Name: | 06AA6C08707CD9B6.Seatbelt.exe.avg.exe |
Size: | 611,840 bytes |
Type: | EXE PE.NET |
MD5: | d82ac3aa2e83b5fc3e26acffb688c93f |
Scanner Name: | avg |
Appraisal: | Fragile (AND) based |
Scan Debug: | Duration: 98s / Chunks: 344 / Matches: 77 |
Scan date: | 2023-07-21 21:24:09 |
# | Iteration | Offset | Size | Section | Detail | SectionType | Conclusion |
---|---|---|---|---|---|---|---|
0 | 0 | 177244 | 51 | .text #~ | DATA | Dominant. Modify this to make file undetected | |
1 | 0 | 177856 | 51 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
2 | 0 | 178061 | 25 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
3 | 0 | 178137 | 26 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
4 | 0 | 178418 | 52 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
5 | 0 | 178930 | 51 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
6 | 0 | 179414 | 77 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
7 | 0 | 179618 | 78 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
9 | 0 | 179874 | 128 | .text #~ | TypeRef | DATA | Dominant. Modify this to make file undetected |
14 | 1 | 419350 | 17 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
15 | 1 | 420270 | 34 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
19 | 1 | 425324 | 33 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
30 | 1 | 436134 | 67 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
31 | 1 | 436235 | 33 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
34 | 1 | 436905 | 66 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
35 | 1 | 438142 | 34 | .text #Strings | DATA | Dominant. Modify this to make file undetected | |
39 | 1 | 442460 | 33 | .text #Strings | DATA | Dominant. Modify this to make file undetected |
Dominant. Modify this to make file undetected |
0002B45C 00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00 ........W..?.... 0002B46C 00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00 ...3............ 0002B47C 9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00 ....*...l...$... 0002B48C 87 02 00 ...
Dominant. Modify this to make file undetected |
0002B6C0 00 00 12 00 A5 A7 00 00 0E DC 00 00 06 00 E3 C9 ................ 0002B6D0 00 00 2B 01 01 00 06 00 69 B2 00 00 B5 1D 00 00 ..+.....i....... 0002B6E0 06 00 6C C9 00 00 B5 1D 00 00 06 00 76 91 00 00 ..l.........v... 0002B6F0 FA B2 00 ...
Dominant. Modify this to make file undetected |
0002B78D 9E 00 00 FA B2 00 00 06 00 FC CC 00 00 B5 1D 00 ................ 0002B79D 00 06 00 63 B2 00 00 B5 1D ...c.....
Dominant. Modify this to make file undetected |
0002B7D9 00 06 00 5C DB 00 00 FA B2 00 00 12 00 5D F1 00 ...\.........].. 0002B7E9 00 84 F5 00 00 06 00 58 F0 00 .......X..
Dominant. Modify this to make file undetected |
0002B8F2 06 00 99 C1 00 00 B5 1D 00 00 06 00 54 C9 00 00 ............T... 0002B902 B5 1D 00 00 06 00 2C C2 00 00 FA B2 00 00 06 00 ......,......... 0002B912 F1 C1 00 00 B5 1D 00 00 0A 00 48 C2 00 00 E1 F8 ..........H..... 0002B922 00 00 06 00 ....
Dominant. Modify this to make file undetected |
0002BAF2 27 CC 00 00 FA B2 00 00 06 00 9C 05 00 00 CC 2D '..............- 0002BB02 00 00 0A 00 E2 AE 00 00 E1 F8 00 00 0A 00 37 94 ..............7. 0002BB12 00 00 E1 F8 00 00 06 00 A2 09 01 00 B5 1D 00 00 ................ 0002BB22 06 00 78 ..x
Dominant. Modify this to make file undetected |
0002BCD6 B5 1D 00 00 06 00 E4 B5 00 00 FA B2 00 00 06 00 ................ 0002BCE6 55 CB 00 00 FA B2 00 00 06 00 5E C1 00 00 B5 1D U.........^..... 0002BCF6 00 00 06 00 A0 A2 00 00 2B 01 01 00 06 00 DA EE ........+....... 0002BD06 00 00 FD DD 00 00 06 00 11 84 00 00 FA B2 00 00 ................ 0002BD16 06 00 8E C9 00 00 27 07 01 00 06 00 67 ......'.....g
Dominant. Modify this to make file undetected |
0002BDA2 06 00 64 0D 00 00 FA B2 00 00 06 00 37 E2 00 00 ..d.........7... 0002BDB2 C7 BC 00 00 06 00 43 AA 00 00 B5 1D 00 00 06 00 ......C......... 0002BDC2 3B 9A 00 00 78 E3 00 00 12 00 B6 E0 00 00 E1 BA ;...x........... 0002BDD2 00 00 12 00 B0 BE 00 00 E1 BA 00 00 12 00 E6 BE ................ 0002BDE2 00 00 E1 BA 00 00 06 00 DA 10 00 00 FA B2 ..............
Dominant. Modify this to make file undetected |
0002BEA2 4C B1 00 00 06 00 B4 C4 00 00 B5 1D 00 00 06 00 L............... 0002BEB2 8C 00 01 00 40 EC 00 00 1A 00 F1 82 00 00 FF B0 ....@........... 0002BEC2 00 00 06 00 A8 85 00 00 FA B2 00 00 06 00 DB C1 ................ 0002BED2 00 00 B5 1D 00 00 06 00 1C C2 00 00 FA B2 00 00 ................ 0002BEE2 06 00 83 C2 00 00 BD 0A 01 00 06 00 C0 C5 00 00 ................ 0002BEF2 B5 1D 00 00 06 00 4B 0B 01 00 A1 E9 00 00 12 00 ......K......... 0002BF02 AE BB 00 00 E1 BA 00 00 12 00 49 BE 00 00 0E DC ..........I..... 0002BF12 00 00 06 00 9E 98 00 00 40 EC 00 00 1A 00 99 C6 ........@.......
Dominant. Modify this to make file undetected |
00066616 6F 64 65 00 50 61 64 64 69 6E 67 4D 6F 64 65 00 ode.PaddingMode. 00066626 43 C
Dominant. Modify this to make file undetected |
000669AE 49 45 6E 75 6D 65 72 61 62 6C 65 00 41 73 45 6E IEnumerable.AsEn 000669BE 75 6D 65 72 61 62 6C 65 00 49 44 69 73 70 6F 73 umerable.IDispos 000669CE 61 62 ab
Dominant. Modify this to make file undetected |
00067D6C 70 65 00 74 79 70 65 00 46 69 6C 65 53 68 61 72 pe.type.FileShar 00067D7C 65 00 73 68 61 72 65 00 43 6F 6D 70 61 72 65 00 e.share.Compare. 00067D8C 53 S
Dominant. Modify this to make file undetected |
0006A7A6 65 70 74 69 6F 6E 00 4E 6F 74 49 6D 70 6C 65 6D eption.NotImplem 0006A7B6 65 6E 74 65 64 45 78 63 65 70 74 69 6F 6E 00 50 entedException.P 0006A7C6 6C 61 74 66 6F 72 6D 4E 6F 74 53 75 70 70 6F 72 latformNotSuppor 0006A7D6 74 65 64 45 78 63 65 70 74 69 6F 6E 00 46 69 6C tedException.Fil 0006A7E6 65 4E 6F eNo
Dominant. Modify this to make file undetected |
0006A80B 6F 6E 00 41 72 67 75 6D 65 6E 74 4E 75 6C 6C 45 on.ArgumentNullE 0006A81B 78 63 65 70 74 69 6F 6E 00 53 79 73 74 65 6D 45 xception.SystemE 0006A82B 78 x
Dominant. Modify this to make file undetected |
0006AAA9 67 65 74 5F 43 72 65 64 65 6E 74 69 61 6C 49 6E get_CredentialIn 0006AAB9 66 6F 00 46 69 6C 65 53 79 73 74 65 6D 49 6E 66 fo.FileSystemInf 0006AAC9 6F 00 70 70 4A 6F 69 6E 49 6E 66 6F 00 67 65 74 o.ppJoinInfo.get 0006AAD9 5F 46 69 6C 65 56 65 72 73 69 6F 6E 49 6E 66 6F _FileVersionInfo 0006AAE9 00 47 .G
Dominant. Modify this to make file undetected |
0006AF7E 65 72 00 4F 6E 65 44 72 69 76 65 53 79 6E 63 50 er.OneDriveSyncP 0006AF8E 72 6F 76 69 64 65 72 00 53 48 41 31 43 72 79 70 rovider.SHA1Cryp 0006AF9E 74 6F to
Dominant. Modify this to make file undetected |
0006C05C 61 72 79 45 6E 75 6D 65 72 61 74 6F 72 00 41 64 aryEnumerator.Ad 0006C06C 6D 69 6E 69 73 74 72 61 74 6F 72 00 41 63 74 69 ministrator.Acti 0006C07C 76 v
Test # | MatchOrder | ModifyPosition |
Match#0 #~ 51b |
Match#1 #~ 51b |
Match#2 #~ 25b |
Match#3 #~ 26b |
Match#4 #~ 52b |
Match#5 #~ 51b |
Match#6 #~ 77b |
Match#7 #~ 78b |
Match#8 #~ 26b |
Match#9 #~ 128b |
Match#10 #Strings 33b |
Match#11 #Strings 17b |
Match#12 #Strings 17b |
Match#13 #Strings 34b |
Match#14 #Strings 17b |
Match#15 #Strings 34b |
Match#16 #Strings 66b |
Match#17 #Strings 33b |
Match#18 #Strings 50b |
Match#19 #Strings 33b |
Match#20 #Strings 33b |
Match#21 #Strings 50b |
Match#22 #Strings 33b |
Match#23 #Strings 33b |
Match#24 #Strings 17b |
Match#25 #Strings 33b |
Match#26 #Strings 50b |
Match#27 #Strings 100b |
Match#28 #Strings 33b |
Match#29 #Strings 34b |
Match#30 #Strings 67b |
Match#31 #Strings 33b |
Match#32 #Strings 67b |
Match#33 #Strings 67b |
Match#34 #Strings 66b |
Match#35 #Strings 34b |
Match#36 #Strings 34b |
Match#37 #Strings 133b |
Match#38 #Strings 34b |
Match#39 #Strings 33b |
Match#40 #Strings 67b |
Match#41 #Strings 34b |
Match#42 #Strings 34b |
Match#43 #Strings 134b |
Match#44 #Strings 67b |
Match#45 #Strings 134b |
Match#46 #Strings 67b |
Match#47 #Strings 67b |
Match#48 #Strings 67b |
Match#49 #Strings 67b |
Match#50 #Strings 67b |
Match#51 #Strings 134b |
0 | ISOLATED | MIDDLE8 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
1 | ISOLATED | THIRDS4 | ||||||||||||||||||||||||||||||||||||||||||||||||||||
2 | ISOLATED | FULL | ||||||||||||||||||||||||||||||||||||||||||||||||||||
3 | ISOLATED | FULLB | ||||||||||||||||||||||||||||||||||||||||||||||||||||
4 | INCREMENTAL | MIDDLE8 | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 |
5 | INCREMENTAL | FULL | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 |
6 | DECREMENTAL | FULL | 51 | 50 | 49 | 48 | 47 | 46 | 45 | 44 | 43 | 42 | 41 | 40 | 39 | 38 | 37 | 36 | 35 | 34 | 33 | 32 | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
7 | ALL | MIDDLE8 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
8 | ALL | THIRDS4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
9 | ALL | FULL | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Result |
[INFO ][2023-07-21 21:24:03,922] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-07-21 21:24:03,922] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-07-21 21:24:03,923] handleFile() :: Using parser for file type DOTNET [INFO ][2023-07-21 21:24:04,445] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-21 21:24:04,446] handleFile() :: Using scanner from command line: avg [INFO ][2023-07-21 21:24:04,447] load() :: Loading HashCache [INFO ][2023-07-21 21:24:04,611] load() :: 59528 hashes loaded [INFO ][2023-07-21 21:24:09,176] handleFile() :: QuickCheck: 06AA6C08707CD9B6.Seatbelt.exe.avg.exe is detected by avg and not hash based [INFO ][2023-07-21 21:24:09,176] handleFile() :: Scanning for matches... [INFO ][2023-07-21 21:24:09,176] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact) [INFO ][2023-07-21 21:24:09,215] findDetectedSections() :: Hide: .text -> Detected: False [INFO ][2023-07-21 21:24:09,216] findDetectedSections() :: Hide: .rsrc -> Detected: True [INFO ][2023-07-21 21:24:09,217] findDetectedSections() :: Hide: .reloc -> Detected: True [INFO ][2023-07-21 21:24:10,739] findDetectedSections() :: Hide: Header -> Detected: False [INFO ][2023-07-21 21:24:12,350] findDetectedSections() :: Hide: DotNet Header -> Detected: False [INFO ][2023-07-21 21:24:13,936] findDetectedSections() :: Hide: Metadata Header -> Detected: False [INFO ][2023-07-21 21:24:13,937] findDetectedSections() :: Hide: methods -> Detected: True [INFO ][2023-07-21 21:24:15,501] findDetectedSections() :: Hide: #~ Stream Header -> Detected: False [INFO ][2023-07-21 21:24:17,099] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: False [INFO ][2023-07-21 21:24:19,297] findDetectedSections() :: Hide: #US Stream Header -> Detected: True [INFO ][2023-07-21 21:24:21,509] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True [INFO ][2023-07-21 21:24:23,757] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True [INFO ][2023-07-21 21:24:23,758] findDetectedSections() :: Hide: #~ -> Detected: False [INFO ][2023-07-21 21:24:23,760] findDetectedSections() :: Hide: #Strings -> Detected: False [INFO ][2023-07-21 21:24:23,761] findDetectedSections() :: Hide: #US -> Detected: True [INFO ][2023-07-21 21:24:23,762] findDetectedSections() :: Hide: #GUID -> Detected: True [INFO ][2023-07-21 21:24:23,763] findDetectedSections() :: Hide: #Blob -> Detected: True [INFO ][2023-07-21 21:24:23,763] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly [INFO ][2023-07-21 21:24:23,763] scanForMatchesInPe() :: section: #~ [INFO ][2023-07-21 21:24:23,763] scanForMatchesInPe() :: section: #Strings [INFO ][2023-07-21 21:24:30,481] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (177244-386568) [INFO ][2023-07-21 21:24:30,482] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:16 MinMatchSize:32 [INFO ][2023-07-21 21:24:30,482] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added) [INFO ][2023-07-21 21:24:30,505] _scanDataPart() :: Result: 177244-177295 (51 bytes) 0002B45C 00 00 00 00 02 00 01 01 57 BF A3 3F 09 0E 00 00 ........W..?.... 0002B46C 00 FA 01 33 00 16 00 00 01 00 00 00 14 01 00 00 ...3............ 0002B47C 9A 02 00 00 2A 0A 00 00 6C 0E 00 00 24 0B 00 00 ....*...l...$... 0002B48C 87 02 00 ... [INFO ][2023-07-21 21:24:30,511] _scanDataPart() :: Result: 177856-177907 (51 bytes) 0002B6C0 00 00 12 00 A5 A7 00 00 0E DC 00 00 06 00 E3 C9 ................ 0002B6D0 00 00 2B 01 01 00 06 00 69 B2 00 00 B5 1D 00 00 ..+.....i....... 0002B6E0 06 00 6C C9 00 00 B5 1D 00 00 06 00 76 91 00 00 ..l.........v... 0002B6F0 FA B2 00 ... [INFO ][2023-07-21 21:24:30,520] _scanDataPart() :: Result: 178061-178086 (25b minChunk:16 X) 0002B78D 9E 00 00 FA B2 00 00 06 00 FC CC 00 00 B5 1D 00 ................ 0002B79D 00 06 00 63 B2 00 00 B5 1D ...c..... [INFO ][2023-07-21 21:24:30,522] _scanDataPart() :: Result: 178137-178163 (26b minChunk:16 X) 0002B7D9 00 06 00 5C DB 00 00 FA B2 00 00 12 00 5D F1 00 ...\.........].. 0002B7E9 00 84 F5 00 00 06 00 58 F0 00 .......X.. [INFO ][2023-07-21 21:24:30,527] _scanDataPart() :: Result: 178418-178470 (52 bytes) 0002B8F2 06 00 99 C1 00 00 B5 1D 00 00 06 00 54 C9 00 00 ............T... 0002B902 B5 1D 00 00 06 00 2C C2 00 00 FA B2 00 00 06 00 ......,......... 0002B912 F1 C1 00 00 B5 1D 00 00 0A 00 48 C2 00 00 E1 F8 ..........H..... 0002B922 00 00 06 00 .... [INFO ][2023-07-21 21:24:30,537] _scanDataPart() :: Result: 178930-178955 (25b minChunk:16 X) 0002BAF2 27 CC 00 00 FA B2 00 00 06 00 9C 05 00 00 CC 2D '..............- 0002BB02 00 00 0A 00 E2 AE 00 00 E1 ......... [INFO ][2023-07-21 21:24:30,537] _scanDataPart() :: Result: 178955-178981 (26b minChunk:16 X) 0002BB0B F8 00 00 0A 00 37 94 00 00 E1 F8 00 00 06 00 A2 .....7.......... 0002BB1B 09 01 00 B5 1D 00 00 06 00 78 .........x [INFO ][2023-07-21 21:24:30,544] _scanDataPart() :: Result: 179414-179440 (26b minChunk:16 X) 0002BCD6 B5 1D 00 00 06 00 E4 B5 00 00 FA B2 00 00 06 00 ................ 0002BCE6 55 CB 00 00 FA B2 00 00 06 00 U......... [INFO ][2023-07-21 21:24:30,545] _scanDataPart() :: Result: 179440-179465 (25b minChunk:16 X) 0002BCF0 5E C1 00 00 B5 1D 00 00 06 00 A0 A2 00 00 2B 01 ^.............+. 0002BD00 01 00 06 00 DA EE 00 00 FD ......... [INFO ][2023-07-21 21:24:30,546] _scanDataPart() :: Result: 179465-179491 (26b minChunk:16 X) 0002BD09 DD 00 00 06 00 11 84 00 00 FA B2 00 00 06 00 8E ................ 0002BD19 C9 00 00 27 07 01 00 06 00 67 ...'.....g [INFO ][2023-07-21 21:24:30,551] _scanDataPart() :: Result: 179618-179644 (26b minChunk:16 X) 0002BDA2 06 00 64 0D 00 00 FA B2 00 00 06 00 37 E2 00 00 ..d.........7... 0002BDB2 C7 BC 00 00 06 00 43 AA 00 00 ......C... [INFO ][2023-07-21 21:24:30,552] _scanDataPart() :: Result: 179644-179670 (26b minChunk:16 X) 0002BDBC B5 1D 00 00 06 00 3B 9A 00 00 78 E3 00 00 12 00 ......;...x..... 0002BDCC B6 E0 00 00 E1 BA 00 00 12 00 .......... [INFO ][2023-07-21 21:24:30,553] _scanDataPart() :: Result: 179670-179696 (26b minChunk:16 X) 0002BDD6 B0 BE 00 00 E1 BA 00 00 12 00 E6 BE 00 00 E1 BA ................ 0002BDE6 00 00 06 00 DA 10 00 00 FA B2 .......... [INFO ][2023-07-21 21:24:30,561] _scanDataPart() :: Result: 179823-179849 (26b minChunk:16 X) 0002BE6F 00 C2 C3 00 00 1E 00 27 C9 00 00 C2 C3 00 00 06 .......'........ 0002BE7F 00 57 AD 00 00 FA B2 00 00 0A .W........ [INFO ][2023-07-21 21:24:30,563] _scanDataPart() :: Result: 179874-179900 (26b minChunk:16 X) 0002BEA2 4C B1 00 00 06 00 B4 C4 00 00 B5 1D 00 00 06 00 L............... 0002BEB2 8C 00 01 00 40 EC 00 00 1A 00 ....@..... [INFO ][2023-07-21 21:24:30,568] _scanDataPart() :: Result: 179900-179951 (51 bytes) 0002BEBC F1 82 00 00 FF B0 00 00 06 00 A8 85 00 00 FA B2 ................ 0002BECC 00 00 06 00 DB C1 00 00 B5 1D 00 00 06 00 1C C2 ................ 0002BEDC 00 00 FA B2 00 00 06 00 83 C2 00 00 BD 0A 01 00 ................ 0002BEEC 06 00 C0 ... [INFO ][2023-07-21 21:24:30,570] _scanDataPart() :: Result: 179951-179976 (25b minChunk:16 X) 0002BEEF C5 00 00 B5 1D 00 00 06 00 4B 0B 01 00 A1 E9 00 .........K...... 0002BEFF 00 12 00 AE BB 00 00 E1 BA ......... [INFO ][2023-07-21 21:24:30,570] _scanDataPart() :: Result: 179976-180002 (26b minChunk:16 X) 0002BF08 00 00 12 00 49 BE 00 00 0E DC 00 00 06 00 9E 98 ....I........... 0002BF18 00 00 40 EC 00 00 1A 00 99 C6 ..@....... [INFO ][2023-07-21 21:24:30,570] scan() :: Reducer Result: Time:0 Chunks:65 MatchesAdded:18 MatchesFinal:10 [INFO ][2023-07-21 21:24:37,347] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (386568-455112) [INFO ][2023-07-21 21:24:37,347] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:8 MinMatchSize:16 [INFO ][2023-07-21 21:24:37,347] _printStatus() :: Reducing: 66 chunks done, found 0 matches (18 added) [INFO ][2023-07-21 21:24:37,368] _scanDataPart() :: Result: 390868-390885 (17b minChunk:8 X) 0005F6D4 00 54 6F 55 49 6E 74 31 36 00 52 65 61 64 49 6E .ToUInt16.ReadIn 0005F6E4 74 t [INFO ][2023-07-21 21:24:37,370] _scanDataPart() :: Result: 390885-390901 (16b minChunk:8 X) 0005F6E5 31 36 00 53 48 41 32 35 36 00 58 38 36 00 41 46 16.SHA256.X86.AF [INFO ][2023-07-21 21:24:37,378] _scanDataPart() :: Result: 391772-391789 (17b minChunk:8 X) 0005FA5C 50 45 43 00 47 43 00 50 55 42 4C 49 43 00 55 44 PEC.GC.PUBLIC.UD 0005FA6C 50 P [INFO ][2023-07-21 21:24:37,388] _scanDataPart() :: Result: 392407-392424 (17b minChunk:8 X) 0005FCD7 44 00 50 6C 61 74 66 6F 72 6D 49 44 00 4C 6F 67 D.PlatformID.Log 0005FCE7 69 i [INFO ][2023-07-21 21:24:37,398] _scanDataPart() :: Doubling: minChunkSize: 8 minMatchSize: 16 [INFO ][2023-07-21 21:24:37,400] _scanDataPart() :: Result: 394164-394198 (34 bytes) 000603B4 4B 45 59 5F 49 4E 46 4F 00 53 79 73 74 65 6D 2E KEY_INFO.System. 000603C4 49 4F 00 67 65 74 5F 47 50 4F 00 41 75 64 69 74 IO.get_GPO.Audit 000603D4 50 6F Po [INFO ][2023-07-21 21:24:37,417] _scanDataPart() :: Result: 419350-419367 (17b minChunk:16 X) 00066616 6F 64 65 00 50 61 64 64 69 6E 67 4D 6F 64 65 00 ode.PaddingMode. 00066626 43 C [INFO ][2023-07-21 21:24:37,427] _scanDataPart() :: Result: 420270-420287 (17b minChunk:16 X) 000669AE 49 45 6E 75 6D 65 72 61 62 6C 65 00 41 73 45 6E IEnumerable.AsEn 000669BE 75 u [INFO ][2023-07-21 21:24:37,427] _scanDataPart() :: Result: 420287-420304 (17b minChunk:16 X) 000669BF 6D 65 72 61 62 6C 65 00 49 44 69 73 70 6F 73 61 merable.IDisposa 000669CF 62 b [INFO ][2023-07-21 21:24:37,444] _scanDataPart() :: Result: 420873-420906 (33b minChunk:16 X) 00066C09 4F 75 74 70 75 74 46 69 6C 65 00 6F 75 74 70 75 OutputFile.outpu 00066C19 74 46 69 6C 65 00 46 69 6E 64 4E 65 78 74 46 69 tFile.FindNextFi 00066C29 6C l [INFO ][2023-07-21 21:24:37,446] _scanDataPart() :: Result: 420906-420939 (33b minChunk:16 X) 00066C2A 65 00 67 65 74 5F 50 72 6F 66 69 6C 65 00 73 65 e.get_Profile.se 00066C3A 74 5F 50 72 6F 66 69 6C 65 00 6E 62 72 50 72 6F t_Profile.nbrPro 00066C4A 66 f [INFO ][2023-07-21 21:24:37,450] _scanDataPart() :: Result: 420973-421006 (33b minChunk:16 X) 00066C6D 65 00 57 69 6E 64 6F 77 73 42 75 69 6C 74 49 6E e.WindowsBuiltIn 00066C7D 52 6F 6C 65 00 43 6F 6E 73 6F 6C 65 00 67 65 74 Role.Console.get 00066C8D 5F _ [INFO ][2023-07-21 21:24:37,452] _scanDataPart() :: Result: 421040-421073 (33b minChunk:16 X) 00066CB0 64 6F 77 73 46 69 72 65 77 61 6C 6C 52 75 6C 65 dowsFirewallRule 00066CC0 00 41 73 72 52 75 6C 65 00 50 72 6F 63 65 73 73 .AsrRule.Process 00066CD0 4D M [INFO ][2023-07-21 21:24:37,453] _scanDataPart() :: Result: 421073-421090 (17b minChunk:16 X) 00066CD1 6F 64 75 6C 65 00 72 75 6C 65 00 67 65 74 5F 47 odule.rule.get_G 00066CE1 50 P [INFO ][2023-07-21 21:24:37,465] _scanDataPart() :: Result: 425324-425357 (33b minChunk:16 X) 00067D6C 70 65 00 74 79 70 65 00 46 69 6C 65 53 68 61 72 pe.type.FileShar 00067D7C 65 00 73 68 61 72 65 00 43 6F 6D 70 61 72 65 00 e.share.Compare. 00067D8C 53 S [INFO ][2023-07-21 21:24:37,475] _scanDataPart() :: Result: 427667-427700 (33b minChunk:16 X) 00068693 61 63 74 69 76 65 00 61 64 64 5F 41 73 73 65 6D active.add_Assem 000686A3 62 6C 79 52 65 73 6F 6C 76 65 00 73 75 66 66 69 blyResolve.suffi 000686B3 78 x [INFO ][2023-07-21 21:24:37,477] _scanDataPart() :: Result: 427717-427734 (17b minChunk:16 X) 000686C5 67 45 78 65 00 70 72 6F 64 75 63 74 45 78 65 00 gExe.productExe. 000686D5 53 S [INFO ][2023-07-21 21:24:37,479] _scanDataPart() :: Result: 427734-427767 (33b minChunk:16 X) 000686D6 65 61 74 62 65 6C 74 2E 65 78 65 00 67 65 74 5F eatbelt.exe.get_ 000686E6 53 69 7A 65 00 73 65 74 5F 53 69 7A 65 00 43 72 Size.set_Size.Cr 000686F6 65 e [INFO ][2023-07-21 21:24:37,488] _scanDataPart() :: Result: 429073-429106 (33b minChunk:16 X) 00068C11 67 00 47 65 74 53 74 72 69 6E 67 00 50 61 72 73 g.GetString.Pars 00068C21 65 4D 72 75 53 74 72 69 6E 67 00 53 75 62 73 74 eMruString.Subst 00068C31 72 r [INFO ][2023-07-21 21:24:37,502] _scanDataPart() :: Result: 429474-429507 (33b minChunk:16 X) 00068DA2 61 74 63 68 00 6D 61 74 63 68 00 53 74 6F 70 77 atch.match.Stopw 00068DB2 61 74 63 68 00 6E 46 69 6C 65 53 69 7A 65 48 69 atch.nFileSizeHi 00068DC2 67 g [INFO ][2023-07-21 21:24:37,507] _scanDataPart() :: Result: 429641-429658 (17b minChunk:16 X) 00068E49 5F 41 75 74 6F 46 6C 75 73 68 00 4D 61 74 68 00 _AutoFlush.Math. 00068E59 50 P [INFO ][2023-07-21 21:24:37,514] _scanDataPart() :: Result: 430144-430177 (33b minChunk:16 X) 00069040 50 61 74 68 00 62 69 6E 61 72 79 50 61 74 68 00 Path.binaryPath. 00069050 3C 3E 33 5F 5F 70 61 74 68 00 73 63 72 69 70 74 <>3__path.script 00069060 5F _ [INFO ][2023-07-21 21:24:37,525] _scanDataPart() :: Result: 432202-432219 (17b minChunk:16 X) 0006984A 6C 00 75 72 6C 00 46 69 6C 65 53 74 72 65 61 6D l.url.FileStream 0006985A 00 . [INFO ][2023-07-21 21:24:37,529] _scanDataPart() :: Result: 432219-432252 (33b minChunk:16 X) 0006985B 67 65 74 5F 45 6E 64 4F 66 53 74 72 65 61 6D 00 get_EndOfStream. 0006986B 4D 65 6D 6F 72 79 53 74 72 65 61 6D 00 5F 73 74 MemoryStream._st 0006987B 72 r [INFO ][2023-07-21 21:24:40,623] _printStatus() :: Reducing: 197 chunks done, found 17 matches (41 added) [INFO ][2023-07-21 21:24:40,624] _scanDataPart() :: Result: 432353-432386 (33b minChunk:16 X) 000698E1 61 75 6C 74 49 74 65 6D 00 76 61 75 6C 74 49 74 aultItem.vaultIt 000698F1 65 6D 00 69 74 65 6D 00 4F 70 65 72 61 74 69 6E em.item.Operatin 00069901 67 g [INFO ][2023-07-21 21:24:43,737] _scanDataPart() :: Result: 432386-432420 (34 bytes) 00069902 53 79 73 74 65 6D 00 53 79 6D 6D 65 74 72 69 63 System.Symmetric 00069912 41 6C 67 6F 72 69 74 68 6D 00 41 73 79 6D 6D 65 Algorithm.Asymme 00069922 74 72 tr [INFO ][2023-07-21 21:24:43,738] _printStatus() :: Reducing: 199 chunks done, found 18 matches (43 added) [INFO ][2023-07-21 21:24:47,584] _printStatus() :: Reducing: 200 chunks done, found 18 matches (43 added) [INFO ][2023-07-21 21:24:47,584] _scanDataPart() :: Doubling: minChunkSize: 16 minMatchSize: 32 [INFO ][2023-07-21 21:24:47,584] _scanDataPart() :: Result: 432420-432453 (33b minChunk:32 X) 00069924 69 63 41 6C 67 6F 72 69 74 68 6D 00 53 69 67 6E icAlgorithm.Sign 00069934 61 74 75 72 65 41 6C 67 6F 72 69 74 68 6D 00 67 atureAlgorithm.g 00069944 65 e [INFO ][2023-07-21 21:24:51,301] _printStatus() :: Reducing: 203 chunks done, found 18 matches (44 added) [INFO ][2023-07-21 21:24:51,301] _scanDataPart() :: Result: 432487-432520 (33b minChunk:32 X) 00069967 6D 00 53 79 73 6D 6F 6E 48 61 73 68 41 6C 67 6F m.SysmonHashAlgo 00069977 72 69 74 68 6D 00 54 72 69 6D 00 67 65 74 5F 44 rithm.Trim.get_D 00069987 65 e [INFO ][2023-07-21 21:24:55,088] _printStatus() :: Reducing: 205 chunks done, found 19 matches (45 added) [INFO ][2023-07-21 21:24:55,088] _scanDataPart() :: Result: 432587-432621 (34b minChunk:32 X) 000699CB 6C 46 6F 72 6D 00 47 65 74 42 69 6E 61 72 79 46 lForm.GetBinaryF 000699DB 6F 72 6D 00 49 43 72 79 70 74 6F 54 72 61 6E 73 orm.ICryptoTrans 000699EB 66 6F fo [INFO ][2023-07-21 21:24:58,951] _printStatus() :: Reducing: 213 chunks done, found 20 matches (46 added) [INFO ][2023-07-21 21:24:58,952] _scanDataPart() :: Result: 436134-436168 (34b minChunk:32 X) 0006A7A6 65 70 74 69 6F 6E 00 4E 6F 74 49 6D 70 6C 65 6D eption.NotImplem 0006A7B6 65 6E 74 65 64 45 78 63 65 70 74 69 6F 6E 00 50 entedException.P 0006A7C6 6C 61 la [INFO ][2023-07-21 21:25:02,816] _printStatus() :: Reducing: 215 chunks done, found 21 matches (47 added) [INFO ][2023-07-21 21:25:02,816] _scanDataPart() :: Result: 436168-436201 (33b minChunk:32 X) 0006A7C8 74 66 6F 72 6D 4E 6F 74 53 75 70 70 6F 72 74 65 tformNotSupporte 0006A7D8 64 45 78 63 65 70 74 69 6F 6E 00 46 69 6C 65 4E dException.FileN 0006A7E8 6F o [INFO ][2023-07-21 21:25:02,820] _scanDataPart() :: Result: 436235-436268 (33b minChunk:32 X) 0006A80B 6F 6E 00 41 72 67 75 6D 65 6E 74 4E 75 6C 6C 45 on.ArgumentNullE 0006A81B 78 63 65 70 74 69 6F 6E 00 53 79 73 74 65 6D 45 xception.SystemE 0006A82B 78 x [INFO ][2023-07-21 21:25:06,662] _printStatus() :: Reducing: 223 chunks done, found 22 matches (49 added) [INFO ][2023-07-21 21:25:06,662] _scanDataPart() :: Result: 436670-436704 (34b minChunk:32 X) 0006A9BE 74 52 65 73 6F 6C 75 74 69 6F 6E 00 53 79 73 74 tResolution.Syst 0006A9CE 65 6D 2E 44 61 74 61 2E 43 6F 6D 6D 6F 6E 00 53 em.Data.Common.S 0006A9DE 74 72 tr [INFO ][2023-07-21 21:25:10,520] _printStatus() :: Reducing: 225 chunks done, found 23 matches (50 added) [INFO ][2023-07-21 21:25:10,520] _scanDataPart() :: Result: 436704-436737 (33b minChunk:32 X) 0006A9E0 69 6E 67 43 6F 6D 70 61 72 69 73 6F 6E 00 5F 6A ingComparison._j 0006A9F0 73 6F 6E 00 55 70 6E 00 70 61 74 74 65 72 6E 00 son.Upn.pattern. 0006AA00 44 D [INFO ][2023-07-21 21:25:14,347] _printStatus() :: Reducing: 228 chunks done, found 23 matches (51 added) [INFO ][2023-07-21 21:25:14,347] _scanDataPart() :: Result: 436804-436838 (34b minChunk:32 X) 0006AA44 6F 64 49 6E 66 6F 00 70 70 50 61 63 6B 61 67 65 odInfo.ppPackage 0006AA54 49 6E 66 6F 00 43 72 65 64 65 6E 74 69 61 6C 46 Info.CredentialF 0006AA64 69 6C il [INFO ][2023-07-21 21:25:18,222] _printStatus() :: Reducing: 230 chunks done, found 24 matches (52 added) [INFO ][2023-07-21 21:25:18,222] _scanDataPart() :: Result: 436838-436871 (33b minChunk:32 X) 0006AA66 65 49 6E 66 6F 00 50 72 6F 66 69 6C 65 49 6E 66 eInfo.ProfileInf 0006AA76 6F 00 47 65 74 4E 61 6D 65 49 6E 66 6F 00 43 75 o.GetNameInfo.Cu 0006AA86 6C l [INFO ][2023-07-21 21:25:18,231] _scanDataPart() :: Result: 436905-436938 (33b minChunk:32 X) 0006AAA9 67 65 74 5F 43 72 65 64 65 6E 74 69 61 6C 49 6E get_CredentialIn 0006AAB9 66 6F 00 46 69 6C 65 53 79 73 74 65 6D 49 6E 66 fo.FileSystemInf 0006AAC9 6F o [INFO ][2023-07-21 21:25:18,231] _scanDataPart() :: Result: 436938-436971 (33b minChunk:32 X) 0006AACA 00 70 70 4A 6F 69 6E 49 6E 66 6F 00 67 65 74 5F .ppJoinInfo.get_ 0006AADA 46 69 6C 65 56 65 72 73 69 6F 6E 49 6E 66 6F 00 FileVersionInfo. 0006AAEA 47 G [INFO ][2023-07-21 21:25:18,250] _scanDataPart() :: Result: 438142-438176 (34b minChunk:32 X) 0006AF7E 65 72 00 4F 6E 65 44 72 69 76 65 53 79 6E 63 50 er.OneDriveSyncP 0006AF8E 72 6F 76 69 64 65 72 00 53 48 41 31 43 72 79 70 rovider.SHA1Cryp 0006AF9E 74 6F to [INFO ][2023-07-21 21:25:18,257] _scanDataPart() :: Result: 438812-438846 (34b minChunk:32 X) 0006B21C 54 6F 55 70 70 65 72 00 4C 73 61 57 72 61 70 70 ToUpper.LsaWrapp 0006B22C 65 72 00 53 74 72 69 6E 67 43 6F 6D 70 61 72 65 er.StringCompare 0006B23C 72 00 r. [INFO ][2023-07-21 21:25:18,261] _scanDataPart() :: Result: 439013-439047 (34b minChunk:32 X) 0006B2E5 2E 43 6F 6D 6D 61 6E 64 73 2E 42 72 6F 77 73 65 .Commands.Browse 0006B2F5 72 00 67 65 74 5F 4E 6F 74 41 66 74 65 72 00 53 r.get_NotAfter.S 0006B305 74 72 tr [INFO ][2023-07-21 21:25:21,558] _scanDataPart() :: Result: 439047-439113 (66 bytes) 0006B307 65 61 6D 57 72 69 74 65 72 00 5F 73 74 72 65 61 eamWriter._strea 0006B317 6D 57 72 69 74 65 72 00 49 54 65 78 74 57 72 69 mWriter.ITextWri 0006B327 74 65 72 00 46 69 6C 65 54 65 78 74 57 72 69 74 ter.FileTextWrit 0006B337 65 72 00 43 6F 6E 73 6F 6C 65 54 65 78 74 57 72 er.ConsoleTextWr 0006B347 69 74 it [INFO ][2023-07-21 21:25:21,559] _printStatus() :: Reducing: 261 chunks done, found 28 matches (59 added) [INFO ][2023-07-21 21:25:25,430] _printStatus() :: Reducing: 262 chunks done, found 28 matches (59 added) [INFO ][2023-07-21 21:25:25,431] _scanDataPart() :: Result: 439113-439146 (33b minChunk:32 X) 0006B349 65 72 00 5F 74 65 78 74 57 72 69 74 65 72 00 77 er._textWriter.w 0006B359 72 69 74 65 72 00 67 65 74 5F 46 69 6C 74 65 72 riter.get_Filter 0006B369 00 . [INFO ][2023-07-21 21:25:25,434] _scanDataPart() :: Result: 439213-439247 (34b minChunk:32 X) 0006B3AD 54 69 6D 65 43 6F 6E 76 65 72 74 65 72 00 42 69 TimeConverter.Bi 0006B3BD 74 43 6F 6E 76 65 72 74 65 72 00 57 4D 49 46 6F tConverter.WMIFo 0006B3CD 72 6D rm [INFO ][2023-07-21 21:25:25,449] _scanDataPart() :: Result: 442460-442493 (33b minChunk:32 X) 0006C05C 61 72 79 45 6E 75 6D 65 72 61 74 6F 72 00 41 64 aryEnumerator.Ad 0006C06C 6D 69 6E 69 73 74 72 61 74 6F 72 00 41 63 74 69 ministrator.Acti 0006C07C 76 v [INFO ][2023-07-21 21:25:29,250] _printStatus() :: Reducing: 280 chunks done, found 30 matches (62 added) [INFO ][2023-07-21 21:25:29,250] _scanDataPart() :: Result: 444970-445004 (34b minChunk:32 X) 0006CA2A 69 62 75 74 65 73 00 66 6C 61 67 73 41 6E 64 41 ibutes.flagsAndA 0006CA3A 74 74 72 69 62 75 74 65 73 00 64 77 46 69 6C 65 ttributes.dwFile 0006CA4A 41 74 At [INFO ][2023-07-21 21:25:32,993] _printStatus() :: Reducing: 282 chunks done, found 31 matches (63 added) [INFO ][2023-07-21 21:25:32,993] _scanDataPart() :: Result: 445004-445037 (33b minChunk:32 X) 0006CA4C 74 72 69 62 75 74 65 73 00 46 69 6C 65 57 72 69 tributes.FileWri 0006CA5C 74 65 41 74 74 72 69 62 75 74 65 73 00 47 65 74 teAttributes.Get 0006CA6C 43 C [INFO ][2023-07-21 21:25:33,002] _scanDataPart() :: Result: 445974-446008 (34b minChunk:32 X) 0006CE16 6F 41 72 67 73 00 52 65 73 6F 6C 76 65 45 76 65 oArgs.ResolveEve 0006CE26 6E 74 41 72 67 73 00 3C 3E 33 5F 5F 61 72 67 73 ntArgs.<>3__args 0006CE36 00 3C .< [INFO ][2023-07-21 21:25:33,018] _scanDataPart() :: Result: 447045-447079 (34b minChunk:32 X) 0006D245 6E 73 00 53 79 73 74 65 6D 2E 43 6F 6C 6C 65 63 ns.System.Collec 0006D255 74 69 6F 6E 73 00 67 65 74 5F 43 6F 6E 6E 65 63 tions.get_Connec 0006D265 74 69 ti [INFO ][2023-07-21 21:25:33,022] _scanDataPart() :: Doubling: minChunkSize: 32 minMatchSize: 64 [INFO ][2023-07-21 21:25:33,024] _scanDataPart() :: Result: 447280-447347 (67b minChunk:64 X) 0006D330 00 43 6F 6E 6E 65 63 74 69 6F 6E 4F 70 74 69 6F .ConnectionOptio 0006D340 6E 73 00 53 79 73 6D 6F 6E 4F 70 74 69 6F 6E 73 ns.SysmonOptions 0006D350 00 4F 62 6A 65 63 74 47 65 74 4F 70 74 69 6F 6E .ObjectGetOption 0006D360 73 00 53 74 72 69 6E 67 53 70 6C 69 74 4F 70 74 s.StringSplitOpt 0006D370 69 6F 6E ion [INFO ][2023-07-21 21:25:33,027] _scanDataPart() :: Result: 447347-447414 (67b minChunk:64 X) 0006D373 73 00 53 65 61 74 62 65 6C 74 4F 70 74 69 6F 6E s.SeatbeltOption 0006D383 73 00 52 65 67 65 78 4F 70 74 69 6F 6E 73 00 67 s.RegexOptions.g 0006D393 65 74 5F 4F 75 74 62 6F 75 6E 64 45 78 63 65 70 et_OutboundExcep 0006D3A3 74 69 6F 6E 73 00 73 65 74 5F 4F 75 74 62 6F 75 tions.set_Outbou 0006D3B3 6E 64 45 ndE [INFO ][2023-07-21 21:25:33,034] _scanDataPart() :: Result: 448083-448150 (67b minChunk:64 X) 0006D653 72 61 6E 74 65 64 41 63 63 65 73 73 00 46 69 6C rantedAccess.Fil 0006D663 65 41 63 63 65 73 73 00 41 6C 6C 41 63 63 65 73 eAccess.AllAcces 0006D673 73 00 50 6C 75 67 69 6E 41 63 63 65 73 73 00 50 s.PluginAccess.P 0006D683 72 6F 63 65 73 73 41 63 63 65 73 73 00 70 72 6F rocessAccess.pro 0006D693 63 65 73 ces [INFO ][2023-07-21 21:25:36,733] _printStatus() :: Reducing: 312 chunks done, found 35 matches (69 added) [INFO ][2023-07-21 21:25:39,811] _scanDataPart() :: Result: 448284-448418 (134 bytes) 0006D71C 73 65 74 5F 50 72 6F 63 65 73 73 00 43 72 65 61 set_Process.Crea 0006D72C 74 65 50 72 6F 63 65 73 73 00 68 50 72 6F 63 65 teProcess.hProce 0006D73C 73 73 00 4F 70 65 6E 50 72 6F 63 65 73 73 00 4E ss.OpenProcess.N 0006D74C 74 51 75 65 72 79 49 6E 66 6F 72 6D 61 74 69 6F tQueryInformatio 0006D75C 6E 50 72 6F 63 65 73 73 00 49 50 41 64 64 72 65 nProcess.IPAddre 0006D76C 73 73 00 67 65 74 5F 41 64 64 72 65 73 73 00 67 ss.get_Address.g 0006D77C 65 74 5F 52 65 6D 6F 74 65 41 64 64 72 65 73 73 et_RemoteAddress 0006D78C 00 72 65 6D 6F 74 65 41 64 64 72 65 73 73 00 67 .remoteAddress.g 0006D79C 65 74 5F 50 68 79 et_Phy [INFO ][2023-07-21 21:25:39,811] _printStatus() :: Reducing: 313 chunks done, found 36 matches (70 added) [INFO ][2023-07-21 21:25:43,521] _printStatus() :: Reducing: 314 chunks done, found 36 matches (70 added) [INFO ][2023-07-21 21:25:47,334] _printStatus() :: Reducing: 315 chunks done, found 36 matches (70 added) [INFO ][2023-07-21 21:25:47,334] _scanDataPart() :: Result: 448552-448619 (67b minChunk:64 X) 0006D828 57 54 53 43 6C 69 65 6E 74 41 64 64 72 65 73 73 WTSClientAddress 0006D838 00 53 65 61 74 62 65 6C 74 2E 43 6F 6D 6D 61 6E .Seatbelt.Comman 0006D848 64 73 2E 50 72 6F 64 75 63 74 73 00 41 74 74 72 ds.Products.Attr 0006D858 69 62 75 74 65 54 61 72 67 65 74 73 00 55 73 65 ibuteTargets.Use 0006D868 72 52 69 rRi [INFO ][2023-07-21 21:25:47,345] _scanDataPart() :: Result: 451965-452032 (67b minChunk:64 X) 0006E57D 53 61 6E 64 42 6F 78 49 6E 65 72 74 00 43 6F 6E SandBoxInert.Con 0006E58D 76 65 72 74 00 67 65 74 5F 50 6F 72 74 00 73 65 vert.get_Port.se 0006E59D 74 5F 50 6F 72 74 00 67 65 74 5F 52 65 6D 6F 74 t_Port.get_Remot 0006E5AD 65 50 6F 72 74 00 72 65 6D 6F 74 65 50 6F 72 74 ePort.remotePort 0006E5BD 00 67 65 .ge [INFO ][2023-07-21 21:25:47,349] _scanDataPart() :: Result: 452233-452300 (67b minChunk:64 X) 0006E689 74 00 5F 64 69 72 4C 69 73 74 00 41 72 72 61 79 t._dirList.Array 0006E699 4C 69 73 74 00 50 65 72 73 69 73 74 00 67 65 74 List.Persist.get 0006E6A9 5F 48 6F 73 74 00 73 65 74 5F 48 6F 73 74 00 57 _Host.set_Host.W 0006E6B9 72 69 74 65 48 6F 73 74 00 67 65 74 5F 52 65 6D riteHost.get_Rem 0006E6C9 6F 74 65 ote [INFO ][2023-07-21 21:25:47,358] _scanDataPart() :: Result: 453304-453371 (67b minChunk:64 X) 0006EAB8 61 79 00 53 74 72 69 6E 67 54 6F 42 79 74 65 41 ay.StringToByteA 0006EAC8 72 72 61 79 00 49 6E 69 74 69 61 6C 69 7A 65 41 rray.InitializeA 0006EAD8 72 72 61 79 00 54 6F 41 72 72 61 79 00 67 65 74 rray.ToArray.get 0006EAE8 5F 49 73 41 72 72 61 79 00 50 61 72 73 65 43 6C _IsArray.ParseCl 0006EAF8 61 73 73 ass [INFO ][2023-07-21 21:25:47,364] _scanDataPart() :: Result: 453907-453974 (67b minChunk:64 X) 0006ED13 52 65 67 69 73 74 72 79 4B 65 79 00 3C 3E 33 5F RegistryKey.<>3_ 0006ED23 5F 6B 65 79 00 4E 6F 74 69 66 79 00 53 79 73 74 _key.Notify.Syst 0006ED33 65 6D 2E 53 65 63 75 72 69 74 79 2E 43 72 79 70 em.Security.Cryp 0006ED43 74 6F 67 72 61 70 68 79 00 67 65 74 5F 41 73 73 tography.get_Ass 0006ED53 65 6D 62 emb [INFO ][2023-07-21 21:25:47,371] _scanDataPart() :: Result: 454509-454576 (67b minChunk:64 X) 0006EF6D 79 00 57 54 53 43 6C 69 65 6E 74 44 69 72 65 63 y.WTSClientDirec 0006EF7D 74 6F 72 79 00 67 65 74 5F 43 6C 69 65 6E 74 44 tory.get_ClientD 0006EF8D 69 72 65 63 74 6F 72 79 00 63 6C 69 65 6E 74 44 irectory.clientD 0006EF9D 69 72 65 63 74 6F 72 79 00 52 6F 6F 74 44 69 72 irectory.RootDir 0006EFAD 65 63 74 ect [INFO ][2023-07-21 21:25:47,377] _scanDataPart() :: Result: 454576-454643 (67b minChunk:64 X) 0006EFB0 6F 72 79 00 67 65 74 5F 48 69 73 74 6F 72 79 00 ory.get_History. 0006EFC0 68 69 73 74 6F 72 79 00 67 65 74 5F 45 6E 74 72 history.get_Entr 0006EFD0 79 00 73 65 74 5F 45 6E 74 72 79 00 57 69 66 69 y.set_Entry.Wifi 0006EFE0 50 72 6F 66 69 6C 65 45 6E 74 72 79 00 41 72 70 ProfileEntry.Arp 0006EFF0 45 6E 74 Ent [INFO ][2023-07-21 21:25:47,378] scan() :: Reducer Result: Time:70 Chunks:344 MatchesAdded:77 MatchesFinal:42 [INFO ][2023-07-21 21:25:47,379] handleFile() :: Result: 52 matches [INFO ][2023-07-21 21:25:47,379] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-07-21 21:25:48,986] save() :: Saving HashCache (59584) [INFO ][2023-07-21 21:25:49,052] verifyFile() :: Perform verification of matches [INFO ][2023-07-21 21:25:49,052] runVerifications() :: Verify 52 matches [INFO ][2023-07-21 21:27:28,399] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 21:29:04,743] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 21:30:32,638] runVerifications() :: Verification run: 2 FULL ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 21:31:59,975] runVerifications() :: Verification run: 3 FULLB ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-21 21:33:19,131] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED Idx: 24 result: ScanResult.NOT_DETECTED Idx: 25 result: ScanResult.NOT_DETECTED Idx: 26 result: ScanResult.NOT_DETECTED Idx: 27 result: ScanResult.NOT_DETECTED Idx: 28 result: ScanResult.NOT_DETECTED Idx: 29 result: ScanResult.NOT_DETECTED Idx: 30 result: ScanResult.NOT_DETECTED Idx: 31 result: ScanResult.NOT_DETECTED Idx: 32 result: ScanResult.NOT_DETECTED Idx: 33 result: ScanResult.NOT_DETECTED Idx: 34 result: ScanResult.NOT_DETECTED Idx: 35 result: ScanResult.NOT_DETECTED Idx: 36 result: ScanResult.NOT_DETECTED Idx: 37 result: ScanResult.NOT_DETECTED Idx: 38 result: ScanResult.NOT_DETECTED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED Idx: 44 result: ScanResult.NOT_DETECTED Idx: 45 result: ScanResult.NOT_DETECTED Idx: 46 result: ScanResult.NOT_DETECTED Idx: 47 result: ScanResult.NOT_DETECTED Idx: 48 result: ScanResult.NOT_DETECTED Idx: 49 result: ScanResult.NOT_DETECTED Idx: 50 result: ScanResult.NOT_DETECTED Idx: 51 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 21:34:38,249] runVerifications() :: Verification run: 5 FULL INCREMENTAL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED Idx: 24 result: ScanResult.NOT_DETECTED Idx: 25 result: ScanResult.NOT_DETECTED Idx: 26 result: ScanResult.NOT_DETECTED Idx: 27 result: ScanResult.NOT_DETECTED Idx: 28 result: ScanResult.NOT_DETECTED Idx: 29 result: ScanResult.NOT_DETECTED Idx: 30 result: ScanResult.NOT_DETECTED Idx: 31 result: ScanResult.NOT_DETECTED Idx: 32 result: ScanResult.NOT_DETECTED Idx: 33 result: ScanResult.NOT_DETECTED Idx: 34 result: ScanResult.NOT_DETECTED Idx: 35 result: ScanResult.NOT_DETECTED Idx: 36 result: ScanResult.NOT_DETECTED Idx: 37 result: ScanResult.NOT_DETECTED Idx: 38 result: ScanResult.NOT_DETECTED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED Idx: 44 result: ScanResult.NOT_DETECTED Idx: 45 result: ScanResult.NOT_DETECTED Idx: 46 result: ScanResult.NOT_DETECTED Idx: 47 result: ScanResult.NOT_DETECTED Idx: 48 result: ScanResult.NOT_DETECTED Idx: 49 result: ScanResult.NOT_DETECTED Idx: 50 result: ScanResult.NOT_DETECTED Idx: 51 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 21:35:55,404] runVerifications() :: Verification run: 6 FULL DECREMENTAL Idx: 51 result: ScanResult.NOT_DETECTED Idx: 50 result: ScanResult.NOT_DETECTED Idx: 49 result: ScanResult.NOT_DETECTED Idx: 48 result: ScanResult.NOT_DETECTED Idx: 47 result: ScanResult.NOT_DETECTED Idx: 46 result: ScanResult.NOT_DETECTED Idx: 45 result: ScanResult.NOT_DETECTED Idx: 44 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 38 result: ScanResult.NOT_DETECTED Idx: 37 result: ScanResult.NOT_DETECTED Idx: 36 result: ScanResult.NOT_DETECTED Idx: 35 result: ScanResult.NOT_DETECTED Idx: 34 result: ScanResult.NOT_DETECTED Idx: 33 result: ScanResult.NOT_DETECTED Idx: 32 result: ScanResult.NOT_DETECTED Idx: 31 result: ScanResult.NOT_DETECTED Idx: 30 result: ScanResult.NOT_DETECTED Idx: 29 result: ScanResult.NOT_DETECTED Idx: 28 result: ScanResult.NOT_DETECTED Idx: 27 result: ScanResult.NOT_DETECTED Idx: 26 result: ScanResult.NOT_DETECTED Idx: 25 result: ScanResult.NOT_DETECTED Idx: 24 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.DETECTED [INFO ][2023-07-21 21:35:55,405] runVerifications() :: Verification run: 7 MIDDLE8 ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 21:35:56,933] runVerifications() :: Verification run: 8 THIRDS4 ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 21:35:56,935] runVerifications() :: Verification run: 9 FULL ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 21:35:56,936] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-07-21 21:35:56,936] augmentFile() :: Perform augmentation of matches [INFO ][2023-07-21 21:35:57,457] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-21 21:36:00,084] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-07-21 21:36:00,085] outflankFile() :: Attempt to outflank the file [INFO ][2023-07-21 21:36:00,086] outflankDotnet() :: Outflank failed with attempted 0 patches [INFO ][2023-07-21 21:36:00,086] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-07-21 21:36:00,086] save() :: Saving HashCache (59913) [INFO ][2023-08-04 18:21:23,481] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-08-04 18:21:23,481] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-08-04 18:21:23,482] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-04 18:21:23,999] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-04 18:21:24,000] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-04 18:21:24,000] load() :: Loading HashCache [INFO ][2023-08-04 18:21:24,193] load() :: 77569 hashes loaded [INFO ][2023-08-04 18:21:24,193] save() :: Saving HashCache (77569) [INFO ][2023-08-04 18:21:24,271] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-04 18:21:24,829] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-04 18:21:31,543] init() :: DotnetData entries: 23564 [INFO ][2023-08-04 18:21:31,565] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-08-04 18:21:31,566] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:46:21,930] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-08-06 16:46:21,930] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-08-06 16:46:21,931] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 16:46:22,442] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 16:46:22,443] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-06 16:46:22,443] load() :: Loading HashCache [INFO ][2023-08-06 16:46:22,633] load() :: 77569 hashes loaded [INFO ][2023-08-06 16:46:22,633] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:46:22,709] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 16:46:23,257] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 16:46:29,962] init() :: DotnetData entries: 23564 [INFO ][2023-08-06 16:46:29,985] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-08-06 16:46:29,986] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:20:34,207] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-08-06 17:20:34,207] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-08-06 17:20:34,208] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 17:20:34,729] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 17:20:34,730] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-08-06 17:20:34,730] load() :: Loading HashCache [INFO ][2023-08-06 17:20:34,928] load() :: 77569 hashes loaded [INFO ][2023-08-06 17:20:34,928] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:20:35,004] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 17:20:35,555] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 17:20:42,228] init() :: DotnetData entries: 23564 [INFO ][2023-08-06 17:20:42,250] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-08-06 17:20:42,251] save() :: Saving HashCache (77569) [INFO ][2023-09-01 05:24:44,607] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-01 05:24:44,607] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-01 05:24:44,617] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-01 05:26:30,874] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-01 05:26:30,874] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-01 05:26:30,876] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-01 05:26:31,391] getDotNetSections() :: Offset: 7680 [WARNING ][2023-09-01 05:26:31,392] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-01 05:26:31,394] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-01 05:26:31,394] load() :: Loading HashCache [INFO ][2023-09-01 05:26:31,593] load() :: 85943 hashes loaded [INFO ][2023-09-01 05:26:31,593] save() :: Saving HashCache (85943) [INFO ][2023-09-01 05:26:31,677] save() :: Saving HashCache (85943) [INFO ][2023-09-24 19:20:30,257] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-24 19:20:30,257] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-24 19:20:30,267] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-24 19:20:30,267] parseFile() :: FilePe: Parse File [INFO ][2023-09-24 19:20:30,294] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-24 19:20:30,294] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-24 19:20:30,294] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-24 19:20:30,294] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-24 19:20:30,769] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-24 19:20:31,388] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-24 19:20:31,390] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-24 19:20:31,390] load() :: Loading HashCache [INFO ][2023-09-24 19:20:31,591] load() :: 101712 hashes loaded [INFO ][2023-09-24 19:20:31,592] save() :: Saving HashCache (101712) [INFO ][2023-09-24 19:20:31,689] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-24 19:20:38,183] init() :: DotnetData entries: 23564 [INFO ][2023-09-24 19:20:38,205] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-24 19:20:38,206] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:13:47,252] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-25 18:13:47,252] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-25 18:13:47,253] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:13:47,253] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:13:47,278] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:13:47,278] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:13:47,278] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:13:47,278] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:13:47,748] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:13:48,303] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-25 18:13:48,305] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-25 18:13:48,306] load() :: Loading HashCache [INFO ][2023-09-25 18:13:48,531] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:13:48,532] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:13:48,630] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:13:55,529] init() :: DotnetData entries: 23564 [INFO ][2023-09-25 18:13:55,551] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-25 18:13:55,552] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:20:49,097] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-25 18:20:49,097] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-25 18:20:49,098] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:20:49,098] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:20:49,123] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:20:49,124] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:20:49,124] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:20:49,124] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:20:49,592] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:20:50,146] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-25 18:20:50,148] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-25 18:20:50,148] load() :: Loading HashCache [INFO ][2023-09-25 18:20:50,374] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:20:50,374] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:20:50,470] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:20:57,333] init() :: DotnetData entries: 23564 [INFO ][2023-09-25 18:20:57,355] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-25 18:20:57,356] save() :: Saving HashCache (101712) [INFO ][2023-09-29 10:06:26,973] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-29 10:06:26,973] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-29 10:06:26,974] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 10:06:26,974] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 10:06:26,999] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 10:06:26,999] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 10:06:26,999] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 10:06:27,000] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 10:06:27,474] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-29 10:06:27,475] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-29 10:06:27,476] load() :: Loading HashCache [INFO ][2023-09-29 10:06:27,702] load() :: 102070 hashes loaded [INFO ][2023-09-29 10:06:27,702] save() :: Saving HashCache (102070) [INFO ][2023-09-29 10:06:27,806] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 10:06:34,686] init() :: DotnetData entries: 23564 [INFO ][2023-09-29 10:06:34,707] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-29 10:06:34,708] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:11:00,392] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-29 12:11:00,392] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-29 12:11:00,393] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 12:11:00,394] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 12:11:00,418] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 12:11:00,418] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 12:11:00,418] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 12:11:00,418] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 12:11:00,419] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 12:11:00,419] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 12:11:00,900] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-29 12:11:00,902] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-29 12:11:00,903] load() :: Loading HashCache [INFO ][2023-09-29 12:11:01,132] load() :: 102070 hashes loaded [INFO ][2023-09-29 12:11:01,132] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:11:01,233] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 12:11:08,095] init() :: DotnetData entries: 23564 [INFO ][2023-09-29 12:11:08,117] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-29 12:11:08,118] save() :: Saving HashCache (102070) [INFO ][2023-09-30 10:31:54,921] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-30 10:31:54,921] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe [INFO ][2023-09-30 10:31:54,923] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-30 10:31:54,923] parseFile() :: FilePe: Parse File [INFO ][2023-09-30 10:31:54,948] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-30 10:31:54,948] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-30 10:31:54,948] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-30 10:31:54,948] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-30 10:31:55,430] handleFile() :: Using scanner as defined in outcome: avg [INFO ][2023-09-30 10:31:55,432] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-30 10:31:55,432] load() :: Loading HashCache [INFO ][2023-09-30 10:31:55,660] load() :: 102072 hashes loaded [INFO ][2023-09-30 10:31:55,660] save() :: Saving HashCache (102072) [INFO ][2023-09-30 10:31:55,757] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-30 10:32:02,687] init() :: DotnetData entries: 23564 [INFO ][2023-09-30 10:32:02,709] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avg.exe.outcome [INFO ][2023-09-30 10:32:02,710] save() :: Saving HashCache (102072)