Avred

File 470207F763636745.cobaltstrike-default-64.exe.avira.exe

Name:	470207F763636745.cobaltstrike-default-64.exe.avira.exe
Size:	17,920 bytes
Type:	EXE PE64
MD5:	61f9ae123f5fe14b9696afc3f4e49126

Scanner Name:	avira
Appraisal:	Fragile (AND) based
Scan Debug:	Duration: 3s / Chunks: 247 / Matches: 71
Scan date:	2023-07-21 23:56:10

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
15	1	14346	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
16	1	14366	5	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
17	1	14396	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
18	1	14411	5	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
19	1	14421	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
20	1	14436	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
21	1	14451	5	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
22	1	14461	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
23	1	14476	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
24	1	14491	5	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
25	1	14501	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
26	1	14516	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
27	1	14531	20	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
28	1	14556	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
29	1	14571	5	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
30	1	14581	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
31	1	14596	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
32	1	14611	20	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
33	1	14636	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
39	1	14771	115	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
40	1	15436	20	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
41	1	15796	20	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
42	1	15996	20	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
43	1	16056	20	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
44	1	16406	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
45	1	16576	20	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected
46	1	16716	10	.idata	IMAGE_DIRECTORY_ENTRY_IMPORT	DATA	Dominant. Modify this to make file undetected

Match 15: 14346 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000380A   00 00 C8 98 00 00 44 92 00 00                      ......D...

Match 16: 14366 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000381E   00 00 4C 99 00                                     ..L..

Match 17: 14396 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000383C   4C 94 00 00 00 00 00 00 5A 94                      L.......Z.

Match 18: 14411 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000384B   00 6E 94 00 00                                     .n...

Match 19: 14421 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003855   94 00 00 00 00 00 00 90 94 00                      ..........

Match 20: 14436 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003864   A0 94 00 00 00 00 00 00 B8 94                      ..........

Match 21: 14451 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003873   00 D0 94 00 00                                     .....

Match 22: 14461 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000387D   94 00 00 00 00 00 00 FA 94 00                      ..........

Match 23: 14476 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000388C   10 95 00 00 00 00 00 00 20 95                      ........ .

Match 24: 14491 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000389B   00 34 95 00 00                                     .4...

Match 25: 14501 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038A5   95 00 00 00 00 00 00 58 95 00                      .......X..

Match 26: 14516 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038B4   72 95 00 00 00 00 00 00 82 95                      r.........

Match 27: 14531 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038C3   00 9E 95 00 00 00 00 00 00 B6 95 00 00 00 00 00    ................
000038D3   00 C6 95 00                                        ....

Match 28: 14556 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038DC   E0 95 00 00 00 00 00 00 EC 95                      ..........

Match 29: 14571 (size: 5)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038EB   00 02 96 00 00                                     .....

Match 30: 14581 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000038F5   96 00 00 00 00 00 00 30 96 00                      .......0..

Match 31: 14596 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003904   44 96 00 00 00 00 00 00 62 96                      D.......b.

Match 32: 14611 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003913   00 6A 96 00 00 00 00 00 00 7E 96 00 00 00 00 00    .j.......~......
00003923   00 8C 96 00                                        ....

Match 33: 14636 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000392C   A8 96 00 00 00 00 00 00 B8 96                      ..........

Match 39: 14771 (size: 115)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000039B3   00 98 97 00 00 00 00 00 00 A4 97 00 00 00 00 00    ................
000039C3   00 AC 97 00 00 00 00 00 00 B6 97 00 00 00 00 00    ................
000039D3   00 C0 97 00 00 00 00 00 00 C8 97 00 00 00 00 00    ................
000039E3   00 D2 97 00 00 00 00 00 00 DA 97 00 00 00 00 00    ................
000039F3   00 E4 97 00 00 00 00 00 00 EC 97 00 00 00 00 00    ................
00003A03   00 F6 97 00 00 00 00 00 00 00 98 00 00 00 00 00    ................
00003A13   00 0A 98 00 00 00 00 00 00 14 98 00 00 00 00 00    ................
00003A23   00 1E 98                                           ...

Match 40: 15436 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003C4C   55 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 68 00    U.CloseHandle.h.
00003C5C   43 6F 6E 6E                                        Conn

Match 41: 15796 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003DB4   00 00 4F 03 4C 6F 61 64 4C 69 62 72 61 72 79 57    ..O.LoadLibraryW
00003DC4   00 00 B8 03                                        ....

Match 42: 15996 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003E7C   00 00 BE 04 54 6C 73 47 65 74 56 61 6C 75 65 00    ....TlsGetValue.
00003E8C   CB 04 55 6E                                        ..Un

Match 43: 16056 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00003EB8   E9 04 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74    ..VirtualProtect
00003EC8   00 00 EB 04                                        ....

Match 44: 16406 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

00004016   73 70 72 69 6E 74 66 00 46 04                      sprintf.F.

Match 45: 16576 (size: 20)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

000040C0   00 90 00 00 00 90 00 00 4B 45 52 4E 45 4C 33 32    ........KERNEL32
000040D0   2E 64 6C 6C                                        .dll

Match 46: 16716 (size: 10)

Dominant. Modify this to make file undetected

.idata IMAGE_DIRECTORY_ENTRY_IMPORT

0000414C   6D 73 76 63 72 74 2E 64 6C 6C                      msvcrt.dll

Test #	MatchOrder	ModifyPosition	Match#0 .text 5b	Match#1 .text 4b	Match#2 .text 4b	Match#3 .text 5b	Match#4 .text 4b	Match#5 .text 5b	Match#6 .text 9b	Match#7 .text 5b	Match#8 .text 5b	Match#9 .text 4b	Match#10 .text 4b	Match#11 .text 4b	Match#12 .text 4b	Match#13 .text 4b	Match#14 .text 5b	Match#15 .idata 10b	Match#16 .idata 5b	Match#17 .idata 10b	Match#18 .idata 5b	Match#19 .idata 10b	Match#20 .idata 10b	Match#21 .idata 5b	Match#22 .idata 10b	Match#23 .idata 10b	Match#24 .idata 5b	Match#25 .idata 10b	Match#26 .idata 10b	Match#27 .idata 20b	Match#28 .idata 10b	Match#29 .idata 5b	Match#30 .idata 10b	Match#31 .idata 10b	Match#32 .idata 20b	Match#33 .idata 10b	Match#34 .idata 10b	Match#35 .idata 20b	Match#36 .idata 10b	Match#37 .idata 20b	Match#38 .idata 10b	Match#39 .idata 115b	Match#40 .idata 20b	Match#41 .idata 20b	Match#42 .idata 20b	Match#43 .idata 20b	Match#44 .idata 10b	Match#45 .idata 20b	Match#46 .idata 10b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8																												27					32			35		37		39	40	41	42	43		45
5	INCREMENTAL	FULL	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31	32	33	34	35	36	37	38	39	40	41	42	43	44	45	46
6	DECREMENTAL	FULL	46	45	44	43	42	41	40	39	38	37	36	35	34	33	32	31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
7	ALL	MIDDLE8		0		0	0	0	0	0		0		0			0					0
8	ALL	THIRDS4		0		0	0	0	0	0		0		0			0					0
9	ALL	FULL	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Result			d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-21 23:56:10,148] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-07-21 23:56:10,149] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-07-21 23:56:10,149] handleFile() :: Using parser for file type EXE
[WARNING ][2023-07-21 23:56:10,161] parseFile() :: Section is invalid, not scanning: .bss 0 0
[INFO    ][2023-07-21 23:56:10,161] handleFile() :: Using scanner from command line: avira
[INFO    ][2023-07-21 23:56:10,162] load() :: Loading HashCache
[INFO    ][2023-07-21 23:56:10,257] load() ::   67834 hashes loaded
[INFO    ][2023-07-21 23:56:10,396] handleFile() :: QuickCheck: 470207F763636745.cobaltstrike-default-64.exe.avira.exe is detected by avira and not hash based
[INFO    ][2023-07-21 23:56:10,397] handleFile() :: Scanning for matches...
[INFO    ][2023-07-21 23:56:10,397] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-21 23:56:10,397] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .data -> Detected: True
[INFO    ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .rdata -> Detected: True
[INFO    ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .pdata -> Detected: True
[INFO    ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .xdata -> Detected: True
[INFO    ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .idata -> Detected: False
[INFO    ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .CRT -> Detected: True
[INFO    ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .tls -> Detected: True
[INFO    ][2023-07-21 23:56:10,475] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-21 23:56:10,475] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly
[INFO    ][2023-07-21 23:56:10,475] scanForMatchesInPe() ::   section: .text
[INFO    ][2023-07-21 23:56:10,475] scanForMatchesInPe() ::   section: .idata
[INFO    ][2023-07-21 23:56:10,693] scanForMatchesInPe() :: Launching bytes analysis on section: .text (1024-9728)
[INFO    ][2023-07-21 23:56:10,693] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-21 23:56:10,693] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-21 23:56:10,694] _scanDataPart() :: Result: 1852-1857 (5b minChunk:2 X)
0000073C   8B 35 C6 6C 00                                     .5.l.
[INFO    ][2023-07-21 23:56:10,694] _scanDataPart() :: Result: 1946-1950 (4b minChunk:2 X)
0000079A   2D 69 6C 00                                        -il.
[INFO    ][2023-07-21 23:56:10,695] _scanDataPart() :: Result: 1959-1963 (4b minChunk:2 X)
000007A7   65 6C 00 00                                        el..
[INFO    ][2023-07-21 23:56:10,695] _scanDataPart() :: Result: 1971-1976 (5b minChunk:2 X)
000007B3   0D 4C 6C 00 00                                     .Ll..
[INFO    ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 1980-1984 (4b minChunk:2 X)
000007BC   8B 05 4E 6C                                        ..Nl
[INFO    ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 1988-1993 (5b minChunk:2 X)
000007C4   15 3F 6C 00 00                                     .?l..
[INFO    ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 2001-2005 (4b minChunk:2 X)
000007D1   47 6C 00 00                                        Gl..
[INFO    ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 2005-2010 (5b minChunk:2 X)
000007D5   89 05 3D 6C 00                                     ..=l.
[INFO    ][2023-07-21 23:56:10,697] _scanDataPart() :: Result: 2022-2027 (5b minChunk:2 X)
000007E6   05 15 6C 00 00                                     ..l..
[INFO    ][2023-07-21 23:56:10,697] _scanDataPart() :: Result: 2039-2044 (5b minChunk:2 X)
000007F7   1D 6C 00 00 48                                     .l..H
[INFO    ][2023-07-21 23:56:10,698] _scanDataPart() :: Result: 5835-5839 (4b minChunk:2 X)
000016CB   65 E0 5B 5E                                        e.[^
[INFO    ][2023-07-21 23:56:10,699] _scanDataPart() :: Result: 5873-5877 (4b minChunk:2 X)
000016F1   48 83 E0 F0                                        H...
[INFO    ][2023-07-21 23:56:10,700] _scanDataPart() :: Result: 6417-6421 (4b minChunk:2 X)
00001911   D0 74 E0 77                                        .t.w
[INFO    ][2023-07-21 23:56:10,700] _scanDataPart() :: Result: 6455-6459 (4b minChunk:2 X)
00001937   CD 4D 09 E0                                        .M..
[INFO    ][2023-07-21 23:56:10,701] _scanDataPart() :: Result: 7131-7135 (4b minChunk:2 X)
00001BDB   E8 E0 FD FF                                        ....
[INFO    ][2023-07-21 23:56:10,702] _scanDataPart() :: Result: 7224-7229 (5b minChunk:2 X)
00001C38   C0 74 E0 8B 58                                     .t..X
[INFO    ][2023-07-21 23:56:10,702] scan() :: Reducer Result: Time:0 Chunks:84 MatchesAdded:16 MatchesFinal:15
[INFO    ][2023-07-21 23:56:11,187] scanForMatchesInPe() :: Launching bytes analysis on section: .idata (14336-16896)
[INFO    ][2023-07-21 23:56:11,187] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-21 23:56:11,187] _printStatus() :: Reducing: 85 chunks done, found 0 matches (16 added)
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14346-14351 (5b minChunk:2 X)
0000380A   00 00 C8 98 00                                     .....
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14351-14356 (5b minChunk:2 X)
0000380F   00 44 92 00 00                                     .D...
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14366-14371 (5b minChunk:2 X)
0000381E   00 00 4C 99 00                                     ..L..
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Doubling: minChunkSize: 2  minMatchSize: 4
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14396-14406 (10 bytes)
0000383C   4C 94 00 00 00 00 00 00 5A 94                      L.......Z.
[INFO    ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14411-14416 (5b minChunk:4 X)
0000384B   00 6E 94 00 00                                     .n...
[INFO    ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14421-14426 (5b minChunk:4 X)
00003855   94 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14426-14431 (5b minChunk:4 X)
0000385A   00 00 90 94 00                                     .....
[INFO    ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14436-14446 (10 bytes)
00003864   A0 94 00 00 00 00 00 00 B8 94                      ..........
[INFO    ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14451-14456 (5b minChunk:4 X)
00003873   00 D0 94 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14461-14466 (5b minChunk:4 X)
0000387D   94 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14466-14471 (5b minChunk:4 X)
00003882   00 00 FA 94 00                                     .....
[INFO    ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14476-14486 (10 bytes)
0000388C   10 95 00 00 00 00 00 00 20 95                      ........ .
[INFO    ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14491-14496 (5b minChunk:4 X)
0000389B   00 34 95 00 00                                     .4...
[INFO    ][2023-07-21 23:56:11,336] _scanDataPart() :: Result: 14501-14506 (5b minChunk:4 X)
000038A5   95 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,337] _scanDataPart() :: Result: 14506-14511 (5b minChunk:4 X)
000038AA   00 00 58 95 00                                     ..X..
[INFO    ][2023-07-21 23:56:11,486] _scanDataPart() :: Result: 14516-14526 (10 bytes)
000038B4   72 95 00 00 00 00 00 00 82 95                      r.........
[INFO    ][2023-07-21 23:56:11,486] _scanDataPart() :: Result: 14531-14536 (5b minChunk:4 X)
000038C3   00 9E 95 00 00                                     .....
[INFO    ][2023-07-21 23:56:11,689] _scanDataPart() :: Result: 14536-14546 (10 bytes)
000038C8   00 00 00 00 B6 95 00 00 00 00                      ..........
[INFO    ][2023-07-21 23:56:11,689] _scanDataPart() :: Result: 14546-14551 (5b minChunk:4 X)
000038D2   00 00 C6 95 00                                     .....
[INFO    ][2023-07-21 23:56:11,854] _scanDataPart() :: Result: 14556-14566 (10 bytes)
000038DC   E0 95 00 00 00 00 00 00 EC 95                      ..........
[INFO    ][2023-07-21 23:56:11,854] _scanDataPart() :: Result: 14571-14576 (5b minChunk:4 X)
000038EB   00 02 96 00 00                                     .....
[INFO    ][2023-07-21 23:56:12,048] _scanDataPart() :: Result: 14581-14586 (5b minChunk:4 X)
000038F5   96 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:12,048] _scanDataPart() :: Result: 14586-14591 (5b minChunk:4 X)
000038FA   00 00 30 96 00                                     ..0..
[INFO    ][2023-07-21 23:56:12,282] _scanDataPart() :: Result: 14596-14606 (10 bytes)
00003904   44 96 00 00 00 00 00 00 62 96                      D.......b.
[INFO    ][2023-07-21 23:56:12,283] _scanDataPart() :: Result: 14611-14616 (5b minChunk:4 X)
00003913   00 6A 96 00 00                                     .j...
[INFO    ][2023-07-21 23:56:12,427] _scanDataPart() :: Result: 14616-14626 (10 bytes)
00003918   00 00 00 00 7E 96 00 00 00 00                      ....~.....
[INFO    ][2023-07-21 23:56:12,428] _scanDataPart() :: Result: 14626-14631 (5b minChunk:4 X)
00003922   00 00 8C 96 00                                     .....
[INFO    ][2023-07-21 23:56:12,428] _scanDataPart() :: Result: 14636-14646 (10 bytes)
0000392C   A8 96 00 00 00 00 00 00 B8 96                      ..........
[INFO    ][2023-07-21 23:56:12,574] _scanDataPart() :: Result: 14676-14686 (10 bytes)
00003954   E6 96 00 00 00 00 00 00 FE 96                      ..........
[INFO    ][2023-07-21 23:56:12,575] _scanDataPart() :: Result: 14691-14696 (5b minChunk:4 X)
00003963   00 0C 97 00 00                                     .....
[INFO    ][2023-07-21 23:56:12,762] _scanDataPart() :: Result: 14696-14701 (5b minChunk:4 X)
00003968   00 00 00 00 1C                                     .....
[INFO    ][2023-07-21 23:56:12,762] _scanDataPart() :: Result: 14701-14706 (5b minChunk:4 X)
0000396D   97 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:12,763] _scanDataPart() :: Result: 14706-14711 (5b minChunk:4 X)
00003972   00 00 28 97 00                                     ..(..
[INFO    ][2023-07-21 23:56:12,910] _scanDataPart() :: Result: 14716-14726 (10 bytes)
0000397C   36 97 00 00 00 00 00 00 46 97                      6.......F.
[INFO    ][2023-07-21 23:56:12,911] _scanDataPart() :: Result: 14731-14736 (5b minChunk:4 X)
0000398B   00 58 97 00 00                                     .X...
[INFO    ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14736-14741 (5b minChunk:4 X)
00003990   00 00 00 00 6C                                     ....l
[INFO    ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14741-14746 (5b minChunk:4 X)
00003995   97 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14746-14751 (5b minChunk:4 X)
0000399A   00 00 76 97 00                                     ..v..
[INFO    ][2023-07-21 23:56:13,308] _scanDataPart() :: Result: 14756-14766 (10 bytes)
000039A4   84 97 00 00 00 00 00 00 8E 97                      ..........
[INFO    ][2023-07-21 23:56:13,309] _printStatus() :: Reducing: 193 chunks done, found 24 matches (55 added)
[INFO    ][2023-07-21 23:56:13,309] _scanDataPart() :: Result: 14771-14776 (5b minChunk:4 X)
000039B3   00 98 97 00 00                                     .....
[INFO    ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14776-14781 (5b minChunk:4 X)
000039B8   00 00 00 00 A4                                     .....
[INFO    ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14781-14786 (5b minChunk:4 X)
000039BD   97 00 00 00 00                                     .....
[INFO    ][2023-07-21 23:56:13,460] _scanDataPart() :: Doubling: minChunkSize: 4  minMatchSize: 8
[INFO    ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14786-14796 (10b minChunk:8 X)
000039C2   00 00 AC 97 00 00 00 00 00 00                      ..........
[INFO    ][2023-07-21 23:56:13,461] _scanDataPart() :: Result: 14796-14816 (20 bytes)
000039CC   B6 97 00 00 00 00 00 00 C0 97 00 00 00 00 00 00    ................
000039DC   C8 97 00 00                                        ....
[INFO    ][2023-07-21 23:56:13,461] _scanDataPart() :: Result: 14816-14836 (20 bytes)
000039E0   00 00 00 00 D2 97 00 00 00 00 00 00 DA 97 00 00    ................
000039F0   00 00 00 00                                        ....
[INFO    ][2023-07-21 23:56:13,462] _scanDataPart() :: Result: 14836-14856 (20 bytes)
000039F4   E4 97 00 00 00 00 00 00 EC 97 00 00 00 00 00 00    ................
00003A04   F6 97 00 00                                        ....
[INFO    ][2023-07-21 23:56:13,462] _scanDataPart() :: Result: 14856-14876 (20 bytes)
00003A08   00 00 00 00 00 98 00 00 00 00 00 00 0A 98 00 00    ................
00003A18   00 00 00 00                                        ....
[INFO    ][2023-07-21 23:56:13,463] _scanDataPart() :: Result: 14876-14886 (10b minChunk:8 X)
00003A1C   14 98 00 00 00 00 00 00 1E 98                      ..........
[INFO    ][2023-07-21 23:56:13,463] _scanDataPart() :: Result: 15436-15456 (20 bytes)
00003C4C   55 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 68 00    U.CloseHandle.h.
00003C5C   43 6F 6E 6E                                        Conn
[INFO    ][2023-07-21 23:56:13,464] _scanDataPart() :: Result: 15796-15816 (20 bytes)
00003DB4   00 00 4F 03 4C 6F 61 64 4C 69 62 72 61 72 79 57    ..O.LoadLibraryW
00003DC4   00 00 B8 03                                        ....
[INFO    ][2023-07-21 23:56:13,465] _scanDataPart() :: Result: 15996-16016 (20 bytes)
00003E7C   00 00 BE 04 54 6C 73 47 65 74 56 61 6C 75 65 00    ....TlsGetValue.
00003E8C   CB 04 55 6E                                        ..Un
[INFO    ][2023-07-21 23:56:13,465] _scanDataPart() :: Result: 16056-16076 (20 bytes)
00003EB8   E9 04 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74    ..VirtualProtect
00003EC8   00 00 EB 04                                        ....
[INFO    ][2023-07-21 23:56:13,466] _scanDataPart() :: Result: 16406-16416 (10b minChunk:8 X)
00004016   73 70 72 69 6E 74 66 00 46 04                      sprintf.F.
[INFO    ][2023-07-21 23:56:13,467] _scanDataPart() :: Result: 16576-16596 (20 bytes)
000040C0   00 90 00 00 00 90 00 00 4B 45 52 4E 45 4C 33 32    ........KERNEL32
000040D0   2E 64 6C 6C                                        .dll
[INFO    ][2023-07-21 23:56:13,467] _scanDataPart() :: Result: 16716-16726 (10b minChunk:8 X)
0000414C   6D 73 76 63 72 74 2E 64 6C 6C                      msvcrt.dll
[INFO    ][2023-07-21 23:56:13,467] scan() :: Reducer Result: Time:2 Chunks:247 MatchesAdded:71 MatchesFinal:32
[INFO    ][2023-07-21 23:56:13,468] handleFile() :: Result: 47 matches
[INFO    ][2023-07-21 23:56:13,468] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:56:13,532] save() :: Saving HashCache (67871)
[INFO    ][2023-07-21 23:56:13,633] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-21 23:56:13,633] runVerifications() :: Verify 47 matches
[INFO    ][2023-07-21 23:56:13,983] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:14,330] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:15,328] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:16,522] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:17,497] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 27  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 32  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 35  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 37  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 45  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:19,084] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.DETECTED
  Idx: 2  result: ScanResult.DETECTED
  Idx: 3  result: ScanResult.DETECTED
  Idx: 4  result: ScanResult.DETECTED
  Idx: 5  result: ScanResult.DETECTED
  Idx: 6  result: ScanResult.DETECTED
  Idx: 7  result: ScanResult.DETECTED
  Idx: 8  result: ScanResult.DETECTED
  Idx: 9  result: ScanResult.DETECTED
  Idx: 10  result: ScanResult.DETECTED
  Idx: 11  result: ScanResult.DETECTED
  Idx: 12  result: ScanResult.DETECTED
  Idx: 13  result: ScanResult.DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 46  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:21,188] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 46  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:21,189] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:21,235] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:56:21,236] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:56:21,236] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:56:21,237] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-21 23:56:21,539] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:56:21,540] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-21 23:56:21,540] outflankPe() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-21 23:56:21,540] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:56:21,541] save() :: Saving HashCache (67985)
[INFO    ][2023-08-04 18:23:28,067] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-04 18:23:28,067] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-04 18:23:28,068] handleFile() :: Using parser for file type EXE
[WARNING ][2023-08-04 18:23:28,080] parseFile() :: Section is invalid, not scanning: .bss 0 0
[WARNING ][2023-08-04 18:23:28,081] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-04 18:23:28,081] load() :: Loading HashCache
[INFO    ][2023-08-04 18:23:28,184] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:23:28,184] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:23:28,263] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:23:28,564] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-08-04 18:23:28,565] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:48:29,689] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-06 16:48:29,689] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-06 16:48:29,690] handleFile() :: Using parser for file type EXE
[WARNING ][2023-08-06 16:48:29,702] parseFile() :: Section is invalid, not scanning: .bss 0 0
[WARNING ][2023-08-06 16:48:29,703] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 16:48:29,703] load() :: Loading HashCache
[INFO    ][2023-08-06 16:48:29,801] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:48:29,801] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:48:29,877] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:48:30,180] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-08-06 16:48:30,182] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:22:41,640] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-06 17:22:41,640] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-08-06 17:22:41,640] handleFile() :: Using parser for file type EXE
[WARNING ][2023-08-06 17:22:41,652] parseFile() :: Section is invalid, not scanning: .bss 0 0
[WARNING ][2023-08-06 17:22:41,653] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 17:22:41,653] load() :: Loading HashCache
[INFO    ][2023-08-06 17:22:41,752] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:22:41,752] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:22:41,828] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:22:42,128] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-08-06 17:22:42,129] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:26:43,123] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-01 05:26:43,124] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-01 05:26:43,125] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-01 05:26:43,137] parseFile() :: Section is invalid, not scanning: .bss addr:0 size:0
[WARNING ][2023-09-01 05:26:43,138] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-01 05:26:43,138] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-01 05:26:43,139] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:43,244] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:43,244] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:43,328] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:21:24,546] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-24 19:21:24,546] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-24 19:21:24,547] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-24 19:21:24,547] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:21:24,559] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:21:24,559] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-24 19:21:24,559] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-24 19:21:24,560] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-24 19:21:24,561] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:21:24,562] load() :: Loading HashCache
[INFO    ][2023-09-24 19:21:24,700] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:21:24,701] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:21:24,797] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:21:24,798] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-24 19:21:24,950] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-24 19:21:25,042] init() :: R2: Get all strings
[INFO    ][2023-09-24 19:21:25,042] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-24 19:21:25,090] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:21:25,091] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:42,102] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-25 18:14:42,102] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-25 18:14:42,103] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-25 18:14:42,103] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:14:42,111] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:14:42,112] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-25 18:14:42,112] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-25 18:14:42,113] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:14:42,113] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:42,114] load() :: Loading HashCache
[INFO    ][2023-09-25 18:14:42,251] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:14:42,251] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:42,348] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:14:42,348] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-25 18:14:42,502] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-25 18:14:42,593] init() :: R2: Get all strings
[INFO    ][2023-09-25 18:14:42,594] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-25 18:14:42,641] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:42,642] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:43,864] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-25 18:21:43,864] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-25 18:21:43,864] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-25 18:21:43,865] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:21:43,873] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:21:43,873] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-25 18:21:43,873] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-25 18:21:43,874] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:21:43,875] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:43,876] load() :: Loading HashCache
[INFO    ][2023-09-25 18:21:44,010] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:21:44,010] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:44,107] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:21:44,107] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-25 18:21:44,262] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-25 18:21:44,353] init() :: R2: Get all strings
[INFO    ][2023-09-25 18:21:44,354] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-25 18:21:44,402] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:44,403] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:07:17,686] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-29 10:07:17,686] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-29 10:07:17,687] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-29 10:07:17,687] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:07:17,695] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:07:17,695] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-29 10:07:17,696] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-29 10:07:17,697] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 10:07:17,697] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:07:17,698] load() :: Loading HashCache
[INFO    ][2023-09-29 10:07:17,833] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:07:17,833] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:07:17,928] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:07:17,928] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-29 10:07:18,082] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-29 10:07:18,173] init() :: R2: Get all strings
[INFO    ][2023-09-29 10:07:18,174] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-29 10:07:18,221] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:07:18,222] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:51,032] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-29 12:11:51,032] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-29 12:11:51,033] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-29 12:11:51,033] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:11:51,041] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:11:51,041] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-29 12:11:51,041] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:11:51,041] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-29 12:11:51,043] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 12:11:51,043] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:51,044] load() :: Loading HashCache
[INFO    ][2023-09-29 12:11:51,180] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:11:51,181] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:51,280] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:11:51,280] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-29 12:11:51,437] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-29 12:11:51,528] init() :: R2: Get all strings
[INFO    ][2023-09-29 12:11:51,529] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-29 12:11:51,577] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:51,578] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:32:45,746] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-30 10:32:45,746] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe
[INFO    ][2023-09-30 10:32:45,747] handleFile() :: Using parser for file type EXE
[INFO    ][2023-09-30 10:32:45,747] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:32:45,755] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:32:45,755] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0
[INFO    ][2023-09-30 10:32:45,755] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:32:45,755] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,755] parsePeRegions() :: Data Directory Section 2 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 5 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 14 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[WARNING ][2023-09-30 10:32:45,757] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-30 10:32:45,757] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:45,758] load() :: Loading HashCache
[INFO    ][2023-09-30 10:32:45,893] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:32:45,893] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:32:45,992] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:32:45,992] augmentFilePe() :: Augment: File PE
[INFO    ][2023-09-30 10:32:46,149] augmentFilePe() :: R2: Analyze
[INFO    ][2023-09-30 10:32:46,240] init() :: R2: Get all strings
[INFO    ][2023-09-30 10:32:46,241] augmentFilePe() :: Augment: Matches
[INFO    ][2023-09-30 10:32:46,289] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:46,290] save() :: Saving HashCache (102072)