File 470207F763636745.cobaltstrike-default-64.exe.avira.exe

Name: 470207F763636745.cobaltstrike-default-64.exe.avira.exe
Size: 17,920 bytes
Type: EXE PE64
MD5: 61f9ae123f5fe14b9696afc3f4e49126
Scanner Name: avira
Appraisal: Fragile (AND) based
Scan Debug: Duration: 3s / Chunks: 247 / Matches: 71
Scan date: 2023-07-21 23:56:10

Matches

# Iteration Offset Size Section Detail SectionType Conclusion
15 1 14346 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
16 1 14366 5 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
17 1 14396 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
18 1 14411 5 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
19 1 14421 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
20 1 14436 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
21 1 14451 5 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
22 1 14461 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
23 1 14476 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
24 1 14491 5 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
25 1 14501 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
26 1 14516 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
27 1 14531 20 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
28 1 14556 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
29 1 14571 5 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
30 1 14581 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
31 1 14596 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
32 1 14611 20 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
33 1 14636 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
39 1 14771 115 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
40 1 15436 20 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
41 1 15796 20 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
42 1 15996 20 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
43 1 16056 20 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
44 1 16406 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
45 1 16576 20 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected
46 1 16716 10 .idata IMAGE_DIRECTORY_ENTRY_IMPORT DATA Dominant. Modify this to make file undetected

Match 15: 14346 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000380A   00 00 C8 98 00 00 44 92 00 00                      ......D...

Match 16: 14366 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000381E   00 00 4C 99 00                                     ..L..

Match 17: 14396 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000383C   4C 94 00 00 00 00 00 00 5A 94                      L.......Z.

Match 18: 14411 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000384B   00 6E 94 00 00                                     .n...

Match 19: 14421 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003855   94 00 00 00 00 00 00 90 94 00                      ..........

Match 20: 14436 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003864   A0 94 00 00 00 00 00 00 B8 94                      ..........

Match 21: 14451 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003873   00 D0 94 00 00                                     .....

Match 22: 14461 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000387D   94 00 00 00 00 00 00 FA 94 00                      ..........

Match 23: 14476 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000388C   10 95 00 00 00 00 00 00 20 95                      ........ .

Match 24: 14491 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000389B   00 34 95 00 00                                     .4...

Match 25: 14501 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038A5   95 00 00 00 00 00 00 58 95 00                      .......X..

Match 26: 14516 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038B4   72 95 00 00 00 00 00 00 82 95                      r.........

Match 27: 14531 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038C3   00 9E 95 00 00 00 00 00 00 B6 95 00 00 00 00 00    ................
000038D3   00 C6 95 00                                        ....

Match 28: 14556 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038DC   E0 95 00 00 00 00 00 00 EC 95                      ..........

Match 29: 14571 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038EB   00 02 96 00 00                                     .....

Match 30: 14581 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038F5   96 00 00 00 00 00 00 30 96 00                      .......0..

Match 31: 14596 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003904   44 96 00 00 00 00 00 00 62 96                      D.......b.

Match 32: 14611 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003913   00 6A 96 00 00 00 00 00 00 7E 96 00 00 00 00 00    .j.......~......
00003923   00 8C 96 00                                        ....

Match 33: 14636 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000392C   A8 96 00 00 00 00 00 00 B8 96                      ..........

Match 39: 14771 (size: 115)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000039B3   00 98 97 00 00 00 00 00 00 A4 97 00 00 00 00 00    ................
000039C3   00 AC 97 00 00 00 00 00 00 B6 97 00 00 00 00 00    ................
000039D3   00 C0 97 00 00 00 00 00 00 C8 97 00 00 00 00 00    ................
000039E3   00 D2 97 00 00 00 00 00 00 DA 97 00 00 00 00 00    ................
000039F3   00 E4 97 00 00 00 00 00 00 EC 97 00 00 00 00 00    ................
00003A03   00 F6 97 00 00 00 00 00 00 00 98 00 00 00 00 00    ................
00003A13   00 0A 98 00 00 00 00 00 00 14 98 00 00 00 00 00    ................
00003A23   00 1E 98                                           ...

Match 40: 15436 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003C4C   55 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 68 00    U.CloseHandle.h.
00003C5C   43 6F 6E 6E                                        Conn

Match 41: 15796 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003DB4   00 00 4F 03 4C 6F 61 64 4C 69 62 72 61 72 79 57    ..O.LoadLibraryW
00003DC4   00 00 B8 03                                        ....

Match 42: 15996 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003E7C   00 00 BE 04 54 6C 73 47 65 74 56 61 6C 75 65 00    ....TlsGetValue.
00003E8C   CB 04 55 6E                                        ..Un

Match 43: 16056 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003EB8   E9 04 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74    ..VirtualProtect
00003EC8   00 00 EB 04                                        ....

Match 44: 16406 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00004016   73 70 72 69 6E 74 66 00 46 04                      sprintf.F.

Match 45: 16576 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000040C0   00 90 00 00 00 90 00 00 4B 45 52 4E 45 4C 33 32    ........KERNEL32
000040D0   2E 64 6C 6C                                        .dll

Match 46: 16716 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000414C   6D 73 76 63 72 74 2E 64 6C 6C                      msvcrt.dll

Test # MatchOrder ModifyPosition Match#0
.text 5b
Match#1
.text 4b
Match#2
.text 4b
Match#3
.text 5b
Match#4
.text 4b
Match#5
.text 5b
Match#6
.text 9b
Match#7
.text 5b
Match#8
.text 5b
Match#9
.text 4b
Match#10
.text 4b
Match#11
.text 4b
Match#12
.text 4b
Match#13
.text 4b
Match#14
.text 5b
Match#15
.idata 10b
Match#16
.idata 5b
Match#17
.idata 10b
Match#18
.idata 5b
Match#19
.idata 10b
Match#20
.idata 10b
Match#21
.idata 5b
Match#22
.idata 10b
Match#23
.idata 10b
Match#24
.idata 5b
Match#25
.idata 10b
Match#26
.idata 10b
Match#27
.idata 20b
Match#28
.idata 10b
Match#29
.idata 5b
Match#30
.idata 10b
Match#31
.idata 10b
Match#32
.idata 20b
Match#33
.idata 10b
Match#34
.idata 10b
Match#35
.idata 20b
Match#36
.idata 10b
Match#37
.idata 20b
Match#38
.idata 10b
Match#39
.idata 115b
Match#40
.idata 20b
Match#41
.idata 20b
Match#42
.idata 20b
Match#43
.idata 20b
Match#44
.idata 10b
Match#45
.idata 20b
Match#46
.idata 10b
0 ISOLATED MIDDLE8
1 ISOLATED THIRDS4
2 ISOLATED FULL
3 ISOLATED FULLB
4 INCREMENTAL MIDDLE8 27 32 35 37 39 40 41 42 43 45
5 INCREMENTAL FULL 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
6 DECREMENTAL FULL 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
7 ALL MIDDLE8 0 0 0 0 0 0 0 0 0 0
8 ALL THIRDS4 0 0 0 0 0 0 0 0 0 0
9 ALL FULL 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Result

Explanation

Colors

  • Green: Not detected
  • Red: Detected by AV

Match Order

  • Isolated: Test each match individually, by themselves. At most one match is modified per scan
  • Incremental: Modify each match after another, additive. At the end, all matches are modified
  • Decremental: Modify each match after another, additive, downwards (last first)

Position

  • ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
  • ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
  • ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa
[INFO    ][2023-07-21 23:56:10,148] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-07-21 23:56:10,149] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-07-21 23:56:10,149] handleFile() :: Using parser for file type EXE
[WARNING ][2023-07-21 23:56:10,161] parseFile() :: Section is invalid, not scanning: .bss 0 0
[INFO    ][2023-07-21 23:56:10,161] handleFile() :: Using scanner from command line: avira
[INFO    ][2023-07-21 23:56:10,162] load() :: Loading HashCache
[INFO    ][2023-07-21 23:56:10,257] load() ::   67834 hashes loaded
[INFO    ][2023-07-21 23:56:10,396] handleFile() :: QuickCheck: 470207F763636745.cobaltstrike-default-64.exe.avira.exe is detected by avira and not hash based
[INFO    ][2023-07-21 23:56:10,397] handleFile() :: Scanning for matches...
[INFO    ][2023-07-21 23:56:10,397] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-21 23:56:10,397] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .data -> Detected: True
[INFO    ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .rdata -> Detected: True
[INFO    ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .pdata -> Detected: True
[INFO    ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .xdata -> Detected: True
[INFO    ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .idata -> Detected: False
[INFO    ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .CRT -> Detected: True
[INFO    ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .tls -> Detected: True
[INFO    ][2023-07-21 23:56:10,475] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-21 23:56:10,475] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly
[INFO    ][2023-07-21 23:56:10,475] scanForMatchesInPe() ::   section: .text
[INFO    ][2023-07-21 23:56:10,475] scanForMatchesInPe() ::   section: .idata
[INFO    ][2023-07-21 23:56:10,693] scanForMatchesInPe() :: Launching bytes analysis on section: .text (1024-9728)
[INFO    ][2023-07-21 23:56:10,693] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-21 23:56:10,693] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-21 23:56:10,694] _scanDataPart() :: Result: 1852-1857 (5b minChunk:2 X)
0000073C   8B 35 C6 6C 00                                     .5.l.
[INFO    ][2023-07-21 23:56:10,694] _scanDataPart() :: Result: 1946-1950 (4b minChunk:2 X)
0000079A   2D 69 6C 00                                        -il.
[INFO    ][2023-07-21 23:56:10,695] _scanDataPart() :: Result: 1959-1963 (4b minChunk:2 X)
000007A7   65 6C 00 00                                        el..
[INFO    ][2023-07-21 23:56:10,695] _scanDataPart() :: Result: 1971-1976 (5b minChunk:2 X)
000007B3   0D 4C 6C 00 00                                     .Ll..
[INFO    ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 1980-1984 (4b minChunk:2 X)
000007BC   8B 05 4E 6C                                        ..Nl
[INFO    ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 1988-1993 (5b minChunk:2 X)
000007C4   15 3F 6C 00 00                                     .?l..
[INFO    ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 2001-2005 (4b minChunk:2 X)
000007D1   47 6C 00 00                                        Gl..
[INFO    ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 2005-2010 (5b minChunk:2 X)
000007D5   89 05 3D 6C 00                                     ..=l.
[INFO    ][2023-07-21 23:56:10,697] _scanDataPart() :: Result: 2022-2027 (5b minChunk:2 X)
000007E6   05 15 6C 00 00                                     ..l..
[INFO    ][2023-07-21 23:56:10,697] _scanDataPart() :: Result: 2039-2044 (5b minChunk:2 X)
000007F7   1D 6C 00 00 48                                     .l..H
[INFO    ][2023-07-21 23:56:10,698] _scanDataPart() :: Result: 5835-5839 (4b minChunk:2 X)
000016CB   65 E0 5B 5E                                        e.[^
[INFO    ][2023-07-21 23:56:10,699] _scanDataPart() :: Result: 5873-5877 (4b minChunk:2 X)
000016F1   48 83 E0 F0                                        H...
[INFO    ][2023-07-21 23:56:10,700] _scanDataPart() :: Result: 6417-6421 (4b minChunk:2 X)
00001911   D0 74 E0 77                                        .t.w
[INFO    ][2023-07-21 23:56:10,700] _scanDataPart() :: Result: 6455-6459 (4b minChunk:2 X)
00001937   CD 4D 09 E0                                        .M..
[INFO    ][2023-07-21 23:56:10,701] _scanDataPart() :: Result: 7131-7135 (4b minChunk:2 X)
00001BDB   E8 E0 FD FF                                        ....
[INFO    ][2023-07-21 23:56:10,702] _scanDataPart() :: Result: 7224-7229 (5b minChunk:2 X)
00001C38   C0 74 E0 8B 58                                     .t..X
[INFO    ][2023-07-21 23:56:10,702] scan() :: Reducer Result: Time:0 Chunks:84 MatchesAdded:16 MatchesFinal:15
[INFO    ][2023-07-21 23:56:11,187] scanForMatchesInPe() :: Launching bytes analysis on section: .idata (14336-16896)
[INFO    ][2023-07-21 23:56:11,187] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-21 23:56:11,187] _printStatus() :: Reducing: 85 chunks done, found 0 matches (16 added)
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14346-14351 (5b minChunk:2 X)
0000380A   00 00 C8 98 00                                     .....
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14351-14356 (5b minChunk:2 X)
0000380F   00 44 92 00 00                                     .D...
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14366-14371 (5b minChunk:2 X)
0000381E   00 00 4C 99 00                                     ..L..
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Doubling: minChunkSize: 2  minMatchSize: 4
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14396-14406 (10 bytes)
0000383C   4C 94 00 00 00 00 00 00 5A 94                      L.......Z.
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14411-14416 (5b minChunk:4 X)
0000384B   00 6E 94 00 00                                     .n...
[INFO    ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14421-14426 (5b minChunk:4 X)
00003855   94 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14426-14431 (5b minChunk:4 X)
0000385A   00 00 90 94 00                                     .....
[INFO    ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14436-14446 (10 bytes)
00003864   A0 94 00 00 00 00 00 00 B8 94                      ..........
[INFO    ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14451-14456 (5b minChunk:4 X)
00003873   00 D0 94 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14461-14466 (5b minChunk:4 X)
0000387D   94 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14466-14471 (5b minChunk:4 X)
00003882   00 00 FA 94 00                                     .....
[INFO    ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14476-14486 (10 bytes)
0000388C   10 95 00 00 00 00 00 00 20 95                      ........ .
[INFO    ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14491-14496 (5b minChunk:4 X)
0000389B   00 34 95 00 00                                     .4...
[INFO    ][2023-07-21 23:56:11,336] _scanDataPart() :: Result: 14501-14506 (5b minChunk:4 X)
000038A5   95 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,337] _scanDataPart() :: Result: 14506-14511 (5b minChunk:4 X)
000038AA   00 00 58 95 00                                     ..X..
[INFO    ][2023-07-21 23:56:11,486] _scanDataPart() :: Result: 14516-14526 (10 bytes)
000038B4   72 95 00 00 00 00 00 00 82 95                      r.........
[INFO    ][2023-07-21 23:56:11,486] _scanDataPart() :: Result: 14531-14536 (5b minChunk:4 X)
000038C3   00 9E 95 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,689] _scanDataPart() :: Result: 14536-14546 (10 bytes)
000038C8   00 00 00 00 B6 95 00 00 00 00                      ..........
[INFO    ][2023-07-21 23:56:11,689] _scanDataPart() :: Result: 14546-14551 (5b minChunk:4 X)
000038D2   00 00 C6 95 00                                     .....
[INFO    ][2023-07-21 23:56:11,854] _scanDataPart() :: Result: 14556-14566 (10 bytes)
000038DC   E0 95 00 00 00 00 00 00 EC 95                      ..........
[INFO    ][2023-07-21 23:56:11,854] _scanDataPart() :: Result: 14571-14576 (5b minChunk:4 X)
000038EB   00 02 96 00 00                                     .....
[INFO    ][2023-07-21 23:56:12,048] _scanDataPart() :: Result: 14581-14586 (5b minChunk:4 X)
000038F5   96 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:12,048] _scanDataPart() :: Result: 14586-14591 (5b minChunk:4 X)
000038FA   00 00 30 96 00                                     ..0..
[INFO    ][2023-07-21 23:56:12,282] _scanDataPart() :: Result: 14596-14606 (10 bytes)
00003904   44 96 00 00 00 00 00 00 62 96                      D.......b.
[INFO    ][2023-07-21 23:56:12,283] _scanDataPart() :: Result: 14611-14616 (5b minChunk:4 X)
00003913   00 6A 96 00 00                                     .j...
[INFO    ][2023-07-21 23:56:12,427] _scanDataPart() :: Result: 14616-14626 (10 bytes)
00003918   00 00 00 00 7E 96 00 00 00 00                      ....~.....
[INFO    ][2023-07-21 23:56:12,428] _scanDataPart() :: Result: 14626-14631 (5b minChunk:4 X)
00003922   00 00 8C 96 00                                     .....
[INFO    ][2023-07-21 23:56:12,428] _scanDataPart() :: Result: 14636-14646 (10 bytes)
0000392C   A8 96 00 00 00 00 00 00 B8 96                      ..........
[INFO    ][2023-07-21 23:56:12,574] _scanDataPart() :: Result: 14676-14686 (10 bytes)
00003954   E6 96 00 00 00 00 00 00 FE 96                      ..........
[INFO    ][2023-07-21 23:56:12,575] _scanDataPart() :: Result: 14691-14696 (5b minChunk:4 X)
00003963   00 0C 97 00 00                                     .....
[INFO    ][2023-07-21 23:56:12,762] _scanDataPart() :: Result: 14696-14701 (5b minChunk:4 X)
00003968   00 00 00 00 1C                                     .....
[INFO    ][2023-07-21 23:56:12,762] _scanDataPart() :: Result: 14701-14706 (5b minChunk:4 X)
0000396D   97 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:12,763] _scanDataPart() :: Result: 14706-14711 (5b minChunk:4 X)
00003972   00 00 28 97 00                                     ..(..
[INFO    ][2023-07-21 23:56:12,910] _scanDataPart() :: Result: 14716-14726 (10 bytes)
0000397C   36 97 00 00 00 00 00 00 46 97                      6.......F.
[INFO    ][2023-07-21 23:56:12,911] _scanDataPart() :: Result: 14731-14736 (5b minChunk:4 X)
0000398B   00 58 97 00 00                                     .X...
[INFO    ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14736-14741 (5b minChunk:4 X)
00003990   00 00 00 00 6C                                     ....l
[INFO    ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14741-14746 (5b minChunk:4 X)
00003995   97 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14746-14751 (5b minChunk:4 X)
0000399A   00 00 76 97 00                                     ..v..
[INFO    ][2023-07-21 23:56:13,308] _scanDataPart() :: Result: 14756-14766 (10 bytes)
000039A4   84 97 00 00 00 00 00 00 8E 97                      ..........
[INFO    ][2023-07-21 23:56:13,309] _printStatus() :: Reducing: 193 chunks done, found 24 matches (55 added)
[INFO    ][2023-07-21 23:56:13,309] _scanDataPart() :: Result: 14771-14776 (5b minChunk:4 X)
000039B3   00 98 97 00 00                                     .....
[INFO    ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14776-14781 (5b minChunk:4 X)
000039B8   00 00 00 00 A4                                     .....
[INFO    ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14781-14786 (5b minChunk:4 X)
000039BD   97 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:13,460] _scanDataPart() :: Doubling: minChunkSize: 4  minMatchSize: 8
[INFO    ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14786-14796 (10b minChunk:8 X)
000039C2   00 00 AC 97 00 00 00 00 00 00                      ..........
[INFO    ][2023-07-21 23:56:13,461] _scanDataPart() :: Result: 14796-14816 (20 bytes)
000039CC   B6 97 00 00 00 00 00 00 C0 97 00 00 00 00 00 00    ................
000039DC   C8 97 00 00                                        ....
[INFO    ][2023-07-21 23:56:13,461] _scanDataPart() :: Result: 14816-14836 (20 bytes)
000039E0   00 00 00 00 D2 97 00 00 00 00 00 00 DA 97 00 00    ................
000039F0   00 00 00 00                                        ....
[INFO    ][2023-07-21 23:56:13,462] _scanDataPart() :: Result: 14836-14856 (20 bytes)
000039F4   E4 97 00 00 00 00 00 00 EC 97 00 00 00 00 00 00    ................
00003A04   F6 97 00 00                                        ....
[INFO    ][2023-07-21 23:56:13,462] _scanDataPart() :: Result: 14856-14876 (20 bytes)
00003A08   00 00 00 00 00 98 00 00 00 00 00 00 0A 98 00 00    ................
00003A18   00 00 00 00                                        ....
[INFO    ][2023-07-21 23:56:13,463] _scanDataPart() :: Result: 14876-14886 (10b minChunk:8 X)
00003A1C   14 98 00 00 00 00 00 00 1E 98                      ..........
[INFO    ][2023-07-21 23:56:13,463] _scanDataPart() :: Result: 15436-15456 (20 bytes)
00003C4C   55 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 68 00    U.CloseHandle.h.
00003C5C   43 6F 6E 6E                                        Conn
[INFO    ][2023-07-21 23:56:13,464] _scanDataPart() :: Result: 15796-15816 (20 bytes)
00003DB4   00 00 4F 03 4C 6F 61 64 4C 69 62 72 61 72 79 57    ..O.LoadLibraryW
00003DC4   00 00 B8 03                                        ....
[INFO    ][2023-07-21 23:56:13,465] _scanDataPart() :: Result: 15996-16016 (20 bytes)
00003E7C   00 00 BE 04 54 6C 73 47 65 74 56 61 6C 75 65 00    ....TlsGetValue.
00003E8C   CB 04 55 6E                                        ..Un
[INFO    ][2023-07-21 23:56:13,465] _scanDataPart() :: Result: 16056-16076 (20 bytes)
00003EB8   E9 04 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74    ..VirtualProtect
00003EC8   00 00 EB 04                                        ....
[INFO    ][2023-07-21 23:56:13,466] _scanDataPart() :: Result: 16406-16416 (10b minChunk:8 X)
00004016   73 70 72 69 6E 74 66 00 46 04                      sprintf.F.
[INFO    ][2023-07-21 23:56:13,467] _scanDataPart() :: Result: 16576-16596 (20 bytes)
000040C0   00 90 00 00 00 90 00 00 4B 45 52 4E 45 4C 33 32    ........KERNEL32
000040D0   2E 64 6C 6C                                        .dll
[INFO    ][2023-07-21 23:56:13,467] _scanDataPart() :: Result: 16716-16726 (10b minChunk:8 X)
0000414C   6D 73 76 63 72 74 2E 64 6C 6C                      msvcrt.dll
[INFO    ][2023-07-21 23:56:13,467] scan() :: Reducer Result: Time:2 Chunks:247 MatchesAdded:71 MatchesFinal:32
[INFO    ][2023-07-21 23:56:13,468] handleFile() :: Result: 47 matches
[INFO    ][2023-07-21 23:56:13,468] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:56:13,532] save() :: Saving HashCache (67871)
[INFO    ][2023-07-21 23:56:13,633] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-21 23:56:13,633] runVerifications() :: Verify 47 matches
[INFO    ][2023-07-21 23:56:13,983] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:14,330] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:15,328] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:16,522] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:17,497] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 27  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 32  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 35  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 37  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 45  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:19,084] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.DETECTED
  Idx: 2  result: ScanResult.DETECTED
  Idx: 3  result: ScanResult.DETECTED
  Idx: 4  result: ScanResult.DETECTED
  Idx: 5  result: ScanResult.DETECTED
  Idx: 6  result: ScanResult.DETECTED
  Idx: 7  result: ScanResult.DETECTED
  Idx: 8  result: ScanResult.DETECTED
  Idx: 9  result: ScanResult.DETECTED
  Idx: 10  result: ScanResult.DETECTED
  Idx: 11  result: ScanResult.DETECTED
  Idx: 12  result: ScanResult.DETECTED
  Idx: 13  result: ScanResult.DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 46  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:21,188] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 46  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:21,189] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:21,235] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:21,236] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:21,236] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:56:21,237] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-21 23:56:21,539] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:56:21,540] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-21 23:56:21,540] outflankPe() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-21 23:56:21,540] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:56:21,541] save() :: Saving HashCache (67985)
[INFO    ][2023-08-04 18:23:28,067] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-04 18:23:28,067] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-04 18:23:28,068] handleFile() :: Using parser for file type EXE
[WARNING ][2023-08-04 18:23:28,080] parseFile() :: Section is invalid, not scanning: .bss 0 0
[WARNING ][2023-08-04 18:23:28,081] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-04 18:23:28,081] load() :: Loading HashCache
[INFO    ][2023-08-04 18:23:28,184] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:23:28,184] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:23:28,263] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:23:28,564] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-08-04 18:23:28,565] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:48:29,689] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-06 16:48:29,689] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-06 16:48:29,690] handleFile() :: Using parser for file type EXE
[WARNING ][2023-08-06 16:48:29,702] parseFile() :: Section is invalid, not scanning: .bss 0 0
[WARNING ][2023-08-06 16:48:29,703] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 16:48:29,703] load() :: Loading HashCache
[INFO    ][2023-08-06 16:48:29,801] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:48:29,801] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:48:29,877] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:48:30,180] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-08-06 16:48:30,182] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:22:41,640] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-06 17:22:41,640] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-06 17:22:41,640] handleFile() :: Using parser for file type EXE
[WARNING ][2023-08-06 17:22:41,652] parseFile() :: Section is invalid, not scanning: .bss 0 0
[WARNING ][2023-08-06 17:22:41,653] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 17:22:41,653] load() :: Loading HashCache
[INFO    ][2023-08-06 17:22:41,752] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:22:41,752] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:22:41,828] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:22:42,128] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-08-06 17:22:42,129] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:26:43,123] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-01 05:26:43,124] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-01 05:26:43,125] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-01 05:26:43,137] parseFile() :: Section is invalid, not scanning: .bss addr:0 size:0
[WARNING ][2023-09-01 05:26:43,138] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-01 05:26:43,138] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-01 05:26:43,139] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:43,244] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:43,244] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:43,328] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:21:24,546] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-24 19:21:24,546] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-24 19:21:24,547] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-24 19:21:24,547] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:21:24,559] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:21:24,559] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-24 19:21:24,559] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,560] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-24 19:21:24,561] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:21:24,562] load() :: Loading HashCache
[INFO    ][2023-09-24 19:21:24,700] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:21:24,701] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:21:24,797] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:21:24,798] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-24 19:21:24,950] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-24 19:21:25,042] init() :: R2: Get all strings
[INFO    ][2023-09-24 19:21:25,042] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-24 19:21:25,090] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:21:25,091] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:42,102] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-25 18:14:42,102] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-25 18:14:42,103] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-25 18:14:42,103] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:14:42,111] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:14:42,112] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-25 18:14:42,112] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,113] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:14:42,113] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:42,114] load() :: Loading HashCache
[INFO    ][2023-09-25 18:14:42,251] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:14:42,251] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:42,348] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:14:42,348] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-25 18:14:42,502] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-25 18:14:42,593] init() :: R2: Get all strings
[INFO    ][2023-09-25 18:14:42,594] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-25 18:14:42,641] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:42,642] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:43,864] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-25 18:21:43,864] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-25 18:21:43,864] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-25 18:21:43,865] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:21:43,873] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:21:43,873] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-25 18:21:43,873] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,874] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:21:43,875] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:43,876] load() :: Loading HashCache
[INFO    ][2023-09-25 18:21:44,010] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:21:44,010] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:44,107] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:21:44,107] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-25 18:21:44,262] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-25 18:21:44,353] init() :: R2: Get all strings
[INFO    ][2023-09-25 18:21:44,354] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-25 18:21:44,402] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:44,403] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:07:17,686] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-29 10:07:17,686] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-29 10:07:17,687] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-29 10:07:17,687] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:07:17,695] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:07:17,695] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-29 10:07:17,696] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,697] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 10:07:17,697] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:07:17,698] load() :: Loading HashCache
[INFO    ][2023-09-29 10:07:17,833] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:07:17,833] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:07:17,928] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:07:17,928] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-29 10:07:18,082] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-29 10:07:18,173] init() :: R2: Get all strings
[INFO    ][2023-09-29 10:07:18,174] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-29 10:07:18,221] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:07:18,222] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:51,032] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-29 12:11:51,032] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-29 12:11:51,033] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-29 12:11:51,033] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:11:51,041] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:11:51,041] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-29 12:11:51,041] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:11:51,041] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,043] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 12:11:51,043] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:51,044] load() :: Loading HashCache
[INFO    ][2023-09-29 12:11:51,180] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:11:51,181] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:51,280] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:11:51,280] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-29 12:11:51,437] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-29 12:11:51,528] init() :: R2: Get all strings
[INFO    ][2023-09-29 12:11:51,529] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-29 12:11:51,577] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:51,578] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:32:45,746] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-30 10:32:45,746] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-30 10:32:45,747] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-30 10:32:45,747] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:32:45,755] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:32:45,755] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-30 10:32:45,755] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:32:45,755] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,755] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,757] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-30 10:32:45,757] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:45,758] load() :: Loading HashCache
[INFO    ][2023-09-30 10:32:45,893] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:32:45,893] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:32:45,992] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:32:45,992] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-30 10:32:46,149] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-30 10:32:46,240] init() :: R2: Get all strings
[INFO    ][2023-09-30 10:32:46,241] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-30 10:32:46,289] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:46,290] save() :: Saving HashCache (102072)