Avred

File 30177917A5DCE25A.SharpRDP.exe.avira.exe

Name:	30177917A5DCE25A.SharpRDP.exe.avira.exe
Size:	329,728 bytes
Type:	EXE PE.NET
MD5:	288e3ae4f3a8e68c65db570d0f6de218

Scanner Name:	avira
Appraisal:	Fragile (AND) based
Scan Debug:	Duration: 588s / Chunks: 241 / Matches: 50
Scan date:	2023-07-08 08:15:17

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
6	1	8520	47	.text #~		DATA	Dominant. Modify this to make file undetected
7	1	8796	5	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
8	1	8903	17	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
9	1	8932	9	.text #~	TypeRef	DATA	Dominant. Modify this to make file undetected
30	1	11523	8	.text #~	MemberRef	DATA	Dominant. Modify this to make file undetected
31	2	14698	6	.text #Strings		DATA	Dominant. Modify this to make file undetected
32	2	16287	11	.text #Strings		DATA	Dominant. Modify this to make file undetected
33	2	16488	11	.text #Strings		DATA	Dominant. Modify this to make file undetected
34	2	16573	12	.text #Strings		DATA	Dominant. Modify this to make file undetected
35	2	16769	46	.text #Strings		DATA	Dominant. Modify this to make file undetected
36	2	18031	28	.text #Strings		DATA	Dominant. Modify this to make file undetected
37	2	18649	14	.text #Strings		DATA	Dominant. Modify this to make file undetected

Match 6: 8520 (size: 47)

Dominant. Modify this to make file undetected

.text #~

00002148   57 3F A2 09 09 03 00 00 00 FA 01 33 00 16 00 00    W?.........3....
00002158   01 00 00 00 40 00 00 00 19 00 00 00 57 00 00 00    ....@.......W...
00002168   33 00 00 00 29 00 00 00 0D 00 00 00 6B 00 00       3...).......k..

Match 7: 8796 (size: 5)

Dominant. Modify this to make file undetected

.text #~ TypeRef

0000225C   96 16 48 0F 06                                     ..H..

0x225a: TypeRef[29]: ResolutionScope: ref table AssemblyRef[1] TypeName: Assembly TypeNamespace: System.Reflection

0x2260: TypeRef[30]: ResolutionScope: ref table AssemblyRef[1] TypeName: ResolveEventArgs TypeNamespace: System

Match 8: 8903 (size: 17)

Dominant. Modify this to make file undetected

.text #~ TypeRef

000022C7   00 06 15 7D 0E 06 00 5F 0D 7D 0E 06 00 2E 10 7D    ...}..._.}.....}
000022D7   0E                                                 .

0x22c6: TypeRef[47]: ResolutionScope: ref table AssemblyRef[1] TypeName: Environment TypeNamespace: System

0x22cc: TypeRef[48]: ResolutionScope: ref table AssemblyRef[1] TypeName: String TypeNamespace: System

0x22d2: TypeRef[49]: ResolutionScope: ref table AssemblyRef[1] TypeName: Char TypeNamespace: System

Match 9: 8932 (size: 9)

Dominant. Modify this to make file undetected

.text #~ TypeRef

000022E4   12 00 26 0E 31 14 12 00 D1                         ..&.1....

0x22e4: TypeRef[52]: ResolutionScope: ref table AssemblyRef[4] TypeName: Control TypeNamespace: System.Windows.Forms

0x22ea: TypeRef[53]: ResolutionScope: ref table AssemblyRef[4] TypeName: FormWindowState TypeNamespace: System.Windows.Forms

Match 30: 11523 (size: 8)

Dominant. Modify this to make file undetected

.text #~ MemberRef

00002D03   01 E9 00 26 07 B7 01 01                            ...&....

0x2cfe: MemberRef[105]: Class: ref table TypeRef[33] Name: ToArray Signature: 20001d05

0x2d04: MemberRef[106]: Class: ref table TypeRef[29] Name: Load Signature: 000112751d05

0x2d0a: MemberRef[107]: Class: ref table TypeRef[64] Name: Dispose Signature: 200001

Match 31: 14698 (size: 6)

Dominant. Modify this to make file undetected

.text #Strings

0000396A   4C 6F 61 64 00 41                                  Load.A

Match 32: 16287 (size: 11)

Dominant. Modify this to make file undetected

.text #Strings

00003F9F   67 00 54 6F 53 74 72 69 6E 67 00                   g.ToString.

Match 33: 16488 (size: 11)

Dominant. Modify this to make file undetected

.text #Strings

00004068   6C 00 43 6F 6E 74 72 6F 6C 00 47                   l.Control.G

Match 34: 16573 (size: 12)

Dominant. Modify this to make file undetected

.text #Strings

000040BD   74 65 6D 00 53 79 73 74 65 6D 00 46                tem.System.F

Match 35: 16769 (size: 46)

Dominant. Modify this to make file undetected

.text #Strings

00004181   70 70 6C 69 63 61 74 69 6F 6E 00 53 79 73 74 65    pplication.Syste
00004191   6D 2E 52 65 66 6C 65 63 74 69 6F 6E 00 43 6F 6E    m.Reflection.Con
000041A1   74 72 6F 6C 43 6F 6C 6C 65 63 74 69 6F 6E          trolCollection

Match 36: 18031 (size: 28)

Dominant. Modify this to make file undetected

.text #Strings

0000466F   74 72 6F 6C 73 00 53 79 73 74 65 6D 2E 57 69 6E    trols.System.Win
0000467F   64 6F 77 73 2E 46 6F 72 6D 73 00 43                dows.Forms.C

Match 37: 18649 (size: 14)

Dominant. Modify this to make file undetected

.text #Strings

000048D9   79 41 73 73 65 6D 62 6C 79 00 64 69 73 63          yAssembly.disc

Test #	MatchOrder	ModifyPosition	Match#0 methods 4b	Match#1 methods 4b	Match#2 methods 4b	Match#3 methods 4b	Match#4 methods 4b	Match#5 methods 4b	Match#6 #~ 47b	Match#7 #~ 5b	Match#8 #~ 17b	Match#9 #~ 9b	Match#10 #~ 5b	Match#11 #~ 5b	Match#12 #~ 4b	Match#13 #~ 4b	Match#14 #~ 17b	Match#15 #~ 4b	Match#16 #~ 4b	Match#17 #~ 4b	Match#18 #~ 17b	Match#19 #~ 5b	Match#20 #~ 4b	Match#21 #~ 4b	Match#22 #~ 4b	Match#23 #~ 9b	Match#24 #~ 4b	Match#25 #~ 4b	Match#26 #~ 4b	Match#27 #~ 4b	Match#28 #~ 8b	Match#29 #~ 5b	Match#30 #~ 8b	Match#31 #Strings 6b	Match#32 #Strings 11b	Match#33 #Strings 11b	Match#34 #Strings 12b	Match#35 #Strings 46b	Match#36 #Strings 28b	Match#37 #Strings 14b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8							6		8						14				18																	35	36
5	INCREMENTAL	FULL	0	1	2	3	4	5	6	7	8	9	10	11	12	13	14	15	16	17	18	19	20	21	22	23	24	25	26	27	28	29	30	31	32	33	34	35	36	37
6	DECREMENTAL	FULL	37	36	35	34	33	32	31	30	29	28	27	26	25	24	23	22	21	20	19	18	17	16	15	14	13	12	11	10	9	8	7	6	5	4	3	2	1	0
7	ALL	MIDDLE8		0	0																	0				0						0		0
8	ALL	THIRDS4		0	0																	0				0						0		0
9	ALL	FULL	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0	0
Result			d	d	d	d	d	d	d	d	d	d	d	d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-08 08:15:13,135] main() :: Using file: app/upload/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-07-08 08:15:13,135] handleFile() :: Handle file: app/upload/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-07-08 08:15:13,136] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-08 08:15:13,187] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-08 08:15:13,188] load() :: Loading HashCache
[INFO    ][2023-07-08 08:15:13,230] load() ::   36568 hashes loaded
[INFO    ][2023-07-08 08:15:17,654] handleFile() :: QuickCheck: 30177917A5DCE25A.SharpRDP.exe.avira.exe is detected by avira and not hash based
[INFO    ][2023-07-08 08:15:17,654] handleFile() :: Scanning for matches...
[INFO    ][2023-07-08 08:15:17,654] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-08 08:15:19,102] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO    ][2023-07-08 08:15:20,529] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-08 08:15:21,940] findDetectedSections() :: Hide: methods -> Detected: False
[INFO    ][2023-07-08 08:15:23,389] findDetectedSections() :: Hide: #~ -> Detected: False
[INFO    ][2023-07-08 08:15:24,799] findDetectedSections() :: Hide: #Strings -> Detected: False
[INFO    ][2023-07-08 08:15:26,270] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-08 08:15:27,736] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-08 08:15:29,136] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-08 08:15:29,136] scanForMatchesInPe() :: 3 section(s) trigger the antivirus independantly
[INFO    ][2023-07-08 08:15:29,136] scanForMatchesInPe() ::   section: methods
[INFO    ][2023-07-08 08:15:29,136] scanForMatchesInPe() ::   section: #~
[INFO    ][2023-07-08 08:15:29,136] scanForMatchesInPe() ::   section: #Strings
[INFO    ][2023-07-08 08:15:29,136] scanForMatchesInPe() :: Launching bytes analysis on section: methods (584-8404)
[INFO    ][2023-07-08 08:15:29,136] scan() :: Reducer Start: ScanSpeed:ScanSpeed.Normal Iteration:0
[INFO    ][2023-07-08 08:15:29,136] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:31,970] _printStatus() :: Reducing: 2 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:34,690] _printStatus() :: Reducing: 3 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:37,525] _printStatus() :: Reducing: 4 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:40,352] _printStatus() :: Reducing: 5 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:43,215] _printStatus() :: Reducing: 6 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:45,935] _printStatus() :: Reducing: 7 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:48,870] _printStatus() :: Reducing: 8 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:51,748] _printStatus() :: Reducing: 9 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:54,663] _printStatus() :: Reducing: 10 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:59,022] _printStatus() :: Reducing: 12 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 08:15:59,022] _scanDataPart() :: Result: 591-595 (4 bytes)
0000024F   00 1E 02 7B                                        ...{
[INFO    ][2023-07-08 08:16:01,976] _printStatus() :: Reducing: 14 chunks done, found 1 matches (1 added)
[INFO    ][2023-07-08 08:16:04,884] _printStatus() :: Reducing: 15 chunks done, found 1 matches (1 added)
[INFO    ][2023-07-08 08:16:04,884] _scanDataPart() :: Result: 606-610 (4 bytes)
0000025E   00 04 2A 1E                                        ..*.
[INFO    ][2023-07-08 08:16:07,715] _printStatus() :: Reducing: 17 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-08 08:16:10,617] _printStatus() :: Reducing: 18 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-08 08:16:13,526] _printStatus() :: Reducing: 19 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-08 08:16:16,333] _printStatus() :: Reducing: 20 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-08 08:16:19,340] _printStatus() :: Reducing: 21 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-08 08:16:22,168] _printStatus() :: Reducing: 22 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-08 08:16:22,168] _scanDataPart() :: Result: 873-877 (4 bytes)
00000369   28 1E 00 00                                        (...
[INFO    ][2023-07-08 08:16:25,080] _printStatus() :: Reducing: 24 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:28,015] _printStatus() :: Reducing: 25 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:30,929] _printStatus() :: Reducing: 26 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:33,705] _printStatus() :: Reducing: 27 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:36,550] _printStatus() :: Reducing: 28 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:39,377] _printStatus() :: Reducing: 29 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:42,324] _printStatus() :: Reducing: 30 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:45,149] _printStatus() :: Reducing: 31 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:47,993] _printStatus() :: Reducing: 32 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:50,848] _printStatus() :: Reducing: 33 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 08:16:50,848] _scanDataPart() :: Result: 7532-7536 (4 bytes)
00001D6C   06 2A 1E 02                                        .*..
[INFO    ][2023-07-08 08:16:53,658] _printStatus() :: Reducing: 35 chunks done, found 4 matches (4 added)
[INFO    ][2023-07-08 08:16:53,658] _scanDataPart() :: Result: 7540-7544 (4 bytes)
00001D74   0A 2A 1E 02                                        .*..
[INFO    ][2023-07-08 08:16:56,481] _printStatus() :: Reducing: 37 chunks done, found 5 matches (5 added)
[INFO    ][2023-07-08 08:16:59,423] _printStatus() :: Reducing: 38 chunks done, found 5 matches (5 added)
[INFO    ][2023-07-08 08:17:02,326] _printStatus() :: Reducing: 39 chunks done, found 5 matches (5 added)
[INFO    ][2023-07-08 08:17:05,179] _printStatus() :: Reducing: 40 chunks done, found 5 matches (5 added)
[INFO    ][2023-07-08 08:17:08,003] _printStatus() :: Reducing: 41 chunks done, found 5 matches (5 added)
[INFO    ][2023-07-08 08:17:10,826] _printStatus() :: Reducing: 42 chunks done, found 5 matches (5 added)
[INFO    ][2023-07-08 08:17:10,826] _scanDataPart() :: Result: 7749-7753 (4 bytes)
00001E45   1E 02 28 32                                        ..(2
[INFO    ][2023-07-08 08:17:10,826] scan() :: Reducer Result: Time:102 Chunks:42 MatchesAdded:6 MatchesFinal:6
[INFO    ][2023-07-08 08:17:10,826] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (8512-12868)
[INFO    ][2023-07-08 08:17:10,826] scan() :: Reducer Start: ScanSpeed:ScanSpeed.Normal Iteration:1
[INFO    ][2023-07-08 08:17:10,826] _printStatus() :: Reducing: 43 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:13,593] _printStatus() :: Reducing: 44 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:16,363] _printStatus() :: Reducing: 45 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:19,110] _printStatus() :: Reducing: 46 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:21,994] _printStatus() :: Reducing: 47 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:24,804] _printStatus() :: Reducing: 48 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:27,648] _printStatus() :: Reducing: 49 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:30,438] _printStatus() :: Reducing: 50 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:33,196] _printStatus() :: Reducing: 51 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:36,224] _printStatus() :: Reducing: 52 chunks done, found 0 matches (6 added)
[INFO    ][2023-07-08 08:17:39,151] _scanDataPart() :: Result: 8520-8529 (9 bytes)
00002148   57 3F A2 09 09 03 00 00 00                         W?.......
[INFO    ][2023-07-08 08:17:39,151] _printStatus() :: Reducing: 53 chunks done, found 1 matches (7 added)
[INFO    ][2023-07-08 08:17:41,947] _scanDataPart() :: Result: 8529-8546 (17 bytes)
00002151   FA 01 33 00 16 00 00 01 00 00 00 40 00 00 00 19    ..3........@....
00002161   00                                                 .
[INFO    ][2023-07-08 08:17:41,947] _printStatus() :: Reducing: 54 chunks done, found 1 matches (8 added)
[INFO    ][2023-07-08 08:17:44,712] _printStatus() :: Reducing: 55 chunks done, found 1 matches (8 added)
[INFO    ][2023-07-08 08:17:47,600] _scanDataPart() :: Result: 8546-8563 (17 bytes)
00002162   00 00 57 00 00 00 33 00 00 00 29 00 00 00 0D 00    ..W...3...).....
00002172   00                                                 .
[INFO    ][2023-07-08 08:17:47,600] _printStatus() :: Reducing: 56 chunks done, found 1 matches (9 added)
[INFO    ][2023-07-08 08:17:50,620] _printStatus() :: Reducing: 57 chunks done, found 1 matches (9 added)
[INFO    ][2023-07-08 08:17:53,531] _printStatus() :: Reducing: 58 chunks done, found 1 matches (9 added)
[INFO    ][2023-07-08 08:17:53,531] _scanDataPart() :: Result: 8563-8567 (4 bytes)
00002173   00 6B 00 00                                        .k..
[INFO    ][2023-07-08 08:17:56,360] _printStatus() :: Reducing: 60 chunks done, found 1 matches (10 added)
[INFO    ][2023-07-08 08:17:59,311] _printStatus() :: Reducing: 61 chunks done, found 1 matches (10 added)
[INFO    ][2023-07-08 08:18:02,207] _printStatus() :: Reducing: 62 chunks done, found 1 matches (10 added)
[INFO    ][2023-07-08 08:18:05,134] _printStatus() :: Reducing: 63 chunks done, found 1 matches (10 added)
[INFO    ][2023-07-08 08:18:08,010] _printStatus() :: Reducing: 64 chunks done, found 1 matches (10 added)
[INFO    ][2023-07-08 08:18:10,814] _printStatus() :: Reducing: 65 chunks done, found 1 matches (10 added)
[INFO    ][2023-07-08 08:18:10,815] _scanDataPart() :: Result: 8796-8801 (5 bytes)
0000225C   96 16 48 0F 06                                     ..H..
[INFO    ][2023-07-08 08:18:13,583] _printStatus() :: Reducing: 67 chunks done, found 2 matches (11 added)
[INFO    ][2023-07-08 08:18:16,347] _printStatus() :: Reducing: 68 chunks done, found 2 matches (11 added)
[INFO    ][2023-07-08 08:18:19,119] _scanDataPart() :: Result: 8903-8920 (17 bytes)
000022C7   00 06 15 7D 0E 06 00 5F 0D 7D 0E 06 00 2E 10 7D    ...}..._.}.....}
000022D7   0E                                                 .
[INFO    ][2023-07-08 08:18:19,119] _printStatus() :: Reducing: 69 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-08 08:18:21,961] _printStatus() :: Reducing: 70 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-08 08:18:24,766] _printStatus() :: Reducing: 71 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-08 08:18:27,593] _printStatus() :: Reducing: 72 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-08 08:18:30,388] _printStatus() :: Reducing: 73 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-08 08:18:33,287] _printStatus() :: Reducing: 74 chunks done, found 3 matches (12 added)
[INFO    ][2023-07-08 08:18:33,287] _scanDataPart() :: Result: 8932-8937 (5 bytes)
000022E4   12 00 26 0E 31                                     ..&.1
[INFO    ][2023-07-08 08:18:36,098] _printStatus() :: Reducing: 76 chunks done, found 4 matches (13 added)
[INFO    ][2023-07-08 08:18:38,940] _printStatus() :: Reducing: 77 chunks done, found 4 matches (13 added)
[INFO    ][2023-07-08 08:18:38,940] _scanDataPart() :: Result: 8937-8941 (4 bytes)
000022E9   14 12 00 D1                                        ....
[INFO    ][2023-07-08 08:18:41,724] _printStatus() :: Reducing: 79 chunks done, found 4 matches (14 added)
[INFO    ][2023-07-08 08:18:44,476] _printStatus() :: Reducing: 80 chunks done, found 4 matches (14 added)
[INFO    ][2023-07-08 08:18:47,333] _printStatus() :: Reducing: 81 chunks done, found 4 matches (14 added)
[INFO    ][2023-07-08 08:18:50,181] _printStatus() :: Reducing: 82 chunks done, found 4 matches (14 added)
[INFO    ][2023-07-08 08:18:53,018] _printStatus() :: Reducing: 83 chunks done, found 4 matches (14 added)
[INFO    ][2023-07-08 08:18:55,778] _printStatus() :: Reducing: 84 chunks done, found 4 matches (14 added)
[INFO    ][2023-07-08 08:18:58,726] _printStatus() :: Reducing: 85 chunks done, found 4 matches (14 added)
[INFO    ][2023-07-08 08:19:01,638] _printStatus() :: Reducing: 86 chunks done, found 4 matches (14 added)
[INFO    ][2023-07-08 08:19:01,638] _scanDataPart() :: Result: 9885-9890 (5 bytes)
0000269D   00 00 00 81 08                                     .....
[INFO    ][2023-07-08 08:19:04,511] _printStatus() :: Reducing: 88 chunks done, found 5 matches (15 added)
[INFO    ][2023-07-08 08:19:04,512] _scanDataPart() :: Result: 9902-9907 (5 bytes)
000026AE   81 08 4E 09 01                                     ..N..
[INFO    ][2023-07-08 08:19:07,264] _printStatus() :: Reducing: 91 chunks done, found 6 matches (16 added)
[INFO    ][2023-07-08 08:19:10,100] _printStatus() :: Reducing: 92 chunks done, found 6 matches (16 added)
[INFO    ][2023-07-08 08:19:12,846] _printStatus() :: Reducing: 93 chunks done, found 6 matches (16 added)
[INFO    ][2023-07-08 08:19:12,846] _scanDataPart() :: Result: 9915-9919 (4 bytes)
000026BB   00 81 08 61                                        ...a
[INFO    ][2023-07-08 08:19:15,665] _printStatus() :: Reducing: 95 chunks done, found 7 matches (17 added)
[INFO    ][2023-07-08 08:19:18,577] _printStatus() :: Reducing: 96 chunks done, found 7 matches (17 added)
[INFO    ][2023-07-08 08:19:18,577] _scanDataPart() :: Result: 9928-9932 (4 bytes)
000026C8   00 00 81 08                                        ....
[INFO    ][2023-07-08 08:19:21,328] _printStatus() :: Reducing: 98 chunks done, found 8 matches (18 added)
[INFO    ][2023-07-08 08:19:24,089] _printStatus() :: Reducing: 99 chunks done, found 8 matches (18 added)
[INFO    ][2023-07-08 08:19:26,936] _scanDataPart() :: Result: 9958-9975 (17 bytes)
000026E6   81 00 9E 11 36 03 0D 00 68 22 00 00 00 00 81 00    ....6...h"......
000026F6   F5                                                 .
[INFO    ][2023-07-08 08:19:26,936] _printStatus() :: Reducing: 100 chunks done, found 9 matches (19 added)
[INFO    ][2023-07-08 08:19:29,772] _printStatus() :: Reducing: 101 chunks done, found 9 matches (19 added)
[INFO    ][2023-07-08 08:19:32,574] _printStatus() :: Reducing: 102 chunks done, found 9 matches (19 added)
[INFO    ][2023-07-08 08:19:35,374] _printStatus() :: Reducing: 103 chunks done, found 9 matches (19 added)
[INFO    ][2023-07-08 08:19:35,374] _scanDataPart() :: Result: 9983-9987 (4 bytes)
000026FF   00 00 00 81                                        ....
[INFO    ][2023-07-08 08:19:38,268] _printStatus() :: Reducing: 105 chunks done, found 10 matches (20 added)
[INFO    ][2023-07-08 08:19:41,189] _printStatus() :: Reducing: 106 chunks done, found 10 matches (20 added)
[INFO    ][2023-07-08 08:19:41,189] _scanDataPart() :: Result: 10000-10004 (4 bytes)
00002710   81 00 AD 0F                                        ....
[INFO    ][2023-07-08 08:19:44,140] _printStatus() :: Reducing: 108 chunks done, found 11 matches (21 added)
[INFO    ][2023-07-08 08:19:47,002] _printStatus() :: Reducing: 109 chunks done, found 11 matches (21 added)
[INFO    ][2023-07-08 08:19:49,857] _printStatus() :: Reducing: 110 chunks done, found 11 matches (21 added)
[INFO    ][2023-07-08 08:19:52,813] _printStatus() :: Reducing: 111 chunks done, found 11 matches (21 added)
[INFO    ][2023-07-08 08:19:55,698] _printStatus() :: Reducing: 112 chunks done, found 11 matches (21 added)
[INFO    ][2023-07-08 08:19:55,698] _scanDataPart() :: Result: 10013-10017 (4 bytes)
0000271D   00 81 00 13                                        ....
[INFO    ][2023-07-08 08:19:58,709] _printStatus() :: Reducing: 114 chunks done, found 12 matches (22 added)
[INFO    ][2023-07-08 08:20:01,774] _printStatus() :: Reducing: 115 chunks done, found 12 matches (22 added)
[INFO    ][2023-07-08 08:20:01,774] _scanDataPart() :: Result: 10026-10030 (4 bytes)
0000272A   00 00 86 00                                        ....
[INFO    ][2023-07-08 08:20:01,774] _scanDataPart() :: Result: 10030-10034 (4 bytes)
0000272E   37 16 10 00                                        7...
[INFO    ][2023-07-08 08:20:03,203] _scanDataPart() :: Result: 10034-10038 (4 bytes)
00002732   14 00 4C 29                                        ..L)
[INFO    ][2023-07-08 08:20:03,204] _scanDataPart() :: Result: 10038-10043 (5 bytes)
00002736   00 00 00 00 81                                     .....
[WARNING ][2023-07-08 08:20:03,204] _scanDataPart() :: Doubling minMatchSize to 16
[INFO    ][2023-07-08 08:20:06,109] _printStatus() :: Reducing: 121 chunks done, found 13 matches (26 added)
[INFO    ][2023-07-08 08:20:08,935] _printStatus() :: Reducing: 122 chunks done, found 13 matches (26 added)
[INFO    ][2023-07-08 08:20:11,751] _printStatus() :: Reducing: 123 chunks done, found 13 matches (26 added)
[INFO    ][2023-07-08 08:20:14,580] _printStatus() :: Reducing: 124 chunks done, found 13 matches (26 added)
[INFO    ][2023-07-08 08:20:17,454] _printStatus() :: Reducing: 125 chunks done, found 13 matches (26 added)
[INFO    ][2023-07-08 08:20:20,420] _printStatus() :: Reducing: 126 chunks done, found 13 matches (26 added)
[INFO    ][2023-07-08 08:20:23,251] _printStatus() :: Reducing: 127 chunks done, found 13 matches (26 added)
[INFO    ][2023-07-08 08:20:23,251] _scanDataPart() :: Result: 10327-10332 (5 bytes)
00002857   00 1E 00 00 00                                     .....
[INFO    ][2023-07-08 08:20:26,177] _printStatus() :: Reducing: 129 chunks done, found 14 matches (27 added)
[INFO    ][2023-07-08 08:20:26,178] _scanDataPart() :: Result: 10340-10344 (4 bytes)
00002864   06 00 1E 00                                        ....
[INFO    ][2023-07-08 08:20:29,053] _printStatus() :: Reducing: 132 chunks done, found 15 matches (28 added)
[INFO    ][2023-07-08 08:20:32,000] _printStatus() :: Reducing: 133 chunks done, found 15 matches (28 added)
[INFO    ][2023-07-08 08:20:34,825] _printStatus() :: Reducing: 134 chunks done, found 15 matches (28 added)
[INFO    ][2023-07-08 08:20:37,640] _printStatus() :: Reducing: 135 chunks done, found 15 matches (28 added)
[INFO    ][2023-07-08 08:20:37,640] _scanDataPart() :: Result: 10353-10357 (4 bytes)
00002871   14 5D 03 1E                                        .]..
[INFO    ][2023-07-08 08:20:40,550] _printStatus() :: Reducing: 137 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:20:43,474] _printStatus() :: Reducing: 138 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:20:46,339] _printStatus() :: Reducing: 139 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:20:49,124] _printStatus() :: Reducing: 140 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:20:51,945] _printStatus() :: Reducing: 141 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:20:54,874] _printStatus() :: Reducing: 142 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:20:57,460] _printStatus() :: Reducing: 143 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:21:00,469] _printStatus() :: Reducing: 144 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:21:03,389] _printStatus() :: Reducing: 145 chunks done, found 16 matches (29 added)
[INFO    ][2023-07-08 08:21:03,389] _scanDataPart() :: Result: 11119-11123 (4 bytes)
00002B6F   0A 92 00 81                                        ....
[INFO    ][2023-07-08 08:21:06,344] _printStatus() :: Reducing: 147 chunks done, found 17 matches (30 added)
[INFO    ][2023-07-08 08:21:06,344] _scanDataPart() :: Result: 11127-11132 (5 bytes)
00002B77   00 81 01 D3 16                                     .....
[INFO    ][2023-07-08 08:21:09,118] _printStatus() :: Reducing: 149 chunks done, found 18 matches (31 added)
[INFO    ][2023-07-08 08:21:11,982] _printStatus() :: Reducing: 150 chunks done, found 18 matches (31 added)
[INFO    ][2023-07-08 08:21:14,867] _printStatus() :: Reducing: 151 chunks done, found 18 matches (31 added)
[INFO    ][2023-07-08 08:21:14,867] _scanDataPart() :: Result: 11132-11136 (4 bytes)
00002B7C   9B 00 81 01                                        ....
[INFO    ][2023-07-08 08:21:17,818] _printStatus() :: Reducing: 153 chunks done, found 18 matches (32 added)
[INFO    ][2023-07-08 08:21:20,693] _printStatus() :: Reducing: 154 chunks done, found 18 matches (32 added)
[INFO    ][2023-07-08 08:21:20,693] _scanDataPart() :: Result: 11149-11153 (4 bytes)
00002B8D   0F 5C 00 81                                        .\..
[INFO    ][2023-07-08 08:21:23,617] _printStatus() :: Reducing: 156 chunks done, found 19 matches (33 added)
[INFO    ][2023-07-08 08:21:23,617] _scanDataPart() :: Result: 11157-11161 (4 bytes)
00002B95   00 81 01 61                                        ...a
[INFO    ][2023-07-08 08:21:26,530] _printStatus() :: Reducing: 158 chunks done, found 20 matches (34 added)
[INFO    ][2023-07-08 08:21:29,451] _printStatus() :: Reducing: 159 chunks done, found 20 matches (34 added)
[INFO    ][2023-07-08 08:21:32,391] _printStatus() :: Reducing: 160 chunks done, found 20 matches (34 added)
[INFO    ][2023-07-08 08:21:35,274] _printStatus() :: Reducing: 161 chunks done, found 20 matches (34 added)
[INFO    ][2023-07-08 08:21:35,274] _scanDataPart() :: Result: 11174-11178 (4 bytes)
00002BA6   B5 00 81 01                                        ....
[INFO    ][2023-07-08 08:21:38,208] _printStatus() :: Reducing: 163 chunks done, found 21 matches (35 added)
[INFO    ][2023-07-08 08:21:41,040] _printStatus() :: Reducing: 164 chunks done, found 21 matches (35 added)
[INFO    ][2023-07-08 08:21:41,040] _scanDataPart() :: Result: 11187-11191 (4 bytes)
00002BB3   00 81 00 82                                        ....
[INFO    ][2023-07-08 08:21:43,990] _printStatus() :: Reducing: 166 chunks done, found 22 matches (36 added)
[INFO    ][2023-07-08 08:21:46,962] _printStatus() :: Reducing: 167 chunks done, found 22 matches (36 added)
[INFO    ][2023-07-08 08:21:49,859] _printStatus() :: Reducing: 168 chunks done, found 22 matches (36 added)
[INFO    ][2023-07-08 08:21:49,860] _scanDataPart() :: Result: 11217-11221 (4 bytes)
00002BD1   00 81 01 2A                                        ...*
[INFO    ][2023-07-08 08:21:49,860] _scanDataPart() :: Result: 11221-11225 (4 bytes)
00002BD5   0D FA 00 81                                        ....
[INFO    ][2023-07-08 08:21:52,665] _printStatus() :: Reducing: 171 chunks done, found 23 matches (38 added)
[INFO    ][2023-07-08 08:21:52,665] _scanDataPart() :: Result: 11229-11234 (5 bytes)
00002BDD   00 81 01 66 0D                                     ...f.
[INFO    ][2023-07-08 08:21:55,495] _printStatus() :: Reducing: 173 chunks done, found 24 matches (39 added)
[INFO    ][2023-07-08 08:21:58,340] _printStatus() :: Reducing: 174 chunks done, found 24 matches (39 added)
[INFO    ][2023-07-08 08:22:01,273] _printStatus() :: Reducing: 175 chunks done, found 24 matches (39 added)
[INFO    ][2023-07-08 08:22:04,106] _printStatus() :: Reducing: 176 chunks done, found 24 matches (39 added)
[INFO    ][2023-07-08 08:22:06,894] _printStatus() :: Reducing: 177 chunks done, found 24 matches (39 added)
[INFO    ][2023-07-08 08:22:09,831] _printStatus() :: Reducing: 178 chunks done, found 24 matches (39 added)
[INFO    ][2023-07-08 08:22:12,685] _scanDataPart() :: Result: 11523-11531 (8 bytes)
00002D03   01 E9 00 26 07 B7 01 01                            ...&....
[INFO    ][2023-07-08 08:22:12,686] scan() :: Reducer Result: Time:302 Chunks:178 MatchesAdded:40 MatchesFinal:25
[INFO    ][2023-07-08 08:22:12,686] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (12868-18744)
[INFO    ][2023-07-08 08:22:12,686] scan() :: Reducer Start: ScanSpeed:ScanSpeed.Normal Iteration:2
[INFO    ][2023-07-08 08:22:12,686] _printStatus() :: Reducing: 179 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:15,532] _printStatus() :: Reducing: 180 chunks done, found 0 matches (40 added)
[WARNING ][2023-07-08 08:22:15,532] _scanDataPart() :: Doubling minMatchSize to 32
[INFO    ][2023-07-08 08:22:18,389] _printStatus() :: Reducing: 181 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:21,298] _printStatus() :: Reducing: 182 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:24,076] _printStatus() :: Reducing: 183 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:27,095] _printStatus() :: Reducing: 184 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:29,956] _printStatus() :: Reducing: 185 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:32,980] _printStatus() :: Reducing: 186 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:35,781] _printStatus() :: Reducing: 187 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:38,690] _printStatus() :: Reducing: 188 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:41,604] _printStatus() :: Reducing: 189 chunks done, found 0 matches (40 added)
[INFO    ][2023-07-08 08:22:44,261] _scanDataPart() :: Result: 14698-14704 (6 bytes)
0000396A   4C 6F 61 64 00 41                                  Load.A
[INFO    ][2023-07-08 08:22:44,261] _printStatus() :: Reducing: 190 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:22:47,105] _printStatus() :: Reducing: 191 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:22:49,940] _printStatus() :: Reducing: 192 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:22:52,810] _printStatus() :: Reducing: 193 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:22:55,700] _printStatus() :: Reducing: 194 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:22:58,638] _printStatus() :: Reducing: 195 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:23:01,452] _printStatus() :: Reducing: 196 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:23:04,337] _printStatus() :: Reducing: 197 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:23:07,160] _printStatus() :: Reducing: 198 chunks done, found 1 matches (41 added)
[INFO    ][2023-07-08 08:23:10,057] _scanDataPart() :: Result: 16287-16298 (11 bytes)
00003F9F   67 00 54 6F 53 74 72 69 6E 67 00                   g.ToString.
[INFO    ][2023-07-08 08:23:10,057] _printStatus() :: Reducing: 199 chunks done, found 2 matches (42 added)
[INFO    ][2023-07-08 08:23:12,986] _printStatus() :: Reducing: 200 chunks done, found 2 matches (42 added)
[INFO    ][2023-07-08 08:23:15,801] _printStatus() :: Reducing: 201 chunks done, found 2 matches (42 added)
[INFO    ][2023-07-08 08:23:18,732] _printStatus() :: Reducing: 202 chunks done, found 2 matches (42 added)
[INFO    ][2023-07-08 08:23:21,520] _printStatus() :: Reducing: 203 chunks done, found 2 matches (42 added)
[INFO    ][2023-07-08 08:23:24,516] _printStatus() :: Reducing: 204 chunks done, found 2 matches (42 added)
[INFO    ][2023-07-08 08:23:27,418] _scanDataPart() :: Result: 16488-16494 (6 bytes)
00004068   6C 00 43 6F 6E 74                                  l.Cont
[INFO    ][2023-07-08 08:23:27,418] _printStatus() :: Reducing: 205 chunks done, found 3 matches (43 added)
[INFO    ][2023-07-08 08:23:30,248] _printStatus() :: Reducing: 206 chunks done, found 3 matches (43 added)
[INFO    ][2023-07-08 08:23:33,026] _printStatus() :: Reducing: 207 chunks done, found 3 matches (43 added)
[INFO    ][2023-07-08 08:23:35,933] _printStatus() :: Reducing: 208 chunks done, found 3 matches (43 added)
[INFO    ][2023-07-08 08:23:35,933] _scanDataPart() :: Result: 16494-16499 (5 bytes)
0000406E   72 6F 6C 00 47                                     rol.G
[INFO    ][2023-07-08 08:23:38,846] _printStatus() :: Reducing: 210 chunks done, found 3 matches (44 added)
[INFO    ][2023-07-08 08:23:41,686] _printStatus() :: Reducing: 211 chunks done, found 3 matches (44 added)
[INFO    ][2023-07-08 08:23:44,555] _printStatus() :: Reducing: 212 chunks done, found 3 matches (44 added)
[INFO    ][2023-07-08 08:23:47,355] _printStatus() :: Reducing: 213 chunks done, found 3 matches (44 added)
[INFO    ][2023-07-08 08:23:50,225] _printStatus() :: Reducing: 214 chunks done, found 3 matches (44 added)
[INFO    ][2023-07-08 08:23:53,137] _printStatus() :: Reducing: 215 chunks done, found 3 matches (44 added)
[INFO    ][2023-07-08 08:23:55,903] _scanDataPart() :: Result: 16573-16585 (12 bytes)
000040BD   74 65 6D 00 53 79 73 74 65 6D 00 46                tem.System.F
[INFO    ][2023-07-08 08:23:55,903] _printStatus() :: Reducing: 216 chunks done, found 4 matches (45 added)
[INFO    ][2023-07-08 08:23:58,879] _printStatus() :: Reducing: 217 chunks done, found 4 matches (45 added)
[INFO    ][2023-07-08 08:24:01,798] _printStatus() :: Reducing: 218 chunks done, found 4 matches (45 added)
[INFO    ][2023-07-08 08:24:04,750] _scanDataPart() :: Result: 16769-16815 (46 bytes)
00004181   70 70 6C 69 63 61 74 69 6F 6E 00 53 79 73 74 65    pplication.Syste
00004191   6D 2E 52 65 66 6C 65 63 74 69 6F 6E 00 43 6F 6E    m.Reflection.Con
000041A1   74 72 6F 6C 43 6F 6C 6C 65 63 74 69 6F 6E          trolCollection
[INFO    ][2023-07-08 08:24:04,750] _printStatus() :: Reducing: 219 chunks done, found 5 matches (46 added)
[INFO    ][2023-07-08 08:24:07,695] _printStatus() :: Reducing: 220 chunks done, found 5 matches (46 added)
[INFO    ][2023-07-08 08:24:10,485] _printStatus() :: Reducing: 221 chunks done, found 5 matches (46 added)
[INFO    ][2023-07-08 08:24:13,407] _printStatus() :: Reducing: 222 chunks done, found 5 matches (46 added)
[INFO    ][2023-07-08 08:24:16,261] _printStatus() :: Reducing: 223 chunks done, found 5 matches (46 added)
[INFO    ][2023-07-08 08:24:19,243] _printStatus() :: Reducing: 224 chunks done, found 5 matches (46 added)
[INFO    ][2023-07-08 08:24:22,085] _printStatus() :: Reducing: 225 chunks done, found 5 matches (46 added)
[INFO    ][2023-07-08 08:24:24,938] _scanDataPart() :: Result: 18031-18054 (23 bytes)
0000466F   74 72 6F 6C 73 00 53 79 73 74 65 6D 2E 57 69 6E    trols.System.Win
0000467F   64 6F 77 73 2E 46 6F                               dows.Fo
[INFO    ][2023-07-08 08:24:24,938] _printStatus() :: Reducing: 226 chunks done, found 6 matches (47 added)
[INFO    ][2023-07-08 08:24:27,777] _printStatus() :: Reducing: 227 chunks done, found 6 matches (47 added)
[INFO    ][2023-07-08 08:24:30,652] _printStatus() :: Reducing: 228 chunks done, found 6 matches (47 added)
[INFO    ][2023-07-08 08:24:33,588] _printStatus() :: Reducing: 229 chunks done, found 6 matches (47 added)
[INFO    ][2023-07-08 08:24:33,588] _scanDataPart() :: Result: 18054-18059 (5 bytes)
00004686   72 6D 73 00 43                                     rms.C
[INFO    ][2023-07-08 08:24:36,506] _printStatus() :: Reducing: 231 chunks done, found 6 matches (48 added)
[INFO    ][2023-07-08 08:24:39,442] _printStatus() :: Reducing: 232 chunks done, found 6 matches (48 added)
[INFO    ][2023-07-08 08:24:42,386] _printStatus() :: Reducing: 233 chunks done, found 6 matches (48 added)
[INFO    ][2023-07-08 08:24:45,317] _printStatus() :: Reducing: 234 chunks done, found 6 matches (48 added)
[INFO    ][2023-07-08 08:24:48,149] _printStatus() :: Reducing: 235 chunks done, found 6 matches (48 added)
[INFO    ][2023-07-08 08:24:50,957] _printStatus() :: Reducing: 236 chunks done, found 6 matches (48 added)
[INFO    ][2023-07-08 08:24:53,796] _printStatus() :: Reducing: 237 chunks done, found 6 matches (48 added)
[INFO    ][2023-07-08 08:24:53,796] _scanDataPart() :: Result: 18649-18652 (3 bytes)
000048D9   79 41 73                                           yAs
[INFO    ][2023-07-08 08:24:56,570] _printStatus() :: Reducing: 239 chunks done, found 7 matches (49 added)
[INFO    ][2023-07-08 08:24:59,554] _printStatus() :: Reducing: 240 chunks done, found 7 matches (49 added)
[WARNING ][2023-07-08 08:24:59,554] _scanDataPart() :: Doubling minMatchSize to 64
[INFO    ][2023-07-08 08:25:02,442] _printStatus() :: Reducing: 241 chunks done, found 7 matches (49 added)
[INFO    ][2023-07-08 08:25:05,266] _scanDataPart() :: Result: 18652-18663 (11 bytes)
000048DC   73 65 6D 62 6C 79 00 64 69 73 63                   sembly.disc
[INFO    ][2023-07-08 08:25:05,266] scan() :: Reducer Result: Time:173 Chunks:241 MatchesAdded:50 MatchesFinal:7
[INFO    ][2023-07-08 08:25:05,266] handleFile() :: Result: 38 matches
[INFO    ][2023-07-08 08:25:05,266] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-07-08 08:25:06,652] save() :: Saving HashCache (36982)
[INFO    ][2023-07-08 08:25:06,689] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-08 08:25:06,689] runVerifications() :: Verify 38 matches
[INFO    ][2023-07-08 08:25:15,320] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:25:24,061] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:26:19,444] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 08:27:14,534] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 08:27:21,747] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 6  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 8  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 14  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 18  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:28:14,182] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 37  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 08:29:05,497] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 37  result: ScanResult.NOT_DETECTED
  Idx: 36  result: ScanResult.NOT_DETECTED
  Idx: 35  result: ScanResult.NOT_DETECTED
  Idx: 34  result: ScanResult.NOT_DETECTED
  Idx: 33  result: ScanResult.NOT_DETECTED
  Idx: 32  result: ScanResult.NOT_DETECTED
  Idx: 31  result: ScanResult.NOT_DETECTED
  Idx: 30  result: ScanResult.NOT_DETECTED
  Idx: 29  result: ScanResult.NOT_DETECTED
  Idx: 28  result: ScanResult.NOT_DETECTED
  Idx: 27  result: ScanResult.NOT_DETECTED
  Idx: 26  result: ScanResult.NOT_DETECTED
  Idx: 25  result: ScanResult.NOT_DETECTED
  Idx: 24  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 08:29:05,498] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:29:06,937] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 08:29:06,939] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 08:29:06,939] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-07-08 08:29:06,939] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-08 08:29:06,967] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-08 08:29:07,053] disassembleDotNet() :: Match physical 591/0x24F, method disassemblies found: 1
[INFO    ][2023-07-08 08:29:07,053] disassembleDotNet() :: Match physical 606/0x25E, method disassemblies found: 2
[INFO    ][2023-07-08 08:29:07,053] disassembleDotNet() :: Match physical 873/0x369, method disassemblies found: 1
[INFO    ][2023-07-08 08:29:07,053] disassembleDotNet() :: Match physical 7532/0x1D6C, method disassemblies found: 2
[INFO    ][2023-07-08 08:29:07,053] disassembleDotNet() :: Match physical 7540/0x1D74, method disassemblies found: 2
[INFO    ][2023-07-08 08:29:07,053] disassembleDotNet() :: Match physical 7749/0x1E45, method disassemblies found: 1
[INFO    ][2023-07-08 08:29:07,054] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-07-08 08:29:07,055] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-08 08:29:07,055] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-08 08:29:07,055] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-07-08 08:29:07,056] save() :: Saving HashCache (37149)
[INFO    ][2023-09-01 05:26:37,350] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-01 05:26:37,350] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-01 05:26:37,352] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:37,404] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:37,405] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-01 05:26:37,406] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-01 05:26:37,407] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:37,506] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:37,506] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:37,589] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:20:54,456] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-24 19:20:54,456] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-24 19:20:54,465] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:20:54,465] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:20:54,481] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:20:54,481] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:20:54,481] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:20:54,481] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:20:54,517] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:20:54,545] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-24 19:20:54,546] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:20:54,546] load() :: Loading HashCache
[INFO    ][2023-09-24 19:20:54,674] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:20:54,675] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:20:54,770] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:20:54,964] init() :: DotnetData entries: 606
[INFO    ][2023-09-24 19:20:54,964] disassembleDotNet() :: Match physical 591/0x24F, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:54,964] disassembleDotNet() :: Match physical 606/0x25E, method disassemblies found: 2
[INFO    ][2023-09-24 19:20:54,964] disassembleDotNet() :: Match physical 873/0x369, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:54,965] disassembleDotNet() :: Match physical 7532/0x1D6C, method disassemblies found: 2
[INFO    ][2023-09-24 19:20:54,965] disassembleDotNet() :: Match physical 7540/0x1D74, method disassemblies found: 2
[INFO    ][2023-09-24 19:20:54,965] disassembleDotNet() :: Match physical 7749/0x1E45, method disassemblies found: 1
[INFO    ][2023-09-24 19:20:54,966] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:20:54,967] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:11,826] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-25 18:14:11,826] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-25 18:14:11,827] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:14:11,827] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:14:11,841] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:14:11,841] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,841] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:14:11,841] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:14:11,870] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:14:11,907] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:14:11,908] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:11,908] load() :: Loading HashCache
[INFO    ][2023-09-25 18:14:12,034] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:14:12,035] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:12,131] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:14:12,333] init() :: DotnetData entries: 606
[INFO    ][2023-09-25 18:14:12,333] disassembleDotNet() :: Match physical 591/0x24F, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:12,333] disassembleDotNet() :: Match physical 606/0x25E, method disassemblies found: 2
[INFO    ][2023-09-25 18:14:12,333] disassembleDotNet() :: Match physical 873/0x369, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:12,333] disassembleDotNet() :: Match physical 7532/0x1D6C, method disassemblies found: 2
[INFO    ][2023-09-25 18:14:12,333] disassembleDotNet() :: Match physical 7540/0x1D74, method disassemblies found: 2
[INFO    ][2023-09-25 18:14:12,333] disassembleDotNet() :: Match physical 7749/0x1E45, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:12,335] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:12,336] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:13,595] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-25 18:21:13,595] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-25 18:21:13,596] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:21:13,596] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:21:13,610] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:21:13,610] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:21:13,610] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:21:13,610] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:21:13,639] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:21:13,675] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:21:13,676] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:13,677] load() :: Loading HashCache
[INFO    ][2023-09-25 18:21:13,803] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:21:13,803] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:13,901] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:21:14,102] init() :: DotnetData entries: 606
[INFO    ][2023-09-25 18:21:14,102] disassembleDotNet() :: Match physical 591/0x24F, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:14,102] disassembleDotNet() :: Match physical 606/0x25E, method disassemblies found: 2
[INFO    ][2023-09-25 18:21:14,102] disassembleDotNet() :: Match physical 873/0x369, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:14,102] disassembleDotNet() :: Match physical 7532/0x1D6C, method disassemblies found: 2
[INFO    ][2023-09-25 18:21:14,102] disassembleDotNet() :: Match physical 7540/0x1D74, method disassemblies found: 2
[INFO    ][2023-09-25 18:21:14,102] disassembleDotNet() :: Match physical 7749/0x1E45, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:14,104] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:14,105] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:06:49,690] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-29 10:06:49,690] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-29 10:06:49,691] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:06:49,691] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:06:49,705] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:06:49,705] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:06:49,705] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:06:49,705] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:06:49,735] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 10:06:49,736] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:06:49,737] load() :: Loading HashCache
[INFO    ][2023-09-29 10:06:49,873] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:06:49,873] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:06:49,969] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:06:50,168] init() :: DotnetData entries: 606
[INFO    ][2023-09-29 10:06:50,168] disassembleDotNet() :: Match physical 591/0x24F, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:50,168] disassembleDotNet() :: Match physical 606/0x25E, method disassemblies found: 2
[INFO    ][2023-09-29 10:06:50,168] disassembleDotNet() :: Match physical 873/0x369, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:50,169] disassembleDotNet() :: Match physical 7532/0x1D6C, method disassemblies found: 2
[INFO    ][2023-09-29 10:06:50,169] disassembleDotNet() :: Match physical 7540/0x1D74, method disassemblies found: 2
[INFO    ][2023-09-29 10:06:50,169] disassembleDotNet() :: Match physical 7749/0x1E45, method disassemblies found: 1
[INFO    ][2023-09-29 10:06:50,170] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:06:50,171] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:23,047] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-29 12:11:23,047] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-29 12:11:23,048] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:11:23,048] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:11:23,062] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:11:23,062] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,062] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:11:23,063] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:11:23,063] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:11:23,093] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 12:11:23,094] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:23,094] load() :: Loading HashCache
[INFO    ][2023-09-29 12:11:23,230] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:11:23,230] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:23,328] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:11:23,527] init() :: DotnetData entries: 606
[INFO    ][2023-09-29 12:11:23,527] disassembleDotNet() :: Match physical 591/0x24F, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:23,527] disassembleDotNet() :: Match physical 606/0x25E, method disassemblies found: 2
[INFO    ][2023-09-29 12:11:23,527] disassembleDotNet() :: Match physical 873/0x369, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:23,528] disassembleDotNet() :: Match physical 7532/0x1D6C, method disassemblies found: 2
[INFO    ][2023-09-29 12:11:23,528] disassembleDotNet() :: Match physical 7540/0x1D74, method disassemblies found: 2
[INFO    ][2023-09-29 12:11:23,528] disassembleDotNet() :: Match physical 7749/0x1E45, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:23,529] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:23,530] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:32:17,738] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-30 10:32:17,739] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe
[INFO    ][2023-09-30 10:32:17,740] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:32:17,740] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:32:17,753] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:32:17,754] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:32:17,754] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:32:17,754] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:32:17,784] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-30 10:32:17,785] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:17,786] load() :: Loading HashCache
[INFO    ][2023-09-30 10:32:17,921] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:32:17,921] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:32:18,019] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:32:18,219] init() :: DotnetData entries: 606
[INFO    ][2023-09-30 10:32:18,219] disassembleDotNet() :: Match physical 591/0x24F, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:18,219] disassembleDotNet() :: Match physical 606/0x25E, method disassemblies found: 2
[INFO    ][2023-09-30 10:32:18,219] disassembleDotNet() :: Match physical 873/0x369, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:18,219] disassembleDotNet() :: Match physical 7532/0x1D6C, method disassemblies found: 2
[INFO    ][2023-09-30 10:32:18,219] disassembleDotNet() :: Match physical 7540/0x1D74, method disassemblies found: 2
[INFO    ][2023-09-30 10:32:18,219] disassembleDotNet() :: Match physical 7749/0x1E45, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:18,221] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:18,222] save() :: Saving HashCache (102072)

File 30177917A5DCE25A.SharpRDP.exe.avira.exe

Matches

Match 6: 8520 (size: 47)

Info

Hexdump

Match 7: 8796 (size: 5)

Info

Hexdump

Disassembly

Match 8: 8903 (size: 17)

Info

Hexdump

Disassembly

Match 9: 8932 (size: 9)

Info

Hexdump

Disassembly

Match 30: 11523 (size: 8)

Info

Hexdump

Disassembly

Match 31: 14698 (size: 6)

Info

Hexdump

Match 32: 16287 (size: 11)

Info

Hexdump

Match 33: 16488 (size: 11)

Info

Hexdump

Match 34: 16573 (size: 12)

Info

Hexdump

Match 35: 16769 (size: 46)

Info

Hexdump

Match 36: 18031 (size: 28)

Info

Hexdump

Match 37: 18649 (size: 14)

Info

Hexdump

Explanation

Colors

Match Order

Position