Name: | 06AA6C08707CD9B6.Seatbelt.exe |
Size: | 611,840 bytes |
Type: | EXE PE.NET |
MD5: | d82ac3aa2e83b5fc3e26acffb688c93f |
Scanner Name: | defender |
Appraisal: | Fragile (AND) based |
Scan Debug: | Duration: 51s / Chunks: 210 / Matches: 42 |
Scan date: | 2023-07-21 13:28:53 |
# | Iteration | Offset | Size | Section | Detail | SectionType | Conclusion |
---|---|---|---|---|---|---|---|
0 | 0 | 2328 | 43 | .text methods | ::.ctor | CODE | Dominant. Modify this to make file undetected |
1 | 0 | 2393 | 43 | .text methods | ::get_Commands ::.ctor ::set_Commands | CODE | Dominant. Modify this to make file undetected |
6 | 1 | 177244 | 76 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
7 | 1 | 177677 | 26 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
8 | 1 | 213425 | 25 | .text #~ | MethodDef | DATA | Dominant. Modify this to make file undetected |
9 | 1 | 213476 | 25 | .text #~ | MethodDef | DATA | Dominant. Modify this to make file undetected |
10 | 1 | 213680 | 51 | .text #~ | MethodDef | DATA | Dominant. Modify this to make file undetected |
11 | 1 | 213909 | 51 | .text #~ | MethodDef | DATA | Dominant. Modify this to make file undetected |
12 | 1 | 214856 | 409 | .text #~ | MethodDef | DATA | Dominant. Modify this to make file undetected |
13 | 1 | 298104 | 51 | .text #~ | MemberRef | DATA | Dominant. Modify this to make file undetected |
14 | 2 | 418664 | 17 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
15 | 2 | 422479 | 17 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
16 | 2 | 434679 | 33 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
17 | 2 | 443046 | 17 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
18 | 2 | 443598 | 67 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
19 | 2 | 444551 | 17 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
20 | 2 | 447280 | 33 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
21 | 2 | 450275 | 50 | .text #Strings | DATA | Dominant. Modify this to make file undetected |
Dominant. Modify this to make file undetected |
00000918 01 10 00 00 00 00 30 00 35 65 00 18 19 00 00 01 ......0.5e...... 00000928 13 30 02 00 44 00 00 00 00 00 00 00 02 28 2B 00 .0..D........(+. 00000938 00 0A 02 03 28 22 00 00 06 02 04 ....(".....
Dominant. Modify this to make file undetected |
00000959 05 28 2A 00 00 06 02 0E 06 28 2C 00 00 06 02 0E .(*......(,..... 00000969 07 28 2E 00 00 06 02 0E 08 28 30 00 00 06 2A 1E .(.......(0...*. 00000979 02 7B 0D 00 00 04 2A 22 02 03 7D .{....*"..}
Dominant. Modify this to make file undetected |
0002B45C 00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00 ........W..?.... 0002B46C 00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00 ...3............ 0002B47C 9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00 ....*...l...$... 0002B48C 87 02 00 00 DA 03 00 00 AA 01 00 00 98 15 00 00 ................ 0002B49C 69 00 00 00 02 00 00 00 02 00 00 00 i...........
Dominant. Modify this to make file undetected |
0002B60D 00 0A 00 29 ED 00 00 E1 F8 00 00 0A 00 DA CA 00 ...)............ 0002B61D 00 E1 F8 00 00 0A 00 29 08 01 .......)..
Dominant. Modify this to make file undetected |
000341B1 F9 00 00 80 03 12 00 8C 26 00 00 00 00 81 00 90 ........&....... 000341C1 F9 00 00 4A 0B 13 00 28 27 ...J...('
Dominant. Modify this to make file undetected |
000341E4 A6 38 1D 00 80 27 00 00 00 00 86 08 A3 DC 00 00 .8...'.......... 000341F4 AE 38 1D 00 89 27 00 00 00 .8...'...
Dominant. Modify this to make file undetected |
000342B0 4C 8C 00 00 10 00 23 00 EF 27 00 00 00 00 86 08 L.....#..'...... 000342C0 53 7D 00 00 FB 00 24 00 F7 27 00 00 00 00 86 08 S}....$..'...... 000342D0 60 7D 00 00 10 00 24 00 00 28 00 00 00 00 86 08 `}....$..(...... 000342E0 C3 DC 00 ...
Dominant. Modify this to make file undetected |
00034395 38 28 00 77 28 00 00 00 00 86 18 7A DA 00 00 E3 8(.w(......z.... 000343A5 38 2C 00 90 28 00 00 00 00 86 18 7A DA 00 00 F6 8,..(......z.... 000343B5 38 31 00 2C 2A 00 00 00 00 86 00 D7 CA 00 00 0B 81.,*........... 000343C5 39 38 00 98.
Dominant. Modify this to make file undetected |
00034748 EC 3E 00 00 00 00 86 18 7A DA 00 00 10 00 95 00 .>......z....... 00034758 8C 3F 00 00 00 00 86 00 82 82 00 00 20 3A 96 00 .?.......... :.. 00034768 54 40 00 00 00 00 81 00 83 8E 00 00 2B 3A 97 00 T@..........+:.. 00034778 E0 40 00 00 00 00 81 00 71 9F 00 00 18 06 98 00 .@......q....... 00034788 32 41 00 00 00 00 E6 01 9C 99 00 00 01 00 99 00 2A.............. 00034798 64 41 00 00 00 00 C4 00 62 A1 00 00 01 00 99 00 dA......b....... 000347A8 90 41 00 00 00 00 96 00 3B A5 00 00 34 3A 99 00 .A......;...4:.. 000347B8 E8 41 00 00 00 00 86 18 7A DA 00 00 3B 3A 9A 00 .A......z...;:.. 000347C8 05 42 00 00 00 00 86 08 5E A8 00 00 FB 00 9D 00 .B......^....... 000347D8 0D 42 00 00 00 00 86 08 7C 7C 00 00 44 3A 9D 00 .B......||..D:.. 000347E8 15 42 00 00 00 00 86 08 EF 9E 00 00 3D 00 9D 00 .B..........=... 000347F8 20 42 00 00 00 00 96 00 04 06 01 00 4A 3A 9D 00 B..........J:.. 00034808 64 45 00 00 00 00 91 00 8E 9F 00 00 55 3A 9F 00 dE..........U:.. 00034818 AE 45 00 00 00 00 96 00 4A 9F 00 00 61 3A A4 00 .E......J...a:.. 00034828 CC 45 00 00 00 00 96 00 4A 9F 00 00 6C 3A A9 00 .E......J...l:.. 00034838 5C 46 00 00 00 00 96 00 36 9F 00 00 77 3A AE 00 \F......6...w:.. 00034848 F0 46 00 00 00 00 96 00 1F 9F 00 00 6C 3A B2 00 .F..........l:.. 00034858 80 47 00 00 00 00 96 00 03 9F 00 00 83 3A B7 00 .G...........:.. 00034868 F8 47 00 00 00 00 96 00 03 9F 00 00 93 3A BB 00 .G...........:.. 00034878 94 48 00 00 00 00 96 00 11 9F 00 00 A3 3A BF 00 .H...........:.. 00034888 30 49 00 00 00 00 96 00 EC 9F 00 00 B3 3A C3 00 0I...........:.. 00034898 4C 49 00 00 00 00 96 00 EC 9F 00 00 BF 3A C8 00 LI...........:.. 000348A8 D8 49 00 00 00 00 96 00 4C E5 00 00 CB 3A CD 00 .I......L....:.. 000348B8 7C 4A 00 00 00 00 96 00 4C E5 00 00 DA 3A D0 00 |J......L....:.. 000348C8 74 4C 00 00 00 00 96 00 86 E2 00 00 EA 3A D3 00 tL...........:.. 000348D8 DC 4C 00 00 00 00 96 00 86 .L.......
Dominant. Modify this to make file undetected |
00048C78 00 00 10 00 F1 00 F7 BB 00 00 4C 02 F1 00 E6 DE ..........L..... 00048C88 00 00 15 00 B1 04 D0 F4 00 00 53 02 F1 04 7A DA ..........S...z. 00048C98 00 00 5A 02 F1 04 58 F5 00 00 01 00 F1 04 7A DA ..Z...X.......z. 00048CA8 00 00 10 ...
Dominant. Modify this to make file undetected |
00066368 73 65 74 5F 50 61 73 73 77 6F 72 64 00 67 65 74 set_Password.get 00066378 5F _
Dominant. Modify this to make file undetected |
0006724F 4E 61 6D 65 00 73 65 74 5F 55 73 65 72 4E 61 6D Name.set_UserNam 0006725F 65 e
Dominant. Modify this to make file undetected |
0006A1F7 72 6D 61 74 69 6F 6E 00 73 65 74 5F 49 6D 70 65 rmation.set_Impe 0006A207 72 73 6F 6E 61 74 69 6F 6E 00 56 69 72 74 75 61 rsonation.Virtua 0006A217 6C l
Dominant. Modify this to make file undetected |
0006C2A6 61 6E 64 73 00 73 65 74 5F 43 6F 6D 6D 61 6E 64 ands.set_Command 0006C2B6 73 s
Dominant. Modify this to make file undetected |
0006C4CE 67 75 61 67 65 73 00 54 6F 6B 65 6E 47 72 6F 75 guages.TokenGrou 0006C4DE 70 73 41 6E 64 50 72 69 76 69 6C 65 67 65 73 00 psAndPrivileges. 0006C4EE 73 65 74 5F 45 6E 61 62 6C 65 50 72 69 76 69 6C set_EnablePrivil 0006C4FE 65 67 65 73 00 5F 61 6C 6C 50 72 69 76 69 6C 65 eges._allPrivile 0006C50E 67 65 73 ges
Dominant. Modify this to make file undetected |
0006C887 79 4E 61 6D 65 73 00 47 65 74 53 75 62 6B 65 79 yNames.GetSubkey 0006C897 4E N
Dominant. Modify this to make file undetected |
0006D330 00 43 6F 6E 6E 65 63 74 69 6F 6E 4F 70 74 69 6F .ConnectionOptio 0006D340 6E 73 00 53 79 73 6D 6F 6E 4F 70 74 69 6F 6E 73 ns.SysmonOptions 0006D350 00 .
Dominant. Modify this to make file undetected |
0006DEE3 72 69 61 6E 74 00 53 79 73 74 65 6D 2E 4D 61 6E riant.System.Man 0006DEF3 61 67 65 6D 65 6E 74 00 70 52 65 73 6F 75 72 63 agement.pResourc 0006DF03 65 45 6C 65 6D 65 6E 74 00 58 6D 6C 45 6C 65 6D eElement.XmlElem 0006DF13 65 6E en
Test # | MatchOrder | ModifyPosition |
Match#0 methods 43b |
Match#1 methods 43b |
Match#2 methods 21b |
Match#3 methods 22b |
Match#4 methods 22b |
Match#5 methods 43b |
Match#6 #~ 76b |
Match#7 #~ 26b |
Match#8 #~ 25b |
Match#9 #~ 25b |
Match#10 #~ 51b |
Match#11 #~ 51b |
Match#12 #~ 409b |
Match#13 #~ 51b |
Match#14 #Strings 17b |
Match#15 #Strings 17b |
Match#16 #Strings 33b |
Match#17 #Strings 17b |
Match#18 #Strings 67b |
Match#19 #Strings 17b |
Match#20 #Strings 33b |
Match#21 #Strings 50b |
0 | ISOLATED | MIDDLE8 | ||||||||||||||||||||||
1 | ISOLATED | THIRDS4 | ||||||||||||||||||||||
2 | ISOLATED | FULL | ||||||||||||||||||||||
3 | ISOLATED | FULLB | ||||||||||||||||||||||
4 | INCREMENTAL | MIDDLE8 | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 |
5 | INCREMENTAL | FULL | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 |
6 | DECREMENTAL | FULL | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
7 | ALL | MIDDLE8 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
8 | ALL | THIRDS4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
9 | ALL | FULL | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Result |
[INFO ][2023-07-21 13:28:49,018] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-07-21 13:28:49,018] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-07-21 13:28:49,019] handleFile() :: Using parser for file type DOTNET [INFO ][2023-07-21 13:28:49,531] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-21 13:28:49,531] handleFile() :: Using scanner from command line: defender [INFO ][2023-07-21 13:28:49,533] load() :: Loading HashCache [INFO ][2023-07-21 13:28:49,686] load() :: 50613 hashes loaded [INFO ][2023-07-21 13:28:53,067] handleFile() :: QuickCheck: 06AA6C08707CD9B6.Seatbelt.exe is detected by defender and not hash based [INFO ][2023-07-21 13:28:53,068] handleFile() :: Scanning for matches... [INFO ][2023-07-21 13:28:53,068] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact) [INFO ][2023-07-21 13:28:53,116] findDetectedSections() :: Hide: .text -> Detected: False [INFO ][2023-07-21 13:28:53,118] findDetectedSections() :: Hide: .rsrc -> Detected: True [INFO ][2023-07-21 13:28:53,119] findDetectedSections() :: Hide: .reloc -> Detected: True [INFO ][2023-07-21 13:28:54,667] findDetectedSections() :: Hide: Header -> Detected: False [INFO ][2023-07-21 13:28:56,320] findDetectedSections() :: Hide: DotNet Header -> Detected: False [INFO ][2023-07-21 13:28:57,955] findDetectedSections() :: Hide: Metadata Header -> Detected: False [INFO ][2023-07-21 13:28:57,956] findDetectedSections() :: Hide: methods -> Detected: False [INFO ][2023-07-21 13:29:00,094] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False [INFO ][2023-07-21 13:29:02,136] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False [INFO ][2023-07-21 13:29:03,815] findDetectedSections() :: Hide: #US Stream Header -> Detected: True [INFO ][2023-07-21 13:29:05,521] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True [INFO ][2023-07-21 13:29:07,261] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True [INFO ][2023-07-21 13:29:07,262] findDetectedSections() :: Hide: #~ -> Detected: False [INFO ][2023-07-21 13:29:07,263] findDetectedSections() :: Hide: #Strings -> Detected: False [INFO ][2023-07-21 13:29:07,264] findDetectedSections() :: Hide: #US -> Detected: True [INFO ][2023-07-21 13:29:07,265] findDetectedSections() :: Hide: #GUID -> Detected: True [INFO ][2023-07-21 13:29:07,266] findDetectedSections() :: Hide: #Blob -> Detected: True [INFO ][2023-07-21 13:29:07,267] scanForMatchesInPe() :: 3 section(s) trigger the antivirus independantly [INFO ][2023-07-21 13:29:07,267] scanForMatchesInPe() :: section: methods [INFO ][2023-07-21 13:29:07,267] scanForMatchesInPe() :: section: #~ [INFO ][2023-07-21 13:29:07,267] scanForMatchesInPe() :: section: #Strings [INFO ][2023-07-21 13:29:12,254] scanForMatchesInPe() :: Launching bytes analysis on section: methods (584-177136) [INFO ][2023-07-21 13:29:12,254] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:16 MinMatchSize:32 [INFO ][2023-07-21 13:29:12,254] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added) [INFO ][2023-07-21 13:29:12,276] _scanDataPart() :: Result: 2328-2350 (22b minChunk:16 X) 00000918 01 10 00 00 00 00 30 00 35 65 00 18 19 00 00 01 ......0.5e...... 00000928 13 30 02 00 44 00 .0..D. [INFO ][2023-07-21 13:29:12,278] _scanDataPart() :: Result: 2350-2371 (21b minChunk:16 X) 0000092E 00 00 00 00 00 00 02 28 2B 00 00 0A 02 03 28 22 .......(+.....(" 0000093E 00 00 06 02 04 ..... [INFO ][2023-07-21 13:29:12,282] _scanDataPart() :: Result: 2393-2436 (43 bytes) 00000959 05 28 2A 00 00 06 02 0E 06 28 2C 00 00 06 02 0E .(*......(,..... 00000969 07 28 2E 00 00 06 02 0E 08 28 30 00 00 06 2A 1E .(.......(0...*. 00000979 02 7B 0D 00 00 04 2A 22 02 03 7D .{....*"..} [INFO ][2023-07-21 13:29:12,290] _scanDataPart() :: Result: 2695-2716 (21b minChunk:16 X) 00000A87 02 00 70 28 3E 00 00 06 2A 1B 30 05 00 7E 01 00 ..p(>...*.0..~.. 00000A97 00 0A 00 00 11 ..... [INFO ][2023-07-21 13:29:12,295] _scanDataPart() :: Result: 2931-2953 (22b minChunk:16 X) 00000B73 6F 56 00 00 0A 06 17 6F 57 00 00 0A 72 C4 02 00 oV.....oW...r... 00000B83 70 0E 05 72 CA 02 p..r.. [INFO ][2023-07-21 13:29:12,301] _scanDataPart() :: Result: 3104-3126 (22b minChunk:16 X) 00000C20 00 00 52 00 EE 40 01 25 19 00 00 01 1B 30 04 00 ..R..@.%.....0.. 00000C30 E5 00 00 00 0B 00 ...... [INFO ][2023-07-21 13:29:12,306] _scanDataPart() :: Result: 3190-3212 (22b minChunk:16 X) 00000C76 00 00 0A 25 02 28 3A 00 00 06 6F 55 00 00 0A 25 ...%.(:...oU...% 00000C86 19 6F 56 00 00 0A .oV... [INFO ][2023-07-21 13:29:12,308] _scanDataPart() :: Result: 3212-3233 (21b minChunk:16 X) 00000C8C 25 17 6F 57 00 00 0A 0A 72 C4 02 00 70 02 28 38 %.oW....r...p.(8 00000C9C 00 00 06 72 5C ...r\ [INFO ][2023-07-21 13:29:12,308] scan() :: Reducer Result: Time:0 Chunks:39 MatchesAdded:8 MatchesFinal:6 [INFO ][2023-07-21 13:29:17,624] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (177244-386568) [INFO ][2023-07-21 13:29:17,624] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:16 MinMatchSize:32 [INFO ][2023-07-21 13:29:17,624] _printStatus() :: Reducing: 40 chunks done, found 0 matches (8 added) [INFO ][2023-07-21 13:29:17,647] _scanDataPart() :: Result: 177244-177295 (51 bytes) 0002B45C 00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00 ........W..?.... 0002B46C 00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00 ...3............ 0002B47C 9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00 ....*...l...$... 0002B48C 87 02 00 ... [INFO ][2023-07-21 13:29:17,649] _scanDataPart() :: Result: 177295-177320 (25b minChunk:16 X) 0002B48F 00 DA 03 00 00 AA 01 00 00 98 15 00 00 69 00 00 .............i.. 0002B49F 00 02 00 00 00 02 00 00 00 ......... [INFO ][2023-07-21 13:29:17,656] _scanDataPart() :: Result: 177677-177703 (26b minChunk:16 X) 0002B60D 00 0A 00 29 ED 00 00 E1 F8 00 00 0A 00 DA CA 00 ...)............ 0002B61D 00 E1 F8 00 00 0A 00 29 08 01 .......).. [INFO ][2023-07-21 13:29:17,672] _scanDataPart() :: Result: 213425-213450 (25b minChunk:16 X) 000341B1 F9 00 00 80 03 12 00 8C 26 00 00 00 00 81 00 90 ........&....... 000341C1 F9 00 00 4A 0B 13 00 28 27 ...J...(' [INFO ][2023-07-21 13:29:17,674] _scanDataPart() :: Result: 213476-213501 (25b minChunk:16 X) 000341E4 A6 38 1D 00 80 27 00 00 00 00 86 08 A3 DC 00 00 .8...'.......... 000341F4 AE 38 1D 00 89 27 00 00 00 .8...'... [INFO ][2023-07-21 13:29:17,680] _scanDataPart() :: Result: 213680-213731 (51 bytes) 000342B0 4C 8C 00 00 10 00 23 00 EF 27 00 00 00 00 86 08 L.....#..'...... 000342C0 53 7D 00 00 FB 00 24 00 F7 27 00 00 00 00 86 08 S}....$..'...... 000342D0 60 7D 00 00 10 00 24 00 00 28 00 00 00 00 86 08 `}....$..(...... 000342E0 C3 DC 00 ... [INFO ][2023-07-21 13:29:17,685] _scanDataPart() :: Result: 213909-213935 (26b minChunk:16 X) 00034395 38 28 00 77 28 00 00 00 00 86 18 7A DA 00 00 E3 8(.w(......z.... 000343A5 38 2C 00 90 28 00 00 00 00 86 8,..(..... [INFO ][2023-07-21 13:29:17,689] _scanDataPart() :: Result: 213935-213960 (25b minChunk:16 X) 000343AF 18 7A DA 00 00 F6 38 31 00 2C 2A 00 00 00 00 86 .z....81.,*..... 000343BF 00 D7 CA 00 00 0B 39 38 00 ......98. [INFO ][2023-07-21 13:29:17,699] _scanDataPart() :: Result: 214856-214881 (25b minChunk:16 X) 00034748 EC 3E 00 00 00 00 86 18 7A DA 00 00 10 00 95 00 .>......z....... 00034758 8C 3F 00 00 00 00 86 00 82 .?....... [INFO ][2023-07-21 13:29:17,699] _scanDataPart() :: Result: 214881-214907 (26b minChunk:16 X) 00034761 82 00 00 20 3A 96 00 54 40 00 00 00 00 81 00 83 ... :..T@....... 00034771 8E 00 00 2B 3A 97 00 E0 40 00 ...+:...@. [INFO ][2023-07-21 13:29:17,701] _scanDataPart() :: Result: 214907-214932 (25b minChunk:16 X) 0003477B 00 00 00 81 00 71 9F 00 00 18 06 98 00 32 41 00 .....q.......2A. 0003478B 00 00 00 E6 01 9C 99 00 00 ......... [INFO ][2023-07-21 13:29:17,701] _scanDataPart() :: Result: 214932-214958 (26b minChunk:16 X) 00034794 01 00 99 00 64 41 00 00 00 00 C4 00 62 A1 00 00 ....dA......b... 000347A4 01 00 99 00 90 41 00 00 00 00 .....A.... [INFO ][2023-07-21 13:29:17,704] _scanDataPart() :: Result: 214958-214983 (25b minChunk:16 X) 000347AE 96 00 3B A5 00 00 34 3A 99 00 E8 41 00 00 00 00 ..;...4:...A.... 000347BE 86 18 7A DA 00 00 3B 3A 9A ..z...;:. [INFO ][2023-07-21 13:29:17,705] _scanDataPart() :: Result: 214983-215009 (26b minChunk:16 X) 000347C7 00 05 42 00 00 00 00 86 08 5E A8 00 00 FB 00 9D ..B......^...... 000347D7 00 0D 42 00 00 00 00 86 08 7C ..B......| [INFO ][2023-07-21 13:29:17,706] _scanDataPart() :: Doubling: minChunkSize: 16 minMatchSize: 32 [INFO ][2023-07-21 13:29:17,706] _scanDataPart() :: Result: 215009-215034 (25b minChunk:32 X) 000347E1 7C 00 00 44 3A 9D 00 15 42 00 00 00 00 86 08 EF |..D:...B....... 000347F1 9E 00 00 3D 00 9D 00 20 42 ...=... B [INFO ][2023-07-21 13:29:17,706] _scanDataPart() :: Result: 215034-215060 (26b minChunk:32 X) 000347FA 00 00 00 00 96 00 04 06 01 00 4A 3A 9D 00 64 45 ..........J:..dE 0003480A 00 00 00 00 91 00 8E 9F 00 00 .......... [INFO ][2023-07-21 13:29:17,710] _scanDataPart() :: Result: 215060-215111 (51b minChunk:32 X) 00034814 55 3A 9F 00 AE 45 00 00 00 00 96 00 4A 9F 00 00 U:...E......J... 00034824 61 3A A4 00 CC 45 00 00 00 00 96 00 4A 9F 00 00 a:...E......J... 00034834 6C 3A A9 00 5C 46 00 00 00 00 96 00 36 9F 00 00 l:..\F......6... 00034844 77 3A AE w:. [INFO ][2023-07-21 13:29:17,710] _scanDataPart() :: Result: 215111-215162 (51b minChunk:32 X) 00034847 00 F0 46 00 00 00 00 96 00 1F 9F 00 00 6C 3A B2 ..F..........l:. 00034857 00 80 47 00 00 00 00 96 00 03 9F 00 00 83 3A B7 ..G...........:. 00034867 00 F8 47 00 00 00 00 96 00 03 9F 00 00 93 3A BB ..G...........:. 00034877 00 94 48 ..H [INFO ][2023-07-21 13:29:17,712] _scanDataPart() :: Result: 215162-215213 (51b minChunk:32 X) 0003487A 00 00 00 00 96 00 11 9F 00 00 A3 3A BF 00 30 49 ...........:..0I 0003488A 00 00 00 00 96 00 EC 9F 00 00 B3 3A C3 00 4C 49 ...........:..LI 0003489A 00 00 00 00 96 00 EC 9F 00 00 BF 3A C8 00 D8 49 ...........:...I 000348AA 00 00 00 ... [INFO ][2023-07-21 13:29:17,712] _scanDataPart() :: Result: 215213-215265 (52b minChunk:32 X) 000348AD 00 96 00 4C E5 00 00 CB 3A CD 00 7C 4A 00 00 00 ...L....:..|J... 000348BD 00 96 00 4C E5 00 00 DA 3A D0 00 74 4C 00 00 00 ...L....:..tL... 000348CD 00 96 00 86 E2 00 00 EA 3A D3 00 DC 4C 00 00 00 ........:...L... 000348DD 00 96 00 86 .... [INFO ][2023-07-21 13:29:17,730] _scanDataPart() :: Result: 298104-298155 (51b minChunk:32 X) 00048C78 00 00 10 00 F1 00 F7 BB 00 00 4C 02 F1 00 E6 DE ..........L..... 00048C88 00 00 15 00 B1 04 D0 F4 00 00 53 02 F1 04 7A DA ..........S...z. 00048C98 00 00 5A 02 F1 04 58 F5 00 00 01 00 F1 04 7A DA ..Z...X.......z. 00048CA8 00 00 10 ... [INFO ][2023-07-21 13:29:17,731] scan() :: Reducer Result: Time:0 Chunks:120 MatchesAdded:29 MatchesFinal:8 [INFO ][2023-07-21 13:29:22,908] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (386568-455112) [INFO ][2023-07-21 13:29:22,908] scan() :: Reducer Start: ScanSpeed:Normal Iteration:2 MinChunkSize:8 MinMatchSize:16 [INFO ][2023-07-21 13:29:22,908] _printStatus() :: Reducing: 121 chunks done, found 0 matches (29 added) [INFO ][2023-07-21 13:29:22,929] _scanDataPart() :: Result: 418664-418681 (17b minChunk:8 X) 00066368 73 65 74 5F 50 61 73 73 77 6F 72 64 00 67 65 74 set_Password.get 00066378 5F _ [INFO ][2023-07-21 13:29:22,947] _scanDataPart() :: Result: 422479-422496 (17b minChunk:8 X) 0006724F 4E 61 6D 65 00 73 65 74 5F 55 73 65 72 4E 61 6D Name.set_UserNam 0006725F 65 e [INFO ][2023-07-21 13:29:27,011] _printStatus() :: Reducing: 154 chunks done, found 2 matches (31 added) [INFO ][2023-07-21 13:29:30,395] _printStatus() :: Reducing: 155 chunks done, found 2 matches (31 added) [INFO ][2023-07-21 13:29:30,395] _scanDataPart() :: Result: 434679-434696 (17b minChunk:8 X) 0006A1F7 72 6D 61 74 69 6F 6E 00 73 65 74 5F 49 6D 70 65 rmation.set_Impe 0006A207 72 r [INFO ][2023-07-21 13:29:33,914] _printStatus() :: Reducing: 157 chunks done, found 3 matches (32 added) [INFO ][2023-07-21 13:29:37,485] _printStatus() :: Reducing: 158 chunks done, found 3 matches (32 added) [INFO ][2023-07-21 13:29:37,485] _scanDataPart() :: Result: 434696-434712 (16b minChunk:8 X) 0006A208 73 6F 6E 61 74 69 6F 6E 00 56 69 72 74 75 61 6C sonation.Virtual [INFO ][2023-07-21 13:29:37,504] _scanDataPart() :: Result: 443046-443063 (17b minChunk:8 X) 0006C2A6 61 6E 64 73 00 73 65 74 5F 43 6F 6D 6D 61 6E 64 ands.set_Command 0006C2B6 73 s [INFO ][2023-07-21 13:29:40,930] _printStatus() :: Reducing: 176 chunks done, found 4 matches (34 added) [INFO ][2023-07-21 13:29:40,930] _scanDataPart() :: Result: 443598-443614 (16b minChunk:8 X) 0006C4CE 67 75 61 67 65 73 00 54 6F 6B 65 6E 47 72 6F 75 guages.TokenGrou [INFO ][2023-07-21 13:29:40,930] _scanDataPart() :: Result: 443614-443631 (17b minChunk:8 X) 0006C4DE 70 73 41 6E 64 50 72 69 76 69 6C 65 67 65 73 00 psAndPrivileges. 0006C4EE 73 s [INFO ][2023-07-21 13:29:44,418] _printStatus() :: Reducing: 179 chunks done, found 5 matches (36 added) [INFO ][2023-07-21 13:29:44,418] _scanDataPart() :: Result: 443631-443648 (17b minChunk:8 X) 0006C4EF 65 74 5F 45 6E 61 62 6C 65 50 72 69 76 69 6C 65 et_EnablePrivile 0006C4FF 67 g [INFO ][2023-07-21 13:29:44,418] _scanDataPart() :: Result: 443648-443665 (17b minChunk:8 X) 0006C500 65 73 00 5F 61 6C 6C 50 72 69 76 69 6C 65 67 65 es._allPrivilege 0006C510 73 s [INFO ][2023-07-21 13:29:44,432] _scanDataPart() :: Result: 444551-444568 (17b minChunk:8 X) 0006C887 79 4E 61 6D 65 73 00 47 65 74 53 75 62 6B 65 79 yNames.GetSubkey 0006C897 4E N [INFO ][2023-07-21 13:29:44,447] _scanDataPart() :: Result: 447280-447313 (33 bytes) 0006D330 00 43 6F 6E 6E 65 63 74 69 6F 6E 4F 70 74 69 6F .ConnectionOptio 0006D340 6E 73 00 53 79 73 6D 6F 6E 4F 70 74 69 6F 6E 73 ns.SysmonOptions 0006D350 00 . [INFO ][2023-07-21 13:29:44,450] _scanDataPart() :: Doubling: minChunkSize: 8 minMatchSize: 16 [INFO ][2023-07-21 13:29:44,458] _scanDataPart() :: Result: 450275-450292 (17b minChunk:16 X) 0006DEE3 72 69 61 6E 74 00 53 79 73 74 65 6D 2E 4D 61 6E riant.System.Man 0006DEF3 61 a [INFO ][2023-07-21 13:29:44,465] _scanDataPart() :: Result: 450292-450325 (33b minChunk:16 X) 0006DEF4 67 65 6D 65 6E 74 00 70 52 65 73 6F 75 72 63 65 gement.pResource 0006DF04 45 6C 65 6D 65 6E 74 00 58 6D 6C 45 6C 65 6D 65 Element.XmlEleme 0006DF14 6E n [INFO ][2023-07-21 13:29:44,465] scan() :: Reducer Result: Time:22 Chunks:210 MatchesAdded:42 MatchesFinal:8 [INFO ][2023-07-21 13:29:44,465] handleFile() :: Result: 22 matches [INFO ][2023-07-21 13:29:44,465] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-07-21 13:29:46,600] save() :: Saving HashCache (50646) [INFO ][2023-07-21 13:29:46,659] verifyFile() :: Perform verification of matches [INFO ][2023-07-21 13:29:46,659] runVerifications() :: Verify 22 matches [INFO ][2023-07-21 13:30:16,801] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:30:47,073] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:31:17,944] runVerifications() :: Verification run: 2 FULL ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:31:48,913] runVerifications() :: Verification run: 3 FULLB ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:32:26,917] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL Idx: 0 result: ScanResult.DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:33:04,424] runVerifications() :: Verification run: 5 FULL INCREMENTAL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:33:39,584] runVerifications() :: Verification run: 6 FULL DECREMENTAL Idx: 21 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:33:39,586] runVerifications() :: Verification run: 7 MIDDLE8 ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:33:41,719] runVerifications() :: Verification run: 8 THIRDS4 ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:33:41,721] runVerifications() :: Verification run: 9 FULL ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 13:33:41,721] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-07-21 13:33:41,722] augmentFile() :: Perform augmentation of matches [INFO ][2023-07-21 13:33:42,248] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-21 13:33:44,862] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-07-21 13:33:44,862] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-07-21 13:33:44,862] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-07-21 13:33:44,862] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-07-21 13:33:44,863] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-07-21 13:33:44,863] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-07-21 13:33:44,875] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-07-21 13:33:44,876] outflankFile() :: Attempt to outflank the file [INFO ][2023-07-21 13:33:44,877] outflankDotnet() :: Outflank failed with attempted 1 patches [INFO ][2023-07-21 13:33:44,877] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-07-21 13:33:44,878] save() :: Saving HashCache (50777) [INFO ][2023-08-04 18:21:14,799] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-08-04 18:21:14,799] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-08-04 18:21:14,800] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-04 18:21:15,313] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-04 18:21:15,314] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-08-04 18:21:15,314] load() :: Loading HashCache [INFO ][2023-08-04 18:21:15,517] load() :: 77569 hashes loaded [INFO ][2023-08-04 18:21:15,517] save() :: Saving HashCache (77569) [INFO ][2023-08-04 18:21:15,615] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-04 18:21:16,195] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-04 18:21:23,026] init() :: DotnetData entries: 23564 [INFO ][2023-08-04 18:21:23,027] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-08-04 18:21:23,027] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-08-04 18:21:23,027] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-08-04 18:21:23,027] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-08-04 18:21:23,028] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-08-04 18:21:23,028] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-08-04 18:21:23,048] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-08-04 18:21:23,049] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:46:13,503] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-08-06 16:46:13,503] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-08-06 16:46:13,504] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 16:46:14,015] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 16:46:14,016] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-08-06 16:46:14,017] load() :: Loading HashCache [INFO ][2023-08-06 16:46:14,207] load() :: 77569 hashes loaded [INFO ][2023-08-06 16:46:14,207] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:46:14,288] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 16:46:14,839] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 16:46:21,480] init() :: DotnetData entries: 23564 [INFO ][2023-08-06 16:46:21,480] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-08-06 16:46:21,480] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-08-06 16:46:21,480] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-08-06 16:46:21,481] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-08-06 16:46:21,481] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-08-06 16:46:21,481] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-08-06 16:46:21,501] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-08-06 16:46:21,502] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:20:25,702] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-08-06 17:20:25,702] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-08-06 17:20:25,703] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 17:20:26,220] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 17:20:26,221] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-08-06 17:20:26,221] load() :: Loading HashCache [INFO ][2023-08-06 17:20:26,411] load() :: 77569 hashes loaded [INFO ][2023-08-06 17:20:26,411] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:20:26,489] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 17:20:27,043] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 17:20:33,757] init() :: DotnetData entries: 23564 [INFO ][2023-08-06 17:20:33,757] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-08-06 17:20:33,757] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-08-06 17:20:33,757] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-08-06 17:20:33,758] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-08-06 17:20:33,758] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-08-06 17:20:33,758] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-08-06 17:20:33,779] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-08-06 17:20:33,780] save() :: Saving HashCache (77569) [INFO ][2023-09-01 05:24:43,712] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-01 05:24:43,712] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-01 05:24:43,713] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-01 05:26:29,730] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-01 05:26:29,730] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-01 05:26:29,731] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-01 05:26:30,246] getDotNetSections() :: Offset: 7680 [WARNING ][2023-09-01 05:26:30,247] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-09-01 05:26:30,248] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-01 05:26:30,249] load() :: Loading HashCache [INFO ][2023-09-01 05:26:30,448] load() :: 85943 hashes loaded [INFO ][2023-09-01 05:26:30,448] save() :: Saving HashCache (85943) [INFO ][2023-09-01 05:26:30,530] save() :: Saving HashCache (85943) [INFO ][2023-09-24 19:20:21,930] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-24 19:20:21,930] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-24 19:20:21,933] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-24 19:20:21,933] parseFile() :: FilePe: Parse File [INFO ][2023-09-24 19:20:21,960] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-24 19:20:21,961] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-24 19:20:21,961] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-24 19:20:21,961] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-24 19:20:22,432] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-24 19:20:23,047] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-09-24 19:20:23,049] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-24 19:20:23,049] load() :: Loading HashCache [INFO ][2023-09-24 19:20:23,248] load() :: 101712 hashes loaded [INFO ][2023-09-24 19:20:23,248] save() :: Saving HashCache (101712) [INFO ][2023-09-24 19:20:23,345] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-24 19:20:29,818] init() :: DotnetData entries: 23564 [INFO ][2023-09-24 19:20:29,818] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-09-24 19:20:29,818] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-09-24 19:20:29,819] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-09-24 19:20:29,819] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-09-24 19:20:29,819] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-09-24 19:20:29,819] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-09-24 19:20:29,839] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-24 19:20:29,840] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:13:38,558] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-25 18:13:38,558] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-25 18:13:38,560] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:13:38,560] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:13:38,585] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:13:38,585] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:13:38,585] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:13:38,586] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:13:38,586] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:13:38,586] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:13:38,586] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:13:38,586] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:13:39,057] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:13:39,614] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-09-25 18:13:39,615] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-25 18:13:39,616] load() :: Loading HashCache [INFO ][2023-09-25 18:13:39,845] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:13:39,846] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:13:39,944] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:13:46,807] init() :: DotnetData entries: 23564 [INFO ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-09-25 18:13:46,808] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-09-25 18:13:46,809] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-09-25 18:13:46,829] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-25 18:13:46,830] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:20:40,407] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-25 18:20:40,407] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-25 18:20:40,408] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:20:40,408] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:20:40,433] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:20:40,433] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:20:40,433] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:20:40,434] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:20:40,434] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:20:40,901] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:20:41,456] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-09-25 18:20:41,458] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-25 18:20:41,458] load() :: Loading HashCache [INFO ][2023-09-25 18:20:41,684] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:20:41,685] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:20:41,781] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:20:48,654] init() :: DotnetData entries: 23564 [INFO ][2023-09-25 18:20:48,654] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-09-25 18:20:48,655] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-09-25 18:20:48,675] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-25 18:20:48,676] save() :: Saving HashCache (101712) [INFO ][2023-09-29 10:06:18,875] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-29 10:06:18,875] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-29 10:06:18,876] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 10:06:18,876] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 10:06:18,901] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 10:06:18,901] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 10:06:18,901] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 10:06:18,902] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 10:06:18,902] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 10:06:18,902] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 10:06:18,902] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 10:06:18,902] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 10:06:19,372] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-09-29 10:06:19,373] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-29 10:06:19,374] load() :: Loading HashCache [INFO ][2023-09-29 10:06:19,601] load() :: 102070 hashes loaded [INFO ][2023-09-29 10:06:19,601] save() :: Saving HashCache (102070) [INFO ][2023-09-29 10:06:19,698] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 10:06:26,557] init() :: DotnetData entries: 23564 [INFO ][2023-09-29 10:06:26,557] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-09-29 10:06:26,558] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-09-29 10:06:26,578] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-29 10:06:26,579] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:10:52,297] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-29 12:10:52,298] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-29 12:10:52,299] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 12:10:52,299] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 12:10:52,324] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 12:10:52,324] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 12:10:52,324] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 12:10:52,324] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 12:10:52,797] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-09-29 12:10:52,799] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-29 12:10:52,799] load() :: Loading HashCache [INFO ][2023-09-29 12:10:53,025] load() :: 102070 hashes loaded [INFO ][2023-09-29 12:10:53,025] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:10:53,123] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 12:10:59,969] init() :: DotnetData entries: 23564 [INFO ][2023-09-29 12:10:59,969] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-09-29 12:10:59,970] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-09-29 12:10:59,990] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-29 12:10:59,991] save() :: Saving HashCache (102070) [INFO ][2023-09-30 10:31:46,828] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-30 10:31:46,828] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe [INFO ][2023-09-30 10:31:46,829] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-30 10:31:46,829] parseFile() :: FilePe: Parse File [INFO ][2023-09-30 10:31:46,854] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-30 10:31:46,854] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-30 10:31:46,854] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-30 10:31:46,854] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-30 10:31:46,854] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-30 10:31:46,855] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-30 10:31:46,855] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-30 10:31:47,332] handleFile() :: Using scanner as defined in outcome: defender [INFO ][2023-09-30 10:31:47,334] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-30 10:31:47,334] load() :: Loading HashCache [INFO ][2023-09-30 10:31:47,561] load() :: 102072 hashes loaded [INFO ][2023-09-30 10:31:47,562] save() :: Saving HashCache (102072) [INFO ][2023-09-30 10:31:47,661] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-30 10:31:54,499] init() :: DotnetData entries: 23564 [INFO ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 2328/0x918, method disassemblies found: 1 [INFO ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 2393/0x959, method disassemblies found: 3 [INFO ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 2695/0xA87, method disassemblies found: 2 [INFO ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 2931/0xB73, method disassemblies found: 1 [INFO ][2023-09-30 10:31:54,500] disassembleDotNet() :: Match physical 3104/0xC20, method disassemblies found: 1 [INFO ][2023-09-30 10:31:54,501] disassembleDotNet() :: Match physical 3190/0xC76, method disassemblies found: 1 [INFO ][2023-09-30 10:31:54,521] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.outcome [INFO ][2023-09-30 10:31:54,522] save() :: Saving HashCache (102072)