Avred

File 06AA6C08707CD9B6.Seatbelt.exe

Name:	06AA6C08707CD9B6.Seatbelt.exe
Size:	611,840 bytes
Type:	EXE PE.NET
MD5:	d82ac3aa2e83b5fc3e26acffb688c93f

Scanner Name:	defender
Appraisal:	Fragile (AND) based
Scan Debug:	Duration: 51s / Chunks: 210 / Matches: 42
Scan date:	2023-07-21 13:28:53

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
0	0	2328	43	.text methods	::.ctor	CODE	Dominant. Modify this to make file undetected
1	0	2393	43	.text methods	::get_Commands ::.ctor ::set_Commands	CODE	Dominant. Modify this to make file undetected
6	1	177244	76	.text #~		DATA	Dominant. Modify this to make file undetected
7	1	177677	26	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
8	1	213425	25	.text #~	MethodDef	DATA	Dominant. Modify this to make file undetected
9	1	213476	25	.text #~	MethodDef	DATA	Dominant. Modify this to make file undetected
10	1	213680	51	.text #~	MethodDef	DATA	Dominant. Modify this to make file undetected
11	1	213909	51	.text #~	MethodDef	DATA	Dominant. Modify this to make file undetected
12	1	214856	409	.text #~	MethodDef	DATA	Dominant. Modify this to make file undetected
13	1	298104	51	.text #~	MemberRef	DATA	Dominant. Modify this to make file undetected
14	2	418664	17	.text #Strings		DATA	Dominant. Modify this to make file undetected
15	2	422479	17	.text #Strings		DATA	Dominant. Modify this to make file undetected
16	2	434679	33	.text #Strings		DATA	Dominant. Modify this to make file undetected
17	2	443046	17	.text #Strings		DATA	Dominant. Modify this to make file undetected
18	2	443598	67	.text #Strings		DATA	Dominant. Modify this to make file undetected
19	2	444551	17	.text #Strings		DATA	Dominant. Modify this to make file undetected
20	2	447280	33	.text #Strings		DATA	Dominant. Modify this to make file undetected
21	2	450275	50	.text #Strings		DATA	Dominant. Modify this to make file undetected

Match 0: 2328 (size: 43)

Dominant. Modify this to make file undetected

.text methods ::.ctor

00000918   01 10 00 00 00 00 30 00 35 65 00 18 19 00 00 01    ......0.5e......
00000928   13 30 02 00 44 00 00 00 00 00 00 00 02 28 2B 00    .0..D........(+.
00000938   00 0A 02 03 28 22 00 00 06 02 04                   ....(".....

0x928: Function: ::.ctor

0x928: 13 30 MethodHeader: Size:3 Flags:4 Type:3

0x92a: 02 00 MethodHeader: maxStack: 2

0x92c: 44 00 00 00 MethodHeader: codeSize: 68

0x930: 00 00 00 00 MethodHeader: localVarSigTok: 0

0x934: 02 ldarg.0

0x935: 28 2b 00 00 0a call System.Object::.ctor

0x93a: 02 ldarg.0

0x93b: 03 ldarg.1

0x93c: 28 22 00 00 06 call set_Commands

0x941: 02 ldarg.0

0x942: 04 ldarg.2

0x943: 28 24 00 00 06 call set_CommandGroups

0x948: 02 ldarg.0

0x949: 05 ldarg.3

0x94a: 28 26 00 00 06 call set_OutputFile

0x94f: 02 ldarg.0

0x950: 0e 04 ldarg.s argument(0x0004)

0x952: 28 28 00 00 06 call set_FilterResults

Match 1: 2393 (size: 43)

Dominant. Modify this to make file undetected

.text methods ::get_Commands ::.ctor ::set_Commands

00000959   05 28 2A 00 00 06 02 0E 06 28 2C 00 00 06 02 0E    .(*......(,.....
00000969   07 28 2E 00 00 06 02 0E 08 28 30 00 00 06 2A 1E    .(.......(0...*.
00000979   02 7B 0D 00 00 04 2A 22 02 03 7D                   .{....*"..}

0x928: Function: ::.ctor

0x94a: 28 26 00 00 06 call set_OutputFile

0x94f: 02 ldarg.0

0x950: 0e 04 ldarg.s argument(0x0004)

0x952: 28 28 00 00 06 call set_FilterResults

0x957: 02 ldarg.0

0x958: 0e 05 ldarg.s argument(0x0005)

0x95a: 28 2a 00 00 06 call set_QuietMode

0x95f: 02 ldarg.0

0x960: 0e 06 ldarg.s argument(0x0006)

0x962: 28 2c 00 00 06 call set_ComputerName

0x967: 02 ldarg.0

0x968: 0e 07 ldarg.s argument(0x0007)

0x96a: 28 2e 00 00 06 call set_UserName

0x96f: 02 ldarg.0

0x970: 0e 08 ldarg.s argument(0x0008)

0x972: 28 30 00 00 06 call set_Password

0x977: 2a ret

0x978: Function: ::get_Commands

0x979: 02 ldarg.0

0x97a: 7b 0d 00 00 04 ldfld k__BackingField

0x97f: 2a ret

0x980: Function: ::set_Commands

0x981: 02 ldarg.0

0x982: 03 ldarg.1

0x983: 7d 0d 00 00 04 stfld k__BackingField

0x988: 2a ret

Match 6: 177244 (size: 76)

Dominant. Modify this to make file undetected

.text #~

0002B45C   00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00    ........W..?....
0002B46C   00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00    ...3............
0002B47C   9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00    ....*...l...$...
0002B48C   87 02 00 00 DA 03 00 00 AA 01 00 00 98 15 00 00    ................
0002B49C   69 00 00 00 02 00 00 00 02 00 00 00                i...........

Match 7: 177677 (size: 26)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B60D   00 0A 00 29 ED 00 00 E1 F8 00 00 0A 00 DA CA 00    ...)............
0002B61D   00 E1 F8 00 00 0A 00 29 08 01                      .......)..

0x2b604: TypeRef[29]: ResolutionScope: ref table AssemblyRef[2] TypeName: ManagementClass TypeNamespace: System.Management

0x2b60e: TypeRef[30]: ResolutionScope: ref table AssemblyRef[2] TypeName: ConnectionOptions TypeNamespace: System.Management

0x2b618: TypeRef[31]: ResolutionScope: ref table AssemblyRef[2] TypeName: ManagementObjectSearcher TypeNamespace: System.Management

0x2b622: TypeRef[32]: ResolutionScope: ref table AssemblyRef[2] TypeName: ObjectQuery TypeNamespace: System.Management

Match 8: 213425 (size: 25)

Dominant. Modify this to make file undetected

.text #~ MethodDef

000341B1   F9 00 00 80 03 12 00 8C 26 00 00 00 00 81 00 90    ........&.......
000341C1   F9 00 00 4A 0B 13 00 28 27                         ...J...('

0x341a8: MethodDef[30]: Rva: 0x2634 Name: ParseAndRemoveSwitchArgument Signature: 2001020e ParamList: ref table Param[18] ImplFlags: miIL miManaged Flags: mdHideBySig mdPrivate mdReuseSlot

0x341b8: MethodDef[31]: Rva: 0x268c Name: ParseAndRemoveKeyValueArgument Signature: 20010e0e ParamList: ref table Param[19] ref table Param[20] ImplFlags: miIL miManaged Flags: mdHideBySig mdPrivate mdReuseSlot

0x341c8: MethodDef[32]: Rva: 0x2728 Name: .ctor Signature: 20080115126d010e15126d010e0e02020e0e0e ParamList: ref table Param[21] ref table Param[22] ref table Param[23] ref table Param[24] ref table Param[25] ref table Param[26] ref table Param[27] ref table Param[28] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdRTSpecialName mdReuseSlot mdSpecialName

Match 9: 213476 (size: 25)

Dominant. Modify this to make file undetected

.text #~ MethodDef

000341E4   A6 38 1D 00 80 27 00 00 00 00 86 08 A3 DC 00 00    .8...'..........
000341F4   AE 38 1D 00 89 27 00 00 00                         .8...'...

0x341d8: MethodDef[33]: Rva: 0x2778 Name: get_Commands Signature: 200015126d010e ParamList: (empty) ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

0x341e8: MethodDef[34]: Rva: 0x2780 Name: set_Commands Signature: 20010115126d010e ParamList: ref table Param[29] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

0x341f8: MethodDef[35]: Rva: 0x2789 Name: get_CommandGroups Signature: 200015126d010e ParamList: (empty) ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

Match 10: 213680 (size: 51)

Dominant. Modify this to make file undetected

.text #~ MethodDef

000342B0   4C 8C 00 00 10 00 23 00 EF 27 00 00 00 00 86 08    L.....#..'......
000342C0   53 7D 00 00 FB 00 24 00 F7 27 00 00 00 00 86 08    S}....$..'......
000342D0   60 7D 00 00 10 00 24 00 00 28 00 00 00 00 86 08    `}....$..(......
000342E0   C3 DC 00                                           ...

0x342a8: MethodDef[46]: Rva: 0x27e6 Name: set_UserName Signature: 2001010e ParamList: ref table Param[35] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

0x342b8: MethodDef[47]: Rva: 0x27ef Name: get_Password Signature: 20000e ParamList: (empty) ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

0x342c8: MethodDef[48]: Rva: 0x27f7 Name: set_Password Signature: 2001010e ParamList: ref table Param[36] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

0x342d8: MethodDef[49]: Rva: 0x2800 Name: get_AllCommands Signature: 200015127101128190 ParamList: (empty) ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

Match 11: 213909 (size: 51)

Dominant. Modify this to make file undetected

.text #~ MethodDef

00034395   38 28 00 77 28 00 00 00 00 86 18 7A DA 00 00 E3    8(.w(......z....
000343A5   38 2C 00 90 28 00 00 00 00 86 18 7A DA 00 00 F6    8,..(......z....
000343B5   38 31 00 2C 2A 00 00 00 00 86 00 D7 CA 00 00 0B    81.,*...........
000343C5   39 38 00                                           98.

0x34388: MethodDef[60]: Rva: 0x285b Name: .ctor Signature: 20040112808015126d010e15126d010e02 ParamList: ref table Param[40] ref table Param[41] ref table Param[42] ref table Param[43] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdRTSpecialName mdReuseSlot mdSpecialName

0x34398: MethodDef[61]: Rva: 0x2877 Name: .ctor Signature: 20050112808015126d010e15126d010e020e ParamList: ref table Param[44] ref table Param[45] ref table Param[46] ref table Param[47] ref table Param[48] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdRTSpecialName mdReuseSlot mdSpecialName

0x343a8: MethodDef[62]: Rva: 0x2890 Name: .ctor Signature: 20070112808015126d010e15126d010e020e0e0e ParamList: ref table Param[49] ref table Param[50] ref table Param[51] ref table Param[52] ref table Param[53] ref table Param[54] ref table Param[55] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdRTSpecialName mdReuseSlot mdSpecialName

0x343b8: MethodDef[63]: Rva: 0x2a2c Name: GetManagementObjectSearcher Signature: 2002127d0e0e ParamList: ref table Param[56] ref table Param[57] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot

Match 12: 214856 (size: 409)

Dominant. Modify this to make file undetected

.text #~ MethodDef

00034748   EC 3E 00 00 00 00 86 18 7A DA 00 00 10 00 95 00    .>......z.......
00034758   8C 3F 00 00 00 00 86 00 82 82 00 00 20 3A 96 00    .?.......... :..
00034768   54 40 00 00 00 00 81 00 83 8E 00 00 2B 3A 97 00    T@..........+:..
00034778   E0 40 00 00 00 00 81 00 71 9F 00 00 18 06 98 00    .@......q.......
00034788   32 41 00 00 00 00 E6 01 9C 99 00 00 01 00 99 00    2A..............
00034798   64 41 00 00 00 00 C4 00 62 A1 00 00 01 00 99 00    dA......b.......
000347A8   90 41 00 00 00 00 96 00 3B A5 00 00 34 3A 99 00    .A......;...4:..
000347B8   E8 41 00 00 00 00 86 18 7A DA 00 00 3B 3A 9A 00    .A......z...;:..
000347C8   05 42 00 00 00 00 86 08 5E A8 00 00 FB 00 9D 00    .B......^.......
000347D8   0D 42 00 00 00 00 86 08 7C 7C 00 00 44 3A 9D 00    .B......||..D:..
000347E8   15 42 00 00 00 00 86 08 EF 9E 00 00 3D 00 9D 00    .B..........=...
000347F8   20 42 00 00 00 00 96 00 04 06 01 00 4A 3A 9D 00     B..........J:..
00034808   64 45 00 00 00 00 91 00 8E 9F 00 00 55 3A 9F 00    dE..........U:..
00034818   AE 45 00 00 00 00 96 00 4A 9F 00 00 61 3A A4 00    .E......J...a:..
00034828   CC 45 00 00 00 00 96 00 4A 9F 00 00 6C 3A A9 00    .E......J...l:..
00034838   5C 46 00 00 00 00 96 00 36 9F 00 00 77 3A AE 00    \F......6...w:..
00034848   F0 46 00 00 00 00 96 00 1F 9F 00 00 6C 3A B2 00    .F..........l:..
00034858   80 47 00 00 00 00 96 00 03 9F 00 00 83 3A B7 00    .G...........:..
00034868   F8 47 00 00 00 00 96 00 03 9F 00 00 93 3A BB 00    .G...........:..
00034878   94 48 00 00 00 00 96 00 11 9F 00 00 A3 3A BF 00    .H...........:..
00034888   30 49 00 00 00 00 96 00 EC 9F 00 00 B3 3A C3 00    0I...........:..
00034898   4C 49 00 00 00 00 96 00 EC 9F 00 00 BF 3A C8 00    LI...........:..
000348A8   D8 49 00 00 00 00 96 00 4C E5 00 00 CB 3A CD 00    .I......L....:..
000348B8   7C 4A 00 00 00 00 96 00 4C E5 00 00 DA 3A D0 00    |J......L....:..
000348C8   74 4C 00 00 00 00 96 00 86 E2 00 00 EA 3A D3 00    tL...........:..
000348D8   DC 4C 00 00 00 00 96 00 86                         .L.......

0x34748: MethodDef[120]: Rva: 0x3eec Name: .ctor Signature: 2001010e ParamList: ref table Param[149] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdRTSpecialName mdReuseSlot mdSpecialName

0x34758: MethodDef[121]: Rva: 0x3f8c Name: ReadPrivilege Signature: 2001151271011286000e ParamList: ref table Param[150] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot

0x34768: MethodDef[122]: Rva: 0x4054 Name: ResolveAccountName Signature: 20011286001280ed ParamList: ref table Param[151] ImplFlags: miIL miManaged Flags: mdHideBySig mdPrivate mdReuseSlot

0x34778: MethodDef[123]: Rva: 0x40e0 Name: TestReturnValue Signature: 20010109 ParamList: ref table Param[152] ImplFlags: miIL miManaged Flags: mdHideBySig mdPrivate mdReuseSlot

0x34788: MethodDef[124]: Rva: 0x4132 Name: Dispose Signature: 200001 ParamList: (empty) ImplFlags: miIL miManaged Flags: mdFinal mdHideBySig mdNewSlot mdPublic mdVirtual

0x34798: MethodDef[125]: Rva: 0x4164 Name: Finalize Signature: 200001 ParamList: (empty) ImplFlags: miIL miManaged Flags: mdFamily mdHideBySig mdReuseSlot mdVirtual

0x347a8: MethodDef[126]: Rva: 0x4190 Name: InitLsaString Signature: 00011185840e ParamList: ref table Param[153] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x347b8: MethodDef[127]: Rva: 0x41e8 Name: .ctor Signature: 2003010e1180f91c ParamList: ref table Param[154] ref table Param[155] ref table Param[156] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdRTSpecialName mdReuseSlot mdSpecialName

0x347c8: MethodDef[128]: Rva: 0x4205 Name: get_Path Signature: 20000e ParamList: (empty) ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

0x347d8: MethodDef[129]: Rva: 0x420d Name: get_Kind Signature: 20001180f9 ParamList: (empty) ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

0x347e8: MethodDef[130]: Rva: 0x4215 Name: get_Value Signature: 20001c ParamList: (empty) ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdSpecialName

0x347f8: MethodDef[131]: Rva: 0x4220 Name: OpenBaseKey Signature: 00021280fd1180851150 ParamList: ref table Param[157] ref table Param[158] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34808: MethodDef[132]: Rva: 0x4564 Name: GetValue Signature: 000412581180850e0e1150 ParamList: ref table Param[159] ref table Param[160] ref table Param[161] ref table Param[162] ref table Param[163] ImplFlags: miIL miManaged Flags: mdHideBySig mdPrivate mdReuseSlot mdStatic

0x34818: MethodDef[133]: Rva: 0x45ae Name: GetStringValue Signature: 00040e1180850e0e1150 ParamList: ref table Param[164] ref table Param[165] ref table Param[166] ref table Param[167] ref table Param[168] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34828: MethodDef[134]: Rva: 0x45cc Name: GetStringValue Signature: 00040e1180850e0e1275 ParamList: ref table Param[169] ref table Param[170] ref table Param[171] ref table Param[172] ref table Param[173] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34838: MethodDef[135]: Rva: 0x465c Name: GetMultiStringValue Signature: 00041d0e1180850e0e1275 ParamList: ref table Param[174] ref table Param[175] ref table Param[176] ref table Param[177] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34848: MethodDef[136]: Rva: 0x46f0 Name: GetExpandedStringValue Signature: 00040e1180850e0e1275 ParamList: ref table Param[178] ref table Param[179] ref table Param[180] ref table Param[181] ref table Param[182] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34858: MethodDef[137]: Rva: 0x4780 Name: GetDwordValue Signature: 00041511808901091180850e0e1150 ParamList: ref table Param[183] ref table Param[184] ref table Param[185] ref table Param[186] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34868: MethodDef[138]: Rva: 0x47f8 Name: GetDwordValue Signature: 00041511808901091180850e0e1275 ParamList: ref table Param[187] ref table Param[188] ref table Param[189] ref table Param[190] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34878: MethodDef[139]: Rva: 0x4894 Name: GetQwordValue Signature: 000415118089010a1180850e0e1275 ParamList: ref table Param[191] ref table Param[192] ref table Param[193] ref table Param[194] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34888: MethodDef[140]: Rva: 0x4930 Name: GetBinaryValue Signature: 00041d051180850e0e1150 ParamList: ref table Param[195] ref table Param[196] ref table Param[197] ref table Param[198] ref table Param[199] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x34898: MethodDef[141]: Rva: 0x494c Name: GetBinaryValue Signature: 00041d051180850e0e1275 ParamList: ref table Param[200] ref table Param[201] ref table Param[202] ref table Param[203] ref table Param[204] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x348a8: MethodDef[142]: Rva: 0x49d8 Name: GetValues Signature: 00031512808d020e1c1180850e0e ParamList: ref table Param[205] ref table Param[206] ref table Param[207] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x348b8: MethodDef[143]: Rva: 0x4a7c Name: GetValues Signature: 00031512808d020e1c1180850e1275 ParamList: ref table Param[208] ref table Param[209] ref table Param[210] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x348c8: MethodDef[144]: Rva: 0x4c74 Name: GetSubkeyNames Signature: 00031d0e1180850e0e ParamList: ref table Param[211] ref table Param[212] ref table Param[213] ref table Param[214] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

0x348d8: MethodDef[145]: Rva: 0x4cdc Name: GetSubkeyNames Signature: 00031d0e1180850e1275 ParamList: ref table Param[215] ref table Param[216] ref table Param[217] ref table Param[218] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot mdStatic

Match 13: 298104 (size: 51)

Dominant. Modify this to make file undetected

.text #~ MemberRef

00048C78   00 00 10 00 F1 00 F7 BB 00 00 4C 02 F1 00 E6 DE    ..........L.....
00048C88   00 00 15 00 B1 04 D0 F4 00 00 53 02 F1 04 7A DA    ..........S...z.
00048C98   00 00 5A 02 F1 04 58 F5 00 00 01 00 F1 04 7A DA    ..Z...X.......z.
00048CA8   00 00 10                                           ...

0x48c74: MemberRef[85]: Class: ref table TypeRef[30] Name: set_Password Signature: 2001010e

0x48c7c: MemberRef[86]: Class: ref table TypeRef[30] Name: set_Impersonation Signature: 200101118275

0x48c84: MemberRef[87]: Class: ref table TypeRef[30] Name: set_EnablePrivileges Signature: 20010102

0x48c8c: MemberRef[88]: Class: ref table TypeRef[150] Name: Concat Signature: 00030e0e0e0e

0x48c94: MemberRef[89]: Class: ref table TypeRef[158] Name: .ctor Signature: 2002010e1279

0x48c9c: MemberRef[90]: Class: ref table TypeRef[158] Name: Connect Signature: 200001

0x48ca4: MemberRef[91]: Class: ref table TypeRef[158] Name: .ctor Signature: 2001010e

Match 14: 418664 (size: 17)

Dominant. Modify this to make file undetected

.text #Strings

00066368   73 65 74 5F 50 61 73 73 77 6F 72 64 00 67 65 74    set_Password.get
00066378   5F                                                 _

Match 15: 422479 (size: 17)

Dominant. Modify this to make file undetected

.text #Strings

0006724F   4E 61 6D 65 00 73 65 74 5F 55 73 65 72 4E 61 6D    Name.set_UserNam
0006725F   65                                                 e

Match 16: 434679 (size: 33)

Dominant. Modify this to make file undetected

.text #Strings

0006A1F7   72 6D 61 74 69 6F 6E 00 73 65 74 5F 49 6D 70 65    rmation.set_Impe
0006A207   72 73 6F 6E 61 74 69 6F 6E 00 56 69 72 74 75 61    rsonation.Virtua
0006A217   6C                                                 l

Match 17: 443046 (size: 17)

Dominant. Modify this to make file undetected

.text #Strings

0006C2A6   61 6E 64 73 00 73 65 74 5F 43 6F 6D 6D 61 6E 64    ands.set_Command
0006C2B6   73                                                 s

Match 18: 443598 (size: 67)

Dominant. Modify this to make file undetected

.text #Strings

0006C4CE   67 75 61 67 65 73 00 54 6F 6B 65 6E 47 72 6F 75    guages.TokenGrou
0006C4DE   70 73 41 6E 64 50 72 69 76 69 6C 65 67 65 73 00    psAndPrivileges.
0006C4EE   73 65 74 5F 45 6E 61 62 6C 65 50 72 69 76 69 6C    set_EnablePrivil
0006C4FE   65 67 65 73 00 5F 61 6C 6C 50 72 69 76 69 6C 65    eges._allPrivile
0006C50E   67 65 73                                           ges

Match 19: 444551 (size: 17)

Dominant. Modify this to make file undetected

.text #Strings

0006C887   79 4E 61 6D 65 73 00 47 65 74 53 75 62 6B 65 79    yNames.GetSubkey
0006C897   4E                                                 N

Match 20: 447280 (size: 33)

Dominant. Modify this to make file undetected

.text #Strings

0006D330   00 43 6F 6E 6E 65 63 74 69 6F 6E 4F 70 74 69 6F    .ConnectionOptio
0006D340   6E 73 00 53 79 73 6D 6F 6E 4F 70 74 69 6F 6E 73    ns.SysmonOptions
0006D350   00                                                 .

Match 21: 450275 (size: 50)

Dominant. Modify this to make file undetected

.text #Strings

0006DEE3   72 69 61 6E 74 00 53 79 73 74 65 6D 2E 4D 61 6E    riant.System.Man
0006DEF3   61 67 65 6D 65 6E 74 00 70 52 65 73 6F 75 72 63    agement.pResourc
0006DF03   65 45 6C 65 6D 65 6E 74 00 58 6D 6C 45 6C 65 6D    eElement.XmlElem
0006DF13   65 6E                                              en

Test #	MatchOrder	ModifyPosition	Match#0 methods 43b	Match#1 methods 43b	Match#2 methods 21b	Match#3 methods 22b	Match#4 methods 22b	Match#5 methods 43b	Match#6 #~ 76b	Match#7 #~ 26b	Match#8 #~ 25b	Match#9 #~ 25b	Match#10 #~ 51b	Match#11 #~ 51b	Match#12 #~ 409b	Match#13 #~ 51b	Match#14 #Strings 17b	Match#15 #Strings 17b	Match#16 #Strings 33b	Match#17 #Strings 17b	Match#18 #Strings 67b	Match#19 #Strings 17b	Match#20 #Strings 33b	Match#21 #Strings 50b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21
5	INCREMENTAL	FULL	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21
6	DECREMENTAL	FULL	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
7	ALL	MIDDLE8	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
8	ALL	THIRDS4	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
9	ALL	FULL	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Result			c	c	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-21 13:28:49,018] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-07-21 13:28:49,018] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-07-21 13:28:49,019] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-21 13:28:49,531] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 13:28:49,531] handleFile() :: Using scanner from command line: defender
[INFO    ][2023-07-21 13:28:49,533] load() :: Loading HashCache
[INFO    ][2023-07-21 13:28:49,686] load() ::   50613 hashes loaded
[INFO    ][2023-07-21 13:28:53,067] handleFile() :: QuickCheck: 06AA6C08707CD9B6.Seatbelt.exe is detected by defender and not hash based
[INFO    ][2023-07-21 13:28:53,068] handleFile() :: Scanning for matches...
[INFO    ][2023-07-21 13:28:53,068] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-21 13:28:53,116] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-21 13:28:53,118] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO    ][2023-07-21 13:28:53,119] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-21 13:28:54,667] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-21 13:28:56,320] findDetectedSections() :: Hide: DotNet Header -> Detected: False
[INFO    ][2023-07-21 13:28:57,955] findDetectedSections() :: Hide: Metadata Header -> Detected: False
[INFO    ][2023-07-21 13:28:57,956] findDetectedSections() :: Hide: methods -> Detected: False
[INFO    ][2023-07-21 13:29:00,094] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False
[INFO    ][2023-07-21 13:29:02,136] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False
[INFO    ][2023-07-21 13:29:03,815] findDetectedSections() :: Hide: #US Stream Header -> Detected: True
[INFO    ][2023-07-21 13:29:05,521] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True
[INFO    ][2023-07-21 13:29:07,261] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True
[INFO    ][2023-07-21 13:29:07,262] findDetectedSections() :: Hide: #~ -> Detected: False
[INFO    ][2023-07-21 13:29:07,263] findDetectedSections() :: Hide: #Strings -> Detected: False
[INFO    ][2023-07-21 13:29:07,264] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-21 13:29:07,265] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-21 13:29:07,266] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-21 13:29:07,267] scanForMatchesInPe() :: 3 section(s) trigger the antivirus independantly
[INFO    ][2023-07-21 13:29:07,267] scanForMatchesInPe() ::   section: methods
[INFO    ][2023-07-21 13:29:07,267] scanForMatchesInPe() ::   section: #~
[INFO    ][2023-07-21 13:29:07,267] scanForMatchesInPe() ::   section: #Strings
[INFO    ][2023-07-21 13:29:12,254] scanForMatchesInPe() :: Launching bytes analysis on section: methods (584-177136)
[INFO    ][2023-07-21 13:29:12,254] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:16 MinMatchSize:32
[INFO    ][2023-07-21 13:29:12,254] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-21 13:29:12,276] _scanDataPart() :: Result: 2328-2350 (22b minChunk:16 X)
00000918   01 10 00 00 00 00 30 00 35 65 00 18 19 00 00 01    ......0.5e......
00000928   13 30 02 00 44 00                                  .0..D.
[INFO    ][2023-07-21 13:29:12,278] _scanDataPart() :: Result: 2350-2371 (21b minChunk:16 X)
0000092E   00 00 00 00 00 00 02 28 2B 00 00 0A 02 03 28 22    .......(+.....("
0000093E   00 00 06 02 04                                     .....
[INFO    ][2023-07-21 13:29:12,282] _scanDataPart() :: Result: 2393-2436 (43 bytes)
00000959   05 28 2A 00 00 06 02 0E 06 28 2C 00 00 06 02 0E    .(*......(,.....
00000969   07 28 2E 00 00 06 02 0E 08 28 30 00 00 06 2A 1E    .(.......(0...*.
00000979   02 7B 0D 00 00 04 2A 22 02 03 7D                   .{....*"..}
[INFO    ][2023-07-21 13:29:12,290] _scanDataPart() :: Result: 2695-2716 (21b minChunk:16 X)
00000A87   02 00 70 28 3E 00 00 06 2A 1B 30 05 00 7E 01 00    ..p(>...*.0..~..
00000A97   00 0A 00 00 11                                     .....
[INFO    ][2023-07-21 13:29:12,295] _scanDataPart() :: Result: 2931-2953 (22b minChunk:16 X)
00000B73   6F 56 00 00 0A 06 17 6F 57 00 00 0A 72 C4 02 00    oV.....oW...r...
00000B83   70 0E 05 72 CA 02                                  p..r..
[INFO    ][2023-07-21 13:29:12,301] _scanDataPart() :: Result: 3104-3126 (22b minChunk:16 X)
00000C20   00 00 52 00 EE 40 01 25 19 00 00 01 1B 30 04 00    ..R..@.%.....0..
00000C30   E5 00 00 00 0B 00                                  ......
[INFO    ][2023-07-21 13:29:12,306] _scanDataPart() :: Result: 3190-3212 (22b minChunk:16 X)
00000C76   00 00 0A 25 02 28 3A 00 00 06 6F 55 00 00 0A 25    ...%.(:...oU...%
00000C86   19 6F 56 00 00 0A                                  .oV...
[INFO    ][2023-07-21 13:29:12,308] _scanDataPart() :: Result: 3212-3233 (21b minChunk:16 X)
00000C8C   25 17 6F 57 00 00 0A 0A 72 C4 02 00 70 02 28 38    %.oW....r...p.(8
00000C9C   00 00 06 72 5C                                     ...r\
[INFO    ][2023-07-21 13:29:12,308] scan() :: Reducer Result: Time:0 Chunks:39 MatchesAdded:8 MatchesFinal:6
[INFO    ][2023-07-21 13:29:17,624] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (177244-386568)
[INFO    ][2023-07-21 13:29:17,624] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:16 MinMatchSize:32
[INFO    ][2023-07-21 13:29:17,624] _printStatus() :: Reducing: 40 chunks done, found 0 matches (8 added)
[INFO    ][2023-07-21 13:29:17,647] _scanDataPart() :: Result: 177244-177295 (51 bytes)
0002B45C   00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00    ........W..?....
0002B46C   00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00    ...3............
0002B47C   9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00    ....*...l...$...
0002B48C   87 02 00                                           ...
[INFO    ][2023-07-21 13:29:17,649] _scanDataPart() :: Result: 177295-177320 (25b minChunk:16 X)
0002B48F   00 DA 03 00 00 AA 01 00 00 98 15 00 00 69 00 00    .............i..
0002B49F   00 02 00 00 00 02 00 00 00                         .........
[INFO    ][2023-07-21 13:29:17,656] _scanDataPart() :: Result: 177677-177703 (26b minChunk:16 X)
0002B60D   00 0A 00 29 ED 00 00 E1 F8 00 00 0A 00 DA CA 00    ...)............
0002B61D   00 E1 F8 00 00 0A 00 29 08 01                      .......)..
[INFO    ][2023-07-21 13:29:17,672] _scanDataPart() :: Result: 213425-213450 (25b minChunk:16 X)
000341B1   F9 00 00 80 03 12 00 8C 26 00 00 00 00 81 00 90    ........&.......
000341C1   F9 00 00 4A 0B 13 00 28 27                         ...J...('
[INFO    ][2023-07-21 13:29:17,674] _scanDataPart() :: Result: 213476-213501 (25b minChunk:16 X)
000341E4   A6 38 1D 00 80 27 00 00 00 00 86 08 A3 DC 00 00    .8...'..........
000341F4   AE 38 1D 00 89 27 00 00 00                         .8...'...
[INFO    ][2023-07-21 13:29:17,680] _scanDataPart() :: Result: 213680-213731 (51 bytes)
000342B0   4C 8C 00 00 10 00 23 00 EF 27 00 00 00 00 86 08    L.....#..'......
000342C0   53 7D 00 00 FB 00 24 00 F7 27 00 00 00 00 86 08    S}....$..'......
000342D0   60 7D 00 00 10 00 24 00 00 28 00 00 00 00 86 08    `}....$..(......
000342E0   C3 DC 00                                           ...
[INFO    ][2023-07-21 13:29:17,685] _scanDataPart() :: Result: 213909-213935 (26b minChunk:16 X)
00034395   38 28 00 77 28 00 00 00 00 86 18 7A DA 00 00 E3    8(.w(......z....
000343A5   38 2C 00 90 28 00 00 00 00 86                      8,..(.....
[INFO    ][2023-07-21 13:29:17,689] _scanDataPart() :: Result: 213935-213960 (25b minChunk:16 X)
000343AF   18 7A DA 00 00 F6 38 31 00 2C 2A 00 00 00 00 86    .z....81.,*.....
000343BF   00 D7 CA 00 00 0B 39 38 00                         ......98.
[INFO    ][2023-07-21 13:29:17,699] _scanDataPart() :: Result: 214856-214881 (25b minChunk:16 X)
00034748   EC 3E 00 00 00 00 86 18 7A DA 00 00 10 00 95 00    .>......z.......
00034758   8C 3F 00 00 00 00 86 00 82                         .?.......
[INFO    ][2023-07-21 13:29:17,699] _scanDataPart() :: Result: 214881-214907 (26b minChunk:16 X)
00034761   82 00 00 20 3A 96 00 54 40 00 00 00 00 81 00 83    ... :..T@.......
00034771   8E 00 00 2B 3A 97 00 E0 40 00                      ...+:...@.
[INFO    ][2023-07-21 13:29:17,701] _scanDataPart() :: Result: 214907-214932 (25b minChunk:16 X)
0003477B   00 00 00 81 00 71 9F 00 00 18 06 98 00 32 41 00    .....q.......2A.
0003478B   00 00 00 E6 01 9C 99 00 00                         .........
[INFO    ][2023-07-21 13:29:17,701] _scanDataPart() :: Result: 214932-214958 (26b minChunk:16 X)
00034794   01 00 99 00 64 41 00 00 00 00 C4 00 62 A1 00 00    ....dA......b...
000347A4   01 00 99 00 90 41 00 00 00 00                      .....A....
[INFO    ][2023-07-21 13:29:17,704] _scanDataPart() :: Result: 214958-214983 (25b minChunk:16 X)
000347AE   96 00 3B A5 00 00 34 3A 99 00 E8 41 00 00 00 00    ..;...4:...A....
000347BE   86 18 7A DA 00 00 3B 3A 9A                         ..z...;:.
[INFO    ][2023-07-21 13:29:17,705] _scanDataPart() :: Result: 214983-215009 (26b minChunk:16 X)
000347C7   00 05 42 00 00 00 00 86 08 5E A8 00 00 FB 00 9D    ..B......^......
000347D7   00 0D 42 00 00 00 00 86 08 7C                      ..B......|
[INFO    ][2023-07-21 13:29:17,706] _scanDataPart() :: Doubling: minChunkSize: 16  minMatchSize: 32
[INFO    ][2023-07-21 13:29:17,706] _scanDataPart() :: Result: 215009-215034 (25b minChunk:32 X)
000347E1   7C 00 00 44 3A 9D 00 15 42 00 00 00 00 86 08 EF    |..D:...B.......
000347F1   9E 00 00 3D 00 9D 00 20 42                         ...=... B
[INFO    ][2023-07-21 13:29:17,706] _scanDataPart() :: Result: 215034-215060 (26b minChunk:32 X)
000347FA   00 00 00 00 96 00 04 06 01 00 4A 3A 9D 00 64 45    ..........J:..dE
0003480A   00 00 00 00 91 00 8E 9F 00 00                      ..........
[INFO    ][2023-07-21 13:29:17,710] _scanDataPart() :: Result: 215060-215111 (51b minChunk:32 X)
00034814   55 3A 9F 00 AE 45 00 00 00 00 96 00 4A 9F 00 00    U:...E......J...
00034824   61 3A A4 00 CC 45 00 00 00 00 96 00 4A 9F 00 00    a:...E......J...
00034834   6C 3A A9 00 5C 46 00 00 00 00 96 00 36 9F 00 00    l:..\F......6...
00034844   77 3A AE                                           w:.
[INFO    ][2023-07-21 13:29:17,710] _scanDataPart() :: Result: 215111-215162 (51b minChunk:32 X)
00034847   00 F0 46 00 00 00 00 96 00 1F 9F 00 00 6C 3A B2    ..F..........l:.
00034857   00 80 47 00 00 00 00 96 00 03 9F 00 00 83 3A B7    ..G...........:.
00034867   00 F8 47 00 00 00 00 96 00 03 9F 00 00 93 3A BB    ..G...........:.
00034877   00 94 48                                           ..H
[INFO    ][2023-07-21 13:29:17,712] _scanDataPart() :: Result: 215162-215213 (51b minChunk:32 X)
0003487A   00 00 00 00 96 00 11 9F 00 00 A3 3A BF 00 30 49    ...........:..0I
0003488A   00 00 00 00 96 00 EC 9F 00 00 B3 3A C3 00 4C 49    ...........:..LI
0003489A   00 00 00 00 96 00 EC 9F 00 00 BF 3A C8 00 D8 49    ...........:...I
000348AA   00 00 00                                           ...
[INFO    ][2023-07-21 13:29:17,712] _scanDataPart() :: Result: 215213-215265 (52b minChunk:32 X)
000348AD   00 96 00 4C E5 00 00 CB 3A CD 00 7C 4A 00 00 00    ...L....:..|J...
000348BD   00 96 00 4C E5 00 00 DA 3A D0 00 74 4C 00 00 00    ...L....:..tL...
000348CD   00 96 00 86 E2 00 00 EA 3A D3 00 DC 4C 00 00 00    ........:...L...
000348DD   00 96 00 86                                        ....
[INFO    ][2023-07-21 13:29:17,730] _scanDataPart() :: Result: 298104-298155 (51b minChunk:32 X)
00048C78   00 00 10 00 F1 00 F7 BB 00 00 4C 02 F1 00 E6 DE    ..........L.....
00048C88   00 00 15 00 B1 04 D0 F4 00 00 53 02 F1 04 7A DA    ..........S...z.
00048C98   00 00 5A 02 F1 04 58 F5 00 00 01 00 F1 04 7A DA    ..Z...X.......z.
00048CA8   00 00 10                                           ...
[INFO    ][2023-07-21 13:29:17,731] scan() :: Reducer Result: Time:0 Chunks:120 MatchesAdded:29 MatchesFinal:8
[INFO    ][2023-07-21 13:29:22,908] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (386568-455112)
[INFO    ][2023-07-21 13:29:22,908] scan() :: Reducer Start: ScanSpeed:Normal Iteration:2 MinChunkSize:8 MinMatchSize:16
[INFO    ][2023-07-21 13:29:22,908] _printStatus() :: Reducing: 121 chunks done, found 0 matches (29 added)
[INFO    ][2023-07-21 13:29:22,929] _scanDataPart() :: Result: 418664-418681 (17b minChunk:8 X)
00066368   73 65 74 5F 50 61 73 73 77 6F 72 64 00 67 65 74    set_Password.get
00066378   5F                                                 _
[INFO    ][2023-07-21 13:29:22,947] _scanDataPart() :: Result: 422479-422496 (17b minChunk:8 X)
0006724F   4E 61 6D 65 00 73 65 74 5F 55 73 65 72 4E 61 6D    Name.set_UserNam
0006725F   65                                                 e
[INFO    ][2023-07-21 13:29:27,011] _printStatus() :: Reducing: 154 chunks done, found 2 matches (31 added)
[INFO    ][2023-07-21 13:29:30,395] _printStatus() :: Reducing: 155 chunks done, found 2 matches (31 added)
[INFO    ][2023-07-21 13:29:30,395] _scanDataPart() :: Result: 434679-434696 (17b minChunk:8 X)
0006A1F7   72 6D 61 74 69 6F 6E 00 73 65 74 5F 49 6D 70 65    rmation.set_Impe
0006A207   72                                                 r
[INFO    ][2023-07-21 13:29:33,914] _printStatus() :: Reducing: 157 chunks done, found 3 matches (32 added)
[INFO    ][2023-07-21 13:29:37,485] _printStatus() :: Reducing: 158 chunks done, found 3 matches (32 added)
[INFO    ][2023-07-21 13:29:37,485] _scanDataPart() :: Result: 434696-434712 (16b minChunk:8 X)
0006A208   73 6F 6E 61 74 69 6F 6E 00 56 69 72 74 75 61 6C    sonation.Virtual
[INFO    ][2023-07-21 13:29:37,504] _scanDataPart() :: Result: 443046-443063 (17b minChunk:8 X)
0006C2A6   61 6E 64 73 00 73 65 74 5F 43 6F 6D 6D 61 6E 64    ands.set_Command
0006C2B6   73                                                 s
[INFO    ][2023-07-21 13:29:40,930] _printStatus() :: Reducing: 176 chunks done, found 4 matches (34 added)
[INFO    ][2023-07-21 13:29:40,930] _scanDataPart() :: Result: 443598-443614 (16b minChunk:8 X)
0006C4CE   67 75 61 67 65 73 00 54 6F 6B 65 6E 47 72 6F 75    guages.TokenGrou
[INFO    ][2023-07-21 13:29:40,930] _scanDataPart() :: Result: 443614-443631 (17b minChunk:8 X)
0006C4DE   70 73 41 6E 64 50 72 69 76 69 6C 65 67 65 73 00    psAndPrivileges.
0006C4EE   73                                                 s
[INFO    ][2023-07-21 13:29:44,418] _printStatus() :: Reducing: 179 chunks done, found 5 matches (36 added)
[INFO    ][2023-07-21 13:29:44,418] _scanDataPart() :: Result: 443631-443648 (17b minChunk:8 X)
0006C4EF   65 74 5F 45 6E 61 62 6C 65 50 72 69 76 69 6C 65    et_EnablePrivile
0006C4FF   67                                                 g
[INFO    ][2023-07-21 13:29:44,418] _scanDataPart() :: Result: 443648-443665 (17b minChunk:8 X)
0006C500   65 73 00 5F 61 6C 6C 50 72 69 76 69 6C 65 67 65    es._allPrivilege
0006C510   73                                                 s
[INFO    ][2023-07-21 13:29:44,432] _scanDataPart() :: Result: 444551-444568 (17b minChunk:8 X)
0006C887   79 4E 61 6D 65 73 00 47 65 74 53 75 62 6B 65 79    yNames.GetSubkey
0006C897   4E                                                 N
[INFO    ][2023-07-21 13:29:44,447] _scanDataPart() :: Result: 447280-447313 (33 bytes)
0006D330   00 43 6F 6E 6E 65 63 74 69 6F 6E 4F 70 74 69 6F    .ConnectionOptio
0006D340   6E 73 00 53 79 73 6D 6F 6E 4F 70 74 69 6F 6E 73    ns.SysmonOptions
0006D350   00                                                 .
[INFO    ][2023-07-21 13:29:44,450] _scanDataPart() :: Doubling: minChunkSize: 8  minMatchSize: 16
[INFO    ][2023-07-21 13:29:44,458] _scanDataPart() :: Result: 450275-450292 (17b minChunk:16 X)
0006DEE3   72 69 61 6E 74 00 53 79 73 74 65 6D 2E 4D 61 6E    riant.System.Man
0006DEF3   61                                                 a
[INFO    ][2023-07-21 13:29:44,465] _scanDataPart() :: Result: 450292-450325 (33b minChunk:16 X)
0006DEF4   67 65 6D 65 6E 74 00 70 52 65 73 6F 75 72 63 65    gement.pResource
0006DF04   45 6C 65 6D 65 6E 74 00 58 6D 6C 45 6C 65 6D 65    Element.XmlEleme
0006DF14   6E                                                 n
[INFO    ][2023-07-21 13:29:44,465] scan() :: Reducer Result: Time:22 Chunks:210 MatchesAdded:42 MatchesFinal:8
[INFO    ][2023-07-21 13:29:44,465] handleFile() :: Result: 22 matches
[INFO    ][2023-07-21 13:29:44,465] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-07-21 13:29:46,600] save() :: Saving HashCache (50646)
[INFO    ][2023-07-21 13:29:46,659] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-21 13:29:46,659] runVerifications() :: Verify 22 matches
[INFO    ][2023-07-21 13:30:16,801] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:30:47,073] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:31:17,944] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:31:48,913] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:32:26,917] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:33:04,424] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:33:39,584] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:33:39,586] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:33:41,719] runVerifications() :: Verification run: 8 THIRDS4 ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:33:41,721] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 13:33:41,721] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-07-21 13:33:41,722] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-21 13:33:42,248] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 13:33:44,862] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-07-21 13:33:44,862] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-07-21 13:33:44,862] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-07-21 13:33:44,862] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-07-21 13:33:44,863] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-07-21 13:33:44,863] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-07-21 13:33:44,875] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-07-21 13:33:44,876] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-21 13:33:44,877] outflankDotnet() :: Outflank failed with attempted 1 patches
[INFO    ][2023-07-21 13:33:44,877] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-07-21 13:33:44,878] save() :: Saving HashCache (50777)
[INFO    ][2023-08-04 18:21:14,799] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-08-04 18:21:14,799] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-08-04 18:21:14,800] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-04 18:21:15,313] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-04 18:21:15,314] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-08-04 18:21:15,314] load() :: Loading HashCache
[INFO    ][2023-08-04 18:21:15,517] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:21:15,517] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:21:15,615] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:21:16,195] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-04 18:21:23,026] init() :: DotnetData entries: 23564
[INFO    ][2023-08-04 18:21:23,027] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-08-04 18:21:23,027] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-08-04 18:21:23,027] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-08-04 18:21:23,027] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-08-04 18:21:23,028] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-08-04 18:21:23,028] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-08-04 18:21:23,048] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-08-04 18:21:23,049] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:46:13,503] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-08-06 16:46:13,503] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-08-06 16:46:13,504] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 16:46:14,015] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 16:46:14,016] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-08-06 16:46:14,017] load() :: Loading HashCache
[INFO    ][2023-08-06 16:46:14,207] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:46:14,207] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:46:14,288] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:46:14,839] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 16:46:21,480] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 16:46:21,480] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-08-06 16:46:21,480] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-08-06 16:46:21,480] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-08-06 16:46:21,481] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-08-06 16:46:21,481] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-08-06 16:46:21,481] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-08-06 16:46:21,501] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-08-06 16:46:21,502] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:20:25,702] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-08-06 17:20:25,702] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-08-06 17:20:25,703] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:20:26,220] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:20:26,221] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-08-06 17:20:26,221] load() :: Loading HashCache
[INFO    ][2023-08-06 17:20:26,411] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:20:26,411] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:20:26,489] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:20:27,043] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:20:33,757] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 17:20:33,757] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-08-06 17:20:33,757] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-08-06 17:20:33,757] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-08-06 17:20:33,758] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-08-06 17:20:33,758] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-08-06 17:20:33,758] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-08-06 17:20:33,779] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-08-06 17:20:33,780] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:24:43,712] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-01 05:24:43,712] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-01 05:24:43,713] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:29,730] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-01 05:26:29,730] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-01 05:26:29,731] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:30,246] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:30,247] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-01 05:26:30,248] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-01 05:26:30,249] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:30,448] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:30,448] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:30,530] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:20:21,930] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-24 19:20:21,930] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-24 19:20:21,933] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:20:21,933] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:20:21,960] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:20:21,961] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:20:21,961] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:20:22,432] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:20:23,047] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-24 19:20:23,049] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-24 19:20:23,049] load() :: Loading HashCache
[INFO    ][2023-09-24 19:20:23,248] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:20:23,248] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:20:23,345] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:20:29,818] init() :: DotnetData entries: 23564
[INFO    ][2023-09-24 19:20:29,818] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:29,818] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-09-24 19:20:29,819] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-09-24 19:20:29,819] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:29,819] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:29,819] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:29,839] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-24 19:20:29,840] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:13:38,558] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-25 18:13:38,558] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-25 18:13:38,560] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:13:38,560] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:13:38,585] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:13:38,585] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,586] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,586] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,586] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:13:38,586] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:13:38,586] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:13:39,057] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:13:39,614] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-25 18:13:39,615] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-25 18:13:39,616] load() :: Loading HashCache
[INFO    ][2023-09-25 18:13:39,845] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:13:39,846] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:13:39,944] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:13:46,807] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-09-25 18:13:46,809] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-09-25 18:13:46,829] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-25 18:13:46,830] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:20:40,407] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-25 18:20:40,407] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-25 18:20:40,408] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:20:40,408] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:20:40,433] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:20:40,433] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:20:40,434] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:20:40,434] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:20:40,901] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:20:41,456] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-25 18:20:41,458] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-25 18:20:41,458] load() :: Loading HashCache
[INFO    ][2023-09-25 18:20:41,684] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:20:41,685] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:20:41,781] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:20:48,654] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:20:48,654] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-09-25 18:20:48,675] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-25 18:20:48,676] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:06:18,875] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-29 10:06:18,875] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-29 10:06:18,876] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:06:18,876] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:06:18,901] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:06:18,901] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,902] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,902] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,902] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:06:18,902] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:06:18,902] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:06:19,372] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-29 10:06:19,373] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-29 10:06:19,374] load() :: Loading HashCache
[INFO    ][2023-09-29 10:06:19,601] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:06:19,601] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:06:19,698] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:06:26,557] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 10:06:26,557] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:26,578] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-29 10:06:26,579] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:10:52,297] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-29 12:10:52,298] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-29 12:10:52,299] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:10:52,299] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:10:52,324] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:10:52,324] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:10:52,324] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:10:52,797] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-29 12:10:52,799] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-29 12:10:52,799] load() :: Loading HashCache
[INFO    ][2023-09-29 12:10:53,025] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:10:53,025] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:10:53,123] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:10:59,969] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 12:10:59,969] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-09-29 12:10:59,990] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-29 12:10:59,991] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:31:46,828] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-30 10:31:46,828] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe
[INFO    ][2023-09-30 10:31:46,829] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:31:46,829] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:31:46,854] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:31:46,854] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:31:46,854] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,854] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,854] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:31:46,855] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:31:47,332] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-30 10:31:47,334] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-30 10:31:47,334] load() :: Loading HashCache
[INFO    ][2023-09-30 10:31:47,561] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:31:47,562] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:31:47,661] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:31:54,499] init() :: DotnetData entries: 23564
[INFO    ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1
[INFO    ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3
[INFO    ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2
[INFO    ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1
[INFO    ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1
[INFO    ][2023-09-30 10:31:54,501] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1
[INFO    ][2023-09-30 10:31:54,521] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome
[INFO    ][2023-09-30 10:31:54,522] save() :: Saving HashCache (102072)

File 06AA6C08707CD9B6.Seatbelt.exe

Matches

Match 0: 2328 (size: 43)

Info

Hexdump

Disassembly

Match 1: 2393 (size: 43)

Info

Hexdump

Disassembly

Match 6: 177244 (size: 76)

Info

Hexdump

Match 7: 177677 (size: 26)

Info

Hexdump

Disassembly

Match 8: 213425 (size: 25)

Info

Hexdump

Disassembly

Match 9: 213476 (size: 25)

Info

Hexdump

Disassembly

Match 10: 213680 (size: 51)

Info

Hexdump

Disassembly

Match 11: 213909 (size: 51)

Info

Hexdump

Disassembly

Match 12: 214856 (size: 409)

Info

Hexdump

Disassembly

Match 13: 298104 (size: 51)

Info

Hexdump

Disassembly

Match 14: 418664 (size: 17)

Info

Hexdump

Match 15: 422479 (size: 17)

Info

Hexdump

Match 16: 434679 (size: 33)

Info

Hexdump

Match 17: 443046 (size: 17)

Info

Hexdump

Match 18: 443598 (size: 67)

Info

Hexdump

Match 19: 444551 (size: 17)

Info

Hexdump

Match 20: 447280 (size: 33)

Info

Hexdump

Match 21: 450275 (size: 50)

Info

Hexdump

Explanation

Colors

Match Order

Position