File 30177917A5DCE25A.SharpRDP.exe

Name: 30177917A5DCE25A.SharpRDP.exe
Size: 329,728 bytes
Type: EXE PE.NET
MD5: 288e3ae4f3a8e68c65db570d0f6de218
Scanner Name: defender
Appraisal: Fragile (AND) based
Scan Debug: Duration: 574s / Chunks: 211 / Matches: 53
Scan date: 2023-07-07 05:36:30

Matches

# Iteration Offset Size Section Detail SectionType Conclusion
1 0 625 8 .text methods ::CreateRdpConnection ::set_DisconnectCode CODE Dominant. Modify this to make file undetected
7 0 8135 8 .text methods ::<CreateRdpConnection>b__1 CODE Dominant. Modify this to make file undetected
8 1 8520 47 .text #~ DATA Dominant. Modify this to make file undetected
11 1 9936 5 .text #~ MethodDef DATA Dominant. Modify this to make file undetected
15 1 10540 4 .text #~ MethodDef DATA Dominant. Modify this to make file undetected
20 2 15668 46 .text #Strings DATA Dominant. Modify this to make file undetected
21 2 16453 6 .text #Strings DATA Dominant. Modify this to make file undetected

Match 1: 625 (size: 8)

Dominant. Modify this to make file undetected

.text methods ::CreateRdpConnection ::set_DisconnectCode

00000271   2A 00 00 13 30 03 00 CB                            *...0...

0x269: Function: ::set_DisconnectCode
0x26a: 02 ldarg.0
0x26b: 03 ldarg.1
0x26c: 7d 04 00 00 04 stfld k__BackingField
0x271: 2a ret
0x274: Function: ::CreateRdpConnection
0x274: 13 30 MethodHeader: Size:3 Flags:4 Type:3
0x276: 03 00 MethodHeader: maxStack: 3
0x278: cb 00 00 00 MethodHeader: codeSize: 203
0x27c: 01 00 00 11 MethodHeader: localVarSigTok: 285212673
0x280: 73 2d 00 00 06 newobj .ctor
0x285: 0a stloc.0
0x286: 06 ldloc.0
0x287: 03 ldarg.1
0x288: 7d 4e 00 00 04 stfld server

Match 7: 8135 (size: 8)

Dominant. Modify this to make file undetected

.text methods ::<CreateRdpConnection>b__1

00001FC7   00 04 FE 06 07 00 00 06                            ........

0x1e50: Function: ::b__1
0x1fb8: 6f 57 00 00 0a callvirt AxMSTSCLib.AxMsRdpClient9NotSafeForScripting::add_OnDisconnected
0x1fbd: 06 ldloc.0
0x1fbe: 02 ldarg.0
0x1fbf: 7b 55 00 00 04 ldfld CS$<>8__locals1
0x1fc4: 7b 53 00 00 04 ldfld <>4__this
0x1fc9: fe 06 07 00 00 06 ldftn RdpConnectionOnOnLoginComplete
0x1fcf: 73 4b 00 00 0a newobj System.EventHandler::.ctor
0x1fd4: 6f 58 00 00 0a callvirt AxMSTSCLib.AxMsRdpClient9NotSafeForScripting::add_OnLoginComplete
0x1fd9: 06 ldloc.0
0x1fda: 02 ldarg.0
0x1fdb: 7b 55 00 00 04 ldfld CS$<>8__locals1

Match 8: 8520 (size: 47)

Dominant. Modify this to make file undetected

.text #~

00002148   57 3F A2 09 09 03 00 00 00 FA 01 33 00 16 00 00    W?.........3....
00002158   01 00 00 00 40 00 00 00 19 00 00 00 57 00 00 00    ....@.......W...
00002168   33 00 00 00 29 00 00 00 0D 00 00 00 6B 00 00       3...).......k..

Match 11: 9936 (size: 5)

Dominant. Modify this to make file undetected

.text #~ MethodDef

000026D0   02 00 74 20 00                                     ..t .

0x26c4: MethodDef[4]: Rva: 0x2069 Name: set_DisconnectCode Signature: 20010108 ParamList: ref table Param[2] ImplFlags: miIL miManaged Flags: mdHideBySig mdPrivate mdReuseSlot mdSpecialName
0x26d2: MethodDef[5]: Rva: 0x2074 Name: CreateRdpConnection Signature: 200a010e0e0e0e0e0e0e020202 ParamList: ref table Param[3] ref table Param[4] ref table Param[5] ref table Param[6] ref table Param[7] ref table Param[8] ref table Param[9] ref table Param[10] ref table Param[11] ref table Param[12] ImplFlags: miIL miManaged Flags: mdHideBySig mdPublic mdReuseSlot

Match 15: 10540 (size: 4)

Dominant. Modify this to make file undetected

.text #~ MethodDef

0000292C   50 3C 00 00                                        P<..

0x292c: MethodDef[48]: Rva: 0x3c50 Name: b__1 Signature: 2002011c125d ParamList: ref table Param[38] ref table Param[39] ImplFlags: miIL miManaged Flags: mdAssem mdHideBySig mdReuseSlot

Match 20: 15668 (size: 46)

Dominant. Modify this to make file undetected

.text #Strings

00003D34   6C 65 74 65 00 52 64 70 43 6F 6E 6E 65 63 74 69    lete.RdpConnecti
00003D44   6F 6E 4F 6E 4F 6E 4C 6F 67 69 6E 43 6F 6D 70 6C    onOnOnLoginCompl
00003D54   65 74 65 00 44 69 73 70 49 64 41 74 74 72          ete.DispIdAttr

Match 21: 16453 (size: 6)

Dominant. Modify this to make file undetected

.text #Strings

00004045   74 68 00 6E 65 74                                  th.net

Test # MatchOrder ModifyPosition Match#0
methods 7b
Match#1
methods 8b
Match#2
methods 45b
Match#3
methods 4b
Match#4
methods 7b
Match#5
methods 4b
Match#6
methods 4b
Match#7
methods 8b
Match#8
#~ 47b
Match#9
#~ 4b
Match#10
#~ 4b
Match#11
#~ 5b
Match#12
#~ 21b
Match#13
#~ 4b
Match#14
#~ 4b
Match#15
#~ 4b
Match#16
#~ 17b
Match#17
#~ 8b
Match#18
#~ 4b
Match#19
#~ 5b
Match#20
#Strings 46b
Match#21
#Strings 6b
Match#22
#Strings 12b
Match#23
#Strings 11b
Match#24
#Strings 11b
0 ISOLATED MIDDLE8
1 ISOLATED THIRDS4
2 ISOLATED FULL
3 ISOLATED FULLB
4 INCREMENTAL MIDDLE8 2 8 12 16 20
5 INCREMENTAL FULL 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
6 DECREMENTAL FULL 24 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
7 ALL MIDDLE8 0 0 0 0 0
8 ALL THIRDS4 0 0 0 0 0
9 ALL FULL 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Result

Explanation

Colors

  • Green: Not detected
  • Red: Detected by AV

Match Order

  • Isolated: Test each match individually, by themselves. At most one match is modified per scan
  • Incremental: Modify each match after another, additive. At the end, all matches are modified
  • Decremental: Modify each match after another, additive, downwards (last first)

Position

  • ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
  • ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
  • ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa
[INFO    ][2023-07-07 05:36:25,309] main() :: Using file: app/upload/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-07-07 05:36:25,310] handleFile() :: Handle file: app/upload/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-07-07 05:36:25,310] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-07 05:36:25,362] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-07 05:36:25,364] load() :: Loading HashCache
[INFO    ][2023-07-07 05:36:25,372] load() ::   10210 hashes loaded
[INFO    ][2023-07-07 05:36:30,485] handleFile() :: QuickCheck: 30177917A5DCE25A.SharpRDP.exe is detected by defender and not hash based
[INFO    ][2023-07-07 05:36:30,486] handleFile() :: Scanning for matches...
[INFO    ][2023-07-07 05:36:30,486] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-07 05:36:32,296] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO    ][2023-07-07 05:36:33,957] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-07 05:36:35,767] findDetectedSections() :: Hide: methods -> Detected: False
[INFO    ][2023-07-07 05:36:37,620] findDetectedSections() :: Hide: #~ -> Detected: False
[INFO    ][2023-07-07 05:36:39,544] findDetectedSections() :: Hide: #Strings -> Detected: False
[INFO    ][2023-07-07 05:36:41,206] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-07 05:36:43,017] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-07 05:36:44,758] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-07 05:36:44,759] scanForMatchesInPe() :: 3 section(s) trigger the antivirus independantly
[INFO    ][2023-07-07 05:36:44,759] scanForMatchesInPe() ::   section: methods
[INFO    ][2023-07-07 05:36:44,759] scanForMatchesInPe() ::   section: #~
[INFO    ][2023-07-07 05:36:44,759] scanForMatchesInPe() ::   section: #Strings
[INFO    ][2023-07-07 05:36:44,759] scanForMatchesInPe() :: Launching bytes analysis on section: methods (584-8404)
[INFO    ][2023-07-07 05:36:44,759] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:36:47,728] _printStatus() :: Reducing: 2 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:36:51,177] _printStatus() :: Reducing: 3 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:36:54,670] _printStatus() :: Reducing: 4 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:36:58,275] _printStatus() :: Reducing: 5 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:37:01,933] _printStatus() :: Reducing: 6 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:37:05,700] _printStatus() :: Reducing: 7 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:37:09,455] _printStatus() :: Reducing: 8 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:37:13,086] _printStatus() :: Reducing: 9 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:37:17,352] _printStatus() :: Reducing: 10 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:37:20,724] _printStatus() :: Reducing: 11 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:37:24,469] _printStatus() :: Reducing: 12 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 05:37:24,469] _scanDataPart() :: Result: 614-617 (3 bytes)
00000266   00 04 2A                                           ..*
[INFO    ][2023-07-07 05:37:24,470] _scanDataPart() :: Result: 617-621 (4 bytes)
00000269   22 02 03 7D                                        "..}
[INFO    ][2023-07-07 05:37:27,885] _printStatus() :: Reducing: 15 chunks done, found 1 matches (2 added)
[INFO    ][2023-07-07 05:37:27,885] _scanDataPart() :: Result: 625-629 (4 bytes)
00000271   2A 00 00 13                                        *...
[INFO    ][2023-07-07 05:37:31,492] _printStatus() :: Reducing: 17 chunks done, found 2 matches (3 added)
[INFO    ][2023-07-07 05:37:35,497] _printStatus() :: Reducing: 18 chunks done, found 2 matches (3 added)
[INFO    ][2023-07-07 05:37:35,497] _scanDataPart() :: Result: 629-633 (4 bytes)
00000275   30 03 00 CB                                        0...
[INFO    ][2023-07-07 05:37:40,062] _printStatus() :: Reducing: 20 chunks done, found 2 matches (4 added)
[INFO    ][2023-07-07 05:37:43,627] _printStatus() :: Reducing: 21 chunks done, found 2 matches (4 added)
[INFO    ][2023-07-07 05:37:47,191] _printStatus() :: Reducing: 22 chunks done, found 2 matches (4 added)
[INFO    ][2023-07-07 05:37:50,625] _printStatus() :: Reducing: 23 chunks done, found 2 matches (4 added)
[INFO    ][2023-07-07 05:37:54,028] _printStatus() :: Reducing: 24 chunks done, found 2 matches (4 added)
[INFO    ][2023-07-07 05:37:54,028] _scanDataPart() :: Result: 706-709 (3 bytes)
000002C2   06 02 0E                                           ...
[INFO    ][2023-07-07 05:37:54,028] _scanDataPart() :: Result: 709-713 (4 bytes)
000002C5   07 7D 08 00                                        .}..
[INFO    ][2023-07-07 05:37:57,409] _printStatus() :: Reducing: 27 chunks done, found 3 matches (6 added)
[INFO    ][2023-07-07 05:37:57,409] _scanDataPart() :: Result: 713-717 (4 bytes)
000002C9   00 04 02 06                                        ....
[INFO    ][2023-07-07 05:37:57,409] _scanDataPart() :: Result: 717-721 (4 bytes)
000002CD   7B 51 00 00                                        {Q..
[INFO    ][2023-07-07 05:38:01,650] _printStatus() :: Reducing: 30 chunks done, found 3 matches (8 added)
[INFO    ][2023-07-07 05:38:05,099] _printStatus() :: Reducing: 31 chunks done, found 3 matches (8 added)
[INFO    ][2023-07-07 05:38:05,099] _scanDataPart() :: Result: 721-724 (3 bytes)
000002D1   04 7D 09                                           .}.
[INFO    ][2023-07-07 05:38:05,099] _scanDataPart() :: Result: 724-728 (4 bytes)
000002D4   00 00 04 02                                        ....
[INFO    ][2023-07-07 05:38:08,470] _printStatus() :: Reducing: 34 chunks done, found 3 matches (10 added)
[INFO    ][2023-07-07 05:38:08,470] _scanDataPart() :: Result: 728-732 (4 bytes)
000002D8   0E 05 7D 05                                        ..}.
[INFO    ][2023-07-07 05:38:08,471] _scanDataPart() :: Result: 732-736 (4 bytes)
000002DC   00 00 04 02                                        ....
[INFO    ][2023-07-07 05:38:11,805] _printStatus() :: Reducing: 37 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-07 05:38:15,080] _printStatus() :: Reducing: 38 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-07 05:38:18,766] _printStatus() :: Reducing: 39 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-07 05:38:18,766] _scanDataPart() :: Result: 736-739 (3 bytes)
000002E0   06 7B 4E                                           .{N
[INFO    ][2023-07-07 05:38:18,766] _scanDataPart() :: Result: 739-743 (4 bytes)
000002E3   00 00 04 7D                                        ...}
[INFO    ][2023-07-07 05:38:22,136] _printStatus() :: Reducing: 42 chunks done, found 3 matches (14 added)
[INFO    ][2023-07-07 05:38:22,136] _scanDataPart() :: Result: 743-747 (4 bytes)
000002E7   07 00 00 04                                        ....
[INFO    ][2023-07-07 05:38:22,136] _scanDataPart() :: Result: 747-751 (4 bytes)
000002EB   02 0E 06 7D                                        ...}
[INFO    ][2023-07-07 05:38:25,469] _printStatus() :: Reducing: 45 chunks done, found 3 matches (16 added)
[INFO    ][2023-07-07 05:38:29,094] _printStatus() :: Reducing: 46 chunks done, found 3 matches (16 added)
[INFO    ][2023-07-07 05:38:29,094] _scanDataPart() :: Result: 763-767 (4 bytes)
000002FB   02 0E 0A 7D                                        ...}
[INFO    ][2023-07-07 05:38:32,516] _printStatus() :: Reducing: 48 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:38:35,772] _printStatus() :: Reducing: 49 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:38:38,790] _printStatus() :: Reducing: 50 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:38:41,907] _printStatus() :: Reducing: 51 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:38:45,076] _printStatus() :: Reducing: 52 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:38:48,162] _printStatus() :: Reducing: 53 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:38:51,277] _printStatus() :: Reducing: 54 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:38:54,555] _printStatus() :: Reducing: 55 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:38:57,993] _printStatus() :: Reducing: 56 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:39:01,508] _printStatus() :: Reducing: 57 chunks done, found 4 matches (17 added)
[INFO    ][2023-07-07 05:39:01,508] _scanDataPart() :: Result: 7746-7749 (3 bytes)
00001E42   00 0A 2A                                           ..*
[INFO    ][2023-07-07 05:39:01,508] _scanDataPart() :: Result: 7749-7753 (4 bytes)
00001E45   1E 02 28 32                                        ..(2
[INFO    ][2023-07-07 05:39:04,942] _printStatus() :: Reducing: 60 chunks done, found 5 matches (19 added)
[INFO    ][2023-07-07 05:39:04,942] _scanDataPart() :: Result: 7757-7761 (4 bytes)
00001E4D   00 00 00 13                                        ....
[INFO    ][2023-07-07 05:39:08,111] _printStatus() :: Reducing: 62 chunks done, found 6 matches (20 added)
[INFO    ][2023-07-07 05:39:11,361] _printStatus() :: Reducing: 63 chunks done, found 6 matches (20 added)
[INFO    ][2023-07-07 05:39:14,448] _printStatus() :: Reducing: 64 chunks done, found 6 matches (20 added)
[INFO    ][2023-07-07 05:39:14,448] _scanDataPart() :: Result: 7764-7768 (4 bytes)
00001E54   B9 01 00 00                                        ....
[INFO    ][2023-07-07 05:39:17,556] _printStatus() :: Reducing: 66 chunks done, found 7 matches (21 added)
[INFO    ][2023-07-07 05:39:20,742] _printStatus() :: Reducing: 67 chunks done, found 7 matches (21 added)
[INFO    ][2023-07-07 05:39:24,293] _printStatus() :: Reducing: 68 chunks done, found 7 matches (21 added)
[INFO    ][2023-07-07 05:39:27,746] _printStatus() :: Reducing: 69 chunks done, found 7 matches (21 added)
[INFO    ][2023-07-07 05:39:30,923] _printStatus() :: Reducing: 70 chunks done, found 7 matches (21 added)
[INFO    ][2023-07-07 05:39:34,023] _printStatus() :: Reducing: 71 chunks done, found 7 matches (21 added)
[INFO    ][2023-07-07 05:39:36,899] _scanDataPart() :: Result: 8135-8143 (8 bytes)
00001FC7   00 04 FE 06 07 00 00 06                            ........
[INFO    ][2023-07-07 05:39:36,899] scan() :: Scan Result: Time:172 Chunks:71 MatchesAdded:22 MatchesFinal:8
[INFO    ][2023-07-07 05:39:36,899] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (8512-12868)
[INFO    ][2023-07-07 05:39:36,899] _printStatus() :: Reducing: 72 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:39:39,962] _printStatus() :: Reducing: 73 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:39:42,791] _printStatus() :: Reducing: 74 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:39:45,596] _printStatus() :: Reducing: 75 chunks done, found 0 matches (22 added)
[WARNING ][2023-07-07 05:39:58,529] scannerDetectsBytes() :: Invalid server answer, retrying once
[INFO    ][2023-07-07 05:39:58,618] _printStatus() :: Reducing: 76 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:40:01,851] _printStatus() :: Reducing: 77 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:40:04,958] _printStatus() :: Reducing: 78 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:40:07,842] _printStatus() :: Reducing: 79 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:40:10,649] _printStatus() :: Reducing: 80 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:40:14,385] _printStatus() :: Reducing: 81 chunks done, found 0 matches (22 added)
[INFO    ][2023-07-07 05:40:17,420] _scanDataPart() :: Result: 8520-8529 (9 bytes)
00002148   57 3F A2 09 09 03 00 00 00                         W?.......
[INFO    ][2023-07-07 05:40:17,420] _printStatus() :: Reducing: 82 chunks done, found 1 matches (23 added)
[INFO    ][2023-07-07 05:40:20,300] _scanDataPart() :: Result: 8529-8546 (17 bytes)
00002151   FA 01 33 00 16 00 00 01 00 00 00 40 00 00 00 19    ..3........@....
00002161   00                                                 .
[INFO    ][2023-07-07 05:40:20,300] _printStatus() :: Reducing: 83 chunks done, found 1 matches (24 added)
[INFO    ][2023-07-07 05:40:23,166] _printStatus() :: Reducing: 84 chunks done, found 1 matches (24 added)
[INFO    ][2023-07-07 05:40:26,142] _scanDataPart() :: Result: 8546-8563 (17 bytes)
00002162   00 00 57 00 00 00 33 00 00 00 29 00 00 00 0D 00    ..W...3...).....
00002172   00                                                 .
[INFO    ][2023-07-07 05:40:26,142] _printStatus() :: Reducing: 85 chunks done, found 1 matches (25 added)
[INFO    ][2023-07-07 05:40:29,510] _printStatus() :: Reducing: 86 chunks done, found 1 matches (25 added)
[INFO    ][2023-07-07 05:40:32,674] _printStatus() :: Reducing: 87 chunks done, found 1 matches (25 added)
[INFO    ][2023-07-07 05:40:32,674] _scanDataPart() :: Result: 8563-8567 (4 bytes)
00002173   00 6B 00 00                                        .k..
[INFO    ][2023-07-07 05:40:35,806] _printStatus() :: Reducing: 89 chunks done, found 1 matches (26 added)
[INFO    ][2023-07-07 05:40:38,877] _printStatus() :: Reducing: 90 chunks done, found 1 matches (26 added)
[INFO    ][2023-07-07 05:40:42,052] _printStatus() :: Reducing: 91 chunks done, found 1 matches (26 added)
[INFO    ][2023-07-07 05:40:45,312] _printStatus() :: Reducing: 92 chunks done, found 1 matches (26 added)
[INFO    ][2023-07-07 05:40:48,740] _printStatus() :: Reducing: 93 chunks done, found 1 matches (26 added)
[INFO    ][2023-07-07 05:40:51,970] _printStatus() :: Reducing: 94 chunks done, found 1 matches (26 added)
[INFO    ][2023-07-07 05:40:55,213] _printStatus() :: Reducing: 95 chunks done, found 1 matches (26 added)
[INFO    ][2023-07-07 05:40:55,213] _scanDataPart() :: Result: 9396-9400 (4 bytes)
000024B4   01 00 C1 14                                        ....
[INFO    ][2023-07-07 05:40:58,369] _printStatus() :: Reducing: 97 chunks done, found 2 matches (27 added)
[INFO    ][2023-07-07 05:41:01,586] _printStatus() :: Reducing: 98 chunks done, found 2 matches (27 added)
[INFO    ][2023-07-07 05:41:01,586] _scanDataPart() :: Result: 9421-9425 (4 bytes)
000024CD   00 04 0E FE                                        ....
[INFO    ][2023-07-07 05:41:04,494] _printStatus() :: Reducing: 100 chunks done, found 3 matches (28 added)
[INFO    ][2023-07-07 05:41:07,800] _printStatus() :: Reducing: 101 chunks done, found 3 matches (28 added)
[INFO    ][2023-07-07 05:41:10,742] _printStatus() :: Reducing: 102 chunks done, found 3 matches (28 added)
[INFO    ][2023-07-07 05:41:13,701] _printStatus() :: Reducing: 103 chunks done, found 3 matches (28 added)
[INFO    ][2023-07-07 05:41:16,834] _printStatus() :: Reducing: 104 chunks done, found 3 matches (28 added)
[INFO    ][2023-07-07 05:41:20,179] _printStatus() :: Reducing: 105 chunks done, found 3 matches (28 added)
[INFO    ][2023-07-07 05:41:23,442] _printStatus() :: Reducing: 106 chunks done, found 3 matches (28 added)
[INFO    ][2023-07-07 05:41:26,730] _printStatus() :: Reducing: 107 chunks done, found 3 matches (28 added)
[INFO    ][2023-07-07 05:41:26,730] _scanDataPart() :: Result: 9936-9941 (5 bytes)
000026D0   02 00 74 20 00                                     ..t .
[INFO    ][2023-07-07 05:41:29,752] _printStatus() :: Reducing: 109 chunks done, found 4 matches (29 added)
[INFO    ][2023-07-07 05:41:33,168] _printStatus() :: Reducing: 110 chunks done, found 4 matches (29 added)
[INFO    ][2023-07-07 05:41:36,738] _printStatus() :: Reducing: 111 chunks done, found 4 matches (29 added)
[INFO    ][2023-07-07 05:41:40,285] _printStatus() :: Reducing: 112 chunks done, found 4 matches (29 added)
[INFO    ][2023-07-07 05:41:40,285] _scanDataPart() :: Result: 9958-9962 (4 bytes)
000026E6   81 00 9E 11                                        ....
[INFO    ][2023-07-07 05:41:40,285] _scanDataPart() :: Result: 9962-9966 (4 bytes)
000026EA   36 03 0D 00                                        6...
[INFO    ][2023-07-07 05:41:43,944] _printStatus() :: Reducing: 115 chunks done, found 5 matches (31 added)
[INFO    ][2023-07-07 05:41:43,944] _scanDataPart() :: Result: 9966-9970 (4 bytes)
000026EE   68 22 00 00                                        h"..
[INFO    ][2023-07-07 05:41:43,944] _scanDataPart() :: Result: 9970-9975 (5 bytes)
000026F2   00 00 81 00 F5                                     .....
[INFO    ][2023-07-07 05:41:47,055] _printStatus() :: Reducing: 118 chunks done, found 5 matches (33 added)
[INFO    ][2023-07-07 05:41:50,373] _printStatus() :: Reducing: 119 chunks done, found 5 matches (33 added)
[INFO    ][2023-07-07 05:41:53,629] _printStatus() :: Reducing: 120 chunks done, found 5 matches (33 added)
[WARNING ][2023-07-07 05:41:53,629] _scanDataPart() :: Doubling minMatchSize to 16
[INFO    ][2023-07-07 05:41:53,629] _scanDataPart() :: Result: 9975-9979 (4 bytes)
000026F7   0A 3D 03 0F                                        .=..
[INFO    ][2023-07-07 05:41:56,830] _printStatus() :: Reducing: 122 chunks done, found 5 matches (34 added)
[INFO    ][2023-07-07 05:42:00,295] _printStatus() :: Reducing: 123 chunks done, found 5 matches (34 added)
[INFO    ][2023-07-07 05:42:03,656] _printStatus() :: Reducing: 124 chunks done, found 5 matches (34 added)
[INFO    ][2023-07-07 05:42:06,798] _printStatus() :: Reducing: 125 chunks done, found 5 matches (34 added)
[INFO    ][2023-07-07 05:42:09,958] _printStatus() :: Reducing: 126 chunks done, found 5 matches (34 added)
[INFO    ][2023-07-07 05:42:09,958] _scanDataPart() :: Result: 10030-10034 (4 bytes)
0000272E   37 16 10 00                                        7...
[INFO    ][2023-07-07 05:42:13,179] _printStatus() :: Reducing: 128 chunks done, found 6 matches (35 added)
[INFO    ][2023-07-07 05:42:16,622] _printStatus() :: Reducing: 129 chunks done, found 6 matches (35 added)
[INFO    ][2023-07-07 05:42:19,693] _printStatus() :: Reducing: 130 chunks done, found 6 matches (35 added)
[INFO    ][2023-07-07 05:42:19,693] _scanDataPart() :: Result: 10043-10047 (4 bytes)
0000273B   00 FA 14 10                                        ....
[INFO    ][2023-07-07 05:42:22,936] _printStatus() :: Reducing: 132 chunks done, found 7 matches (36 added)
[INFO    ][2023-07-07 05:42:26,226] _printStatus() :: Reducing: 133 chunks done, found 7 matches (36 added)
[INFO    ][2023-07-07 05:42:29,363] _printStatus() :: Reducing: 134 chunks done, found 7 matches (36 added)
[INFO    ][2023-07-07 05:42:32,989] _printStatus() :: Reducing: 135 chunks done, found 7 matches (36 added)
[INFO    ][2023-07-07 05:42:36,196] _printStatus() :: Reducing: 136 chunks done, found 7 matches (36 added)
[INFO    ][2023-07-07 05:42:39,400] _printStatus() :: Reducing: 137 chunks done, found 7 matches (36 added)
[INFO    ][2023-07-07 05:42:42,677] _printStatus() :: Reducing: 138 chunks done, found 7 matches (36 added)
[INFO    ][2023-07-07 05:42:42,677] _scanDataPart() :: Result: 10540-10544 (4 bytes)
0000292C   50 3C 00 00                                        P<..
[INFO    ][2023-07-07 05:42:45,983] _printStatus() :: Reducing: 140 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:42:49,199] _printStatus() :: Reducing: 141 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:42:52,274] _printStatus() :: Reducing: 142 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:42:55,577] _printStatus() :: Reducing: 143 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:42:58,713] _printStatus() :: Reducing: 144 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:43:02,123] _printStatus() :: Reducing: 145 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:43:05,415] _printStatus() :: Reducing: 146 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:43:08,895] _printStatus() :: Reducing: 147 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:43:12,382] _printStatus() :: Reducing: 148 chunks done, found 8 matches (37 added)
[INFO    ][2023-07-07 05:43:12,383] _scanDataPart() :: Result: 11370-11374 (4 bytes)
00002C6A   2B 07 58 01                                        +.X.
[INFO    ][2023-07-07 05:43:12,383] _scanDataPart() :: Result: 11374-11378 (4 bytes)
00002C6E   B1 00 06 11                                        ....
[INFO    ][2023-07-07 05:43:15,781] _printStatus() :: Reducing: 151 chunks done, found 9 matches (39 added)
[INFO    ][2023-07-07 05:43:15,781] _scanDataPart() :: Result: 11378-11382 (4 bytes)
00002C72   10 00 B1 00                                        ....
[INFO    ][2023-07-07 05:43:15,781] _scanDataPart() :: Result: 11382-11387 (5 bytes)
00002C76   B2 0E 10 00 B1                                     .....
[INFO    ][2023-07-07 05:43:19,193] _printStatus() :: Reducing: 154 chunks done, found 9 matches (41 added)
[INFO    ][2023-07-07 05:43:22,354] _printStatus() :: Reducing: 155 chunks done, found 9 matches (41 added)
[INFO    ][2023-07-07 05:43:22,354] _scanDataPart() :: Result: 11391-11395 (4 bytes)
00002C7F   00 B1 00 FC                                        ....
[INFO    ][2023-07-07 05:43:25,620] _printStatus() :: Reducing: 157 chunks done, found 10 matches (42 added)
[INFO    ][2023-07-07 05:43:25,620] _scanDataPart() :: Result: 11395-11399 (4 bytes)
00002C83   02 5F 01 B1                                        ._..
[INFO    ][2023-07-07 05:43:28,724] _printStatus() :: Reducing: 159 chunks done, found 10 matches (43 added)
[INFO    ][2023-07-07 05:43:32,074] _printStatus() :: Reducing: 160 chunks done, found 10 matches (43 added)
[INFO    ][2023-07-07 05:43:35,455] _printStatus() :: Reducing: 161 chunks done, found 10 matches (43 added)
[INFO    ][2023-07-07 05:43:35,455] _scanDataPart() :: Result: 11408-11412 (4 bytes)
00002C90   30 00 B1 00                                        0...
[INFO    ][2023-07-07 05:43:38,674] _printStatus() :: Reducing: 163 chunks done, found 11 matches (44 added)
[INFO    ][2023-07-07 05:43:38,674] _scanDataPart() :: Result: 11416-11421 (5 bytes)
00002C98   B1 00 E1 0A 41                                     ....A
[INFO    ][2023-07-07 05:43:38,674] scan() :: Scan Result: Time:242 Chunks:163 MatchesAdded:45 MatchesFinal:12
[INFO    ][2023-07-07 05:43:38,674] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (12868-18744)
[INFO    ][2023-07-07 05:43:38,675] _printStatus() :: Reducing: 164 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:43:41,695] _printStatus() :: Reducing: 165 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:43:44,887] _printStatus() :: Reducing: 166 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:43:48,517] _printStatus() :: Reducing: 167 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:43:51,935] _printStatus() :: Reducing: 168 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:43:55,102] _printStatus() :: Reducing: 169 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:43:58,418] _printStatus() :: Reducing: 170 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:44:01,676] _printStatus() :: Reducing: 171 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:44:04,851] _printStatus() :: Reducing: 172 chunks done, found 0 matches (45 added)
[INFO    ][2023-07-07 05:44:07,879] _scanDataPart() :: Result: 15668-15691 (23 bytes)
00003D34   6C 65 74 65 00 52 64 70 43 6F 6E 6E 65 63 74 69    lete.RdpConnecti
00003D44   6F 6E 4F 6E 4F 6E 4C                               onOnOnL
[INFO    ][2023-07-07 05:44:07,879] _printStatus() :: Reducing: 173 chunks done, found 1 matches (46 added)
[INFO    ][2023-07-07 05:44:10,849] _scanDataPart() :: Result: 15691-15714 (23 bytes)
00003D4B   6F 67 69 6E 43 6F 6D 70 6C 65 74 65 00 44 69 73    oginComplete.Dis
00003D5B   70 49 64 41 74 74 72                               pIdAttr
[INFO    ][2023-07-07 05:44:10,850] _printStatus() :: Reducing: 174 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:13,862] _printStatus() :: Reducing: 175 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:17,071] _printStatus() :: Reducing: 176 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:20,303] _printStatus() :: Reducing: 177 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:23,508] _printStatus() :: Reducing: 178 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:26,769] _printStatus() :: Reducing: 179 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:29,953] _printStatus() :: Reducing: 180 chunks done, found 1 matches (47 added)
[WARNING ][2023-07-07 05:44:29,953] _scanDataPart() :: Doubling minMatchSize to 32
[INFO    ][2023-07-07 05:44:33,192] _printStatus() :: Reducing: 181 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:36,466] _printStatus() :: Reducing: 182 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:39,837] _printStatus() :: Reducing: 183 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:43,608] _printStatus() :: Reducing: 184 chunks done, found 1 matches (47 added)
[INFO    ][2023-07-07 05:44:43,608] _scanDataPart() :: Result: 16453-16456 (3 bytes)
00004045   74 68 00                                           th.
[INFO    ][2023-07-07 05:44:43,608] _scanDataPart() :: Result: 16456-16459 (3 bytes)
00004048   6E 65 74                                           net
[INFO    ][2023-07-07 05:44:46,900] _printStatus() :: Reducing: 187 chunks done, found 2 matches (49 added)
[INFO    ][2023-07-07 05:44:50,646] _printStatus() :: Reducing: 188 chunks done, found 2 matches (49 added)
[INFO    ][2023-07-07 05:44:53,768] _printStatus() :: Reducing: 189 chunks done, found 2 matches (49 added)
[INFO    ][2023-07-07 05:44:56,957] _printStatus() :: Reducing: 190 chunks done, found 2 matches (49 added)
[INFO    ][2023-07-07 05:45:00,177] _printStatus() :: Reducing: 191 chunks done, found 2 matches (49 added)
[INFO    ][2023-07-07 05:45:03,232] _printStatus() :: Reducing: 192 chunks done, found 2 matches (49 added)
[INFO    ][2023-07-07 05:45:06,966] _printStatus() :: Reducing: 193 chunks done, found 2 matches (49 added)
[INFO    ][2023-07-07 05:45:09,903] _scanDataPart() :: Result: 18180-18192 (12 bytes)
00004704   00 74 61 72 67 65 74 00 67 65 74 5F                .target.get_
[INFO    ][2023-07-07 05:45:09,904] _printStatus() :: Reducing: 194 chunks done, found 3 matches (50 added)
[INFO    ][2023-07-07 05:45:13,115] _printStatus() :: Reducing: 195 chunks done, found 3 matches (50 added)
[INFO    ][2023-07-07 05:45:16,343] _printStatus() :: Reducing: 196 chunks done, found 3 matches (50 added)
[INFO    ][2023-07-07 05:45:19,651] _printStatus() :: Reducing: 197 chunks done, found 3 matches (50 added)
[INFO    ][2023-07-07 05:45:22,839] _printStatus() :: Reducing: 198 chunks done, found 3 matches (50 added)
[INFO    ][2023-07-07 05:45:25,824] _scanDataPart() :: Result: 18238-18249 (11 bytes)
0000473E   53 65 6E 64 45 6C 65 6D 65 6E 74                   SendElement
[INFO    ][2023-07-07 05:45:25,824] _printStatus() :: Reducing: 199 chunks done, found 4 matches (51 added)
[INFO    ][2023-07-07 05:45:28,799] _printStatus() :: Reducing: 200 chunks done, found 4 matches (51 added)
[INFO    ][2023-07-07 05:45:31,966] _printStatus() :: Reducing: 201 chunks done, found 4 matches (51 added)
[INFO    ][2023-07-07 05:45:35,219] _printStatus() :: Reducing: 202 chunks done, found 4 matches (51 added)
[INFO    ][2023-07-07 05:45:38,453] _printStatus() :: Reducing: 203 chunks done, found 4 matches (51 added)
[INFO    ][2023-07-07 05:45:41,623] _printStatus() :: Reducing: 204 chunks done, found 4 matches (51 added)
[INFO    ][2023-07-07 05:45:45,000] _printStatus() :: Reducing: 205 chunks done, found 4 matches (51 added)
[INFO    ][2023-07-07 05:45:48,038] _scanDataPart() :: Result: 18554-18560 (6 bytes)
0000487A   00 53 65 6E 64 54                                  .SendT
[INFO    ][2023-07-07 05:45:48,038] _printStatus() :: Reducing: 206 chunks done, found 5 matches (52 added)
[INFO    ][2023-07-07 05:45:51,376] _printStatus() :: Reducing: 207 chunks done, found 5 matches (52 added)
[INFO    ][2023-07-07 05:45:54,797] _printStatus() :: Reducing: 208 chunks done, found 5 matches (52 added)
[INFO    ][2023-07-07 05:45:57,967] _printStatus() :: Reducing: 209 chunks done, found 5 matches (52 added)
[INFO    ][2023-07-07 05:46:01,297] _printStatus() :: Reducing: 210 chunks done, found 5 matches (52 added)
[INFO    ][2023-07-07 05:46:04,342] _printStatus() :: Reducing: 211 chunks done, found 5 matches (52 added)
[INFO    ][2023-07-07 05:46:04,342] _scanDataPart() :: Result: 18560-18565 (5 bytes)
00004880   65 78 74 00 74                                     ext.t
[INFO    ][2023-07-07 05:46:04,342] scan() :: Scan Result: Time:146 Chunks:211 MatchesAdded:53 MatchesFinal:5
[INFO    ][2023-07-07 05:46:04,342] handleFile() :: Result: 25 matches
[INFO    ][2023-07-07 05:46:04,342] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-07-07 05:46:06,358] save() :: Saving HashCache (10556)
[INFO    ][2023-07-07 05:46:06,370] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-07 05:46:06,370] runVerifications() :: Verify 25 matches
[INFO    ][2023-07-07 05:46:14,430] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 05:46:24,448] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 05:47:06,616] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-07 05:47:49,802] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-07 05:47:55,934] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 2  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 8  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 12  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 16  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 20  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 05:48:32,083] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED

[WARNING ][2023-07-07 05:49:16,286] scannerDetectsBytes() :: Invalid server answer, retrying once
[INFO    ][2023-07-07 05:49:16,312] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-07 05:49:16,314] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 05:49:18,119] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 05:49:18,120] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-07 05:49:18,120] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-07-07 05:49:18,120] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-07 05:49:18,147] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-07 05:49:18,233] disassembleDotNet() :: Match physical 614/0x266, method disassemblies found: 2
[INFO    ][2023-07-07 05:49:18,233] disassembleDotNet() :: Match physical 625/0x271, method disassemblies found: 2
[INFO    ][2023-07-07 05:49:18,233] disassembleDotNet() :: Match physical 706/0x2C2, method disassemblies found: 1
[INFO    ][2023-07-07 05:49:18,233] disassembleDotNet() :: Match physical 763/0x2FB, method disassemblies found: 1
[INFO    ][2023-07-07 05:49:18,233] disassembleDotNet() :: Match physical 7746/0x1E42, method disassemblies found: 2
[INFO    ][2023-07-07 05:49:18,233] disassembleDotNet() :: Match physical 7757/0x1E4D, method disassemblies found: 1
[INFO    ][2023-07-07 05:49:18,234] disassembleDotNet() :: Match physical 7764/0x1E54, method disassemblies found: 1
[INFO    ][2023-07-07 05:49:18,234] disassembleDotNet() :: Match physical 8135/0x1FC7, method disassemblies found: 1
[INFO    ][2023-07-07 05:49:18,234] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-07-07 05:49:18,235] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-07 05:49:19,866] outflankDotnet() :: Outflank failed with attempted 1 patches
[INFO    ][2023-07-07 05:49:19,866] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-07-07 05:49:19,866] save() :: Saving HashCache (10669)
[INFO    ][2023-07-08 08:54:56,394] main() :: Using file: app/upload/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-07-08 08:54:56,394] handleFile() :: Handle file: app/upload/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-07-08 08:54:56,395] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-08 08:54:56,447] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-08 08:54:56,448] load() :: Loading HashCache
[INFO    ][2023-07-08 08:54:56,491] load() ::   38427 hashes loaded
[INFO    ][2023-07-08 08:54:56,491] save() :: Saving HashCache (38427)
[INFO    ][2023-07-08 08:54:56,530] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-08 08:54:56,530] runVerifications() :: Verify 25 matches
[INFO    ][2023-07-08 08:54:56,534] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:54:56,537] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:54:56,554] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-08 08:54:56,571] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-08 08:54:56,574] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 2  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 8  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 12  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 16  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 20  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:54:56,585] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 08:54:56,596] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-08 08:54:56,597] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:54:56,598] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:54:56,599] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 08:54:56,599] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-07-08 08:54:56,599] save() :: Saving HashCache (38427)
[INFO    ][2023-09-01 05:26:36,173] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-01 05:26:36,173] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-01 05:26:36,182] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:36,236] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:36,237] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-01 05:26:36,238] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-01 05:26:36,239] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:36,337] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:36,337] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:36,420] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:20:52,723] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-24 19:20:52,723] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-24 19:20:52,733] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:20:52,733] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:20:52,748] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:20:52,748] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:20:52,748] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,748] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,748] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,748] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,748] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,749] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,749] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,749] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,749] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:20:52,749] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:20:52,749] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:20:52,785] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:20:52,813] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-24 19:20:52,814] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-24 19:20:52,814] load() :: Loading HashCache
[INFO    ][2023-09-24 19:20:52,943] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:20:52,943] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:20:53,037] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:20:53,227] init() :: DotnetData entries: 606
[INFO    ][2023-09-24 19:20:53,227] disassembleDotNet() :: Match physical 614/0x266, method disassemblies found: 2
[INFO    ][2023-09-24 19:20:53,228] disassembleDotNet() :: Match physical 625/0x271, method disassemblies found: 2
[INFO    ][2023-09-24 19:20:53,228] disassembleDotNet() :: Match physical 706/0x2C2, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:53,228] disassembleDotNet() :: Match physical 763/0x2FB, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:53,228] disassembleDotNet() :: Match physical 7746/0x1E42, method disassemblies found: 2
[INFO    ][2023-09-24 19:20:53,228] disassembleDotNet() :: Match physical 7757/0x1E4D, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:53,228] disassembleDotNet() :: Match physical 7764/0x1E54, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:53,228] disassembleDotNet() :: Match physical 8135/0x1FC7, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:53,229] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-24 19:20:53,230] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:09:54,388] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-25 18:09:54,388] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-25 18:09:54,389] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:09:54,389] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:09:54,403] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:09:54,404] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:09:54,404] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:09:54,404] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:09:54,433] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:09:54,469] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-25 18:09:54,470] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-25 18:09:54,471] load() :: Loading HashCache
[INFO    ][2023-09-25 18:09:54,597] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:09:54,598] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:09:54,693] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:09:54,894] init() :: DotnetData entries: 606
[INFO    ][2023-09-25 18:09:54,894] disassembleDotNet() :: Match physical 614/0x266, method disassemblies found: 2
[INFO    ][2023-09-25 18:09:54,895] disassembleDotNet() :: Match physical 625/0x271, method disassemblies found: 2
[INFO    ][2023-09-25 18:09:54,895] disassembleDotNet() :: Match physical 706/0x2C2, method disassemblies found: 1
[INFO    ][2023-09-25 18:09:54,895] disassembleDotNet() :: Match physical 763/0x2FB, method disassemblies found: 1
[INFO    ][2023-09-25 18:09:54,895] disassembleDotNet() :: Match physical 7746/0x1E42, method disassemblies found: 2
[INFO    ][2023-09-25 18:09:54,895] disassembleDotNet() :: Match physical 7757/0x1E4D, method disassemblies found: 1
[INFO    ][2023-09-25 18:09:54,895] disassembleDotNet() :: Match physical 7764/0x1E54, method disassemblies found: 1
[INFO    ][2023-09-25 18:09:54,895] disassembleDotNet() :: Match physical 8135/0x1FC7, method disassemblies found: 1
[INFO    ][2023-09-25 18:09:54,897] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-25 18:09:54,897] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:10,158] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-25 18:14:10,158] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-25 18:14:10,159] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:14:10,159] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:14:10,172] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:14:10,172] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:14:10,173] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:14:10,173] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:14:10,202] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:14:10,239] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-25 18:14:10,240] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-25 18:14:10,240] load() :: Loading HashCache
[INFO    ][2023-09-25 18:14:10,366] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:14:10,367] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:10,462] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:14:10,664] init() :: DotnetData entries: 606
[INFO    ][2023-09-25 18:14:10,664] disassembleDotNet() :: Match physical 614/0x266, method disassemblies found: 2
[INFO    ][2023-09-25 18:14:10,665] disassembleDotNet() :: Match physical 625/0x271, method disassemblies found: 2
[INFO    ][2023-09-25 18:14:10,665] disassembleDotNet() :: Match physical 706/0x2C2, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:10,665] disassembleDotNet() :: Match physical 763/0x2FB, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:10,665] disassembleDotNet() :: Match physical 7746/0x1E42, method disassemblies found: 2
[INFO    ][2023-09-25 18:14:10,665] disassembleDotNet() :: Match physical 7757/0x1E4D, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:10,665] disassembleDotNet() :: Match physical 7764/0x1E54, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:10,665] disassembleDotNet() :: Match physical 8135/0x1FC7, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:10,667] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-25 18:14:10,667] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:11,922] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-25 18:21:11,922] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-25 18:21:11,923] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:21:11,923] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:21:11,937] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:21:11,937] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:21:11,937] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:21:11,938] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:21:11,967] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:21:12,002] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-25 18:21:12,003] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-25 18:21:12,004] load() :: Loading HashCache
[INFO    ][2023-09-25 18:21:12,129] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:21:12,129] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:12,223] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:21:12,425] init() :: DotnetData entries: 606
[INFO    ][2023-09-25 18:21:12,425] disassembleDotNet() :: Match physical 614/0x266, method disassemblies found: 2
[INFO    ][2023-09-25 18:21:12,425] disassembleDotNet() :: Match physical 625/0x271, method disassemblies found: 2
[INFO    ][2023-09-25 18:21:12,425] disassembleDotNet() :: Match physical 706/0x2C2, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:12,425] disassembleDotNet() :: Match physical 763/0x2FB, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:12,426] disassembleDotNet() :: Match physical 7746/0x1E42, method disassemblies found: 2
[INFO    ][2023-09-25 18:21:12,426] disassembleDotNet() :: Match physical 7757/0x1E4D, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:12,426] disassembleDotNet() :: Match physical 7764/0x1E54, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:12,426] disassembleDotNet() :: Match physical 8135/0x1FC7, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:12,427] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-25 18:21:12,428] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:06:48,078] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-29 10:06:48,078] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-29 10:06:48,079] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:06:48,079] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:06:48,093] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:06:48,093] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,093] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:06:48,093] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:06:48,123] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-29 10:06:48,124] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-29 10:06:48,124] load() :: Loading HashCache
[INFO    ][2023-09-29 10:06:48,259] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:06:48,259] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:06:48,357] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:06:48,557] init() :: DotnetData entries: 606
[INFO    ][2023-09-29 10:06:48,557] disassembleDotNet() :: Match physical 614/0x266, method disassemblies found: 2
[INFO    ][2023-09-29 10:06:48,557] disassembleDotNet() :: Match physical 625/0x271, method disassemblies found: 2
[INFO    ][2023-09-29 10:06:48,558] disassembleDotNet() :: Match physical 706/0x2C2, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:48,558] disassembleDotNet() :: Match physical 763/0x2FB, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:48,558] disassembleDotNet() :: Match physical 7746/0x1E42, method disassemblies found: 2
[INFO    ][2023-09-29 10:06:48,558] disassembleDotNet() :: Match physical 7757/0x1E4D, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:48,558] disassembleDotNet() :: Match physical 7764/0x1E54, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:48,558] disassembleDotNet() :: Match physical 8135/0x1FC7, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:48,559] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-29 10:06:48,560] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:21,421] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-29 12:11:21,421] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-29 12:11:21,422] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:11:21,423] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:11:21,436] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:11:21,436] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:11:21,436] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,436] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,436] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,436] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,436] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,436] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,437] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,437] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,437] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:11:21,437] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:11:21,437] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:11:21,466] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-29 12:11:21,467] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-29 12:11:21,468] load() :: Loading HashCache
[INFO    ][2023-09-29 12:11:21,605] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:11:21,605] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:21,705] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:11:21,905] init() :: DotnetData entries: 606
[INFO    ][2023-09-29 12:11:21,906] disassembleDotNet() :: Match physical 614/0x266, method disassemblies found: 2
[INFO    ][2023-09-29 12:11:21,906] disassembleDotNet() :: Match physical 625/0x271, method disassemblies found: 2
[INFO    ][2023-09-29 12:11:21,906] disassembleDotNet() :: Match physical 706/0x2C2, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:21,906] disassembleDotNet() :: Match physical 763/0x2FB, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:21,906] disassembleDotNet() :: Match physical 7746/0x1E42, method disassemblies found: 2
[INFO    ][2023-09-29 12:11:21,906] disassembleDotNet() :: Match physical 7757/0x1E4D, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:21,906] disassembleDotNet() :: Match physical 7764/0x1E54, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:21,906] disassembleDotNet() :: Match physical 8135/0x1FC7, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:21,908] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-29 12:11:21,908] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:32:16,109] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-30 10:32:16,109] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe
[INFO    ][2023-09-30 10:32:16,110] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:32:16,110] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:32:16,124] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:32:16,124] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,124] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:32:16,124] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:32:16,154] handleFile() :: Using scanner as defined in outcome: defender
[INFO    ][2023-09-30 10:32:16,155] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-30 10:32:16,155] load() :: Loading HashCache
[INFO    ][2023-09-30 10:32:16,292] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:32:16,292] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:32:16,392] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:32:16,593] init() :: DotnetData entries: 606
[INFO    ][2023-09-30 10:32:16,593] disassembleDotNet() :: Match physical 614/0x266, method disassemblies found: 2
[INFO    ][2023-09-30 10:32:16,593] disassembleDotNet() :: Match physical 625/0x271, method disassemblies found: 2
[INFO    ][2023-09-30 10:32:16,593] disassembleDotNet() :: Match physical 706/0x2C2, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:16,593] disassembleDotNet() :: Match physical 763/0x2FB, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:16,593] disassembleDotNet() :: Match physical 7746/0x1E42, method disassemblies found: 2
[INFO    ][2023-09-30 10:32:16,593] disassembleDotNet() :: Match physical 7757/0x1E4D, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:16,593] disassembleDotNet() :: Match physical 7764/0x1E54, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:16,593] disassembleDotNet() :: Match physical 8135/0x1FC7, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:16,595] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.outcome
[INFO    ][2023-09-30 10:32:16,595] save() :: Saving HashCache (102072)