exclusive Emulation
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 392 KeyPoint: creation. is_hps=0
[22389 4117399456][23 May 17:46:11] [TE_TRACE (TD::Important)] te::Emulation::VMloader::LoadVMprocess: Calling QEMU: /opt/CPsuite-R80.20/fw1/teCurrentPack/qemu_with_RAM.sh /opt/CPsuite-R80.20/fw1/teCurrentPack/run_64bit.sh /opt/CPsuite-R80.20/fw1/teCurrentPack/qemu_hps/bin/qemu-system-x86_64 /var/log/files_repository/images/7e6fe36e-889e-4c25-8704-56378f0830df/247/7_32.img --cpu core2duo --enable-kvm -m 512 -rtc clock=vm,base=2012-01-02T11:15:20 -k en-us -vnc 127.0.0.1:1 -usbdevice tablet -net nic,model=e1000 -monitor stdio -net tap,ifname=vm-if1,script=no,downscript=no,ssnat=172.16.0.2 -pidfile /opt/CPsuite-R80.20/fw1/tmp/vm_pid/vm_48.pid -smp 1 -snapshot -loadvm 7
[22389 4117399456][23 May 17:46:11] [TE_TRACE (TD::Important)] te::Emulation::EmulatingVM::AddFileForEmulation: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Adding file ce22567b2a04c9200b55d88d56c03910 (type: exe, emulation name: ce22567b2a04c9200b55d88d56c03910) to VM 392 (Creation In Process)(with forensics)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 392 KeyPoint: has been locked: emulating executable file
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 392 KeyPoint: has been locked: Exclusive Emulation
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 393 KeyPoint: creation. is_hps=0
[22389 4117399456][23 May 17:46:11] [TE_TRACE (TD::Important)] te::Emulation::VMloader::LoadVMprocess: Calling QEMU: /opt/CPsuite-R80.20/fw1/teCurrentPack/qemu_with_RAM.sh /opt/CPsuite-R80.20/fw1/teCurrentPack/run_64bit.sh /opt/CPsuite-R80.20/fw1/teCurrentPack/qemu_hps/bin/qemu-system-x86_64 /var/log/files_repository/images/10b4a9c6-e414-425c-ae8b-fe4dd7b25244/247/10_64.img --cpu phenom --enable-kvm -m 1024 -rtc clock=vm,base=2016-02-16T17:26:20 -k en-us -vnc 127.0.0.1:2 -usbdevice tablet -net nic,model=e1000 -monitor stdio -net tap,ifname=vm-if2,script=no,downscript=no,ssnat=172.16.0.2 -pidfile /opt/CPsuite-R80.20/fw1/tmp/vm_pid/vm_49.pid -smp 1 -snapshot -loadvm 10
[22389 4117399456][23 May 17:46:11] [TE_TRACE (TD::Important)] te::Emulation::EmulatingVM::AddFileForEmulation: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Adding file ce22567b2a04c9200b55d88d56c03910 (type: exe, emulation name: ce22567b2a04c9200b55d88d56c03910) to VM 393 (Creation In Process)(with forensics)
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 393 KeyPoint: has been locked: emulating executable file
[22389 4117399456][23 May 17:46:11] [TE_TRACE]: VM 393 KeyPoint: has been locked: Exclusive Emulation
[22389 4117399456][23 May 17:46:16] [TE_TRACE]: VM 391 KeyPoint: ready for emulation
[22389 4117399456][23 May 17:46:16] [TE_TRACE]: VM 391 KeyPoint: uploading ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:16] [TE_TRACE]: VM 391 KeyPoint: upload ack for ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:16] [TE_TRACE]: VM 391 KeyPoint: executing ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:16] [TE_TRACE]: VM 392 KeyPoint: ready for emulation
[22389 4117399456][23 May 17:46:16] [TE_TRACE]: VM 392 KeyPoint: uploading ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:16] [TE_TRACE]: VM 392 KeyPoint: upload ack for ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:16] [TE_TRACE]: VM 392 KeyPoint: executing ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:18] [TE_TRACE]: VM 391 KeyPoint: execution ack for ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687} (SUCCESS)
[22389 4117399456][23 May 17:46:18] [TE_TRACE]: Execute command response:
EP id:{4574D2A4-48D3-E547-B657-9D8EAD95C687}
File Name:ce22567b2a04c9200b55d88d56c03910
Status:SUCCESS
OpenState: SUCCESS
WindowState: SUCCESS
FailureReason: Created NonElevated Medium Process
Succeed in openning C:\te_files\ce22567b2a04c9200b55d88d56c03910.exe
[22389 4117399456][23 May 17:46:18] [TE_TRACE]: VM 392 KeyPoint: execution ack for ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687} (SUCCESS)
[22389 4117399456][23 May 17:46:18] [TE_TRACE]: Execute command response:
EP id:{4574D2A4-48D3-E547-B657-9D8EAD95C687}
File Name:ce22567b2a04c9200b55d88d56c03910
Status:SUCCESS
OpenState: SUCCESS
WindowState: SUCCESS
FailureReason: Created NonElevated Medium Process
Succeed in openning C:\te_files\ce22567b2a04c9200b55d88d56c03910.exe
[22389 4117399456][23 May 17:46:20] [TE_TRACE (TD::Important)] te::UrlRepScanner::ScanUrls: sending query for 2 urls
[22389 4117399456][23 May 17:46:21] [TE_TRACE (TD::Important)] te::UrlRepScanner::OnListenerCallback: ==> Got response for 2 urls, status 0 (success)
[22389 4117399456][23 May 17:46:23] [TE_TRACE (TD::Important)] te::UrlRepScanner::ScanUrls: sending query for 1 urls
[22389 4117399456][23 May 17:46:24] [TE_TRACE (TD::Important)] te::UrlRepScanner::OnListenerCallback: ==> Got response for 1 urls, status 0 (success)
[22389 4117399456][23 May 17:46:24] [TE_TRACE]: VM 393 KeyPoint: ready for emulation
[22389 4117399456][23 May 17:46:24] [TE_TRACE]: VM 393 KeyPoint: uploading ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:25] [TE_TRACE]: VM 393 KeyPoint: upload ack for ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:25] [TE_TRACE]: VM 393 KeyPoint: executing ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:46:27] [TE_TRACE]: VM 393 KeyPoint: execution ack for ce22567b2a04c9200b55d88d56c03910.exe {4574D2A4-48D3-E547-B657-9D8EAD95C687} (SUCCESS)
[22389 4117399456][23 May 17:46:27] [TE_TRACE]: Execute command response:
EP id:{4574D2A4-48D3-E547-B657-9D8EAD95C687}
File Name:ce22567b2a04c9200b55d88d56c03910
Status:SUCCESS
OpenState: SUCCESS
WindowState: SUCCESS
FailureReason: Created NonElevated Medium Process
Succeed in openning C:\te_files\ce22567b2a04c9200b55d88d56c03910.exe
[22389 4117399456][23 May 17:46:48] [TE_TRACE]: VM 391 KeyPoint: ready for new file
[22389 4117399456][23 May 17:46:51] [TE_TRACE]: VM 392 KeyPoint: ready for new file
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 391 KeyPoint: Emulation ended for ce22567b2a04c9200b55d88d56c03910{4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:47:18] [TE (TD::Surprise)] te::Emulation::EmulatingVM::ProlongEmulation: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Max digesting time reached.
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 391 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te_files//uac_detection_log_42.txt (path on VM: C:\Windows\Temp\LoadGuard.out) (FAILURE)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 391 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_3a109de06458cffd.bat (path on VM: C:\te_files\dropped\WMNKT.bat) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 391 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_6c7c27c1fbb27fb2.txt (path on VM: C:\te_files\dropped\WMNKT.txt) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 391 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_ee122bd79332dfeb.exe (path on VM: C:\te_files\dropped\skypee.exe) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 391 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_1e6c2ee93ad27049.exe (path on VM: C:\te_files\dropped\svchost.exe) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 391 KeyPoint: Terminating (error occured? 0, detected events: 0 malicious, 31 benign)
[22389 4117399456][23 May 17:47:18] [TE (TD::Surprise)] te::Emulation::EmulatingVM::Terminate: VM 391 (Terminating): Terminated with unhandled files inside
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 391 KeyPoint: Activating exe classifier: /var/log/files_repository/Analyzer/390183b9-6eb7-4135-9ac4-76de08ff3387/580521/exe_classifier/exe_classifier_wrapper.sh -m new_exe_classifier --api_logs_dir /opt/CPsuite-R80.20/fw1/tmp/te_files//0c57d97eaad122b9d14983cfab85b0d974e3d1f7{3ff3ddae-e7fd-4969-818c-d5f1a2be336d}_{4574D2A4-48D3-E547-B657-9D8EAD95C687} --signatures_dir /var/log/files_repository/Analyzer/2859c07d-1f23-464a-92cd-f9f1ead26915/3475 --debug_level ERROR --conf_file /opt/CPsuite-R80.20/fw1/conf/exe_classifier_conf.json --shared_language --munch --additional_info ewogICAiYWN0dWFsX2VtdWxhdGlvbl9kdXJhdGlvbiIgOiAiNjAiLAogICAiZHJvcHBlZCIgOiB7CiAgICAgICJpc19kcm9wcGVkIiA6ICJmYWxzZSIsCiAgICAgICJpc19wYXJlbnRfb2YiIDogImZhbHNlIgogICB9LAogICAiZW1iZWRkZWQiIDogewogICAgICAiaXNfZW1iZWRkZWQiIDogImZhbHNlIiwKICAgICAgImlzX3BhcmVudF9vZiIgOiAiZmFsc2UiLAogICAgICAicGFyZW50X25hbWUiIDogIiIKICAgfSwKICAgImZpbGVfZW11bGF0aW9uX25hbWUiIDogImNlMjI1NjdiMmEwNGM5MjAwYjU1ZDg4ZDU2YzAzOTEwIiwKICAgImZpbGVfZW11bGF0aW9uX3R5cGUiIDogImV4ZSIsCiAgICJmaWxlX25hbWUiIDogImNlMjI1NjdiMmEwNGM5MjAwYjU1ZDg4ZDU2YzAzOTEwIiwKICAgImZpbGVfcGF0aCIgOiAiL2hvbWUvYWRtaW4vdGVzdC9jZTIyNTY3YjJhMDRjOTIwMGI1NWQ4OGQ1NmMwMzkxMCIsCiAgICJmaWxlX3NpemUiIDogMzExMjk2LAogICAiZndfZGlyIiA6ICIvb3B0L0NQc3VpdGUtUjgwLjIwL2Z3MS8vIiwKICAgImh0dHAiIDogewogICAgICAidXJsIiA6ICIiCiAgIH0sCiAgICJpbWFnZV9yZXZpc2lvbiIgOiAiMjQ3IiwKICAgImltYWdlX3VpZCIgOiAiM2ZmM2RkYWUtZTdmZC00OTY5LTgxOGMtZDVmMWEyYmUzMzZkIiwKICAgImlzX2ludGVybmV0X2FjY2VzcyIgOiAiZmFsc2UiLAogICAiaXNfbGlua19mcm9tX21haWwiIDogImZhbHNlIiwKICAgImlzX3N0YXRpY19jbGVhbiIgOiAiZmFsc2UiLAogICAibWFnaWMiIDogIlBFMzIgZXhlY3V0YWJsZSAoR1VJKSBJbnRlbCA4MDM4NiwgZm9yIE1TIFdpbmRvd3MiLAogICAicHJvdG9jb2wiIDogIjYiLAogICAic2hhMSIgOiAiMGM1N2Q5N2VhYWQxMjJiOWQxNDk4M2NmYWI4NWIwZDk3NGUzZDFmNyIsCiAgICJzaGEyNTYiIDogImZhMTA2YzY5NDcyMDQ4ZjRjNjg4MDNiMmMzYWU0ZDlhMzA1OTRjYWJjMTRmYWIwNjM4NTVlZGI5ZmE1Y2VkMzMiLAogICAic2hvdWxkX3J1bl9tbCIgOiAidHJ1ZSIsCiAgICJzaG91bGRfcnVuX3NpZ25hdHVyZXMiIDogInRydWUiLAogICAic2lnbmF0dXJlIiA6ICIiLAogICAic2lnbmF0dXJlc19yZXZpc2lvbiIgOiAiMzQ3NSIsCiAgICJzbXRwIiA6IHsKICAgICAgImJvZHlfcGF0aCIgOiAibm9fYm9keSIsCiAgICAgICJmcm9tIiA6ICIiLAogICAgICAic3ViamVjdCIgOiAiIiwKICAgICAgInRvIiA6ICIiCiAgIH0KfQo=
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: Emulation ended for ce22567b2a04c9200b55d88d56c03910{4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:47:18] [TE (TD::Surprise)] te::Emulation::EmulatingVM::ProlongEmulation: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Max digesting time reached.
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te_files//uac_detection_log_43.txt (path on VM: C:\Windows\Temp\LoadGuard.out) (FAILURE)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_3b40c3c0239105fe.bat (path on VM: C:\te_files\dropped\EPMLP.bat) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_d642f53f4c47de47.txt (path on VM: C:\te_files\dropped\EPMLP.txt) (FAILURE)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_a098c04c21cff3a4.out (path on VM: C:\te_files\dropped\UACGateway.out) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_2efa34c8569e1221.bat (path on VM: C:\te_files\dropped\WDMVT.bat) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_41cfedfbf82c063f.txt (path on VM: C:\te_files\dropped\WDMVT.txt) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_959ac8baccd1039c.exe (path on VM: C:\te_files\dropped\skypee.exe) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_839f793ea2ff25ca.exe (path on VM: C:\te_files\dropped\svchost.exe) (SUCCESS)
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: Terminating (error occured? 0, detected events: 0 malicious, 39 benign)
[22389 4117399456][23 May 17:47:18] [TE (TD::Surprise)] te::Emulation::EmulatingVM::Terminate: VM 392 (Terminating): Terminated with unhandled files inside
[22389 4117399456][23 May 17:47:18] [TE_TRACE]: VM 392 KeyPoint: Activating exe classifier: /var/log/files_repository/Analyzer/390183b9-6eb7-4135-9ac4-76de08ff3387/580521/exe_classifier/exe_classifier_wrapper.sh -m new_exe_classifier --api_logs_dir /opt/CPsuite-R80.20/fw1/tmp/te_files//0c57d97eaad122b9d14983cfab85b0d974e3d1f7{7e6fe36e-889e-4c25-8704-56378f0830df}_{4574D2A4-48D3-E547-B657-9D8EAD95C687} --signatures_dir /var/log/files_repository/Analyzer/2859c07d-1f23-464a-92cd-f9f1ead26915/3475 --debug_level ERROR --conf_file /opt/CPsuite-R80.20/fw1/conf/exe_classifier_conf.json --shared_language --munch --additional_info ewogICAiYWN0dWFsX2VtdWxhdGlvbl9kdXJhdGlvbiIgOiAiNjAiLAogICAiZHJvcHBlZCIgOiB7CiAgICAgICJpc19kcm9wcGVkIiA6ICJmYWxzZSIsCiAgICAgICJpc19wYXJlbnRfb2YiIDogImZhbHNlIgogICB9LAogICAiZW1iZWRkZWQiIDogewogICAgICAiaXNfZW1iZWRkZWQiIDogImZhbHNlIiwKICAgICAgImlzX3BhcmVudF9vZiIgOiAiZmFsc2UiLAogICAgICAicGFyZW50X25hbWUiIDogIiIKICAgfSwKICAgImZpbGVfZW11bGF0aW9uX25hbWUiIDogImNlMjI1NjdiMmEwNGM5MjAwYjU1ZDg4ZDU2YzAzOTEwIiwKICAgImZpbGVfZW11bGF0aW9uX3R5cGUiIDogImV4ZSIsCiAgICJmaWxlX25hbWUiIDogImNlMjI1NjdiMmEwNGM5MjAwYjU1ZDg4ZDU2YzAzOTEwIiwKICAgImZpbGVfcGF0aCIgOiAiL2hvbWUvYWRtaW4vdGVzdC9jZTIyNTY3YjJhMDRjOTIwMGI1NWQ4OGQ1NmMwMzkxMCIsCiAgICJmaWxlX3NpemUiIDogMzExMjk2LAogICAiZndfZGlyIiA6ICIvb3B0L0NQc3VpdGUtUjgwLjIwL2Z3MS8vIiwKICAgImh0dHAiIDogewogICAgICAidXJsIiA6ICIiCiAgIH0sCiAgICJpbWFnZV9yZXZpc2lvbiIgOiAiMjQ3IiwKICAgImltYWdlX3VpZCIgOiAiN2U2ZmUzNmUtODg5ZS00YzI1LTg3MDQtNTYzNzhmMDgzMGRmIiwKICAgImlzX2ludGVybmV0X2FjY2VzcyIgOiAiZmFsc2UiLAogICAiaXNfbGlua19mcm9tX21haWwiIDogImZhbHNlIiwKICAgImlzX3N0YXRpY19jbGVhbiIgOiAiZmFsc2UiLAogICAibWFnaWMiIDogIlBFMzIgZXhlY3V0YWJsZSAoR1VJKSBJbnRlbCA4MDM4NiwgZm9yIE1TIFdpbmRvd3MiLAogICAicHJvdG9jb2wiIDogIjYiLAogICAic2hhMSIgOiAiMGM1N2Q5N2VhYWQxMjJiOWQxNDk4M2NmYWI4NWIwZDk3NGUzZDFmNyIsCiAgICJzaGEyNTYiIDogImZhMTA2YzY5NDcyMDQ4ZjRjNjg4MDNiMmMzYWU0ZDlhMzA1OTRjYWJjMTRmYWIwNjM4NTVlZGI5ZmE1Y2VkMzMiLAogICAic2hvdWxkX3J1bl9tbCIgOiAidHJ1ZSIsCiAgICJzaG91bGRfcnVuX3NpZ25hdHVyZXMiIDogInRydWUiLAogICAic2lnbmF0dXJlIiA6ICIiLAogICAic2lnbmF0dXJlc19yZXZpc2lvbiIgOiAiMzQ3NSIsCiAgICJzbXRwIiA6IHsKICAgICAgImJvZHlfcGF0aCIgOiAibm9fYm9keSIsCiAgICAgICJmcm9tIiA6ICIiLAogICAgICAic3ViamVjdCIgOiAiIiwKICAgICAgInRvIiA6ICIiCiAgIH0KfQo=
[22389 4117399456][23 May 17:47:27] [TE_TRACE]: VM 393 KeyPoint: Emulation ended for ce22567b2a04c9200b55d88d56c03910{4574D2A4-48D3-E547-B657-9D8EAD95C687}
[22389 4117399456][23 May 17:47:27] [TE (TD::Surprise)] te::Emulation::EmulatingVM::ProlongEmulation: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Max digesting time reached.
[22389 4117399456][23 May 17:47:27] [TE_TRACE]: VM 393 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te_files//uac_detection_log_44.txt (path on VM: C:\Windows\Temp\LoadGuard.out) (FAILURE)
[22389 4117399456][23 May 17:47:27] [TE_TRACE]: VM 393 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_4993822ce106e970.bat (path on VM: C:\te_files\dropped\MBVRM.bat) (SUCCESS)
[22389 4117399456][23 May 17:47:27] [TE_TRACE]: VM 393 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_07c78b08639d818b.txt (path on VM: C:\te_files\dropped\MBVRM.txt) (SUCCESS)
[22389 4117399456][23 May 17:47:27] [TE_TRACE]: VM 393 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_3bdff2d1e39ffac6.exe (path on VM: C:\te_files\dropped\skypee.exe) (SUCCESS)
[22389 4117399456][23 May 17:47:27] [TE_TRACE]: VM 393 KeyPoint: downloaded file ack: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_79194d91e19d3da3.exe (path on VM: C:\te_files\dropped\svchost.exe) (SUCCESS)
[22389 4117399456][23 May 17:47:27] [TE_TRACE]: VM 393 KeyPoint: Terminating (error occured? 0, detected events: 0 malicious, 32 benign)
[22389 4117399456][23 May 17:47:27] [TE (TD::Surprise)] te::Emulation::EmulatingVM::Terminate: VM 393 (Terminating): Terminated with unhandled files inside
[22389 4117399456][23 May 17:47:27] [TE_TRACE]: VM 393 KeyPoint: Activating exe classifier: /var/log/files_repository/Analyzer/390183b9-6eb7-4135-9ac4-76de08ff3387/580521/exe_classifier/exe_classifier_wrapper.sh -m new_exe_classifier --api_logs_dir /opt/CPsuite-R80.20/fw1/tmp/te_files//0c57d97eaad122b9d14983cfab85b0d974e3d1f7{10b4a9c6-e414-425c-ae8b-fe4dd7b25244}_{4574D2A4-48D3-E547-B657-9D8EAD95C687} --signatures_dir /var/log/files_repository/Analyzer/2859c07d-1f23-464a-92cd-f9f1ead26915/3475 --debug_level ERROR --conf_file /opt/CPsuite-R80.20/fw1/conf/exe_classifier_conf.json --shared_language --munch --additional_info ewogICAiYWN0dWFsX2VtdWxhdGlvbl9kdXJhdGlvbiIgOiAiNjAiLAogICAiZHJvcHBlZCIgOiB7CiAgICAgICJpc19kcm9wcGVkIiA6ICJmYWxzZSIsCiAgICAgICJpc19wYXJlbnRfb2YiIDogImZhbHNlIgogICB9LAogICAiZW1iZWRkZWQiIDogewogICAgICAiaXNfZW1iZWRkZWQiIDogImZhbHNlIiwKICAgICAgImlzX3BhcmVudF9vZiIgOiAiZmFsc2UiLAogICAgICAicGFyZW50X25hbWUiIDogIiIKICAgfSwKICAgImZpbGVfZW11bGF0aW9uX25hbWUiIDogImNlMjI1NjdiMmEwNGM5MjAwYjU1ZDg4ZDU2YzAzOTEwIiwKICAgImZpbGVfZW11bGF0aW9uX3R5cGUiIDogImV4ZSIsCiAgICJmaWxlX25hbWUiIDogImNlMjI1NjdiMmEwNGM5MjAwYjU1ZDg4ZDU2YzAzOTEwIiwKICAgImZpbGVfcGF0aCIgOiAiL2hvbWUvYWRtaW4vdGVzdC9jZTIyNTY3YjJhMDRjOTIwMGI1NWQ4OGQ1NmMwMzkxMCIsCiAgICJmaWxlX3NpemUiIDogMzExMjk2LAogICAiZndfZGlyIiA6ICIvb3B0L0NQc3VpdGUtUjgwLjIwL2Z3MS8vIiwKICAgImh0dHAiIDogewogICAgICAidXJsIiA6ICIiCiAgIH0sCiAgICJpbWFnZV9yZXZpc2lvbiIgOiAiMjQ3IiwKICAgImltYWdlX3VpZCIgOiAiMTBiNGE5YzYtZTQxNC00MjVjLWFlOGItZmU0ZGQ3YjI1MjQ0IiwKICAgImlzX2ludGVybmV0X2FjY2VzcyIgOiAiZmFsc2UiLAogICAiaXNfbGlua19mcm9tX21haWwiIDogImZhbHNlIiwKICAgImlzX3N0YXRpY19jbGVhbiIgOiAiZmFsc2UiLAogICAibWFnaWMiIDogIlBFMzIgZXhlY3V0YWJsZSAoR1VJKSBJbnRlbCA4MDM4NiwgZm9yIE1TIFdpbmRvd3MiLAogICAicHJvdG9jb2wiIDogIjYiLAogICAic2hhMSIgOiAiMGM1N2Q5N2VhYWQxMjJiOWQxNDk4M2NmYWI4NWIwZDk3NGUzZDFmNyIsCiAgICJzaGEyNTYiIDogImZhMTA2YzY5NDcyMDQ4ZjRjNjg4MDNiMmMzYWU0ZDlhMzA1OTRjYWJjMTRmYWIwNjM4NTVlZGI5ZmE1Y2VkMzMiLAogICAic2hvdWxkX3J1bl9tbCIgOiAidHJ1ZSIsCiAgICJzaG91bGRfcnVuX3NpZ25hdHVyZXMiIDogInRydWUiLAogICAic2lnbmF0dXJlIiA6ICIiLAogICAic2lnbmF0dXJlc19yZXZpc2lvbiIgOiAiMzQ3NSIsCiAgICJzbXRwIiA6IHsKICAgICAgImJvZHlfcGF0aCIgOiAibm9fYm9keSIsCiAgICAgICJmcm9tIiA6ICIiLAogICAgICAic3ViamVjdCIgOiAiIiwKICAgICAgInRvIiA6ICIiCiAgIH0KfQo=
[22389 4117399456][23 May 17:47:28] [TE (TD::Surprise)] te::Emulation::VMagent::KillIfVMNotTerminated: VM 391 was not Terminated nicely - killing by pid - 7819
[22389 4117399456][23 May 17:47:28] [TE (TD::Surprise)] te::Emulation::VMagent::KillIfVMNotTerminated: VM 392 was not Terminated nicely - killing by pid - 7823
[22389 4117399456][23 May 17:47:37] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 391 2019-05-23 17:47:37,145 [ExecuteMLModels.py:144] ERROR execMLModels(): [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
Traceback (most recent call last):
File "ExecuteMLModels.py", line 141, in execMLModels
File "ExecuteMLModels.py", line 32, in execMlModel
File "ExecuteMLModels.py", line 24, in get_server_url
IOError: [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
[22389 4117399456][23 May 17:47:37] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 391 2019-05-23 17:47:37,146 [new_exe_classifier.py:240] ERROR run_ml(): ML response: server communication error
[22389 4117399456][23 May 17:47:37] [TE (TD::Surprise)] te::Emulation::VMagent::KillIfVMNotTerminated: VM 393 was not Terminated nicely - killing by pid - 7827
[22389 4117399456][23 May 17:47:37] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 391 2019-05-23 17:47:37,725 [ExecuteMLModels.py:144] ERROR execMLModels(): [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
Traceback (most recent call last):
File "ExecuteMLModels.py", line 141, in execMLModels
File "ExecuteMLModels.py", line 32, in execMlModel
File "ExecuteMLModels.py", line 24, in get_server_url
IOError: [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
[22389 4117399456][23 May 17:47:37] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 391 2019-05-23 17:47:37,725 [new_exe_classifier.py:240] ERROR run_ml(): ML response: server communication error
[22389 4117399456][23 May 17:47:40] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Run 1 for image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' ended with verdict 'Malicious' (1 malicious runs, min:2), reason: Malicious Event:
<?xml version="1.0" encoding="UTF-8"?>
<Command>
<CommandName>SuspiciousActivityEvent</CommandName>
<ID>EAID</ID>
<Time></Time>
<Src>Executable Analyzer</Src>
<Dst>The Injector is malware that injects malicious code into legitimate applications or to copy of itself</Dst>
<Action>Create</Action>
</Command>

[22389 4117399456][23 May 17:47:40] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Emulation done for image '3ff3ddae-e7fd-4969-818c-d5f1a2be336d', final verdict: Malicious
[22389 4117399456][23 May 17:47:40] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' (Win7 64b,Office 2010,Adobe 11) by: 1, reason:
[22389 4117399456][23 May 17:47:40] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'emulator' reporting back (status: still working)
[22389 4117399456][23 May 17:47:40] [TE (TD::Surprise)] te::Emulation::EmulatingVM::SetMunchData: Failed to set Munch data either missing entries in te_response or error status found
[22389 4117399456][23 May 17:47:40] [TE (TD::Surprise)] te::ExeAnalyzerDownloader::IsMlVerdictMalicious: ML server status is unknown, can't use verdict.
[22389 4117399456][23 May 17:47:40] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' (Win7 64b,Office 2010,Adobe 11) by: 1, reason:
[22389 4117399456][23 May 17:47:40] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'emulator' reporting back (status: still working)
[22389 4117399456][23 May 17:47:40] [TE_TRACE]: VM 391 KeyPoint: Terminating (error occured? 0, detected events: 1 malicious, 31 benign)
[22389 4117399456][23 May 17:47:40] [TE (TD::Surprise)] te::Emulation::VMagent::Terminate: VM 391: already terminating... do nothing
[22389 4117399456][23 May 17:47:40] [TE_TRACE]: VM 391 KeyPoint: destroying. max number of files: 1. life time: 89
[22389 4117399456][23 May 17:47:42] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 392 2019-05-23 17:47:42,695 [ExecuteMLModels.py:144] ERROR execMLModels(): [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
Traceback (most recent call last):
File "ExecuteMLModels.py", line 141, in execMLModels
File "ExecuteMLModels.py", line 32, in execMlModel
File "ExecuteMLModels.py", line 24, in get_server_url
IOError: [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
[22389 4117399456][23 May 17:47:42] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 392 2019-05-23 17:47:42,696 [new_exe_classifier.py:240] ERROR run_ml(): ML response: server communication error
[22389 4117399456][23 May 17:47:43] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 392 2019-05-23 17:47:43,770 [ExecuteMLModels.py:144] ERROR execMLModels(): [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
Traceback (most recent call last):
File "ExecuteMLModels.py", line 141, in execMLModels
File "ExecuteMLModels.py", line 32, in execMlModel
File "ExecuteMLModels.py", line 24, in get_server_url
IOError: [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
[22389 4117399456][23 May 17:47:43] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 392 2019-05-23 17:47:43,771 [new_exe_classifier.py:240] ERROR run_ml(): ML response: server communication error
[22389 4117399456][23 May 17:47:45] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 393 2019-05-23 17:47:45,066 [ExecuteMLModels.py:144] ERROR execMLModels(): [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
Traceback (most recent call last):
File "ExecuteMLModels.py", line 141, in execMLModels
File "ExecuteMLModels.py", line 32, in execMlModel
File "ExecuteMLModels.py", line 24, in get_server_url
IOError: [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
[22389 4117399456][23 May 17:47:45] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 393 2019-05-23 17:47:45,067 [new_exe_classifier.py:240] ERROR run_ml(): ML response: server communication error
[22389 4117399456][23 May 17:47:45] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 391 [consumer.py:352] ERROR dump_memory(): [Errno 113] No route to host
[22389 4117399456][23 May 17:47:45] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 393 2019-05-23 17:47:45,471 [ExecuteMLModels.py:144] ERROR execMLModels(): [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
Traceback (most recent call last):
File "ExecuteMLModels.py", line 141, in execMLModels
File "ExecuteMLModels.py", line 32, in execMlModel
File "ExecuteMLModels.py", line 24, in get_server_url
IOError: [Errno 2] No such file or directory: '/var/log/py/conf/rpiPort.port'
[22389 4117399456][23 May 17:47:45] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 393 2019-05-23 17:47:45,471 [new_exe_classifier.py:240] ERROR run_ml(): ML response: server communication error
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Run 1 for image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' ended with verdict 'Malicious' (1 malicious runs, min:2), reason: Malicious Event:
<?xml version="1.0" encoding="UTF-8"?>
<Command>
<CommandName>SuspiciousActivityEvent</CommandName>
<ID>EAID</ID>
<Time></Time>
<Src>Executable Analyzer</Src>
<Dst>The Injector is malware that injects malicious code into legitimate applications or to copy of itself</Dst>
<Action>Create</Action>
</Command>

[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Emulation done for image '10b4a9c6-e414-425c-ae8b-fe4dd7b25244', final verdict: Malicious
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' (Win10 64b,Office 2016,Adobe DC) by: 1, reason:
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'emulator' reporting back (status: still working)
[22389 4117399456][23 May 17:47:47] [TE (TD::Surprise)] te::Emulation::EmulatingVM::SetMunchData: Failed to set Munch data either missing entries in te_response or error status found
[22389 4117399456][23 May 17:47:47] [TE (TD::Surprise)] te::ExeAnalyzerDownloader::IsMlVerdictMalicious: ML server status is unknown, can't use verdict.
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' (Win10 64b,Office 2016,Adobe DC) by: 1, reason:
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'emulator' reporting back (status: still working)
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: VM 393 KeyPoint: Terminating (error occured? 0, detected events: 1 malicious, 32 benign)
[22389 4117399456][23 May 17:47:47] [TE (TD::Surprise)] te::Emulation::VMagent::Terminate: VM 393: already terminating... do nothing
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: VM 393 KeyPoint: destroying. max number of files: 1. life time: 96
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Run 1 for image: '7e6fe36e-889e-4c25-8704-56378f0830df' ended with verdict 'Malicious' (1 malicious runs, min:2), reason: Malicious Event:
<?xml version="1.0" encoding="UTF-8"?>
<Command>
<CommandName>SuspiciousActivityEvent</CommandName>
<ID>EAID</ID>
<Time></Time>
<Src>Executable Analyzer</Src>
<Dst>The Injector is malware that injects malicious code into legitimate applications or to copy of itself</Dst>
<Action>Create</Action>
</Command>

[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Emulation done for image '7e6fe36e-889e-4c25-8704-56378f0830df', final verdict: Malicious
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '7e6fe36e-889e-4c25-8704-56378f0830df' (Win7,Office 2003/7,Adobe 9) by: 1, reason:
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'emulator' reporting back (status: still working)
[22389 4117399456][23 May 17:47:47] [TE (TD::Surprise)] te::Emulation::EmulatingVM::SetMunchData: Failed to set Munch data either missing entries in te_response or error status found
[22389 4117399456][23 May 17:47:47] [TE (TD::Surprise)] te::ExeAnalyzerDownloader::IsMlVerdictMalicious: ML server status is unknown, can't use verdict.
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '7e6fe36e-889e-4c25-8704-56378f0830df' (Win7,Office 2003/7,Adobe 9) by: 1, reason:
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'emulator' reporting back (status: done)
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: VM 392 KeyPoint: Terminating (error occured? 0, detected events: 1 malicious, 39 benign)
[22389 4117399456][23 May 17:47:47] [TE (TD::Surprise)] te::Emulation::VMagent::Terminate: VM 392: already terminating... do nothing
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: VM 392 KeyPoint: destroying. max number of files: 1. life time: 96
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:47:47] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} Handling new file "WMNKT.bat", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_3a109de06458cffd.bat, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} Local Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} Remote Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} Cloud Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} Handling new file "skypee.exe", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_ee122bd79332dfeb.exe, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} Local Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} Remote Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} Cloud Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} Handling new file "EPMLP.bat", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_3b40c3c0239105fe.bat, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} Local Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} Remote Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} Cloud Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} Handling new file "UACGateway.out", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_a098c04c21cff3a4.out, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} Local Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} Remote Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} Cloud Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} Handling new file "WDMVT.txt", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_41cfedfbf82c063f.txt, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} Local Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} Remote Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} Cloud Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} Handling new file "skypee.exe", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_959ac8baccd1039c.exe, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} Local Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} Remote Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} Cloud Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} Handling new file "MBVRM.bat", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_4993822ce106e970.bat, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} Local Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} Remote Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} Cloud Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} Handling new file "skypee.exe", Path: /opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_3bdff2d1e39ffac6.exe, rule_number = 1, rule name = , investigation_path = PATH_TE
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} Local Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} Remote Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} Cloud Partial response is enabled
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'system state' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'system state' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'url prepare handler' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'url prepare handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'classifier' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} File is executable - type is: bat
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} File is executable - type is: exe
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} File is executable - type is: bat
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} File is executable - type is: exe
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} File is executable - type is: bat
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} File is executable - type is: exe
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'classifier' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'policy' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} adding image '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} adding image '7e6fe36e-889e-4c25-8704-56378f0830df' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} adding image '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} adding image '7e6fe36e-889e-4c25-8704-56378f0830df' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} adding image '7e6fe36e-889e-4c25-8704-56378f0830df' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} adding image '7e6fe36e-889e-4c25-8704-56378f0830df' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} adding image '7e6fe36e-889e-4c25-8704-56378f0830df' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} adding image '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} using predefined images from the emulation request (cloud)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} adding image '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' for emulation
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'policy' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'file' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} Hashes: md5=6f03830aff31995957052b694b2211a0, sha1=bc98df25a4accd29643b311c106e1cdcecdec93c
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} Hashes: md5=69cdc49e1174533f69dd95820abd05ce, sha1=0068a9d377e291655b61bab309a564686ed72253
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} Hashes: md5=7ca070e17005c48561578a60f06a1ad3, sha1=5e870ffc307bb59322558af37676d539e647bb72
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} Hashes: md5=7adcbd4b8df36e4f630e17c8f5fd29cd, sha1=5ef0904de8dcb66e9644dbc976c5ee2e130bb31b
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} Hashes: md5=658b45e7d1566e72a7a351e7d966f270, sha1=32b663243b43d80503311398efeab8c408192ce3
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} Hashes: md5=b25252e4d8e7fb8738643eafb1dae2ad, sha1=1ca97bab7f79c3cd92effff3815e2732730435ec
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} Hashes: md5=5124f960db6b0a3d9cfc2f36111bf598, sha1=c842774f0e58497e3dff92eace50270d20da3e32
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} Hashes: md5=d549db0a9c5197a0be1c67ee5cf8dbb8, sha1=9062626dd5d2b9edd0533d22a2874f31d9b2d275
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'file' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'prepare persistency' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'prepare persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'contract' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'contract' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'cache inquirer' (phase: 'prepare')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'cache inquirer' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'duplicate' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'duplicate' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'url handler' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'url handler' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'trusted source' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} url is empty, don't check in white domains
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} url is empty, don't check in white domains
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} url is empty, don't check in white domains
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} url is empty, don't check in white domains
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} url is empty, don't check in white domains
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} url is empty, don't check in white domains
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} url is empty, don't check in white domains
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} url is empty, don't check in white domains
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_a098c04c21cff3a4.out",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_a098c04c21cff3a4.out",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_41cfedfbf82c063f.txt",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_41cfedfbf82c063f.txt",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892}"
}

[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_a098c04c21cff3a4.out","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6}","status":1,"status_text":"CLEAN"}

[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_3a109de06458cffd.bat",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_3a109de06458cffd.bat",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_41cfedfbf82c063f.txt","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892}","status":1,"status_text":"CLEAN"}

[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_a098c04c21cff3a4.out","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6}","severity_level":"","status":0,"status_text":"CLEAN","threat_name":"","threat_type":""}

[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_41cfedfbf82c063f.txt","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892}","severity_level":"","status":0,"status_text":"CLEAN","threat_name":"","threat_type":""}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_ee122bd79332dfeb.exe",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_ee122bd79332dfeb.exe",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06}"
}

[22389 4117399456][23 May 17:47:49] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_3a109de06458cffd.bat","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80}","status":1,"status_text":"CLEAN"}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_3a109de06458cffd.bat","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80}","severity_level":"","status":0,"status_text":"CLEAN","threat_name":"","threat_type":""}

[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_3b40c3c0239105fe.bat",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_3b40c3c0239105fe.bat",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA}"
}

[22389 4117399456][23 May 17:47:49] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_ee122bd79332dfeb.exe","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06}","status":3,"status_text":"INFECTED","threat_name":"Trojan.Generic.8628969","threat_type":"VIRUS"}

[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_959ac8baccd1039c.exe",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_959ac8baccd1039c.exe",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E}"
}

[22389 4117399456][23 May 17:47:49] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:47:49] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_3b40c3c0239105fe.bat","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA}","status":1,"status_text":"CLEAN"}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_3b40c3c0239105fe.bat","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA}","severity_level":"","status":0,"status_text":"CLEAN","threat_name":"","threat_type":""}

[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'trusted source' reporting back (status: done)
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'advisory' (phase: 'processing')
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_959ac8baccd1039c.exe","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E}","status":3,"status_text":"INFECTED","threat_name":"Trojan.Generic.8628969","threat_type":"VIRUS"}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_4993822ce106e970.bat",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_4993822ce106e970.bat",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "KavRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_3bdff2d1e39ffac6.exe",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF}"
}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::SendObject: sending data:
{
"api_name" : "BDRpcScanFile",
"file_path" : "/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_3bdff2d1e39ffac6.exe",
"referance_uid" : "{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF}"
}

[22389 4117399456][23 May 17:47:49] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_3ff3ddae-e7fd-4969-818c-d5f1a2be336d_ee122bd79332dfeb.exe","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06}","severity_level":"KDD_HIGH","status":1,"status_text":"INFECTED","threat_name":"Backdoor.Win32.Androm.muqp","threat_type":"KDT_TROJWARE"}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_7e6fe36e-889e-4c25-8704-56378f0830df_959ac8baccd1039c.exe","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E}","severity_level":"KDD_HIGH","status":1,"status_text":"INFECTED","threat_name":"Backdoor.Win32.Androm.muqp","threat_type":"KDT_TROJWARE"}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_4993822ce106e970.bat","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165}","severity_level":"","status":0,"status_text":"CLEAN","threat_name":"","threat_type":""}

[22389 4117399456][23 May 17:47:49] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_4993822ce106e970.bat","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165}","status":1,"status_text":"CLEAN"}

[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"BDRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_3bdff2d1e39ffac6.exe","last_update":"23.05.2019 16:10:25","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF}","status":3,"status_text":"INFECTED","threat_name":"Trojan.Generic.8628969","threat_type":"VIRUS"}

[22389 4117399456][23 May 17:47:49] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:47:49] [TE_IS_TRACE (TD::All)] te_is::SocketApiClient::OnListenerCallback: got data:
{"api_name":"KavRpcScanFile","file_path":"/opt/CPsuite-R80.20/fw1/tmp/te/te_tmp_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}_10b4a9c6-e414-425c-ae8b-fe4dd7b25244_3bdff2d1e39ffac6.exe","heuristics_level":"maximum","last_update":"23.5.2019 13:5:0","referance_uid":"{4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF}","severity_level":"KDD_HIGH","status":1,"status_text":"INFECTED","threat_name":"Backdoor.Win32.Androm.muqp","threat_type":"KDT_TROJWARE"}

[22389 4117399456][23 May 17:47:49] [TE (TD::Surprise)] te::YaraAdvisor::parseRulesData: yara error occured for package rules: [Errno 2] No such file or directory: '/opt/CPsuite-R80.20/fw1/conf/yara/package_rules'
[22389 4117399456][23 May 17:47:50] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} verdict 'Benign' set for image: '7e6fe36e-889e-4c25-8704-56378f0830df' (Win7,Office 2003/7,Adobe 9) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{F6FD5030-7C5B-F949-A07C-F84FFC63DBA6} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} verdict 'Benign' set for image: '7e6fe36e-889e-4c25-8704-56378f0830df' (Win7,Office 2003/7,Adobe 9) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{DC96C65E-31D5-3E45-BE9F-ED9F81C26892} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} verdict 'Benign' set for image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' (Win7 64b,Office 2010,Adobe 11) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} verdict 'Benign' set for image: '7e6fe36e-889e-4c25-8704-56378f0830df' (Win7,Office 2003/7,Adobe 9) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: Removing forensics files for UID: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80}3ff3ddae-e7fd-4969-818c-d5f1a2be336d
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: Removing forensics files for UID: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80}7e6fe36e-889e-4c25-8704-56378f0830df
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{502EEEF5-59EB-E54A-83B0-2476E89B1A80} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} verdict 'Benign' set for image: '7e6fe36e-889e-4c25-8704-56378f0830df' (Win7,Office 2003/7,Adobe 9) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: Removing forensics files for UID: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA}7e6fe36e-889e-4c25-8704-56378f0830df
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{A20245B8-FC39-2346-962C-1D0D7913B5EA} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:50] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} verdict 'Benign' set for image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' (Win10 64b,Office 2016,Adobe DC) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: Removing forensics files for UID: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165}10b4a9c6-e414-425c-ae8b-fe4dd7b25244
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:47:50] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{CD95FFEA-6882-7244-81FC-0E5AAED73165} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:47:52] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:53] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:53] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:54] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 393 [consumer.py:352] ERROR dump_memory(): [Errno 113] No route to host
[22389 4117399456][23 May 17:47:55] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:56] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:57] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:57] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:59] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:47:59] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:48:00] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:48:01] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:48:01] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:48:01] [TE_TRACE]: Removing forensics files for UID: {B6621E17-585C-A54F-9E24-5C9F29DFC864}e50e99f3-5963-4573-af9e-e3f4750b55e2
[22389 4117399456][23 May 17:48:01] [TE_TRACE]: Removing forensics files for UID: {B6621E17-585C-A54F-9E24-5C9F29DFC864}5e5de275-a103-4f67-b55b-47532918fa59
[22389 4117399456][23 May 17:48:01] [TE_TRACE]: Removing forensics files for UID: {B6621E17-585C-A54F-9E24-5C9F29DFC864}00000000-0000-0000-0000-000000000000
[22389 4117399456][23 May 17:48:03] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: Emulation verdict is not malicious but advisors verdict is malicious. setting verdict to malicious
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} verdict 'Benign' set for image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' (Win7 64b,Office 2010,Adobe 11) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:03] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: Emulation verdict is not malicious but advisors verdict is malicious. setting verdict to malicious
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} verdict 'Benign' set for image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' (Win10 64b,Office 2016,Adobe DC) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:48:03] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:04] [TE (TD::Surprise)] te::SsdeepAdvisor::OnListenerCallback: Error Status: 2
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: Emulation verdict is not malicious but advisors verdict is malicious. setting verdict to malicious
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} verdict 'Benign' set for image: '7e6fe36e-889e-4c25-8704-56378f0830df' (Win7,Office 2003/7,Adobe 9) by: 1, reason: Skipping emulation
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'advisory' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} stopping current phase, jumping to phase: 'finalizing'
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'false positives' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:04] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:04] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:48:04] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:05] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:05] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'false positives' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'ip reputation' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'ip reputation' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'munch' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'munch' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'file analyzer' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'file analyzer' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'dropped files' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:05] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:05] [TE (TD::Surprise)] te::EmulatorStatistics::GetRPIFunction: Cannot find RPI function production.cadet
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'dropped files' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'archive' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'archive' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'classifier_holder' (phase: 'finalizing')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'classifier_holder' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '10b4a9c6-e414-425c-ae8b-fe4dd7b25244' (Win10 64b,Office 2016,Adobe DC) by: 1, reason: emulator
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '3ff3ddae-e7fd-4969-818c-d5f1a2be336d' (Win7 64b,Office 2010,Adobe 11) by: 1, reason: emulator
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} verdict 'Malicious' set for image: '7e6fe36e-889e-4c25-8704-56378f0830df' (Win7,Office 2003/7,Adobe 9) by: 1, reason: emulator
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'cloud data enricher' (phase: 'reporting')
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'cloud data enricher' reporting back (status: done)
[22389 4117399456][23 May 17:48:05] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'forensics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:06] [TE (TD::Surprise)] te::PythonRunProtocol::HandleLogMessage: VM 392 [consumer.py:352] ERROR dump_memory(): [Errno 110] Connection timed out
[22389 4117399456][23 May 17:48:10] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{AB98CB0F-6D54-054F-AABD-1D9D032F7F06} uploaded to te.checkpoint.com. (threat cloud sharing)
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'forensics' reporting back (status: done)
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'additional emulation data' (phase: 'reporting')
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'additional emulation data' reporting back (status: done)
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'cache updater' (phase: 'reporting')
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'cache updater' reporting back (status: done)
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'threat cloud sharing' (phase: 'reporting')
[22389 4117399456][23 May 17:48:11] [TE (TD::Surprise)] te::CloudOrientedInvestigator::CreateForensicsHardLink: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Failed to create hardlink from /opt/CPsuite-R80.20/fw1/tmp/te_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}10b4a9c6-e414-425c-ae8b-fe4dd7b25244.tar.gz to /home/admin/test/ce22567b2a04c9200b55d88d56c03910_cloudfdata_29f2b5ce33f18bef (errno=18, description=Invalid cross-device link)
[22389 4117399456][23 May 17:48:11] [TE (TD::Surprise)] te::CloudOrientedInvestigator::CreateForensicsHardLink: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Failed to create hardlink from /opt/CPsuite-R80.20/fw1/tmp/te_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}3ff3ddae-e7fd-4969-818c-d5f1a2be336d.tar.gz to /home/admin/test/ce22567b2a04c9200b55d88d56c03910_cloudfdata_4bb3100752fbc58a (errno=18, description=Invalid cross-device link)
[22389 4117399456][23 May 17:48:11] [TE (TD::Surprise)] te::CloudOrientedInvestigator::CreateForensicsHardLink: {4574D2A4-48D3-E547-B657-9D8EAD95C687} Failed to create hardlink from /opt/CPsuite-R80.20/fw1/tmp/te_files/{4574D2A4-48D3-E547-B657-9D8EAD95C687}7e6fe36e-889e-4c25-8704-56378f0830df.tar.gz to /home/admin/test/ce22567b2a04c9200b55d88d56c03910_cloudfdata_ab1ef12d0ba62be1 (errno=18, description=Invalid cross-device link)
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'threat cloud sharing' reporting back (status: done)
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'threat cloud statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'threat cloud statistics' reporting back (status: done)
[22389 4117399456][23 May 17:48:11] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'logger' (phase: 'reporting')
[22389 4117399456][23 May 17:48:12] [TE (TD::Surprise)] te::SummaryReportsTable::RetrieveReportUIDIfExists: Got no result for sha1 0c57d97eaad122b9d14983cfab85b0d974e3d1f7 and image bit-map 0000000000000000000000000000000000000000000000000000000000001110
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'logger' reporting back (status: done)
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'finalize persistency' (phase: 'reporting')
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'finalize persistency' reporting back (status: done)
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'file saver' (phase: 'reporting')
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'file saver' reporting back (status: done)
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'measurements' (phase: 'reporting')
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'measurements' reporting back (status: done)
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'verdicts collector' (phase: 'reporting')
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'verdicts collector' reporting back (status: done)
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'detection statistics' (phase: 'reporting')
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'detection statistics' reporting back (status: done)
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} calling investigator 'local filter counter' (phase: 'reporting')
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} investigator 'local filter counter' reporting back (status: done)
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{68C6694A-1ED4-CD4F-8AFB-5CD5E266EF2E} uploaded to te.checkpoint.com. (threat cloud sharing)
[22389 4117399456][23 May 17:48:12] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687}-{1B9BF520-6903-594B-8332-BF0B3028BCFF} uploaded to te.checkpoint.com. (threat cloud sharing)
[22389 4117399456][23 May 17:48:14] [TE_TRACE]: {4574D2A4-48D3-E547-B657-9D8EAD95C687} uploaded to te.checkpoint.com. (threat cloud sharing)

[22389 4117399456][23 May 17:51:16] [TE_TRACE]: Removing forensics files for UID: {899B87D2-E58C-464F-9B4F-951464110F2F}e50e99f3-5963-4573-af9e-e3f4750b55e2
[22389 4117399456][23 May 17:51:16] [TE_TRACE]: Removing forensics files for UID: {899B87D2-E58C-464F-9B4F-951464110F2F}5e5de275-a103-4f67-b55b-47532918fa59
[22389 4117399456][23 May 17:51:16] [TE_TRACE]: Removing forensics files for UID: {899B87D2-E58C-464F-9B4F-951464110F2F}00000000-0000-0000-0000-000000000000
[22389 4117399456][23 May 17:52:27] [TE_TRACE]: Starting periodic update process
[22389 4117399456][23 May 17:52:56] [TE_TRACE]: Periodic update process completed successfully

[END] 2019/5/23 ¤U¤È 05:55:09

================================================================================

PhoneBoy · ‎2019-05-27

Precisely what API call and parameters did you pass? What precisely did the API call return in this case?

Neville_Kuo · ‎2019-05-27

Hi,

Request:

Content-Disposition: form-data; name="request"

{"request":{"reports_version_number":2,"md5":"e4968ef99266df7c9a1f0637d2389dab","features":["te"],"te":{"reports":["summary"],"level":"full"}}}
------WebKitFormBoundaryF701eQKVL7L3Elxp
Content-Disposition: form-data; name="file"; filename="eicarcom2.zip"
Content-Type: application/zip

Response:

{
"response" : {
"features" : [ "te" ],
"file_name" : "eicarcom2.zip",
"file_type" : "zip",
"md5" : "e4968ef99266df7c9a1f0637d2389dab",
"sha1" : "bec1b52d350d721c7e22a6d4bb0a92909893a3ae",
"sha256" : "e1105070ba828007508566e28a2b8d4c65d192e9eaf3b7868382b7cae747b397",
"status" : {
"code" : 1001,
"label" : "FOUND",
"message" : "We have found your request"
},
"te" : {
"combined_verdict" : "Malicious",
"confidence" : 3,
"images" : [
{
"id" : "5e5de275-a103-4f67-b55b-47532918fa59",
"report" : {
"verdict" : "Malicious"
},
"revision" : 1,
"status" : "found"
},
{
"id" : "e50e99f3-5963-4573-af9e-e3f4750b55e2",
"report" : {
"verdict" : "Malicious"
},
"revision" : 1,
"status" : "found"
}
],
"score" : -2147483648,
"severity" : 4,
"status" : {
"code" : 1001,
"label" : "FOUND",
"message" : "We have found your request"
},
"summary_report" : "109BAC91-169D-3B43-B485-9A0C0C9BDCCC"
}
}
}

PhoneBoy · ‎2019-05-28

Which did you do first, use the API or te_add_file?
I believe te_add_file will always emulate, whereas the API won't if the file was recently emulated and there is already a cached result.

Neville_Kuo · ‎2019-05-28

Hi,

No differences, I've disabled static analysis and clean te cache each time before a test.

PhoneBoy · ‎2019-05-28

The other thing I see is that in the te_add_file case, it used a subset of the VMs to emulate versus what te_add_file says.
Does your Threat Emulation profile specify using all the VMs?

Neville_Kuo · ‎2019-05-28

Hi,

Not all vm are activated according to our threat prevention policy(Only 1 rule), so no matter it's api or cli should use

the same rule, not sure why this could happen(Rule number -1).

Are you a member of CheckMates?

Threat prevention api issue