Avred

File 06AA6C08707CD9B6.Seatbelt.exe.avg.exe

Name:	06AA6C08707CD9B6.Seatbelt.exe.avg.exe
Size:	611,840 bytes
Type:	EXE PE.NET
MD5:	d82ac3aa2e83b5fc3e26acffb688c93f

Scanner Name:	avg
Appraisal:	Fragile (AND) based
Scan Debug:	Duration: 98s / Chunks: 344 / Matches: 77
Scan date:	2023-07-21 21:24:09

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
0	0	177244	51	.text #~		DATA	Dominant. Modify this to make file undetected
1	0	177856	51	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
2	0	178061	25	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
3	0	178137	26	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
4	0	178418	52	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
5	0	178930	51	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
6	0	179414	77	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
7	0	179618	78	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
9	0	179874	128	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
14	1	419350	17	.text #Strings		DATA	Dominant. Modify this to make file undetected
15	1	420270	34	.text #Strings		DATA	Dominant. Modify this to make file undetected
19	1	425324	33	.text #Strings		DATA	Dominant. Modify this to make file undetected
30	1	436134	67	.text #Strings		DATA	Dominant. Modify this to make file undetected
31	1	436235	33	.text #Strings		DATA	Dominant. Modify this to make file undetected
34	1	436905	66	.text #Strings		DATA	Dominant. Modify this to make file undetected
35	1	438142	34	.text #Strings		DATA	Dominant. Modify this to make file undetected
39	1	442460	33	.text #Strings		DATA	Dominant. Modify this to make file undetected

Match 0: 177244 (size: 51)

Dominant. Modify this to make file undetected

.text #~

0002B45C   00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00    ........W..?....
0002B46C   00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00    ...3............
0002B47C   9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00    ....*...l...$...
0002B48C   87 02 00                                           ...

Match 1: 177856 (size: 51)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B6C0   00 00 12 00 A5 A7 00 00 0E DC 00 00 06 00 E3 C9    ................
0002B6D0   00 00 2B 01 01 00 06 00 69 B2 00 00 B5 1D 00 00    ..+.....i.......
0002B6E0   06 00 6C C9 00 00 B5 1D 00 00 06 00 76 91 00 00    ..l.........v...
0002B6F0   FA B2 00                                           ...

0x2b6b8: TypeRef[47]: ResolutionScope: ref table AssemblyRef[1] TypeName: IDisposable TypeNamespace: System

0x2b6c2: TypeRef[48]: ResolutionScope: ref table AssemblyRef[4] TypeName: Stopwatch TypeNamespace: System.Diagnostics

0x2b6cc: TypeRef[49]: ResolutionScope: ref table AssemblyRef[1] TypeName: StringBuilder TypeNamespace: System.Text

0x2b6d6: TypeRef[50]: ResolutionScope: ref table AssemblyRef[1] TypeName: Stream TypeNamespace: System.IO

0x2b6e0: TypeRef[51]: ResolutionScope: ref table AssemblyRef[1] TypeName: BinaryReader TypeNamespace: System.IO

0x2b6ea: TypeRef[52]: ResolutionScope: ref table AssemblyRef[1] TypeName: DateTime TypeNamespace: System

Match 2: 178061 (size: 25)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B78D   9E 00 00 FA B2 00 00 06 00 FC CC 00 00 B5 1D 00    ................
0002B79D   00 06 00 63 B2 00 00 B5 1D                         ...c.....

0x2b78a: TypeRef[68]: ResolutionScope: ref table AssemblyRef[1] TypeName: ParamArrayAttribute TypeNamespace: System

0x2b794: TypeRef[69]: ResolutionScope: ref table AssemblyRef[1] TypeName: StreamWriter TypeNamespace: System.IO

0x2b79e: TypeRef[70]: ResolutionScope: ref table AssemblyRef[1] TypeName: MemoryStream TypeNamespace: System.IO

Match 3: 178137 (size: 26)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B7D9   00 06 00 5C DB 00 00 FA B2 00 00 12 00 5D F1 00    ...\.........]..
0002B7E9   00 84 F5 00 00 06 00 58 F0 00                      .......X..

0x2b7d0: TypeRef[75]: ResolutionScope: ref table AssemblyRef[1] TypeName: SuppressUnmanagedCodeSecurityAttribute TypeNamespace: System.Security

0x2b7da: TypeRef[76]: ResolutionScope: ref table AssemblyRef[1] TypeName: IntPtr TypeNamespace: System

0x2b7e4: TypeRef[77]: ResolutionScope: ref table AssemblyRef[4] TypeName: IPAddress TypeNamespace: System.Net

0x2b7ee: TypeRef[78]: ResolutionScope: ref table AssemblyRef[1] TypeName: FileAccess TypeNamespace: System.IO

Match 4: 178418 (size: 52)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002B8F2   06 00 99 C1 00 00 B5 1D 00 00 06 00 54 C9 00 00    ............T...
0002B902   B5 1D 00 00 06 00 2C C2 00 00 FA B2 00 00 06 00    ......,.........
0002B912   F1 C1 00 00 B5 1D 00 00 0A 00 48 C2 00 00 E1 F8    ..........H.....
0002B922   00 00 06 00                                        ....

0x2b8f2: TypeRef[104]: ResolutionScope: ref table AssemblyRef[1] TypeName: IOException TypeNamespace: System.IO

0x2b8fc: TypeRef[105]: ResolutionScope: ref table AssemblyRef[1] TypeName: StreamReader TypeNamespace: System.IO

0x2b906: TypeRef[106]: ResolutionScope: ref table AssemblyRef[1] TypeName: UnauthorizedAccessException TypeNamespace: System

0x2b910: TypeRef[107]: ResolutionScope: ref table AssemblyRef[1] TypeName: PathTooLongException TypeNamespace: System.IO

0x2b91a: TypeRef[108]: ResolutionScope: ref table AssemblyRef[2] TypeName: ManagementException TypeNamespace: System.Management

0x2b924: TypeRef[109]: ResolutionScope: ref table AssemblyRef[1] TypeName: FileInfo TypeNamespace: System.IO

Match 5: 178930 (size: 51)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002BAF2   27 CC 00 00 FA B2 00 00 06 00 9C 05 00 00 CC 2D    '..............-
0002BB02   00 00 0A 00 E2 AE 00 00 E1 F8 00 00 0A 00 37 94    ..............7.
0002BB12   00 00 E1 F8 00 00 06 00 A2 09 01 00 B5 1D 00 00    ................
0002BB22   06 00 78                                           ..x

0x2baf0: TypeRef[155]: ResolutionScope: ref table AssemblyRef[1] TypeName: StringComparer TypeNamespace: System

0x2bafa: TypeRef[156]: ResolutionScope: ref table AssemblyRef[1] TypeName: IEqualityComparer`1 TypeNamespace: System.Collections.Generic

0x2bb04: TypeRef[157]: ResolutionScope: ref table AssemblyRef[2] TypeName: ImpersonationLevel TypeNamespace: System.Management

0x2bb0e: TypeRef[158]: ResolutionScope: ref table AssemblyRef[2] TypeName: ManagementScope TypeNamespace: System.Management

0x2bb18: TypeRef[159]: ResolutionScope: ref table AssemblyRef[1] TypeName: Directory TypeNamespace: System.IO

0x2bb22: TypeRef[160]: ResolutionScope: ref table AssemblyRef[1] TypeName: Environment TypeNamespace: System

Match 6: 179414 (size: 77)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002BCD6   B5 1D 00 00 06 00 E4 B5 00 00 FA B2 00 00 06 00    ................
0002BCE6   55 CB 00 00 FA B2 00 00 06 00 5E C1 00 00 B5 1D    U.........^.....
0002BCF6   00 00 06 00 A0 A2 00 00 2B 01 01 00 06 00 DA EE    ........+.......
0002BD06   00 00 FD DD 00 00 06 00 11 84 00 00 FA B2 00 00    ................
0002BD16   06 00 8E C9 00 00 27 07 01 00 06 00 67             ......'.....g

0x2bcd0: TypeRef[203]: ResolutionScope: ref table AssemblyRef[1] TypeName: TextReader TypeNamespace: System.IO

0x2bcda: TypeRef[204]: ResolutionScope: ref table AssemblyRef[1] TypeName: AppDomain TypeNamespace: System

0x2bce4: TypeRef[205]: ResolutionScope: ref table AssemblyRef[1] TypeName: ResolveEventHandler TypeNamespace: System

0x2bcee: TypeRef[206]: ResolutionScope: ref table AssemblyRef[1] TypeName: SearchOption TypeNamespace: System.IO

0x2bcf8: TypeRef[207]: ResolutionScope: ref table AssemblyRef[1] TypeName: Encoding TypeNamespace: System.Text

0x2bd02: TypeRef[208]: ResolutionScope: ref table AssemblyRef[1] TypeName: RuntimeHelpers TypeNamespace: System.Runtime.CompilerServices

0x2bd0c: TypeRef[209]: ResolutionScope: ref table AssemblyRef[1] TypeName: RuntimeFieldHandle TypeNamespace: System

0x2bd16: TypeRef[210]: ResolutionScope: ref table AssemblyRef[1] TypeName: SHA1CryptoServiceProvider TypeNamespace: System.Security.Cryptography

0x2bd20: TypeRef[211]: ResolutionScope: ref table AssemblyRef[1] TypeName: HashAlgorithm TypeNamespace: System.Security.Cryptography

Match 7: 179618 (size: 78)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002BDA2   06 00 64 0D 00 00 FA B2 00 00 06 00 37 E2 00 00    ..d.........7...
0002BDB2   C7 BC 00 00 06 00 43 AA 00 00 B5 1D 00 00 06 00    ......C.........
0002BDC2   3B 9A 00 00 78 E3 00 00 12 00 B6 E0 00 00 E1 BA    ;...x...........
0002BDD2   00 00 12 00 B0 BE 00 00 E1 BA 00 00 12 00 E6 BE    ................
0002BDE2   00 00 E1 BA 00 00 06 00 DA 10 00 00 FA B2          ..............

0x2bda2: TypeRef[224]: ResolutionScope: ref table AssemblyRef[1] TypeName: Int64 TypeNamespace: System

0x2bdac: TypeRef[225]: ResolutionScope: ref table AssemblyRef[1] TypeName: NumberStyles TypeNamespace: System.Globalization

0x2bdb6: TypeRef[226]: ResolutionScope: ref table AssemblyRef[1] TypeName: Path TypeNamespace: System.IO

0x2bdc0: TypeRef[227]: ResolutionScope: ref table AssemblyRef[1] TypeName: X509Certificate TypeNamespace: System.Security.Cryptography.X509Certificates

0x2bdca: TypeRef[228]: ResolutionScope: ref table AssemblyRef[4] TypeName: IPInterfaceProperties TypeNamespace: System.Net.NetworkInformation

0x2bdd4: TypeRef[229]: ResolutionScope: ref table AssemblyRef[4] TypeName: UnicastIPAddressInformationCollection TypeNamespace: System.Net.NetworkInformation

0x2bdde: TypeRef[230]: ResolutionScope: ref table AssemblyRef[4] TypeName: IPAddressCollection TypeNamespace: System.Net.NetworkInformation

0x2bde8: TypeRef[231]: ResolutionScope: ref table AssemblyRef[1] TypeName: Int16 TypeNamespace: System

Match 9: 179874 (size: 128)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0002BEA2   4C B1 00 00 06 00 B4 C4 00 00 B5 1D 00 00 06 00    L...............
0002BEB2   8C 00 01 00 40 EC 00 00 1A 00 F1 82 00 00 FF B0    ....@...........
0002BEC2   00 00 06 00 A8 85 00 00 FA B2 00 00 06 00 DB C1    ................
0002BED2   00 00 B5 1D 00 00 06 00 1C C2 00 00 FA B2 00 00    ................
0002BEE2   06 00 83 C2 00 00 BD 0A 01 00 06 00 C0 C5 00 00    ................
0002BEF2   B5 1D 00 00 06 00 4B 0B 01 00 A1 E9 00 00 12 00    ......K.........
0002BF02   AE BB 00 00 E1 BA 00 00 12 00 49 BE 00 00 0E DC    ..........I.....
0002BF12   00 00 06 00 9E 98 00 00 40 EC 00 00 1A 00 99 C6    ........@.......

0x2be9c: TypeRef[249]: ResolutionScope: ref table AssemblyRef[1] TypeName: ObjectSecurity TypeNamespace: System.Security.AccessControl

0x2bea6: TypeRef[250]: ResolutionScope: ref table AssemblyRef[1] TypeName: FileSystemInfo TypeNamespace: System.IO

0x2beb0: TypeRef[251]: ResolutionScope: ref table AssemblyRef[1] TypeName: ArrayList TypeNamespace: System.Collections

0x2beba: TypeRef[252]: ResolutionScope: ref table AssemblyRef[6] TypeName: XmlNameTable TypeNamespace: System.Xml

0x2bec4: TypeRef[253]: ResolutionScope: ref table AssemblyRef[1] TypeName: Single TypeNamespace: System

0x2bece: TypeRef[254]: ResolutionScope: ref table AssemblyRef[1] TypeName: FileNotFoundException TypeNamespace: System.IO

0x2bed8: TypeRef[255]: ResolutionScope: ref table AssemblyRef[1] TypeName: SystemException TypeNamespace: System

0x2bee2: TypeRef[256]: ResolutionScope: ref table AssemblyRef[1] TypeName: SecurityException TypeNamespace: System.Security

0x2beec: TypeRef[257]: ResolutionScope: ref table AssemblyRef[1] TypeName: DirectoryInfo TypeNamespace: System.IO

0x2bef6: TypeRef[258]: ResolutionScope: ref table AssemblyRef[1] TypeName: ClaimsIdentity TypeNamespace: System.Security.Claims

0x2bf00: TypeRef[259]: ResolutionScope: ref table AssemblyRef[4] TypeName: IPAddressInformation TypeNamespace: System.Net.NetworkInformation

0x2bf0a: TypeRef[260]: ResolutionScope: ref table AssemblyRef[4] TypeName: ProcessModuleCollection TypeNamespace: System.Diagnostics

0x2bf14: TypeRef[261]: ResolutionScope: ref table AssemblyRef[1] TypeName: ReadOnlyCollectionBase TypeNamespace: System.Collections

0x2bf1e: TypeRef[262]: ResolutionScope: ref table AssemblyRef[6] TypeName: XmlNamedNodeMap TypeNamespace: System.Xml

Match 14: 419350 (size: 17)

Dominant. Modify this to make file undetected

.text #Strings

00066616   6F 64 65 00 50 61 64 64 69 6E 67 4D 6F 64 65 00    ode.PaddingMode.
00066626   43                                                 C

Match 15: 420270 (size: 34)

Dominant. Modify this to make file undetected

.text #Strings

000669AE   49 45 6E 75 6D 65 72 61 62 6C 65 00 41 73 45 6E    IEnumerable.AsEn
000669BE   75 6D 65 72 61 62 6C 65 00 49 44 69 73 70 6F 73    umerable.IDispos
000669CE   61 62                                              ab

Match 19: 425324 (size: 33)

Dominant. Modify this to make file undetected

.text #Strings

00067D6C   70 65 00 74 79 70 65 00 46 69 6C 65 53 68 61 72    pe.type.FileShar
00067D7C   65 00 73 68 61 72 65 00 43 6F 6D 70 61 72 65 00    e.share.Compare.
00067D8C   53                                                 S

Match 30: 436134 (size: 67)

Dominant. Modify this to make file undetected

.text #Strings

0006A7A6   65 70 74 69 6F 6E 00 4E 6F 74 49 6D 70 6C 65 6D    eption.NotImplem
0006A7B6   65 6E 74 65 64 45 78 63 65 70 74 69 6F 6E 00 50    entedException.P
0006A7C6   6C 61 74 66 6F 72 6D 4E 6F 74 53 75 70 70 6F 72    latformNotSuppor
0006A7D6   74 65 64 45 78 63 65 70 74 69 6F 6E 00 46 69 6C    tedException.Fil
0006A7E6   65 4E 6F                                           eNo

Match 31: 436235 (size: 33)

Dominant. Modify this to make file undetected

.text #Strings

0006A80B   6F 6E 00 41 72 67 75 6D 65 6E 74 4E 75 6C 6C 45    on.ArgumentNullE
0006A81B   78 63 65 70 74 69 6F 6E 00 53 79 73 74 65 6D 45    xception.SystemE
0006A82B   78                                                 x

Match 34: 436905 (size: 66)

Dominant. Modify this to make file undetected

.text #Strings

0006AAA9   67 65 74 5F 43 72 65 64 65 6E 74 69 61 6C 49 6E    get_CredentialIn
0006AAB9   66 6F 00 46 69 6C 65 53 79 73 74 65 6D 49 6E 66    fo.FileSystemInf
0006AAC9   6F 00 70 70 4A 6F 69 6E 49 6E 66 6F 00 67 65 74    o.ppJoinInfo.get
0006AAD9   5F 46 69 6C 65 56 65 72 73 69 6F 6E 49 6E 66 6F    _FileVersionInfo
0006AAE9   00 47                                              .G

Match 35: 438142 (size: 34)

Dominant. Modify this to make file undetected

.text #Strings

0006AF7E   65 72 00 4F 6E 65 44 72 69 76 65 53 79 6E 63 50    er.OneDriveSyncP
0006AF8E   72 6F 76 69 64 65 72 00 53 48 41 31 43 72 79 70    rovider.SHA1Cryp
0006AF9E   74 6F                                              to

Match 39: 442460 (size: 33)

Dominant. Modify this to make file undetected

.text #Strings

0006C05C   61 72 79 45 6E 75 6D 65 72 61 74 6F 72 00 41 64    aryEnumerator.Ad
0006C06C   6D 69 6E 69 73 74 72 61 74 6F 72 00 41 63 74 69    ministrator.Acti
0006C07C   76                                                 v

Test #	MatchOrder	ModifyPosition	Match#0 #~ 51b	Match#1 #~ 51b	Match#2 #~ 25b	Match#3 #~ 26b	Match#4 #~ 52b	Match#5 #~ 51b	Match#6 #~ 77b	Match#7 #~ 78b	Match#8 #~ 26b	Match#9 #~ 128b	Match#10 #Strings 33b	Match#11 #Strings 17b	Match#12 #Strings 17b	Match#13 #Strings 34b	Match#14 #Strings 17b	Match#15 #Strings 34b	Match#16 #Strings 66b	Match#17 #Strings 33b	Match#18 #Strings 50b	Match#19 #Strings 33b	Match#20 #Strings 33b	Match#21 #Strings 50b	Match#22 #Strings 33b	Match#23 #Strings 33b	Match#24 #Strings 17b	Match#25 #Strings 33b	Match#26 #Strings 50b	Match#27 #Strings 100b	Match#28 #Strings 33b	Match#29 #Strings 34b	Match#30 #Strings 67b	Match#31 #Strings 33b	Match#32 #Strings 67b	Match#33 #Strings 67b	Match#34 #Strings 66b	Match#35 #Strings 34b	Match#36 #Strings 34b	Match#37 #Strings 133b	Match#38 #Strings 34b	Match#39 #Strings 33b	Match#40 #Strings 67b	Match#41 #Strings 34b	Match#42 #Strings 34b	Match#43 #Strings 134b	Match#44 #Strings 67b	Match#45 #Strings 134b	Match#46 #Strings 67b	Match#47 #Strings 67b	Match#48 #Strings 67b	Match#49 #Strings 67b	Match#50 #Strings 67b	Match#51 #Strings 134b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31	32	33	34	35	36	37	38	39	40	41	42	43	44	45	46	47	48	49	50	51
5	INCREMENTAL	FULL	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31	32	33	34	35	36	37	38	39	40	41	42	43	44	45	46	47	48	49	50	51
6	DECREMENTAL	FULL	51	50	49	48	47	46	45	44	43	42	41	40	39	38	37	36	35	34	33	32	31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
7	ALL	MIDDLE8	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
8	ALL	THIRDS4	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
9	ALL	FULL	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Result			d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d	d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-21 21:24:03,922] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-07-21 21:24:03,922] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-07-21 21:24:03,923] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-21 21:24:04,445] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 21:24:04,446] handleFile() :: Using scanner from command line: avg
[INFO    ][2023-07-21 21:24:04,447] load() :: Loading HashCache
[INFO    ][2023-07-21 21:24:04,611] load() ::   59528 hashes loaded
[INFO    ][2023-07-21 21:24:09,176] handleFile() :: QuickCheck: 06AA6C08707CD9B6.Seatbelt.exe.avg.exe is detected by avg and not hash based
[INFO    ][2023-07-21 21:24:09,176] handleFile() :: Scanning for matches...
[INFO    ][2023-07-21 21:24:09,176] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-21 21:24:09,215] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-21 21:24:09,216] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO    ][2023-07-21 21:24:09,217] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-21 21:24:10,739] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-21 21:24:12,350] findDetectedSections() :: Hide: DotNet Header -> Detected: False
[INFO    ][2023-07-21 21:24:13,936] findDetectedSections() :: Hide: Metadata Header -> Detected: False
[INFO    ][2023-07-21 21:24:13,937] findDetectedSections() :: Hide: methods -> Detected: True
[INFO    ][2023-07-21 21:24:15,501] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False
[INFO    ][2023-07-21 21:24:17,099] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False
[INFO    ][2023-07-21 21:24:19,297] findDetectedSections() :: Hide: #US Stream Header -> Detected: True
[INFO    ][2023-07-21 21:24:21,509] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True
[INFO    ][2023-07-21 21:24:23,757] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True
[INFO    ][2023-07-21 21:24:23,758] findDetectedSections() :: Hide: #~ -> Detected: False
[INFO    ][2023-07-21 21:24:23,760] findDetectedSections() :: Hide: #Strings -> Detected: False
[INFO    ][2023-07-21 21:24:23,761] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-21 21:24:23,762] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-21 21:24:23,763] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-21 21:24:23,763] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly
[INFO    ][2023-07-21 21:24:23,763] scanForMatchesInPe() ::   section: #~
[INFO    ][2023-07-21 21:24:23,763] scanForMatchesInPe() ::   section: #Strings
[INFO    ][2023-07-21 21:24:30,481] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (177244-386568)
[INFO    ][2023-07-21 21:24:30,482] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:16 MinMatchSize:32
[INFO    ][2023-07-21 21:24:30,482] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-21 21:24:30,505] _scanDataPart() :: Result: 177244-177295 (51 bytes)
0002B45C   00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00    ........W..?....
0002B46C   00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00    ...3............
0002B47C   9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00    ....*...l...$...
0002B48C   87 02 00                                           ...
[INFO    ][2023-07-21 21:24:30,511] _scanDataPart() :: Result: 177856-177907 (51 bytes)
0002B6C0   00 00 12 00 A5 A7 00 00 0E DC 00 00 06 00 E3 C9    ................
0002B6D0   00 00 2B 01 01 00 06 00 69 B2 00 00 B5 1D 00 00    ..+.....i.......
0002B6E0   06 00 6C C9 00 00 B5 1D 00 00 06 00 76 91 00 00    ..l.........v...
0002B6F0   FA B2 00                                           ...
[INFO    ][2023-07-21 21:24:30,520] _scanDataPart() :: Result: 178061-178086 (25b minChunk:16 X)
0002B78D   9E 00 00 FA B2 00 00 06 00 FC CC 00 00 B5 1D 00    ................
0002B79D   00 06 00 63 B2 00 00 B5 1D                         ...c.....
[INFO    ][2023-07-21 21:24:30,522] _scanDataPart() :: Result: 178137-178163 (26b minChunk:16 X)
0002B7D9   00 06 00 5C DB 00 00 FA B2 00 00 12 00 5D F1 00    ...\.........]..
0002B7E9   00 84 F5 00 00 06 00 58 F0 00                      .......X..
[INFO    ][2023-07-21 21:24:30,527] _scanDataPart() :: Result: 178418-178470 (52 bytes)
0002B8F2   06 00 99 C1 00 00 B5 1D 00 00 06 00 54 C9 00 00    ............T...
0002B902   B5 1D 00 00 06 00 2C C2 00 00 FA B2 00 00 06 00    ......,.........
0002B912   F1 C1 00 00 B5 1D 00 00 0A 00 48 C2 00 00 E1 F8    ..........H.....
0002B922   00 00 06 00                                        ....
[INFO    ][2023-07-21 21:24:30,537] _scanDataPart() :: Result: 178930-178955 (25b minChunk:16 X)
0002BAF2   27 CC 00 00 FA B2 00 00 06 00 9C 05 00 00 CC 2D    '..............-
0002BB02   00 00 0A 00 E2 AE 00 00 E1                         .........
[INFO    ][2023-07-21 21:24:30,537] _scanDataPart() :: Result: 178955-178981 (26b minChunk:16 X)
0002BB0B   F8 00 00 0A 00 37 94 00 00 E1 F8 00 00 06 00 A2    .....7..........
0002BB1B   09 01 00 B5 1D 00 00 06 00 78                      .........x
[INFO    ][2023-07-21 21:24:30,544] _scanDataPart() :: Result: 179414-179440 (26b minChunk:16 X)
0002BCD6   B5 1D 00 00 06 00 E4 B5 00 00 FA B2 00 00 06 00    ................
0002BCE6   55 CB 00 00 FA B2 00 00 06 00                      U.........
[INFO    ][2023-07-21 21:24:30,545] _scanDataPart() :: Result: 179440-179465 (25b minChunk:16 X)
0002BCF0   5E C1 00 00 B5 1D 00 00 06 00 A0 A2 00 00 2B 01    ^.............+.
0002BD00   01 00 06 00 DA EE 00 00 FD                         .........
[INFO    ][2023-07-21 21:24:30,546] _scanDataPart() :: Result: 179465-179491 (26b minChunk:16 X)
0002BD09   DD 00 00 06 00 11 84 00 00 FA B2 00 00 06 00 8E    ................
0002BD19   C9 00 00 27 07 01 00 06 00 67                      ...'.....g
[INFO    ][2023-07-21 21:24:30,551] _scanDataPart() :: Result: 179618-179644 (26b minChunk:16 X)
0002BDA2   06 00 64 0D 00 00 FA B2 00 00 06 00 37 E2 00 00    ..d.........7...
0002BDB2   C7 BC 00 00 06 00 43 AA 00 00                      ......C...
[INFO    ][2023-07-21 21:24:30,552] _scanDataPart() :: Result: 179644-179670 (26b minChunk:16 X)
0002BDBC   B5 1D 00 00 06 00 3B 9A 00 00 78 E3 00 00 12 00    ......;...x.....
0002BDCC   B6 E0 00 00 E1 BA 00 00 12 00                      ..........
[INFO    ][2023-07-21 21:24:30,553] _scanDataPart() :: Result: 179670-179696 (26b minChunk:16 X)
0002BDD6   B0 BE 00 00 E1 BA 00 00 12 00 E6 BE 00 00 E1 BA    ................
0002BDE6   00 00 06 00 DA 10 00 00 FA B2                      ..........
[INFO    ][2023-07-21 21:24:30,561] _scanDataPart() :: Result: 179823-179849 (26b minChunk:16 X)
0002BE6F   00 C2 C3 00 00 1E 00 27 C9 00 00 C2 C3 00 00 06    .......'........
0002BE7F   00 57 AD 00 00 FA B2 00 00 0A                      .W........
[INFO    ][2023-07-21 21:24:30,563] _scanDataPart() :: Result: 179874-179900 (26b minChunk:16 X)
0002BEA2   4C B1 00 00 06 00 B4 C4 00 00 B5 1D 00 00 06 00    L...............
0002BEB2   8C 00 01 00 40 EC 00 00 1A 00                      ....@.....
[INFO    ][2023-07-21 21:24:30,568] _scanDataPart() :: Result: 179900-179951 (51 bytes)
0002BEBC   F1 82 00 00 FF B0 00 00 06 00 A8 85 00 00 FA B2    ................
0002BECC   00 00 06 00 DB C1 00 00 B5 1D 00 00 06 00 1C C2    ................
0002BEDC   00 00 FA B2 00 00 06 00 83 C2 00 00 BD 0A 01 00    ................
0002BEEC   06 00 C0                                           ...
[INFO    ][2023-07-21 21:24:30,570] _scanDataPart() :: Result: 179951-179976 (25b minChunk:16 X)
0002BEEF   C5 00 00 B5 1D 00 00 06 00 4B 0B 01 00 A1 E9 00    .........K......
0002BEFF   00 12 00 AE BB 00 00 E1 BA                         .........
[INFO    ][2023-07-21 21:24:30,570] _scanDataPart() :: Result: 179976-180002 (26b minChunk:16 X)
0002BF08   00 00 12 00 49 BE 00 00 0E DC 00 00 06 00 9E 98    ....I...........
0002BF18   00 00 40 EC 00 00 1A 00 99 C6                      ..@.......
[INFO    ][2023-07-21 21:24:30,570] scan() :: Reducer Result: Time:0 Chunks:65 MatchesAdded:18 MatchesFinal:10
[INFO    ][2023-07-21 21:24:37,347] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (386568-455112)
[INFO    ][2023-07-21 21:24:37,347] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:8 MinMatchSize:16
[INFO    ][2023-07-21 21:24:37,347] _printStatus() :: Reducing: 66 chunks done, found 0 matches (18 added)
[INFO    ][2023-07-21 21:24:37,368] _scanDataPart() :: Result: 390868-390885 (17b minChunk:8 X)
0005F6D4   00 54 6F 55 49 6E 74 31 36 00 52 65 61 64 49 6E    .ToUInt16.ReadIn
0005F6E4   74                                                 t
[INFO    ][2023-07-21 21:24:37,370] _scanDataPart() :: Result: 390885-390901 (16b minChunk:8 X)
0005F6E5   31 36 00 53 48 41 32 35 36 00 58 38 36 00 41 46    16.SHA256.X86.AF
[INFO    ][2023-07-21 21:24:37,378] _scanDataPart() :: Result: 391772-391789 (17b minChunk:8 X)
0005FA5C   50 45 43 00 47 43 00 50 55 42 4C 49 43 00 55 44    PEC.GC.PUBLIC.UD
0005FA6C   50                                                 P
[INFO    ][2023-07-21 21:24:37,388] _scanDataPart() :: Result: 392407-392424 (17b minChunk:8 X)
0005FCD7   44 00 50 6C 61 74 66 6F 72 6D 49 44 00 4C 6F 67    D.PlatformID.Log
0005FCE7   69                                                 i
[INFO    ][2023-07-21 21:24:37,398] _scanDataPart() :: Doubling: minChunkSize: 8  minMatchSize: 16
[INFO    ][2023-07-21 21:24:37,400] _scanDataPart() :: Result: 394164-394198 (34 bytes)
000603B4   4B 45 59 5F 49 4E 46 4F 00 53 79 73 74 65 6D 2E    KEY_INFO.System.
000603C4   49 4F 00 67 65 74 5F 47 50 4F 00 41 75 64 69 74    IO.get_GPO.Audit
000603D4   50 6F                                              Po
[INFO    ][2023-07-21 21:24:37,417] _scanDataPart() :: Result: 419350-419367 (17b minChunk:16 X)
00066616   6F 64 65 00 50 61 64 64 69 6E 67 4D 6F 64 65 00    ode.PaddingMode.
00066626   43                                                 C
[INFO    ][2023-07-21 21:24:37,427] _scanDataPart() :: Result: 420270-420287 (17b minChunk:16 X)
000669AE   49 45 6E 75 6D 65 72 61 62 6C 65 00 41 73 45 6E    IEnumerable.AsEn
000669BE   75                                                 u
[INFO    ][2023-07-21 21:24:37,427] _scanDataPart() :: Result: 420287-420304 (17b minChunk:16 X)
000669BF   6D 65 72 61 62 6C 65 00 49 44 69 73 70 6F 73 61    merable.IDisposa
000669CF   62                                                 b
[INFO    ][2023-07-21 21:24:37,444] _scanDataPart() :: Result: 420873-420906 (33b minChunk:16 X)
00066C09   4F 75 74 70 75 74 46 69 6C 65 00 6F 75 74 70 75    OutputFile.outpu
00066C19   74 46 69 6C 65 00 46 69 6E 64 4E 65 78 74 46 69    tFile.FindNextFi
00066C29   6C                                                 l
[INFO    ][2023-07-21 21:24:37,446] _scanDataPart() :: Result: 420906-420939 (33b minChunk:16 X)
00066C2A   65 00 67 65 74 5F 50 72 6F 66 69 6C 65 00 73 65    e.get_Profile.se
00066C3A   74 5F 50 72 6F 66 69 6C 65 00 6E 62 72 50 72 6F    t_Profile.nbrPro
00066C4A   66                                                 f
[INFO    ][2023-07-21 21:24:37,450] _scanDataPart() :: Result: 420973-421006 (33b minChunk:16 X)
00066C6D   65 00 57 69 6E 64 6F 77 73 42 75 69 6C 74 49 6E    e.WindowsBuiltIn
00066C7D   52 6F 6C 65 00 43 6F 6E 73 6F 6C 65 00 67 65 74    Role.Console.get
00066C8D   5F                                                 _
[INFO    ][2023-07-21 21:24:37,452] _scanDataPart() :: Result: 421040-421073 (33b minChunk:16 X)
00066CB0   64 6F 77 73 46 69 72 65 77 61 6C 6C 52 75 6C 65    dowsFirewallRule
00066CC0   00 41 73 72 52 75 6C 65 00 50 72 6F 63 65 73 73    .AsrRule.Process
00066CD0   4D                                                 M
[INFO    ][2023-07-21 21:24:37,453] _scanDataPart() :: Result: 421073-421090 (17b minChunk:16 X)
00066CD1   6F 64 75 6C 65 00 72 75 6C 65 00 67 65 74 5F 47    odule.rule.get_G
00066CE1   50                                                 P
[INFO    ][2023-07-21 21:24:37,465] _scanDataPart() :: Result: 425324-425357 (33b minChunk:16 X)
00067D6C   70 65 00 74 79 70 65 00 46 69 6C 65 53 68 61 72    pe.type.FileShar
00067D7C   65 00 73 68 61 72 65 00 43 6F 6D 70 61 72 65 00    e.share.Compare.
00067D8C   53                                                 S
[INFO    ][2023-07-21 21:24:37,475] _scanDataPart() :: Result: 427667-427700 (33b minChunk:16 X)
00068693   61 63 74 69 76 65 00 61 64 64 5F 41 73 73 65 6D    active.add_Assem
000686A3   62 6C 79 52 65 73 6F 6C 76 65 00 73 75 66 66 69    blyResolve.suffi
000686B3   78                                                 x
[INFO    ][2023-07-21 21:24:37,477] _scanDataPart() :: Result: 427717-427734 (17b minChunk:16 X)
000686C5   67 45 78 65 00 70 72 6F 64 75 63 74 45 78 65 00    gExe.productExe.
000686D5   53                                                 S
[INFO    ][2023-07-21 21:24:37,479] _scanDataPart() :: Result: 427734-427767 (33b minChunk:16 X)
000686D6   65 61 74 62 65 6C 74 2E 65 78 65 00 67 65 74 5F    eatbelt.exe.get_
000686E6   53 69 7A 65 00 73 65 74 5F 53 69 7A 65 00 43 72    Size.set_Size.Cr
000686F6   65                                                 e
[INFO    ][2023-07-21 21:24:37,488] _scanDataPart() :: Result: 429073-429106 (33b minChunk:16 X)
00068C11   67 00 47 65 74 53 74 72 69 6E 67 00 50 61 72 73    g.GetString.Pars
00068C21   65 4D 72 75 53 74 72 69 6E 67 00 53 75 62 73 74    eMruString.Subst
00068C31   72                                                 r
[INFO    ][2023-07-21 21:24:37,502] _scanDataPart() :: Result: 429474-429507 (33b minChunk:16 X)
00068DA2   61 74 63 68 00 6D 61 74 63 68 00 53 74 6F 70 77    atch.match.Stopw
00068DB2   61 74 63 68 00 6E 46 69 6C 65 53 69 7A 65 48 69    atch.nFileSizeHi
00068DC2   67                                                 g
[INFO    ][2023-07-21 21:24:37,507] _scanDataPart() :: Result: 429641-429658 (17b minChunk:16 X)
00068E49   5F 41 75 74 6F 46 6C 75 73 68 00 4D 61 74 68 00    _AutoFlush.Math.
00068E59   50                                                 P
[INFO    ][2023-07-21 21:24:37,514] _scanDataPart() :: Result: 430144-430177 (33b minChunk:16 X)
00069040   50 61 74 68 00 62 69 6E 61 72 79 50 61 74 68 00    Path.binaryPath.
00069050   3C 3E 33 5F 5F 70 61 74 68 00 73 63 72 69 70 74    <>3__path.script
00069060   5F                                                 _
[INFO    ][2023-07-21 21:24:37,525] _scanDataPart() :: Result: 432202-432219 (17b minChunk:16 X)
0006984A   6C 00 75 72 6C 00 46 69 6C 65 53 74 72 65 61 6D    l.url.FileStream
0006985A   00                                                 .
[INFO    ][2023-07-21 21:24:37,529] _scanDataPart() :: Result: 432219-432252 (33b minChunk:16 X)
0006985B   67 65 74 5F 45 6E 64 4F 66 53 74 72 65 61 6D 00    get_EndOfStream.
0006986B   4D 65 6D 6F 72 79 53 74 72 65 61 6D 00 5F 73 74    MemoryStream._st
0006987B   72                                                 r
[INFO    ][2023-07-21 21:24:40,623] _printStatus() :: Reducing: 197 chunks done, found 17 matches (41 added)
[INFO    ][2023-07-21 21:24:40,624] _scanDataPart() :: Result: 432353-432386 (33b minChunk:16 X)
000698E1   61 75 6C 74 49 74 65 6D 00 76 61 75 6C 74 49 74    aultItem.vaultIt
000698F1   65 6D 00 69 74 65 6D 00 4F 70 65 72 61 74 69 6E    em.item.Operatin
00069901   67                                                 g
[INFO    ][2023-07-21 21:24:43,737] _scanDataPart() :: Result: 432386-432420 (34 bytes)
00069902   53 79 73 74 65 6D 00 53 79 6D 6D 65 74 72 69 63    System.Symmetric
00069912   41 6C 67 6F 72 69 74 68 6D 00 41 73 79 6D 6D 65    Algorithm.Asymme
00069922   74 72                                              tr
[INFO    ][2023-07-21 21:24:43,738] _printStatus() :: Reducing: 199 chunks done, found 18 matches (43 added)
[INFO    ][2023-07-21 21:24:47,584] _printStatus() :: Reducing: 200 chunks done, found 18 matches (43 added)
[INFO    ][2023-07-21 21:24:47,584] _scanDataPart() :: Doubling: minChunkSize: 16  minMatchSize: 32
[INFO    ][2023-07-21 21:24:47,584] _scanDataPart() :: Result: 432420-432453 (33b minChunk:32 X)
00069924   69 63 41 6C 67 6F 72 69 74 68 6D 00 53 69 67 6E    icAlgorithm.Sign
00069934   61 74 75 72 65 41 6C 67 6F 72 69 74 68 6D 00 67    atureAlgorithm.g
00069944   65                                                 e
[INFO    ][2023-07-21 21:24:51,301] _printStatus() :: Reducing: 203 chunks done, found 18 matches (44 added)
[INFO    ][2023-07-21 21:24:51,301] _scanDataPart() :: Result: 432487-432520 (33b minChunk:32 X)
00069967   6D 00 53 79 73 6D 6F 6E 48 61 73 68 41 6C 67 6F    m.SysmonHashAlgo
00069977   72 69 74 68 6D 00 54 72 69 6D 00 67 65 74 5F 44    rithm.Trim.get_D
00069987   65                                                 e
[INFO    ][2023-07-21 21:24:55,088] _printStatus() :: Reducing: 205 chunks done, found 19 matches (45 added)
[INFO    ][2023-07-21 21:24:55,088] _scanDataPart() :: Result: 432587-432621 (34b minChunk:32 X)
000699CB   6C 46 6F 72 6D 00 47 65 74 42 69 6E 61 72 79 46    lForm.GetBinaryF
000699DB   6F 72 6D 00 49 43 72 79 70 74 6F 54 72 61 6E 73    orm.ICryptoTrans
000699EB   66 6F                                              fo
[INFO    ][2023-07-21 21:24:58,951] _printStatus() :: Reducing: 213 chunks done, found 20 matches (46 added)
[INFO    ][2023-07-21 21:24:58,952] _scanDataPart() :: Result: 436134-436168 (34b minChunk:32 X)
0006A7A6   65 70 74 69 6F 6E 00 4E 6F 74 49 6D 70 6C 65 6D    eption.NotImplem
0006A7B6   65 6E 74 65 64 45 78 63 65 70 74 69 6F 6E 00 50    entedException.P
0006A7C6   6C 61                                              la
[INFO    ][2023-07-21 21:25:02,816] _printStatus() :: Reducing: 215 chunks done, found 21 matches (47 added)
[INFO    ][2023-07-21 21:25:02,816] _scanDataPart() :: Result: 436168-436201 (33b minChunk:32 X)
0006A7C8   74 66 6F 72 6D 4E 6F 74 53 75 70 70 6F 72 74 65    tformNotSupporte
0006A7D8   64 45 78 63 65 70 74 69 6F 6E 00 46 69 6C 65 4E    dException.FileN
0006A7E8   6F                                                 o
[INFO    ][2023-07-21 21:25:02,820] _scanDataPart() :: Result: 436235-436268 (33b minChunk:32 X)
0006A80B   6F 6E 00 41 72 67 75 6D 65 6E 74 4E 75 6C 6C 45    on.ArgumentNullE
0006A81B   78 63 65 70 74 69 6F 6E 00 53 79 73 74 65 6D 45    xception.SystemE
0006A82B   78                                                 x
[INFO    ][2023-07-21 21:25:06,662] _printStatus() :: Reducing: 223 chunks done, found 22 matches (49 added)
[INFO    ][2023-07-21 21:25:06,662] _scanDataPart() :: Result: 436670-436704 (34b minChunk:32 X)
0006A9BE   74 52 65 73 6F 6C 75 74 69 6F 6E 00 53 79 73 74    tResolution.Syst
0006A9CE   65 6D 2E 44 61 74 61 2E 43 6F 6D 6D 6F 6E 00 53    em.Data.Common.S
0006A9DE   74 72                                              tr
[INFO    ][2023-07-21 21:25:10,520] _printStatus() :: Reducing: 225 chunks done, found 23 matches (50 added)
[INFO    ][2023-07-21 21:25:10,520] _scanDataPart() :: Result: 436704-436737 (33b minChunk:32 X)
0006A9E0   69 6E 67 43 6F 6D 70 61 72 69 73 6F 6E 00 5F 6A    ingComparison._j
0006A9F0   73 6F 6E 00 55 70 6E 00 70 61 74 74 65 72 6E 00    son.Upn.pattern.
0006AA00   44                                                 D
[INFO    ][2023-07-21 21:25:14,347] _printStatus() :: Reducing: 228 chunks done, found 23 matches (51 added)
[INFO    ][2023-07-21 21:25:14,347] _scanDataPart() :: Result: 436804-436838 (34b minChunk:32 X)
0006AA44   6F 64 49 6E 66 6F 00 70 70 50 61 63 6B 61 67 65    odInfo.ppPackage
0006AA54   49 6E 66 6F 00 43 72 65 64 65 6E 74 69 61 6C 46    Info.CredentialF
0006AA64   69 6C                                              il
[INFO    ][2023-07-21 21:25:18,222] _printStatus() :: Reducing: 230 chunks done, found 24 matches (52 added)
[INFO    ][2023-07-21 21:25:18,222] _scanDataPart() :: Result: 436838-436871 (33b minChunk:32 X)
0006AA66   65 49 6E 66 6F 00 50 72 6F 66 69 6C 65 49 6E 66    eInfo.ProfileInf
0006AA76   6F 00 47 65 74 4E 61 6D 65 49 6E 66 6F 00 43 75    o.GetNameInfo.Cu
0006AA86   6C                                                 l
[INFO    ][2023-07-21 21:25:18,231] _scanDataPart() :: Result: 436905-436938 (33b minChunk:32 X)
0006AAA9   67 65 74 5F 43 72 65 64 65 6E 74 69 61 6C 49 6E    get_CredentialIn
0006AAB9   66 6F 00 46 69 6C 65 53 79 73 74 65 6D 49 6E 66    fo.FileSystemInf
0006AAC9   6F                                                 o
[INFO    ][2023-07-21 21:25:18,231] _scanDataPart() :: Result: 436938-436971 (33b minChunk:32 X)
0006AACA   00 70 70 4A 6F 69 6E 49 6E 66 6F 00 67 65 74 5F    .ppJoinInfo.get_
0006AADA   46 69 6C 65 56 65 72 73 69 6F 6E 49 6E 66 6F 00    FileVersionInfo.
0006AAEA   47                                                 G
[INFO    ][2023-07-21 21:25:18,250] _scanDataPart() :: Result: 438142-438176 (34b minChunk:32 X)
0006AF7E   65 72 00 4F 6E 65 44 72 69 76 65 53 79 6E 63 50    er.OneDriveSyncP
0006AF8E   72 6F 76 69 64 65 72 00 53 48 41 31 43 72 79 70    rovider.SHA1Cryp
0006AF9E   74 6F                                              to
[INFO    ][2023-07-21 21:25:18,257] _scanDataPart() :: Result: 438812-438846 (34b minChunk:32 X)
0006B21C   54 6F 55 70 70 65 72 00 4C 73 61 57 72 61 70 70    ToUpper.LsaWrapp
0006B22C   65 72 00 53 74 72 69 6E 67 43 6F 6D 70 61 72 65    er.StringCompare
0006B23C   72 00                                              r.
[INFO    ][2023-07-21 21:25:18,261] _scanDataPart() :: Result: 439013-439047 (34b minChunk:32 X)
0006B2E5   2E 43 6F 6D 6D 61 6E 64 73 2E 42 72 6F 77 73 65    .Commands.Browse
0006B2F5   72 00 67 65 74 5F 4E 6F 74 41 66 74 65 72 00 53    r.get_NotAfter.S
0006B305   74 72                                              tr
[INFO    ][2023-07-21 21:25:21,558] _scanDataPart() :: Result: 439047-439113 (66 bytes)
0006B307   65 61 6D 57 72 69 74 65 72 00 5F 73 74 72 65 61    eamWriter._strea
0006B317   6D 57 72 69 74 65 72 00 49 54 65 78 74 57 72 69    mWriter.ITextWri
0006B327   74 65 72 00 46 69 6C 65 54 65 78 74 57 72 69 74    ter.FileTextWrit
0006B337   65 72 00 43 6F 6E 73 6F 6C 65 54 65 78 74 57 72    er.ConsoleTextWr
0006B347   69 74                                              it
[INFO    ][2023-07-21 21:25:21,559] _printStatus() :: Reducing: 261 chunks done, found 28 matches (59 added)
[INFO    ][2023-07-21 21:25:25,430] _printStatus() :: Reducing: 262 chunks done, found 28 matches (59 added)
[INFO    ][2023-07-21 21:25:25,431] _scanDataPart() :: Result: 439113-439146 (33b minChunk:32 X)
0006B349   65 72 00 5F 74 65 78 74 57 72 69 74 65 72 00 77    er._textWriter.w
0006B359   72 69 74 65 72 00 67 65 74 5F 46 69 6C 74 65 72    riter.get_Filter
0006B369   00                                                 .
[INFO    ][2023-07-21 21:25:25,434] _scanDataPart() :: Result: 439213-439247 (34b minChunk:32 X)
0006B3AD   54 69 6D 65 43 6F 6E 76 65 72 74 65 72 00 42 69    TimeConverter.Bi
0006B3BD   74 43 6F 6E 76 65 72 74 65 72 00 57 4D 49 46 6F    tConverter.WMIFo
0006B3CD   72 6D                                              rm
[INFO    ][2023-07-21 21:25:25,449] _scanDataPart() :: Result: 442460-442493 (33b minChunk:32 X)
0006C05C   61 72 79 45 6E 75 6D 65 72 61 74 6F 72 00 41 64    aryEnumerator.Ad
0006C06C   6D 69 6E 69 73 74 72 61 74 6F 72 00 41 63 74 69    ministrator.Acti
0006C07C   76                                                 v
[INFO    ][2023-07-21 21:25:29,250] _printStatus() :: Reducing: 280 chunks done, found 30 matches (62 added)
[INFO    ][2023-07-21 21:25:29,250] _scanDataPart() :: Result: 444970-445004 (34b minChunk:32 X)
0006CA2A   69 62 75 74 65 73 00 66 6C 61 67 73 41 6E 64 41    ibutes.flagsAndA
0006CA3A   74 74 72 69 62 75 74 65 73 00 64 77 46 69 6C 65    ttributes.dwFile
0006CA4A   41 74                                              At
[INFO    ][2023-07-21 21:25:32,993] _printStatus() :: Reducing: 282 chunks done, found 31 matches (63 added)
[INFO    ][2023-07-21 21:25:32,993] _scanDataPart() :: Result: 445004-445037 (33b minChunk:32 X)
0006CA4C   74 72 69 62 75 74 65 73 00 46 69 6C 65 57 72 69    tributes.FileWri
0006CA5C   74 65 41 74 74 72 69 62 75 74 65 73 00 47 65 74    teAttributes.Get
0006CA6C   43                                                 C
[INFO    ][2023-07-21 21:25:33,002] _scanDataPart() :: Result: 445974-446008 (34b minChunk:32 X)
0006CE16   6F 41 72 67 73 00 52 65 73 6F 6C 76 65 45 76 65    oArgs.ResolveEve
0006CE26   6E 74 41 72 67 73 00 3C 3E 33 5F 5F 61 72 67 73    ntArgs.<>3__args
0006CE36   00 3C                                              .<
[INFO    ][2023-07-21 21:25:33,018] _scanDataPart() :: Result: 447045-447079 (34b minChunk:32 X)
0006D245   6E 73 00 53 79 73 74 65 6D 2E 43 6F 6C 6C 65 63    ns.System.Collec
0006D255   74 69 6F 6E 73 00 67 65 74 5F 43 6F 6E 6E 65 63    tions.get_Connec
0006D265   74 69                                              ti
[INFO    ][2023-07-21 21:25:33,022] _scanDataPart() :: Doubling: minChunkSize: 32  minMatchSize: 64
[INFO    ][2023-07-21 21:25:33,024] _scanDataPart() :: Result: 447280-447347 (67b minChunk:64 X)
0006D330   00 43 6F 6E 6E 65 63 74 69 6F 6E 4F 70 74 69 6F    .ConnectionOptio
0006D340   6E 73 00 53 79 73 6D 6F 6E 4F 70 74 69 6F 6E 73    ns.SysmonOptions
0006D350   00 4F 62 6A 65 63 74 47 65 74 4F 70 74 69 6F 6E    .ObjectGetOption
0006D360   73 00 53 74 72 69 6E 67 53 70 6C 69 74 4F 70 74    s.StringSplitOpt
0006D370   69 6F 6E                                           ion
[INFO    ][2023-07-21 21:25:33,027] _scanDataPart() :: Result: 447347-447414 (67b minChunk:64 X)
0006D373   73 00 53 65 61 74 62 65 6C 74 4F 70 74 69 6F 6E    s.SeatbeltOption
0006D383   73 00 52 65 67 65 78 4F 70 74 69 6F 6E 73 00 67    s.RegexOptions.g
0006D393   65 74 5F 4F 75 74 62 6F 75 6E 64 45 78 63 65 70    et_OutboundExcep
0006D3A3   74 69 6F 6E 73 00 73 65 74 5F 4F 75 74 62 6F 75    tions.set_Outbou
0006D3B3   6E 64 45                                           ndE
[INFO    ][2023-07-21 21:25:33,034] _scanDataPart() :: Result: 448083-448150 (67b minChunk:64 X)
0006D653   72 61 6E 74 65 64 41 63 63 65 73 73 00 46 69 6C    rantedAccess.Fil
0006D663   65 41 63 63 65 73 73 00 41 6C 6C 41 63 63 65 73    eAccess.AllAcces
0006D673   73 00 50 6C 75 67 69 6E 41 63 63 65 73 73 00 50    s.PluginAccess.P
0006D683   72 6F 63 65 73 73 41 63 63 65 73 73 00 70 72 6F    rocessAccess.pro
0006D693   63 65 73                                           ces
[INFO    ][2023-07-21 21:25:36,733] _printStatus() :: Reducing: 312 chunks done, found 35 matches (69 added)
[INFO    ][2023-07-21 21:25:39,811] _scanDataPart() :: Result: 448284-448418 (134 bytes)
0006D71C   73 65 74 5F 50 72 6F 63 65 73 73 00 43 72 65 61    set_Process.Crea
0006D72C   74 65 50 72 6F 63 65 73 73 00 68 50 72 6F 63 65    teProcess.hProce
0006D73C   73 73 00 4F 70 65 6E 50 72 6F 63 65 73 73 00 4E    ss.OpenProcess.N
0006D74C   74 51 75 65 72 79 49 6E 66 6F 72 6D 61 74 69 6F    tQueryInformatio
0006D75C   6E 50 72 6F 63 65 73 73 00 49 50 41 64 64 72 65    nProcess.IPAddre
0006D76C   73 73 00 67 65 74 5F 41 64 64 72 65 73 73 00 67    ss.get_Address.g
0006D77C   65 74 5F 52 65 6D 6F 74 65 41 64 64 72 65 73 73    et_RemoteAddress
0006D78C   00 72 65 6D 6F 74 65 41 64 64 72 65 73 73 00 67    .remoteAddress.g
0006D79C   65 74 5F 50 68 79                                  et_Phy
[INFO    ][2023-07-21 21:25:39,811] _printStatus() :: Reducing: 313 chunks done, found 36 matches (70 added)
[INFO    ][2023-07-21 21:25:43,521] _printStatus() :: Reducing: 314 chunks done, found 36 matches (70 added)
[INFO    ][2023-07-21 21:25:47,334] _printStatus() :: Reducing: 315 chunks done, found 36 matches (70 added)
[INFO    ][2023-07-21 21:25:47,334] _scanDataPart() :: Result: 448552-448619 (67b minChunk:64 X)
0006D828   57 54 53 43 6C 69 65 6E 74 41 64 64 72 65 73 73    WTSClientAddress
0006D838   00 53 65 61 74 62 65 6C 74 2E 43 6F 6D 6D 61 6E    .Seatbelt.Comman
0006D848   64 73 2E 50 72 6F 64 75 63 74 73 00 41 74 74 72    ds.Products.Attr
0006D858   69 62 75 74 65 54 61 72 67 65 74 73 00 55 73 65    ibuteTargets.Use
0006D868   72 52 69                                           rRi
[INFO    ][2023-07-21 21:25:47,345] _scanDataPart() :: Result: 451965-452032 (67b minChunk:64 X)
0006E57D   53 61 6E 64 42 6F 78 49 6E 65 72 74 00 43 6F 6E    SandBoxInert.Con
0006E58D   76 65 72 74 00 67 65 74 5F 50 6F 72 74 00 73 65    vert.get_Port.se
0006E59D   74 5F 50 6F 72 74 00 67 65 74 5F 52 65 6D 6F 74    t_Port.get_Remot
0006E5AD   65 50 6F 72 74 00 72 65 6D 6F 74 65 50 6F 72 74    ePort.remotePort
0006E5BD   00 67 65                                           .ge
[INFO    ][2023-07-21 21:25:47,349] _scanDataPart() :: Result: 452233-452300 (67b minChunk:64 X)
0006E689   74 00 5F 64 69 72 4C 69 73 74 00 41 72 72 61 79    t._dirList.Array
0006E699   4C 69 73 74 00 50 65 72 73 69 73 74 00 67 65 74    List.Persist.get
0006E6A9   5F 48 6F 73 74 00 73 65 74 5F 48 6F 73 74 00 57    _Host.set_Host.W
0006E6B9   72 69 74 65 48 6F 73 74 00 67 65 74 5F 52 65 6D    riteHost.get_Rem
0006E6C9   6F 74 65                                           ote
[INFO    ][2023-07-21 21:25:47,358] _scanDataPart() :: Result: 453304-453371 (67b minChunk:64 X)
0006EAB8   61 79 00 53 74 72 69 6E 67 54 6F 42 79 74 65 41    ay.StringToByteA
0006EAC8   72 72 61 79 00 49 6E 69 74 69 61 6C 69 7A 65 41    rray.InitializeA
0006EAD8   72 72 61 79 00 54 6F 41 72 72 61 79 00 67 65 74    rray.ToArray.get
0006EAE8   5F 49 73 41 72 72 61 79 00 50 61 72 73 65 43 6C    _IsArray.ParseCl
0006EAF8   61 73 73                                           ass
[INFO    ][2023-07-21 21:25:47,364] _scanDataPart() :: Result: 453907-453974 (67b minChunk:64 X)
0006ED13   52 65 67 69 73 74 72 79 4B 65 79 00 3C 3E 33 5F    RegistryKey.<>3_
0006ED23   5F 6B 65 79 00 4E 6F 74 69 66 79 00 53 79 73 74    _key.Notify.Syst
0006ED33   65 6D 2E 53 65 63 75 72 69 74 79 2E 43 72 79 70    em.Security.Cryp
0006ED43   74 6F 67 72 61 70 68 79 00 67 65 74 5F 41 73 73    tography.get_Ass
0006ED53   65 6D 62                                           emb
[INFO    ][2023-07-21 21:25:47,371] _scanDataPart() :: Result: 454509-454576 (67b minChunk:64 X)
0006EF6D   79 00 57 54 53 43 6C 69 65 6E 74 44 69 72 65 63    y.WTSClientDirec
0006EF7D   74 6F 72 79 00 67 65 74 5F 43 6C 69 65 6E 74 44    tory.get_ClientD
0006EF8D   69 72 65 63 74 6F 72 79 00 63 6C 69 65 6E 74 44    irectory.clientD
0006EF9D   69 72 65 63 74 6F 72 79 00 52 6F 6F 74 44 69 72    irectory.RootDir
0006EFAD   65 63 74                                           ect
[INFO    ][2023-07-21 21:25:47,377] _scanDataPart() :: Result: 454576-454643 (67b minChunk:64 X)
0006EFB0   6F 72 79 00 67 65 74 5F 48 69 73 74 6F 72 79 00    ory.get_History.
0006EFC0   68 69 73 74 6F 72 79 00 67 65 74 5F 45 6E 74 72    history.get_Entr
0006EFD0   79 00 73 65 74 5F 45 6E 74 72 79 00 57 69 66 69    y.set_Entry.Wifi
0006EFE0   50 72 6F 66 69 6C 65 45 6E 74 72 79 00 41 72 70    ProfileEntry.Arp
0006EFF0   45 6E 74                                           Ent
[INFO    ][2023-07-21 21:25:47,378] scan() :: Reducer Result: Time:70 Chunks:344 MatchesAdded:77 MatchesFinal:42
[INFO    ][2023-07-21 21:25:47,379] handleFile() :: Result: 52 matches
[INFO    ][2023-07-21 21:25:47,379] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-07-21 21:25:48,986] save() :: Saving HashCache (59584)
[INFO    ][2023-07-21 21:25:49,052] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-21 21:25:49,052] runVerifications() :: Verify 52 matches
[INFO    ][2023-07-21 21:27:28,399] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 21:29:04,743] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 21:30:32,638] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 21:31:59,975] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 21:33:19,131] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 46  result: ScanResult.NOT_DETECTED
  Idx: 47  result: ScanResult.NOT_DETECTED
  Idx: 48  result: ScanResult.NOT_DETECTED
  Idx: 49  result: ScanResult.NOT_DETECTED
  Idx: 50  result: ScanResult.NOT_DETECTED
  Idx: 51  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 21:34:38,249] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 46  result: ScanResult.NOT_DETECTED
  Idx: 47  result: ScanResult.NOT_DETECTED
  Idx: 48  result: ScanResult.NOT_DETECTED
  Idx: 49  result: ScanResult.NOT_DETECTED
  Idx: 50  result: ScanResult.NOT_DETECTED
  Idx: 51  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 21:35:55,404] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 51  result: ScanResult.NOT_DETECTED
  Idx: 50  result: ScanResult.NOT_DETECTED
  Idx: 49  result: ScanResult.NOT_DETECTED
  Idx: 48  result: ScanResult.NOT_DETECTED
  Idx: 47  result: ScanResult.NOT_DETECTED
  Idx: 46  result: ScanResult.NOT_DETECTED
  Idx: 45  result: ScanResult.NOT_DETECTED
  Idx: 44  result: ScanResult.NOT_DETECTED
  Idx: 43  result: ScanResult.NOT_DETECTED
  Idx: 42  result: ScanResult.NOT_DETECTED
  Idx: 41  result: ScanResult.NOT_DETECTED
  Idx: 40  result: ScanResult.NOT_DETECTED
  Idx: 39  result: ScanResult.NOT_DETECTED
  Idx: 38  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-21 21:35:55,405] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 21:35:56,933] runVerifications() :: Verification run: 8 THIRDS4 ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 21:35:56,935] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 21:35:56,936] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-07-21 21:35:56,936] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-21 21:35:57,457] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 21:36:00,084] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-07-21 21:36:00,085] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-21 21:36:00,086] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-21 21:36:00,086] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-07-21 21:36:00,086] save() :: Saving HashCache (59913)
[INFO    ][2023-08-04 18:21:23,481] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-08-04 18:21:23,481] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-08-04 18:21:23,482] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-04 18:21:23,999] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-04 18:21:24,000] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-08-04 18:21:24,000] load() :: Loading HashCache
[INFO    ][2023-08-04 18:21:24,193] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:21:24,193] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:21:24,271] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:21:24,829] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-04 18:21:31,543] init() :: DotnetData entries: 23564
[INFO    ][2023-08-04 18:21:31,565] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-08-04 18:21:31,566] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:46:21,930] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-08-06 16:46:21,930] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-08-06 16:46:21,931] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 16:46:22,442] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 16:46:22,443] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-08-06 16:46:22,443] load() :: Loading HashCache
[INFO    ][2023-08-06 16:46:22,633] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:46:22,633] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:46:22,709] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:46:23,257] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 16:46:29,962] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 16:46:29,985] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-08-06 16:46:29,986] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:20:34,207] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-08-06 17:20:34,207] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-08-06 17:20:34,208] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:20:34,729] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:20:34,730] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-08-06 17:20:34,730] load() :: Loading HashCache
[INFO    ][2023-08-06 17:20:34,928] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:20:34,928] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:20:35,004] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:20:35,555] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:20:42,228] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 17:20:42,250] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-08-06 17:20:42,251] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:24:44,607] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-01 05:24:44,607] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-01 05:24:44,617] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:30,874] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-01 05:26:30,874] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-01 05:26:30,876] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:31,391] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:31,392] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-01 05:26:31,394] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-01 05:26:31,394] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:31,593] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:31,593] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:31,677] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:20:30,257] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-24 19:20:30,257] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-24 19:20:30,267] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:20:30,267] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:20:30,294] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:20:30,294] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:20:30,294] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:20:30,769] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:20:31,388] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-24 19:20:31,390] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-24 19:20:31,390] load() :: Loading HashCache
[INFO    ][2023-09-24 19:20:31,591] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:20:31,592] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:20:31,689] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:20:38,183] init() :: DotnetData entries: 23564
[INFO    ][2023-09-24 19:20:38,205] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-24 19:20:38,206] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:13:47,252] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-25 18:13:47,252] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-25 18:13:47,253] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:13:47,253] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:13:47,278] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:13:47,278] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:13:47,278] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:13:47,748] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:13:48,303] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-25 18:13:48,305] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:13:48,306] load() :: Loading HashCache
[INFO    ][2023-09-25 18:13:48,531] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:13:48,532] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:13:48,630] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:13:55,529] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:13:55,551] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:13:55,552] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:20:49,097] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-25 18:20:49,097] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-25 18:20:49,098] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:20:49,098] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:20:49,123] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:20:49,124] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:20:49,124] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:20:49,592] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:20:50,146] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-25 18:20:50,148] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:20:50,148] load() :: Loading HashCache
[INFO    ][2023-09-25 18:20:50,374] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:20:50,374] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:20:50,470] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:20:57,333] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:20:57,355] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:20:57,356] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:06:26,973] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-29 10:06:26,973] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-29 10:06:26,974] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:06:26,974] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:06:26,999] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:06:26,999] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:06:27,000] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:06:27,474] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-29 10:06:27,475] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-29 10:06:27,476] load() :: Loading HashCache
[INFO    ][2023-09-29 10:06:27,702] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:06:27,702] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:06:27,806] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:06:34,686] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 10:06:34,707] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-29 10:06:34,708] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:00,392] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-29 12:11:00,392] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-29 12:11:00,393] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:11:00,394] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:11:00,418] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:11:00,418] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:11:00,418] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,418] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:11:00,419] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:11:00,900] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-29 12:11:00,902] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-29 12:11:00,903] load() :: Loading HashCache
[INFO    ][2023-09-29 12:11:01,132] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:11:01,132] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:01,233] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:11:08,095] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 12:11:08,117] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-29 12:11:08,118] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:31:54,921] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-30 10:31:54,921] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe
[INFO    ][2023-09-30 10:31:54,923] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:31:54,923] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:31:54,948] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:31:54,948] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:31:54,948] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:31:55,430] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-30 10:31:55,432] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-30 10:31:55,432] load() :: Loading HashCache
[INFO    ][2023-09-30 10:31:55,660] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:31:55,660] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:31:55,757] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:32:02,687] init() :: DotnetData entries: 23564
[INFO    ][2023-09-30 10:32:02,709] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome
[INFO    ][2023-09-30 10:32:02,710] save() :: Saving HashCache (102072)

File 06AA6C08707CD9B6.Seatbelt.exe.avg.exe

Matches

Match 0: 177244 (size: 51)

Info

Hexdump

Match 1: 177856 (size: 51)

Info

Hexdump

Disassembly

Match 2: 178061 (size: 25)

Info

Hexdump

Disassembly

Match 3: 178137 (size: 26)

Info

Hexdump

Disassembly

Match 4: 178418 (size: 52)

Info

Hexdump

Disassembly

Match 5: 178930 (size: 51)

Info

Hexdump

Disassembly

Match 6: 179414 (size: 77)

Info

Hexdump

Disassembly

Match 7: 179618 (size: 78)

Info

Hexdump

Disassembly

Match 9: 179874 (size: 128)

Info

Hexdump

Disassembly

Match 14: 419350 (size: 17)

Info

Hexdump

Match 15: 420270 (size: 34)

Info

Hexdump

Match 19: 425324 (size: 33)

Info

Hexdump

Match 30: 436134 (size: 67)

Info

Hexdump

Match 31: 436235 (size: 33)

Info

Hexdump

Match 34: 436905 (size: 66)

Info

Hexdump

Match 35: 438142 (size: 34)

Info

Hexdump

Match 39: 442460 (size: 33)

Info

Hexdump

Explanation

Colors

Match Order

Position